Risk management systems of responsible entities

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Risk management systems of responsible entities"

Transcription

1 Attachment to CP 263: Draft regulatory guide REGULATORY GUIDE 000 Risk management systems of responsible entities July 2016 About this guide This guide is for Australian financial services (AFS) licensees that are responsible entities. It gives specific guidance on how these entities may comply with their obligation under s912a(1)(h) of the Corporations Act 2001 (Corporations Act) to maintain adequate risk management systems.

2 About ASIC regulatory documents In administering legislation ASIC issues the following types of regulatory documents. Consultation papers: seek feedback from stakeholders on matters ASIC is considering, such as proposed relief or proposed regulatory guidance. Regulatory guides: give guidance to regulated entities by: explaining when and how ASIC will exercise specific powers under legislation (primarily the Corporations Act) explaining how ASIC interprets the law describing the principles underlying ASIC s approach giving practical guidance (e.g. describing the steps of a process such as applying for a licence or giving practical examples of how regulated entities may decide to meet their obligations). Information sheets: provide concise guidance on a specific process or compliance issue or an overview of detailed guidance. Reports: describe ASIC compliance or relief activity or the results of a research project. Document history This draft guide was issued in July 2016 and is based on legislation and regulations as at the date of issue. Disclaimer This guide does not constitute legal advice. We encourage you to seek your own professional advice to find out how the Corporations Act and other applicable laws apply to you, as it is your responsibility to determine your obligations. Examples in this guide are purely for illustration; they are not exhaustive and are not intended to impose or imply particular rules or requirements. Page 2

3 Contents A Overview... 4 Legislative obligation... 4 What this guide covers... 5 Who this guide applies to... 9 ASIC s interim approach to compliance...10 B Establishing a risk management system...11 Risk management systems...11 Developing risk management systems...12 Implementation and review of risk management systems...13 Setting risk management in context...13 Policy or statement on risk appetite...14 Risk management culture...15 Structure and risk ownership...16 Liquidity risk management...16 Relevant industry, local and international standards...17 Good practice guidance...17 C Identifying and assessing risks...20 Identifying risks...20 Risks relevant to the business and the schemes...21 Strategies for assessing risks...22 Selecting risk identification and assessment methodologies...23 Good practice guidance...23 D Managing risks...24 Determining appropriate risk treatments...24 Controls or measures to manage or mitigate risks...24 Use of technology...25 Compliance with other relevant obligations as an AFS licensee...25 Residual risks...26 Monitoring and review...27 Stress testing and scenario analysis...27 Good practice guidance...29 Appendix: Examples of risks and risk treatments...31 Strategic risk...31 Governance risk...32 Operational risk...32 Market and investment risk...39 Liquidity risk...42 Key terms...46 Related information...48 Page 3

4 A Overview Key points As Australian financial services (AFS) licensees, responsible entities (including dual-regulated entities) are legally obliged to have adequate risk management systems. These systems are fundamental to mitigating exposure to relevant risks and informing business decision making. This guide provides guidance on how responsible entities may comply with this obligation, including: establishing and maintaining risk management systems that are suitable for the responsible entity s business and the schemes operated (see Section B); identifying and assessing risks (see Section C); and managing risks (see Section D). Legislative obligation RG RG RG RG RG Under s912a(1)(h) of the Corporations Act 2001 (Corporations Act), responsible entities have an ongoing obligation to maintain adequate risk management systems. This obligation also applies to responsible entities that are dual-regulated entities. A dual-regulated entity is a registerable superannuation entity (RSE) licensee that also operates schemes. In Regulatory Guide 104 Licensing: Meeting the general obligations (RG 104), we set out our general guidance for AFS licensees on what is required to comply with s912a(1)(h). Based on our experiences and changes in the managed investment sector, we considered that additional tailored guidance would assist responsible entities. In , we reviewed the risk management systems of a selected group of responsible entities, ranging in size and complexity, to assess the systems adequacy and strategic and operational effectiveness: see Report 298 Adequacy of risk management systems of responsible entities (REP 298). In 2015, we surveyed 118 responsible entities asking them about their risk management systems, including their processes for managing liquidity risk and conducting stress testing. The survey was a proactive response to increased volatility in global and domestic markets: see Media Release (15-020MR) ASIC enquires into risk management by responsible entities (13 February 2015). Page 4

