RG 259 Released

  • OIG
  • News
  • No Comments

The release of Regulatory Guide 259: Risk management systems of responsible entities (RG 259) follows ASIC’s consultation with industry in July 2016 through Consultation Paper 263[1] building on the March 2013 Consultation Paper 204[2].

On 27 March 2017 ASIC released RG 259 which provides guidance for responsible entities (REs) on how to comply with their Corporations Act requirements to have adequate risk management systems. The final RG 259 was developed in consultation with APRA and is intended to operate in unison with APRA prudential standard SPS 220: Risk Management.

As the holder of an AFSL, s912A(1)(h) of the Corporations Act 2001 imposes an obligation on every RE to have “adequate risk management systems”.  For some time, ASIC’s general guidance for AFSL holders’ risk management systems has been set out in RG 104[3] with RG 166[4] setting out ASIC’s requirements for addressing risks relating to an RE having adequate financial resources available to it to provide the financial services covered by its AFSL[5].

After the various consultations with industry ASIC determined that a regulatory guide was appropriate rather than a more prescriptive class order. That does not mean the regulatory guide is not fulsome in its requirements.

There is no transition period as ASIC does not consider the requirements set out in RG 259 are new. And this is true, AFSL holder have always been required to have and maintain adequate risk management systems.  What is new is ASIC’s detailed view on what constitutes adequate, so ASIC has said it will take a facilitative approach to compliance for until 27 March 2018 if the RE can show that it is taking steps to meet the standards set out in the guidance.

It is helpful that ASIC has set out its current view of what an RE needs to have in place to be able to demonstrate it has an adequate risk management system.  As while RG 104 gives general guidance on risk management systems for AFS licensees, RG 259, in ASIC’s words, “focuses specifically on the business of REs, the schemes they operate and the particular risks they face.”

So what do responsible entities need to do or have in place to make sure they are RG 259 compliant?

  1. Do a full risk management framework audit to make sure your risk management system:
  • Identifies, analyses, evaluates and documents the risk treatment for each risk at both the RE and scheme levels;
  • Documents the risk appetite and sets out the risk tolerance for each identified material risk; and
  • Documents the process to review the risk management framework at least annually or more frequently if appropriate given the nature, scale and complexity of the business and scheme(s) operated.
  1. Document all material risks faced by the RE and each scheme it operates which includes risks related to:
  • Strategic risk;
  • Governance risk;
  • Operational risk;
  • Market and investment risk (including leverage and short selling risks); and
  • Liquidity risk;
  1. At least annually, stress test and/or perform scenario analysis of the liquidity risks identified for each scheme. This might have to be done more frequently depending on the type of fund and its liquidity risk profile.
  2. In respect of the RE and its operations, periodically assess the RE’s compliance with the financial requirements of its AFS License.
  3. Ensure your governance framework allows for regular reporting and escalation of issues to the Board, risk committee and compliance committee as appropriate.

ASIC also encourages REs, as good practice, to:

  • Include procedures for ensuring that the material risks identified for the scheme(s) are relevant and managed in the compliance plan; and
  • Include a summary of the key aspects of the risk management systems in PDSs.

One Investment Group is Australia’s largest provider or Responsible Entity and Administration Services to Fund Managers. One Investment Group owns a number of REs that provide responsible entity or trustee services to in excess of 200 funds for numerous investment managers. Should you be seeking to appoint a third party RE or to replace an incumbent RE, please contact us to discuss further.

[1] Risk management systems for responsible entities: Further proposals

[2] Risk management systems of responsible entities

[3]  Licensing: Meeting the general obligations

[4] Licensing: Financial

[5]  see Corporations Act 2001 s912A(1)(d)