The Australian Securities and Investments Commission (ASIC) has released the results of a review into compliance of Responsible Entities (RE) with their obligations under registered managed investment schemes. ASIC’s Report 528 Responsible entities’ compliance with obligations: Findings from 2016 proactive surveillance program (June 2017) outlines the findings from recent surveillance of 28 responsible entities which manage over $49 billion in scheme property across more than 300 schemes.

Background

The recommendations in this report aim to be consistent with ASIC’s model of “what good looks like” for the funds management sector, a target of their corporate plan for 2016-17 to 2019-20. For responsible entities, this model focuses on fair treatment of fund members and investors, transparent and fit-for-purpose delivery of financial products and financial services, balancing innovation and risk to meet fund objectives and ensuring adequate compensation for losses arising from poor conduct.

Findings and recommendations

ASIC found REs had established adequate measures for compliance, risk, governance and disclosure but identified several areas requiring further improvement. Key findings include:

  • PI insurance: A general lack of awareness of regulatory guidance regarding adequate compensation arrangements. ASIC recommends REs review PI insurance policies to ensure they understand their levels of coverage and that the level of cover is adequate for their businesses by reference to minimum standards provided by regulatory guidance.
  • Conflicts of interest: Most REs had adequate measures in place to address management conflicts of interest, however some REs did not (for example, some REs did not address conflicts of interest as a standard board agenda item). ASIC recommends REs review regulatory guidance relating to conflict management.
  • Breach reporting: Nineteen REs identified compliance breaches or control failure incidents, with six REs identifying ten or more breaches and incidents. ASIC required one RE to review and enhance breach reporting measures. ASIC recommends REs regularly review breach reporting measures.
  • Custody: Half of REs had documented measures for monitoring custody arrangements. ASIC found that ongoing board oversight for reviews of those documented measures was generally lacking. ASIC reminds REs to consider regulatory guidance in relation to custodial arrangements.
  • Dispute resolution: ASIC found only three REs identified the board as having a role in reviewing complaints or reviewing escalated matters. ASIC considers it essential there is appropriate board oversight of complaints. ASIC recommends REs’ top management are provided with reports about disputes including information on actions taken and decisions made on disputes, as well as ensuring internal dispute resolution measures meet regulatory guidance.
  • Risk management systems: ASIC reminds REs of recently introduced regulatory guidance in relation to risk management systems and to review risk management systems if appropriate.
  • Compliance measures: ASIC had concerns about the quality of some compliance plans. Where no documented standalone measures are maintained, some compliance plans had insufficient detail on legal concepts and requirements, the tasks to be carried out, the person responsible, how the obligations can be met and how tasks are monitored. ASIC was concerned where one person monitored a large number, or all, the compliance measures. ASIC expressed concern regarding plans where a person had significant and possibly conflicting duties. ASIC recommends REs continually monitor and regularly review compliance measures, including adequacy of resources applied to the compliance function.
  • Cyber resilience: Nine REs and three service providers had been subject to malicious cyber activity. ASIC found a high proportion of service provider agreements did not explicitly address cyber risks. ASIC recommends REs review and strengthen cyber resilience measures against the US National Institute for Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity.
  • Values and behaviour: A majority of REs had standalone measures addressing values and behaviour, however less than half of these measures were approved by the board (responsibility for approval was delegated to the CEO, director or board committee). ASIC expects boards to influence culture within the RE by setting the tone from the top, implementing governance structures to influence culture, monitoring the management team’s alignment with values and holding management accountable when there is a misalignment.
  • Rewards and incentives: Less than half of the REs had documented measures addressing rewards and incentives within the entity. ASIC recommends REs review and integrate incentive governance as part of overall risk management systems and compliance measures to ensure structure of rewards and incentives does not promote unnecessarily risky behaviour.
  • Whistleblowing: Half of REs had measures for employees to report employer misconduct but less than a third had established and maintained specific measures relating to whistleblowing. ASIC found board involvement and oversight of the ongoing review of whistleblowing measures was not high. ASIC recommends REs implement appropriate whistleblowing measures to meet legal obligations and support an open culture, while also setting up training for staff.
  • Product approval and review: Less than half of REs had specific measures for product design, approval and review and only three REs involved boards in reviewing measures for product design, approval and review. ASIC requires REs to have a consumer-focused culture and recommends REs assess their product approval and review measures to ensure they meet this consideration.

ASIC’s findings and recommendations should be considered by REs to ensure that policies and procedures are compliant with not only specific obligations but also ASIC’s expectations and regulatory guidance.

Future reforms

Importantly, REs should also be aware that ASIC did not take any particular steps in relation to RE’s lack of product approval and review measures given proposed reforms to introduce product design and distribution obligations (see Treasury’s Proposals Paper in December 2016). As this reform progresses, REs should be aware that processes in relation to product approval and review may need to be significantly bolstered.