5 RG RG RG Based on these reviews, we identified that there were inconsistencies between the risk management systems of responsible entities and improvements could be made to some responsible entity s arrangements. Further, there have been a number of significant developments in relation to responsible entities that highlight the importance of having an adequate risk management system in place, including: (d) (e) an increase in the amount of assets managed in the managed funds sector; growth in the number of schemes operated; diversification in the size, complexity and nature of the types of schemes managed by responsible entities; changes in market conditions; and a number of high-profile collapses of responsible entities. This guide draws on the findings of our reviews and provides guidance on specific areas to improve the risk management systems of responsible entities. What this guide covers RG RG RG RG RG This guide outlines our expectations of responsible entities when complying with the obligation within s912a(1)(h). While RG 104 gives guidance on risk management systems for AFS licensees generally, this guide focuses specifically on the business of responsible entities, the schemes they operate and the particular risks they face. The sections of this guide detail our expectations for responsible entities to have: overarching risk management systems in place (Section B); processes for identifying and assessing risks (Section C); and processes for managing risks that are appropriate for the nature, scale and complexity of the business and schemes operated (Section D). We have also included in this guide additional good practice guidance. This guidance is not mandatory; it is intended to help responsible entities improve their risk management systems to operate at a level above their statutory obligations. Table 1 provides a summary of our expectations of responsible entities and the good practice guidance. Page 5

6 Table 1: Summary of guidance Section Expectations for compliance with s912a(1)(h) Good practice guidance (not mandatory) Section B (Establishing a risk management system) Responsible entities should: maintain documented risk management systems that support: a risk governance structure; clearly defined roles and responsibilities; policies and procedures for identifying, assessing and understanding each of the material risks of the responsible entity s business and the schemes operated; policies and procedures for ensuring that there are adequate controls in place to manage the risks identified; policies and procedures for ensuring there is adequate oversight of the risk management systems by both the party responsible for ownership of the risk and the compliance function, including appropriate reporting; and a policy or statement on the responsible entity s risk appetite and the risk tolerance for each material risk identified; foster a strong risk management culture; take into account relevant industry, local and international standards; include, as a component of the risk management systems, a liquidity risk management process; ensure the board or its delegate reviews whether the risk management systems have been complied with, are operating effectively and remain current as frequently as appropriate, given the nature, scale and complexity of the responsible entity s business and the schemes it operates (at a minimum, annually); and if relying on external service providers for risk management functions, maintain a strong understanding of risk management and have sufficient skills to independently monitor and assess the performance and ongoing suitability of the service provider. Responsible entities may: at least annually, conduct an independent review to determine whether the risk management systems have been complied with and are operating effectively; at least every three years, conduct a comprehensive independent review of the appropriateness, effectiveness and adequacy of the risk management systems; segregate functions to allow for independent checks and balances; establish a designated risk management function and/or risk management committee; appoint a chief risk officer; and publicly disclose appropriate details of the responsible entity s risk management system. Page 6

7 Section Expectations for compliance with s912a(1)(h) Good practice guidance (not mandatory) Section C (Identifying and assessing risks) Responsible entities should: maintain one or more risk registers as part of their risk identification and assessment process; ensure that their risk management systems address all material risks including (but not limited to) strategic risk, governance risk, operational risk, market and investment risk, and liquidity risk at both the responsible entity and scheme level; when choosing methodologies for identifying and assessing risks, take into account: the nature, scale and complexity of the business; processes based on forward-looking analysis; ensuring an appropriate level of human input; ensuring senior management involvement in the process; and whether different processes should be used for different schemes; and adopt appropriate methods to assess risks, which may include: self-assessment; stress testing and/or scenario analysis; loss data analysis; change management; and electronic systems. Responsible entities may use risk indicators and regularly report on these to the board and senior management. Page 7

