ASIC releases guide on risk management systems – how will responsible entities be impacted?
On 27 March 2017 ASIC released Regulatory Guide 259: Risk management systems of responsible entities (RG 259). RG 259 provides guidance for responsible entities (REs) on how to comply with their AFS licence obligations to maintain adequate risk management systems.
In ASIC's view the requirements of RG 259 are not new. They reflect ASIC's current view of the requirements for adequate risk management for REs. As a consequence, there is no transition period for compliance with these requirements. ASIC will, however, take a facilitative approach to any breaches of the guidance for a 12 month period from 27 March 2017 if the RE can show that it is taking steps to make its risk management systems comply with this guidance.
We strongly encourage all responsible entities to review their existing risk management framework against the requirements set out in RG 259.
A copy of RG 259 can be found here.
What do REs have to do now?
If you haven't done so already, every RE must now review their risk management framework and systems to make sure they reflect the requirements of RG 259. This will include ensuring:
- risk identification, analysis, evaluation and treatment is addressed at both the RE and scheme levels;
- the RE has documented its risk appetite in a policy or statement including the risk tolerance for each material risk;
- there is a documented process in place to review the risk management framework as frequently as appropriate given the nature, scale and complexity of the business and scheme(s) operated, with an expectation that this be done at least annually;
- all material risks faced by the business (RE) and each scheme are addressed.Material risks may include, but are not limited to:
- strategic risk
- governance risk
- operational risk
- market and investment risk (including leverage and short selling risks)
- liquidity risk;
- stress testing and/or scenario analysis of the liquidity risks identified for each scheme as frequently as appropriate, but at least annually;
- at the RE level, conduct ongoing assessments of compliance with the financial requirements of your AFS Licence; and
- there is regular reporting and escalation of issues to the Board, risk committee and compliance committee as appropriate.
ASIC also encourages REs, as good practice, to:
- include procedures for ensuring that the material risks identified for the scheme(s) are relevant and managed in the compliance plan; and
- include a summary of the key aspects of the risk management systems in PDSs.
The release of RG 259 follows lengthy consultation with the industry most recently via Consultation Paper 263: Risk management systems for responsible entities: Further proposals (July 2016) and Consultation Paper 204: Risk management systems of responsible entities (March 2013).
As the holder of an AFSL, s912A(1)(h) of the Corporations Act 2001 imposes an obligation on every RE to have "adequate risk management systems". RG 104 - Licensing: Meeting the general obligations (July 2015) sets out ASIC's general guidance for risk management systems to meet this obligation. RG 166 - Licensing: Financial requirements sets out ASIC's requirements for addressing the risk that a RE may not have available adequate financial resources to provide the financial services covered by its AFSL (see s912A(1)(d)). The final RG 259 was also developed in consultation with APRA and is designed to operate in unison with APRA prudential standard SPS 220: Risk Management.
The final RG 259 was developed in consultation with APRA and is designed to operate in unison with APRA prudential standard SPS 220: Risk management.
ASIC acknowledge while RG 104 gives general guidance on risk management systems for AFS licensees, RG 259 "focuses specifically on the business of REs, the schemes they operate and the particular risks they face."
RG 259 sets out ASIC's expectation for compliance with the obligations under the Corporations Act as well as suggestions for good practice.
Please contact a member of our Financial Services Team if you would like more information on RG 259.
This insight was authored by Cate Shirley.