Thematic review of fund management companies’ governance, management and effectiveness

The CP86 framework details standards which FMCs are expected to adhere to about organisational effectiveness, the performance of managerial functions, delegate oversight and resourcing. The requirements were introduced in 2017 for new firms and in 2018 for existing firms.

The Central Bank spent 18 months reviewing the compliance by all 358 FMCs of the CP86 regime. The review concluded that the new rules and guidance were working well, with robust governance and oversight arrangements in force when applied correctly by firms. However, it was found that a significant number of firms have not implemented a governance framework to the standard set out by CP86, particularly those firms that were authorised pre-CP86. The Central Bank has warned that follow-ups with firms where shortcomings were identified will be conducted and that this is not a one-off review.

CBI key findings:

• Resourcing: CBI found that many FMCs did not have appropriate levels of resources in place to ensure effective implementation of the CP86 framework. CBI expectation that all FMCs have a minimum of 3 full time locally based employees or equivalent and full-time DP roles for larger FMCs.
• Designated Persons: Significant shortcomings were identified in how some Designated Persons carry out their role, including insufficient quality reviews and inadequate support and time allocated to fulfil their responsibilities.
• Delegate oversight: Some companies were unable to provide sufficient evidence of initial due diligence on delegates and appropriate delegate oversight on an on-going basis. The CBI expects due diligence reviews of delegates to be completed at take-on and annually thereafter. The CBI also found that many FMCs did not have documented Service Level Agreements (SLAs) in place with delegates, and indicated that it would expect to see such SLAs in place.
• Risk management framework: The CBI found that many FMCs relied on a group risk management framework, and did not have an entity-specific framework and risk register in place.
• Board approval of new funds: Not all companies could evidence approval by the Board of the launch of sub-funds, or in cases of approval, insufficient time was dedicated to discussion and challenge of these.
• Director for Organisational Effectiveness: Several weaknesses identified with how the OED role is performed at FMCs include:
  • lack of formal records of meetings with designated persons, which should be held at least quarterly;
  • lack of detailed formal reporting to the Board at least annually;
  • insufficient monitoring and reporting to the Board on FMC resources; and
  • lack of consideration of conflicts of interest and personal transactions.

• Governance and culture trends identified - The CBI review also identified other findings not specifically covered in the CP86 guidance. A significant gender imbalance was found, with only 16% of Director roles held by women. In addition, it was found that the majority have not appointed a CEO and that some INEDs have excessive tenures.

All FMCs are required to "critically assess their position" against the findings of the review and ensure that a board-approved compliance action plan is in place by the end of March 2021. The CBI has commenced supervisory engagement with FMCs where particular concerns have been identified. This will result in these firms required to undertake risk mitigation programmes on specific matters. The CBI also intends to carry out a further industry-wide review in 2022, according to the letter.

The Luxembourg perspective

By way of implementation of the UCITS and AIFM Directives, the Luxembourg regulatory national com­petent authority (namely the Commission de Surveillance du Secteur Financier - “the CSSF”) has been empowered to perform on-site inspections to FMCs (so-called “Investment Fund Managers”) and impose sanc­tions or other administrative measures. The last five years showed an exponential increase of on-site inspections to evaluate whether FMCs keep abreast of regulatory developments/market practices as well as to identify and close any existing gaps in terms of (recent) regulatory requirements (number of CSSF on-site inspections evolution per year: 36 in 2016, 39 in 2017, 45 in 2018 and 51 in 2019 - statistics included within the latest CSSF annual reports). The CSSF conducted thematic on-site regulatory inspections (e.g. AML/CTF, NAV errors, internal governance, MiFID, central administration, risk management, information technology) to ensure that regulation is adhered to, a robust financial centre exists, that the reputation and stability of the industry are upheld and that investor confidence/protection in the financial sector is maintained.

Taking into consideration the business model of the FMCs and the provisions of the CSSF Circular 18/698 issued in August 2018, the following components are under scrutiny by the CSSF:

• Substance: assess whether the FMC main­tains the sufficient level of substance in the head office in Luxembourg to carry out its activities including sufficient resources (num­ber of full-time employees) and expertise with respect to the business operations (including oversight of delegates) and related regulatory implementations;
• The concept of central administration: assess whether the FMC has its central administration (consisting of a “decision-making centre” and an “administrative centre”) in Luxem­bourg which comprises in a broad sense the functions of direction and management, execution and control that permits the FMC to maintain control of all its activities;
• Internal governance arrangements: assess whether the FMC has established sound inter­nal governance arrangements (consistent with the three-lines-of-defence model) including, among others, clear and consistent organisa­tional and operational structure including deci­sion-making powers and reporting, adequate internal control mechanisms, risk culture and formal escalation process.

How can Mazars help

1. Perform a gap analysis & impact assessment:
   • We can complete an assessment of your CP86 compliance.
   • We can independently assess the gap analysis already completed by you.
2. Performance of regulatory on-site inspection simulation
   • We can conduct “mock” inspections (“dress rehearsals”) to help you in facing such regulatory events.
3. Governance & risk framework review:
   • We can assess your Governance and Risk Management Framework to ensure it is suitably designed and fully considers the regulatory environment.
   • We can assist you with the assessment of the design and operating effectiveness of your CP86 framework to ensure it is in compliance with CP86.
4. Overall CBI response, board readiness and project management:
   • We can help you develop or review your plans to address the findings.
   • We can complete a Board readiness assessment prior to submission of the plan to the Board for approval.
5. Risk mitigation programme assistance:
   • We can assist you in addressing any issues identified as part of the risk mitigation programme you received from the regulator.
   • We can assist you with the implementation of any findings noted as part of a response to a risk mitigation programme.
   • Where required or directed by the CBI, we can act as a third party independent person.