8 Section Expectations for compliance with s912a(1)(h) Good practice guidance (not mandatory) Section D (Managing risks) Responsible entities should: implement appropriate strategies for managing each of the risks identified, including: a control monitoring and assurance process; conducting stress testing and/or scenario analysis of liquidity risks of the business and the schemes they operate as part of their risk management systems as frequently as appropriate, given the nature, scale and complexity of the business (at a minimum, annually); reviewing their framework for stress testing and/or scenario analysis to ensure the tested scenarios are relevant and appropriate in light of the business and market conditions as frequently as appropriate, given the nature, scale and complexity of the business (at a minimum, annually); and if stress testing and/or scenario analysis is not conducted, document why this is the case, keep appropriate internal records of this rationale and review this decision regularly; have adequately experienced staff regularly review and monitor the risks identified; ensure there is regular reporting and escalation of issues to the board, risk committee and compliance committee, as appropriate; and ensure compliance with other relevant obligations as an AFS licensee. Responsible entities may: conduct regular stress testing and/or scenario analysis of all material risks of the business and the schemes they operate; have a written risk treatment plan; and include in the compliance plan for their schemes, procedures for ensuring that the key risks identified for the responsible entity and relevant scheme are managed on an ongoing basis. Page 8

9 RG RG In the appendix to this guide we give examples of risks and risk treatments that we consider are particularly relevant to responsible entities, based on our regulatory experience. These examples may help responsible entities establish and review their arrangements to identify, assess and manage risks, and may be considered by responsible entities as part of these processes. The examples of risks in this guide are not intended to be exhaustive. We expect that, through the application of a structured and systematic process, responsible entities will identify, assess and manage risks relevant to their business and the schemes they operate in an ongoing and dynamic way. Who this guide applies to RG This guide is for responsible entities, including dual-regulated entities, but may also apply to: AFS licensees not currently operating a scheme; investor directed portfolio services (IDPS) and managed discretionary account (MDA) operators; and entities operating unregistered managed investment schemes. Dual-regulated entities RG Dual-regulated entities also need to meet the risk management requirements set out in various legislation and the prudential standards regulated by the Australian Prudential Regulation Authority (APRA). Note 1: The Superannuation Legislation Amendment (Service Providers and Other Governance Measures) Act 2013 amended the Corporations Act so that dual-regulated entities will need to comply with the obligation in s912a(1)(h) to have adequate risk management systems. This guide applies to these entities in addition to requirements under the Superannuation Industry (Supervision) Act 1993; however, the obligation to have an adequate risk management system excludes risks that relate solely to the operation of a regulated superannuation fund by the RSE licensee. Note 2: APRA has issued Prudential Standard SPS 220 Risk management (PDF 55.5 KB) to help RSE licensees develop their risk management systems (www.apra.gov.au). RG RG Responsible entities that are part of a corporate group subject to regulation by APRA may take into account APRA s prudential standards and prudential practice guidance on risk management when developing and implementing risk management systems as required in this guide. This guidance is intended to act in unison with APRA s requirements for risk management. It is not expected that there will be any conflict between the requirements of either regulator; however, if for any reason a responsible entity believes they cannot comply with this guidance because of a conflicting APRA requirement, they should inform ASIC as soon as practical. Page 9

10 Other entities that may benefit from this guidance RG RG RG We expect all AFS licensees authorised to operate a scheme to consider this guide, even if they are not currently operating any schemes. This will help ensure they have in place a compliant risk management system that can be applied to the schemes on commencement of their operation. We expect IDPS and MDA operators to consider this guidance when establishing and reviewing their risk management systems, as these services would need to be registered as managed investment schemes if they could not rely on our relief for IDPSs and MDAs. All aspects of this guide may not be relevant to entities operating unregistered managed investment schemes. However, we recommend that operators of such schemes consider this guidance when establishing and reviewing their risk management systems. ASIC s interim approach to compliance RG The requirements outlined in this guide are not new but are ASIC s view of the current requirements regarding risk management for responsible entities. As such there is no transitional period for compliance with these requirements. However, we intend to take a constructive and conciliatory approach to any breaches of this guidance for a period of 12 months from the date of release, if the relevant responsible entity can show that it is taking steps to bring its risk management system into compliance with this guidance. Page 10

