Background

The collapse of certain fund managers and brokers, and other incidents relating to the safekeeping of client assets, have prompted ASIC over the last few years to undertake a review of the custodial industry. ASIC has recently completed phase two of this review and last month released a report on its findings. Report 291 Custodial and depository services in Australia (Report) outlines what ASIC considers are the key issues faced by major stakeholders in the custodial industry including custodian clients (such as responsible entities (REs) andother Australian financial services licensees (AFS licensees)) and custodians.

As noted in the Report, custodians currently play a significant role in Australia in the safe keeping of client assets. It is important that stakeholders in the custodial industry start to review their current arrangements to consider whether they accord with ASIC’s “good practice” suggestions as outlined in the Report. Further, the Report in some areas indicates that custodians need to undertake a more active monitoring role, a far cry from their traditional bare trustee role.

Who is affected?

In the Report ASIC has identified some key issues relevant to certain stakeholders in the custodial industry, namely:

  • clients of custodians (eg REs and other AFS licensees); and
  • custodians.

Findings of the Report

Issues relevant to REs and other AFS licensees

ASIC has identified certain key issues relevant to REs and other AFS licensees and these are covered under the following areas:

Assets held in custody

ASIC found that many REs that had appointed an external custodian still held some scheme assets outside the custodial relationship in the name of an RE or broker (eg derivative contracts, cash accounts and private equity interests). ASIC considers that where an RE needs to rely on a custodian (eg to avoid meeting a higher NTA requirement) all, rather than part, of the scheme property (other than excluded assets) should held by the custodian.

In the case of scheme cash and where the custodian is an authorised deposit taking institution, ASIC has found that such cash is often held on deposit with the custodian personally in the name of the RE rather than on trust. ASIC is of the view that this does not comply with the licence conditions of REs that the account should be held “on trust by the custodian” and refers to the relevant guidance set out in ASIC Regulatory Guide 133 Managed investments: Scheme property arrangements (RG 133) and ASIC Regulatory Guide 166 Licensing: Financial requirements (RG 166).

ASIC also notes that holding large amounts of cash on deposit with a single ADI custodian may introduce credit risk for the client. ASIC considers it would be prudent for custodian clients to regularly assess the level of credit risk they are exposed to and whether there are better ways of managing  credit risk to cash balances (eg by considering the creditworthiness of their custodian (or the custodian’s preferred ADIs) and diversifying counterparties).

Operational risk and opportunities for fraud

Despite custodians having established procedures and processes in place, ASIC notes there is still a high level of operational risk and opportunities for fraud particularly in the case of accepting and acting upon “authorised instructions”.

In the Report, ASIC considers that the some of the most effective risk and fraud controls are regular reconciliations, use of dual controls (including a “checker” for processes susceptible to fraud and error), appropriate segregation of duties, rotation of staff across different functions and ensuring custody agreements clearly set out the process by which authorised instructions are provided to custodians and by whom those instructions are provided. Instructions should be given by individual email, fax or the SWIFT network rather than by a generic inbox for instructions or even mail.

Transfer of assets and records

Due to the increase in consolidation within the superannuation, managed funds and custodial industry, ASIC is of the view that the assets transferred between funds and different custodians may provide an opportunity for fraud and ‘leakage’ of assets and records. To avoid this, ASIC suggests that custodian clients should conduct a review of assets and records transferred after the transition to a new custodian as a matter of course.

Risk management of outsourced services

ASIC considers that outsourcing various services (including unit registry services, unit pricing, fund accounting and property and infrastructure sub-custody) to off-shore and lower cost jurisdictions, changes the risk profile for the activities and can lead to difficulties in monitoring. Custodian clients will need to consider the impact of including such outsourcing in their risk management arrangements (eg business continuity plans and audit functions). Both custodians and their clients should revisit and consider the principles set out in RG 133. Further, REs should give this issue particular attention in their compliance plans (where relevant).

Insolvency of the custodian or sub-custodian

ASIC notes that notwithstanding the existing requirements imposed on custodians (eg capital requirements), a number of risks can still arise from the insolvency of a custodian or sub-custodian.  For instance, notwithstanding the local requirement to segregate client assets (subject to applicable relief), the insolvency laws of particular jurisdictions, (including those of a foreign custodian), may not recognise the client’s assets as being separate from the custodian’s own assets. Further, where client assets are held in omnibus accounts (see below), it may be difficult for the custodian to rectify immediately any debit balances for clients (where there has been netting off) where the custodian is, or is likely to be, insolvent.

ASIC suggests that custodian clients should specifically consider in their risk management arrangements the additional risks that may arise because of exposure to foreign jurisdictions, sub-custodians and service providers that do not provide the appropriate protections. Further, ASIC suggests it would be prudent for custodian clients to adapt their investment strategy to avoid such jurisdictions, where possible. Where it is not possible, clients should consider how liability in relation to such assets can be addressed in the custody agreement.

