More Than Returns: Why Risk Management Matters for Asset Managers

Strong returns matter, but they’re not enough. Missteps in valuation, fees or compliance can erode investor confidence, cripple sales and stall fundraising. While these issues can stay hidden for a time, when they surface, they can severely impact assets under management (AUM), damage reputation and derail long-term growth.

Firms that consistently outperform their peers do more than invest well — they build trust, stability and resilience through strong governance, controls and oversight. And this foundation isn’t only for large asset managers. Firms of any size can adopt the mindset of top performers.

The Hidden Divide in the Industry

The asset management industry is massive with over 15,000 Securities Exchange Commission (SEC)-registered firms in the U.S. Of those, about 125 are public and subject to Sarbanes-Oxley Act (SOX) Section 404(b), which requires an external audit of internal controls over financial reporting. That means more than 99% of the industry operates without an internal controls framework in place.

While many public asset managers are subject to SOX 302, which requires certification of the accuracy and completeness of internal controls and disclosures, it’s SOX 404(b) that imposes the rigorous, independent testing that most firms lack. For smaller or growing firms, the gap is understandable. Full SOX compliance can be expensive, and a full-time internal audit function may feel out of reach. After all, many firms have operated successfully for years with lean teams and only external financial statement audits to assess the internal controls.

Relying on informal processes may feel “good enough” — until it isn’t. When control failures, regulatory findings or due diligence missteps arise, the fallout is not only costly but also high profile and public.

The Real Risk Isn’t About Performance: It’s About Losing Trust

Institutional clients, regulators and private investors look beyond returns. They also consider a firm’s operating model, risk management approach and level of transparency.

They often ask:

• How do you ensure fees are billed accurately?
• What happens when there’s a data breach or compliance incident?
• How do you ensure accounts are accurate and reconciled timely?
• Who’s testing your internal controls?
• Are control failures addressed timely?

Vague or reactive answers to these questions typically signal concern, even when investment strategies are strong. That’s because trust is the most valuable currency an asset manager can hold. It’s not only about fraud prevention — it’s about demonstrating that a firm is built to last.

What the Data Actually Shows

• 79% of CFOs say the quality of financial information improved after SOX implementation.
• Companies with material control weaknesses face 50 to 150 basis points higher cost of equity on average until those issues are resolved.
• Publicly traded asset managers that absorb SOX compliance costs still report median operating margins of 29-35%.
• Firms with stronger internal control environments tend to be more resilient in downturns and less likely to face reputational or regulatory setbacks.

In short, effective controls don’t hinder performance, but they protect it. A strong control environment supports more stable earnings, reduces legal exposure and builds confidence with investors, employees, strategic partners and potential buyers.

Why Growing Firms Get This Wrong

Most growth-stage managers don’t overlook risk because they’re inattentive. More often, they’re resource-constrained, focused on growth or haven’t encountered a serious issue, making oversight feel like overhead.

On the other hand, the earlier a control foundation is established, the easier and more cost-effective it is to scale. By the time a firm is onboarding institutional capital or preparing for a public exit, gaps are harder and more expensive to close.

What gets overlooked most often?

• Segregation of duties
• Documented internal processes
• Periodic testing of controls
• Scalable compliance infrastructure
• Proactive monitoring of high-risk areas (e.g., valuation, cybersecurity, fee billing, regulatory compliance, trade errors and third-party risk)

Even when not subject to SOX, institutional clients often expect SOX-like discipline.

Getting It Right Without Overspending

A 12-person internal audit department or a $2 million SOX program isn’t necessary to build a strong risk management foundation, but having a plan is essential. Firms that manage this well tend to:

• Establish a tone at the top where compliance and controls are valued, not sidelined
• Implement a risk-based control framework, focused on high-impact areas
• Have leaders engage in collaborative dialog about existing and trending risk, both internally and externally
• Implement automated monitoring tools to flag issues early
• Outsource internal audit to provide objective feedback until scale supports bringing it in-house
• Treat compliance and audit as enablers, not bottlenecks

When approached thoughtfully, a control program becomes more than a compliance tool. It can be a competitive advantage. Strong oversight can:

• Help identify and manage risk more effectively
• Streamline due diligence with prospective investors
• Reduce time and distraction during regulatory exams
• Build confidence with partners and board members
• Allow leadership to focus on growth with fewer surprises

Closing Thoughts: Resilience Is a Choice

Risk in asset management firms comes in many forms — market, regulatory, information technology, valuation and operational, to name the most common. While not every risk can be eliminated, the key is knowing which risks to accept, which to manage and which to avoid altogether.

A strong control environment doesn’t guarantee success, but a weak one increases the likelihood and impact of setbacks. The most successful firms recognize the importance of risk management and controls and make early investments in building trust from the inside out.

Ready to Grow with Confidence?

If your firm is scaling — whether for institutional capital, a merger, acquisition or new product launch — now is the time to strengthen your foundation. Contact us. We help asset managers expand compliance, internal audit and SOX with practical, risk-based strategies that align with growth. Let’s build resilience together.

©2025