11 B Establishing a risk management system Key points A responsible entity should ensure its risk management system comprises documented processes to identify, assess and treat risks and that this system is suitable for its business and the schemes it operates. This section sets out our guidance for responsible entities on: developing a risk management system; implementing and reviewing risk management systems; setting risk management in context; risk appetite; the role of culture and structure in risk management systems; liquidity management; and relevant industry, local and international standards. This section also sets out our good practice guidance for establishing a risk management system. Risk management systems RG RG The international standard for risk management defines risk as the effect of uncertainty on objectives and risk management as coordinated activities to direct and control an organization with regard to risk : see International Standard ISO 31000:2009 Risk management: Principles and guidelines. An effective risk management system: (d) (e) (f) (g) (h) (i) (j) (k) creates and protects value; is an integral part of all organisational processes; is part of decision making; explicitly addresses uncertainty; is systematic, structured and timely; is based on the best available information; is tailored; takes human and cultural factors into account; is transparent and inclusive; is dynamic, iterative and responsive to change; and facilitates continual improvement of the organisation. Page 11

12 Developing risk management systems RG RG RG RG RG RG RG A risk management system includes all structures, systems and subsystems, policies, procedures, and staff that a responsible entity uses to identify, assess and treat risks or to monitor and review the relevant controls or measures. It may be regarded as a framework (similar to that referred to in APRA s requirements and guidance on risk management) comprising all elements that allow the responsible entity to perform its risk management functions as required by the Corporations Act. An adequate risk management system enables material risks faced by the responsible entity and the schemes it operates to be identified, analysed and treated in a comprehensive and systematic way. The adequacy of a responsible entity s risk management system will depend on the nature, scale and complexity of its business and the schemes it operates. We consider the following to be core processes that are essential to an adequate risk management system in any responsible entity s business: setting out the context in which the risk management system operates, including a policy or statement on the responsible entity s risk appetite (see RG RG ); identifying and assessing risks (see Section C); and managing risks, including reviewing and monitoring the risk management system (see Section D and RG RG ). A responsible entity should ensure that: its risk management system comprises documented processes to identify, assess and manage material risks; and these processes are suitable for its business and the schemes it operates. We expect responsible entities to maintain a strong understanding of risk management in the context of the business, even if the establishment and the monitoring of the risk management systems are done by a small group of employees or external third-party service providers (e.g. compliance and risk management consultants). We expect those who carry out the risk management function to have appropriate knowledge and skills. Where external third-party service providers are used, we expect responsible entities to have sufficient skills to independently identify key risks and to monitor and assess the service provider s performance and ongoing suitability. We note that under s601fb, responsible entities retain ultimate responsibility for the operation of the scheme. Page 12

13 RG RG We understand that if a responsible entity is part of a corporate group, the risk management system of the responsible entity, or the policies and procedures for its risk management system, may be subject to the overarching approach of the corporate group or form part of its risk management framework. Some responsible entities may rely on the risk management system of a related entity to assist with complying with their risk management obligations. This may be appropriate for businesses that are part of a larger corporate group; however, if this approach is adopted, each responsible entity should take into consideration their specific individual risks and requirements. The responsible entity should carefully assess the risk management system of the corporate group or related entity to ensure that it is appropriate and tailored as necessary. Implementation and review of risk management systems RG RG RG Risk management systems are most effective if applied and adhered to in day-to-day decision making at all levels. Therefore, it is essential that a responsible entity ensures that all processes, policies and procedures that form part of its risk management system are implemented and applied to the day-to-day operation of its business and the schemes it operates. We consider that the development of an adequate risk management system is not a set and forget or one-off process. The system should adapt and evolve to take into account internal changes within the responsible entity and the schemes it operates, as well as changes in the external environment. We consider that the responsible entity s senior management has a specific role in ensuring that the risk management system is current, relevant, effective and appropriate to the business on an ongoing basis. To ensure that risk management systems are always current, they should be monitored and reviewed by the board or its delegate as frequently as appropriate, given the nature, scale and complexity of the business and the schemes operated. This should be at least annually. The nature, scale and complexity of the business and the schemes operated will also determine the level of detail of the review. Setting risk management in context RG A responsible entity should consider and document the context in which its risk management system is developed. That is, the internal and external environment in which its business operates, including the objectives of the business. Page 13

