ASIC has today released the findings of a surveillance review into the registered managed investment schemes sector. In all, ASIC’s review included 28 Responsible Entities across 336 schemes - which represented about 9% of all current schemes.
A Responsible Entity is the body corporate responsible for the management and operation of a registered managed investment scheme - that is a scheme which maintains retail clients. On top of its general obligations as a licensee, a Responsible Manager is also subject to:
Acting in the best interest of the scheme’s members.
Ensuring compliance with the scheme’s compliance plan.
Ensuring the scheme property is clearly identified and held separately from property from other schemes or from the Responsible Entity itself.
Holding the scheme property on trust.
ASIC disclosed the following twelve (12) key findings:
Professional Indemnity Insurance
Responsible Entities need to ensure that they maintain a sufficient level of coverage. In figures, the amount must be the lesser of:
$5 million; or
The sum of the value of all property of all schemes for which it is the Responsible Entity.
It is important to note that the policy needs to:
Take into account defence costs.
Have at least one (1) automatic reinstatement.
Include fraud and dishonesty cover.
Conflicts of Interest
Managing identified conflicts of interest is a fundamental obligation that needs to form an integral component of the Board’s responsibilities.
It is essential that a Responsible Entity reviews its breach reporting processes and procedure on a regular basis to ensure it remains effective to identify and manage breaches, and report these breaches to ASIC if they are deemed significant.
Since custodians play an integral role in the funds management sector by holding and safeguarding investors’ assets, it is crucial that Responsible Entities have adequate procedures to monitor and review the custodian’s activities.
Depending on the size of the organisation, dispute resolution may be entrusted with a single staff member (for example, compliance officer, complaints officer, CEO), multiple employees or a committee. Irrespective, it is vital that senior management be provided with reports about disputes that include information on the actions taken and decisions made on the disputes.
Risk management systems
ASIC has identified the top three (3) risks as:
This was followed by governance, capital, personnel and liquidity risks.
It is critical that a Responsible Entity maintains adequate risk management systems. It must also ensure that it reviews and amends (where necessary) its risk management systems on a regular basis.
In addition to its obligations as a licensee, a Responsible Entity must also ensure that its compliance plan details adequate measures to ensure compliance with its legislative and regulatory responsibilities as well as with the scheme’s Constitution. The Responsible Entity must also ensure that these measures are adhered to on an ongoing basis.
A Responsible Entity needs to review and strengthen (where necessary) its existing cyber resilience measures against the NIST Cybersecurity Framework. This is especially relevant due to the high number of entities within ASIC’s sample that recently experienced malicious cyber activity.
[The NIST Cybersecurity Framework (US) represents a documented framework focusing on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of an organisation’s risk management processes].
Value and behaviours
A culture of compliance is vital to an organisation seeking to ensure it complies with its regulatory and legislative obligations. Boards can influence culture by:
Setting the tone from the top.
Establishing proper governance structures.
Monitoring the management team’s alignment with the company’s values.
Ensuring the management team is held accountable where required.
Rewards and incentives
Remuneration and incentive structures must be aligned to the Responsible Entity’s values, to motivate and reinforce the culture of the entity and the conduct expected of its staff.
A Responsible Entity must review and integrate incentive governance as part of its overall risk management systems and compliance measures to ensure the structure of rewards and incentives does not promote unnecessarily risky behaviours.
The Corporations Act 2001 (Cth) obligates a company officer to act in a certain manner if a whistleblower discloses information to them - for example, they must not divulge such information to an unauthorised third party. Such a disclosure may bring about civil and criminal consequences.
In this way, a Responsible Entity needs to ensure that it maintains an appropriate whistleblowing policy to support an open and transparent culture.
Product approval and review
A Responsible Entity should take into account the needs of customers when designing and targeting its products and services.
ASIC Report 528 can be found by clicking here.
Should you have any queries, please contact Jeremy Danon, director of Ariel & Associates Pty Ltd on (02) 8223 3355 or at email@example.com.