Issues relevant to custodians

ASIC has identified certain key issues relevant to custodians which are covered under the following areas:

Suspicious matters and whistle blowing

Custodians have obligations as ‘designated service providers’ to establish a suspicious matter reporting framework under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act). Even where suspicious matters are not related to money laundering but relate to breach of other laws, ASIC encourages custodians to raise these issues with ASIC and rely on the statutory whistleblower protections. Further, ASIC considers it good practice for custodians and other participants in the industry to foster a transparent whistle blowing culture and framework (eg discussing their whistle blowing framework with clients), where misconduct or suspected misconduct of custodian clients, the custodian and its staff are reportable under their risk management arrangements.

For instance, as custodians are passive service providers, ASIC points out that custodians generally do not question ‘reasonable looking’ valuations obtained in accordance with their client’s instructions even where the client is subject to conflicts of interest. This may result in ‘spurious’ valuations. For instance, where an underlying client provides the custodian with a valuation for an underlying fund, the custodian must use this information to price the units of the feeder vehicle.

ASIC is of the view that if a custodian observes anything “suspicious” in relation to valuations of the underlying assets, they should lodge a suspicious matter report (if applicable under the AML/CTF Act) or raise their concerns with their client (and if the custodian’s concerns are still not allayed, the matter should be raised with ASIC).

The above appears to be suggesting a new active “monitoring” duty on custodians - a change to their traditional passive role.  This approach seems consistent with ASIC’s view of custodians as “gatekeepers” in the financial services industry. The extent of this monitoring role will no doubt be of interest to the industry.

Any proposal to change the nature of the custodian’s role would necessitate significant industry consultation given the likely impact on custodial systems, contractual arrangements and custodian fees. Further, in order for custodians to better understand how they should comply with this potential new duty, ASIC would need to provide detailed guidance what constitutes “suspicious” (eg factors custodians should consider).

Breach reporting

ASIC found that many custodians do not consider that ‘investment administration services’ constitute financial services. These activities include unit pricing, fund accounting and valuations. As a result, significant breaches in relation to such services are not reportable to ASIC by the custodian. ASIC considers that it is good practice for custodians to ensure that their risk management arrangements cover all activities, including the specific licensed activities and their business more generally. Further, ASIC suggests that custodians should adopt a culture of transparency in relation to incident recording and breach reporting to ASIC.

Omnibus accounts

In practice, client assets are typically held through an omnibus account in the name of the custodian or its nominee, rather than in individual accounts for each underlying client. ASIC has found that, in breach of the client money and property provisions of the Corporations Act 2001 (Act), the assets of one client are often used to settle the obligations of another client. In order to avoid what ASIC considers are breaches, ASIC suggests that custodians should maintain stricter controls for the use of omnibus accounts.

IT systems and operational risks associated with manual and disparate systems

Given the heavy reliance on IT systems, custodians should recognise that IT security is critical and should seek to mitigate any potential threats to it including in respect of unit pricing.

ASIC observes that the custodian business is characterised by “high volume, low margin transactions that can involve processes multiple times intraday” and that manual and disparate systems (which still continue to be used by some custodians) may not be adequate to deal with such volume and high frequency. ASIC recommends that custodians consider the benefit of investing in appropriate IT systems and reduce reliance on manual and disparate systems which may be out of date and are slow and cumbersome.

What does this mean for you?

Consider the ASIC suggestions

Although ASIC has not released a date on when they propose to release formal updates and regulatory guidance (in the form of an updated RG 133 and RG 166), it would be prudent for custodians, REs and other AFS licensees to start to review their current arrangements to ensure that their practices and procedures accord with the current regulatory regime and are in line with what ASIC considers to be ‘good practice’. The suggestion of a new active monitoring role should in particular be considered by custodians.

Consultation

In addition to the above suggestions, ASIC is also proposing to consult with the industry on the following issues:

Financial resources requirement:  Whether the financial resources requirements for a provider of custodial or depository services (including the $5 million NTA requirement) are adequate.

Disclosure: Given the apparent ‘expectation gap’ between the custodian’s obligations and the public’s expectation, whether it may be appropriate for REs and other financial product issuers to provide clearer disclosure about the role of custodians in PDSs and retail marketing material.

Terminology: Whether the use of the word ‘depository’ rather than the word ‘custodian’ will be appropriate (including for use in PDSs).

Customer due diligence eg increasing the customer due diligence requirements (this is in addition to those obligations already imposed under the AML/CTF Act).

Corporate actions:This is also seen as an area of significant operational risk for custodians. ASIC has indicated in the Report that ASX may be initiating a project to improve the capture and delivery of corporate information from listed entities (eg requiring the issuer to complete a set of standard templates or upload by standardised format).