14 RG An adequate risk management system requires a thorough understanding of the internal and external factors that could affect the responsible entity s ability to achieve its goals and objectives. Table 2 lists some examples of these factors. Table 2: Examples of internal and external factors Internal factors Goals and objectives in the strategic and business plans, including the objectives of the relevant schemes (e.g. whether a scheme will be a liquid scheme offering redemptions on demand or an illiquid scheme). Particular business strategies may create specific risks affecting the business. Capabilities of the organisation (e.g. financial, human and technological resources). Information flow and decision-making processes. Culture of the responsible entity. External factors Business, financial, competitive, political, economic, social, cultural, technological and environmental factors the business faces. Expectations of external stakeholders (including shareholders) about the operation of the business. Legal and regulatory changes that affect the operation of the business and the schemes. New product offerings in the market that compel a responsible entity to compete more effectively. Policy or statement on risk appetite RG RG RG RG RG A responsible entity should set out in writing its risk appetite. This statement should outline the responsible entity s attitude towards risk taking while carrying out its business plans, including the amount of risk (which may refer to the level of losses) it is willing to take to pursue its business strategies and achieve its objectives. This statement should address the risks relevant to the responsible entity s overall strategy to achieve its objectives and set out the limits to these risks. The responsible entity may have one such policy or statement setting out its risk appetite in aggregate, or separate policies (e.g. for each business unit). The policy or statement should be approved by the board or its delegate. During this process the risk tolerance for each material risk should be identified. This can be expressed in qualitative or quantitative terms, where appropriate. The risk tolerance will reflect the risk appetite. A responsible entity should ensure its risk appetite is reviewed at appropriate intervals and that it takes into account changes in the internal and external context in which the business operates, including changes to the objectives and strategic direction of the business. Responsible entities may adopt the following approach in setting and applying a policy or statement on risk appetite: Senior management sets the policy or statement on risk appetite for the business. Page 14

15 (d) The board or its delegate approves the policy or statement on risk appetite. Based on this statement, risk tolerance is set and documented for each material risk, broken down into clearly defined limits or thresholds for particular activities of the business to support the decision-making process. Risk management processes, policies and procedures to implement and monitor the limits and thresholds are developed and communicated to staff, so that they are applied to support day-to-day operational decision making. Risk management culture RG RG RG RG We expect responsible entities to foster a strong risk management culture throughout their organisations. The effectiveness of an adequate risk management system depends on the whole organisation understanding the value of managing risks effectively, and acting accordingly. We expect responsible entities to ensure that all relevant staff understand the purposes of risk management, including ensuring legal and regulatory compliance, as well as its value to the organisation. This can be done through induction, training and education programs. The board and senior management have specific responsibilities to ensure that a responsible entity as an AFS licensee complies with its obligation to have an adequate risk management system. We acknowledge that the board may not be directly involved in the day-to-day operation of the policies, procedures and processes for the risk management system and may delegate the supervision of these roles. However, the board s commitment to fostering a strong risk management culture within the organisation is especially important, as the board is in a position to provide leadership and make sure that relevant measures are implemented effectively. An effective risk management culture may include: (d) (e) communicating with staff about the importance of managing risks to achieve strategic business objectives; providing sufficient resources for all risk management functions; relevant staff receiving ongoing training about risk management (e.g. general risk management training and/or training that is relevant to a staff member s role and responsibilities) to help them identify risks and understand how they can be managed; discouraging breaches of any risk management procedures by staff through adequate consequence management; and assigning a designated director the responsibility of making sure the risk management system for the responsible entity and schemes it Page 15

16 operates are adequate (or a designated director having responsibility over particular parts of the risk management system). RG We expect responsible entities to maintain and implement remuneration policies that are aligned with, and supportive of, the risk management systems of their business, including the schemes they operate. Structure and risk ownership RG RG RG RG A responsible entity s risk management system should include details of the functions, roles and responsibilities for implementing and carrying out specific risk management activities. We consider that an adequate risk structure requires: (d) (e) staff who perform risk management functions to have the appropriate knowledge and skills; decision making that is cognisant of the risk management system; key staff to take responsibility for owning risks and developing processes to mitigate them; regular reviews; and that risk owners regularly monitor and report on those risks. We expect responsible entities risk management systems to require relevant staff to report internally to identified escalation points (e.g. the risk management committee, the designated risk management function or the board) about compliance with risk management processes, policies and procedures on a regular basis, and whenever any issues are identified (e.g. exceeding the risk tolerance for particular risk, or a failure to follow the relevant processes). Such reporting increases the risk-related information available in the organisation, to assist decision making and improve risk management systems where systemic issues about their operation are identified. We also consider that responsible entities should ensure that there are processes for regular reporting and escalation of issues to the board and/or any risk or compliance committee established. Liquidity risk management RG Effective liquidity risk management is important for a responsible entity to ensure the financial obligations and needs of the business and schemes operated are met, including: investor redemptions; Page 16

