ASIC finalises guidance on risk management systems for responsible entities
WHO SHOULD READ THIS
- Responsible entities who currently operate registered managed investment schemes.
- It will also be of interest for responsible entities who do not currently operate any schemes and Australian financial services (AFS) licencees who operate unregistered schemes, IDPSs or MDAs.
THINGS YOU NEED TO KNOW
- ASIC has released its long-awaited regulatory guide setting out its expectations of the systems and procedures responsible entities should have in place to meet their obligation to maintain adequate risk systems.
WHAT YOU NEED TO DO
- If you are a responsible entity operating a registered scheme, you will need to review (and, if necessary, revise) your risk management system.
- Operators of unregistered schemes, investor directed portfolio services (IDPSs) and managed discretionary accounts (MDAs), and other responsible entities should have regard to ASIC’s guidance.
Following extensive consultations under ASIC Consultation Papers 204 and 263, ASIC has finally released Regulatory Guide 259 Risk management systems of responsible entities (RG 259).
RG 259 is substantially in the same form as the draft regulatory guide attached to Consultation Paper 263. It provides specific guidance on ASIC’s expectations of what is required by responsible entities of registered schemes to comply with their existing obligation under s912A(1)(h) Corporations Act 2001 (Cth) to have adequate risk management systems in place.
Background
ASIC has previously provided guidance on risk management systems for all AFS licensees under Regulatory Guide 104 Licensing: Meeting the general obligations.
In light of the particular risks faced by responsible entities because of the nature of their business and the schemes they operate, ASIC has taken the view that responsible entities would benefit from additional guidance in relation to their obligation to have adequate risk management systems in place.
Although RG 259 only formally applies to responsible entities who currently operate registered schemes, ASIC considers that responsible entities who are authorised to, but do not currently, to operate any registered schemes, as well as AFS licensees who operate unregistered schemes, IDPSs or MDAs should also have regard to the requirements set out in RG 259.
Immediate compliance required – no transition period
As foreshadowed in Consultation Paper 263 there is no transition period and responsible entities are required to comply with RG 259 immediately. However, ASIC has indicated that it will adopt a facilitative approach for 12 months and not take action for breaches of RG 259 where a responsible entity can demonstrate it is taking steps to comply with RG 259.
Requirements set out in RG 259
Under RG 259, ASIC expects that responsible entities must have in place:
- documented risk management systems
- processes for identifying and assessing risks, and
- processes for managing any identified risks,
which are appropriate for the nature, scale and complexity of the scheme or schemes they are operating.
A general summary of each of these requirements is set out below:
| Requirement | Obligation |
|---|---|
| Establish risk management systems | Responsible entities should:
|
| Identify and assess risks | Responsible entities should:
|
| Manage identified risks | Responsible entities should:
|
ASIC has also set out additional good practice guidance under RG 259. These are not mandatory requirements but rather outline measures which can be adopted to enhance risk management systems and operate at a level above a responsible entity’s statutory obligations.
How McCullough Robertson can assist
Responsible entities will need to review and, if necessary, revise their risk management systems to ensure compliance with RG 259.
We can assist you to:
- understand, in detail, the requirements under RG 259
- determine whether your current risk management system meets the requirements under RG 259
- review your risk management policy or policies to assess whether amendments are required to comply with RG 259, and
- prepare amendments to your existing risk management policy or policies or draft new risk management documents to bring your risk management system into compliance with RG 259.
This publication covers legal and technical issues in a general way. It is not designed to express opinions on specific cases. It is intended for information purposes only and should not be regarded as legal advice. Further advice should be obtained before taking action on any issue dealt with in this publication.
