facebook Twitter LinkedIn RSS
Funds management is big business in Australia with approximately $1.5 trillion in funds under management, over 700 Asset Managers and approximately 448 Responsible Entities (REs) operating around 3600 Managed Investment Schemes. Throw in several large corporate collapses in the sector (Trio, Timbercorp etc) and it is enough to make any Government and Regulator nervous.
Failures in risk management systems have been cited as contributing factors by both ASIC and APRA, each supporting the findings of the PJC Inquiry into the Trio collapse, which suggested imposing enhanced risk management requirements on non-APRA regulated entities could help to protect investors.
In 2014, APRA introduced the requirement for Regulated Superannuation Entities (RSEs) to undertake increased Operational Due Diligence (ODD) following a steady upward trend in ODD activity within the investment management community. However, since the release of the AIST Guidance Note earlier this year, ODD within the funds and investment management industries, including Private Equity, has been ramping up at a considerable pace.
The depth and nature of ODD has changed significantly in recent years. Gone are the days of a few quick questions on a short checklist. In fact, ODD has become a real deal-breaker for some investment managers prior to being awarded any mandate and it is now common practice to be on the receiving end of in depth analysis of internal systems, infrastructure and resources. A primary focus of any ODD is Risk Management. APRA has been clear in its communication with RSEs that attention must be given not only to operational risk policies, processes and procedures but, also to the risk culture within an investment management organisation prior to engaging any fund or asset manager to make investment decisions in relation to the funds held by the RSE.
After years of discussion, ASIC finally released RG 259: Risk Management Systems of Responsible Entities to provide guidance to the wider investment management market on how it expects licensees to fulfil their general obligations under s 912A of the Corporations Act.
ASIC draws much inspiration from APRA’s Prudential Standard CPS 220, most notably by introducing expectations around defined risk appetite statements, the identification of material risks and the application of risk tolerance levels to these risks and liquidity risk management expectations, including stress testing and scenario analysis. ASIC also highlights the challenges of adequately managing risk without the use of risk management software. This is not surprising given the level of activity needed to manage risk in the manner expected by the regulator. However, the adoption of risk software also becomes critical when considering the four factors which form the assessment of risk management systems during ODD.
The 4 factors are:
- Transparency: do you have an enterprise risk management system in place? Does it capture and assess all material risks and your risk tolerances and are these in line with your risk appetite?
- Information: what information have you captured and recorded to ensure you are operating within your risk tolerance for each material risk? Are these being assessed on a regular basis against your risk appetite and risk tolerance? Do your board and senior management receive regular risk reports and can they demonstrate that they are actively involved in your enterprise risk management program?
- Accessibility: how widely understood is risk management within your business? Do staff receive risk management training on induction and then on an ongoing basis? Do all staff know how to report a potential risk within your business? Who is responsible for assessing the adequacy and effectiveness of your risk management framework? Are they suitably skilled in this area and is this review being undertaken on a regular basis?
- Key Performance Indicators: what is the level of training, time and expenditure? Are you capturing and reporting incidents or risk indicators (complaints and breaches) and linking these back to your control effectiveness reviews? Have you aligned remuneration policies to support your risk program as well as grievance handling processes?
Having such details readily available signals that your organisation is as dependable as you say it is. Systems such as CompliSpace Assurance allows you to capture the information to support the 4 factors easily reducing the time, energy and effort in collating information for ODD and turning risk management into a value add.
How CompliSpace can help
To assist you to understand and implement ASIC's expectations regarding Risk Management, CompliSpace will be running a series of workshops on 19 & 26 May 2017. Click here for further details
CompliSpace delivers industry specific web-based programs to manage your risk and compliance requirements that can be quickly tailored and configured to suit an organisation’s needs and are kept up-to-date with legal and regulatory changes by our team of specialists.
Our team of compliance professionals and lawyers combine extensive expertise with practical technology-enabled solutions to simplify the complexity of the regulatory environment and allow our clients to focus on allocating resources toward improving financial performance.
Please contact Brooke Benson to discuss your risk management and compliance requirements further.
Compliance with Current and Future Child Protection Laws – Embedding a Child Protection Culture. How can this be achieved?