17 (d) payment of distributions; changes in operational needs; and unexpected expenses. RG We expect risk management systems of responsible entities to include a liquidity risk management process, designed to ensure there are adequate financial resources to meet the financial obligations and needs of the responsible entity and the schemes operated. Relevant industry, local and international standards RG RG RG In developing, implementing and reviewing its risk management system, we consider that a responsible entity should take into account relevant industry, local and international standards. We appreciate that in many cases compliance with the guidance may not be mandatory and a wide range of material may exist. We consider at a minimum responsible entities should take into account the guidance that exists for the key risk areas identified for the business and schemes operated. As outlined above, we consider liquidity is a key risk area for schemes and that a responsible entity should consider the liquidity risk management principles outlined in the International Organization of Securities Commissions (IOSCO s) Principles of Liquidity Risk Management for Collective Investment Schemes. Note: See IOSCO, Principles of liquidity risk management for collective investment schemes: Final report (PDF 231 KB), March Good practice guidance RG Additional strategies that may be implemented by responsible entities in establishing and maintaining risk management systems include: (d) (e) supplementary reviews of the risk management system; segregating functions to allow for independent checks and balances; designating a risk management function and committee; appointing a chief risk officer; and publicly disclosing appropriate details about their risk management system. Page 17

18 Review of risk management systems RG RG RG Responsible entities may undertake the following additional independent reviews of their risk management systems: a review to determine whether the risk management systems have been complied with and are operating effectively (at least annually); and a comprehensive review of the appropriateness, effectiveness and adequacy of the risk management systems (at least every three years). The above reviews should be carried out by an independent, appropriately trained and competent person. This does not require an external party and can be done internally, as long as the responsible entity is satisfied that any other roles carried out by the person reviewing the risk management systems do not have an impact on their ability to perform an objective review and will not limit the robustness of the review. These additional reviews are similar to those referred to in APRA s requirements and guidance on risk management. Segregation of functions to allow for independent checks and balances RG Depending on the nature, scale and complexity of the business, we encourage responsible entities to segregate functions to allow for independent checks and balances. This may include, for example, segregating the internal function in charge of valuing assets from the investment management function. We consider this will help manage conflicts of interests that may arise, and builds in an additional level of oversight to identify any issues. Designated risk management function and committee RG RG Depending on the nature, scale and complexity of the business, we consider it is good practice for responsible entities to establish a designated risk management function and/or risk management committee. We understand that this may not be feasible for some responsible entities. The designated risk management function may have a hands-on role in ensuring the day-to-day operation of a responsible entity (including the schemes it operates) is conducted in alignment with its risk management system. To achieve this, the designated risk management function may be independent from the operating units of the responsible entity s business. It may also have the specific responsibility of monitoring compliance with risk management processes, policies and procedures, as well as reporting to the board and any risk management committee all significant breaches of the processes, policies and procedures. Page 18

19 RG The responsibilities of a risk management committee may include: (d) helping senior management develop the risk management system; reviewing the effectiveness of the risk management system; reporting to the board and/or senior management on breaches of risk tolerance or risk management processes, policies and procedures, according to the responsible entity s escalation policy; and reporting to the board and/or senior management on the risk management system and its performance. Appointing a chief risk officer RG Depending on the nature, scale and complexity of the business, we consider it is good practice for responsible entities to appoint a dedicated chief risk officer. Generally, the chief risk officer will be a key member of senior management to ensure they have sufficient stature and authority to influence risk-based decision making. It is important for any chief risk officer to communicate freely and have direct and unfettered access to the board, senior management and any risk or compliance committee established. Disclosure of risk management policies RG In addition to its obligation to disclose information about significant risks and risk management arrangements in the Product Disclosure Statement (PDS) under Pt 7.9 of the Corporations Act, a responsible entity may provide additional transparency to investors about its arrangements by publicly disclosing appropriate details of its risk management systems for example, on its website or in its annual report. Page 19

