• Responsible entities who currently operate registered managed investment schemes.
  • It will also be of interest for responsible entities who do not currently operate any schemes and Australian financial services (AFS) licencees who operate unregistered schemes, IDPSs or MDAs.


  • ASIC has released its long-awaited regulatory guide setting out its expectations of the systems and procedures responsible entities should have in place to meet their obligation to maintain adequate risk systems.


  • If you are a responsible entity operating a registered scheme, you will need to review (and, if necessary, revise) your risk management system.
  • Operators of unregistered schemes, investor directed portfolio services (IDPSs) and managed discretionary accounts (MDAs), and other responsible entities should have regard to ASIC’s guidance.

Following extensive consultations under ASIC Consultation Papers 204 and 263, ASIC has finally released Regulatory Guide 259 Risk management systems of responsible entities (RG 259).

RG 259 is substantially in the same form as the draft regulatory guide attached to Consultation Paper 263. It provides specific guidance on ASIC’s expectations of what is required by responsible entities of registered schemes to comply with their existing obligation under s912A(1)(h) Corporations Act 2001 (Cth) to have adequate risk management systems in place.

Background ASIC has previously provided guidance on risk management systems for all AFS licensees under Regulatory Guide 104 Licensing: Meeting the general obligations.

In light of the particular risks faced by responsible entities because of the nature of their business and the schemes they operate, ASIC has taken the view that responsible entities would benefit from additional guidance in relation to their obligation to have adequate risk management systems in place.

Although RG 259 only formally applies to responsible entities who currently operate registered schemes, ASIC considers that responsible entities who are authorised to, but do not currently, to operate any registered schemes, as well as AFS licensees who operate unregistered schemes, IDPSs or MDAs should also have regard to the requirements set out in RG 259.

Immediate compliance required - no transition period As foreshadowed in Consultation Paper 263 there is no transition period and responsible entities are required to comply with RG 259 immediately. However, ASIC has indicated that it will adopt a facilitative approach for 12 months and not take action for breaches of RG 259 where a responsible entity can demonstrate it is taking steps to comply with RG 259.

Requirements set out in RG 259 Under RG 259, ASIC expects that responsible entities must have in place:

  • documented risk management systems
  • processes for identifying and assessing risks, and
  • processes for managing any identified risks,

which are appropriate for the nature, scale and complexity of the scheme or schemes they are operating.

A general summary of each of these requirements is set out below:

Requirement Obligation
Establish risk management systems

Responsible entities should:

  • maintain documented risk management systems that address the matters outlined in RG 259
  • foster a strong risk management culture
  • take into account relevant industry, local and international guidance
  • include a liquidity risk management process, and
  • regularly review their risk management systems to ensure that they are current, relevant, effective and complied with, and if using an external service provide for risk management functions, regularly review the performance and ongoing suitability of the service provider.
Identify and assess risks

Responsible entities should:

  • maintain one or more risk registers as part of their risk identification and assessment process
  • ensure that their risk management systems address all material risks
  • have consideration to certain factors listed in RG 259 when choosing methodologies for identifying and assessing risks, and
  • adopt appropriate methods to assess risks.
Manage identified risks

Responsible entities should:

  • implement appropriate strategies for managing identified material risks
  • have adequately experienced staff regularly review and monitor identified risks
  • ensure regular reporting and escalation of issues to the board, risk committee and compliance committee as appropriate, and
  • ensure compliance with other relevant obligations as an AFS licensee.

ASIC has also set out additional good practice guidance under RG 259. These are not mandatory requirements but rather outline measures which can be adopted to enhance risk management systems and operate at a level above a responsible entity’s statutory obligations.