20 C Identifying and assessing risks Key points This section sets out our guidance for responsible entities on identifying and assessing risks, including: maintaining documented processes for identifying and assessing risks. The processes should be suitable for the business s objectives and operations, including for the schemes it operates; ensuring its risk management system addresses all material risks. These may include strategic risk, governance risk, operational risk, market and investment risk, and liquidity risk; addressing risks for its business (i.e. at the responsible entity level) and for the schemes it operates (i.e. at the scheme level); maintaining one or more risk registers as part of their risk identification process; and taking into account certain factors when choosing processes for identifying and assessing risks. It also sets out our good practice guidance for identifying and assessing risks. Identifying risks RG RG RG RG Risk identification is the process used by responsible entities to identify risks that will affect their ability to pursue business strategies and achieve the objectives of their business. We do not consider that any one particular method for identifying risks is the most appropriate and applicable for all responsible entities. Responsible entities should adapt the processes for risk identification in their risk management systems as the business develops and business risk profiles change, over time and in different market conditions. Risks need to be identified at any given point in time to ensure responsible entities can effectively manage them in the operation of their business and day-to-day decision making. There are different ways to identify the risks that can affect a responsible entity s business. For example, evidence-based methods that rely on reviewing audit reports, post-event reports, historical data or risk registers can help to identify existing and emerging risks that the responsible entity may face. Observations from our regulatory experience indicate that incorporating this approach to risk identification in strategic and business planning is particularly helpful in identifying risks. Responsible entities may Page 20

21 use a systematic team approach that uses focus groups and brainstorming to identify risks. Purpose-built computer software can also be used. RG RG A responsible entity should document the processes, policies and procedures it uses to identify risks. We expect responsible entities to maintain one or more risk registers for recording material risks to the business and schemes as part of their risk identification process. A responsible entity should select the format of the risk register(s) that is most suitable for the business and schemes operated. Risks relevant to the business and the schemes RG RG We appreciate that the risks identified by responsible entities as part of their risk management systems will depend on the nature, scale and complexity of their business and risk profile, and will be different for each responsible entity. Our regulatory experience suggests that certain types of schemes (e.g. unlisted property schemes, mortgage schemes, agribusiness schemes, quoted schemes, hedge funds and novel schemes) are subject to more complex risks. A responsible entity should ensure that its risk management system addresses all the material risks faced by its business at both the responsible entity and scheme level. These may include, but are not limited, to the following risks: (d) Strategic risk Any risk that arises out of a responsible entity s business strategies and business plan. Governance risk Any risk that threatens the ability of a responsible entity to make reasonable and impartial business decisions in the best interests of members. This risk may arise if a responsible entity does not have the appropriate processes in place to: (i) (ii) support sound and transparent decision making that is not influenced by conflicts of interests; and ensure that decisions related to the schemes are in the best interest of members. Operational risk The risk of loss, for the business or schemes, resulting from inadequate or failed internal processes, people and systems or from external events. Market and investment risk The risk that a scheme operated by a responsible entity will not meet its objectives. Specific investment risks include those relating to investment governance and structure, market conditions, counterparty failure, product suitability, and valuation and pricing. Page 21

22 (e) Liquidity risk The risk that the responsible entity will not have adequate financial resources to meet its financial obligations and needs, either at the responsible entity level or at the scheme level (including meeting the scheme s objectives and members expectations for redemptions). As previously outlined, we consider that liquidity risk is a key risk area for schemes. Note: For a detailed description of these risks, including examples of specific risks, and treatments to manage these risks based on our regulatory experience, see the appendix to this guide. Strategies for assessing risks RG RG RG Risk assessment is the process of describing identified risks, including by reference to the inherent risk, determining the likelihood of a risk eventuating and the significance of its potential impact. This process can help a responsible entity determine whether the identified risks are acceptable in light of its risk appetite and develop appropriate treatments for those risks. Examples of different methods that responsible entities may adopt for assessing risks include the following: (d) (e) Self-assessment The responsible entity, its senior management and those in the designated risk management function (if applicable) assess risks through the business and the schemes it operates. This may include risk mapping, where risks are prioritised according to the significance of the risk and likelihood of a risk eventuating and mapped into four quadrants. Stress testing and/or scenario analysis The responsible entity uses techniques such as stress testing and/or scenario testing to assess how it will be impacted by different scenarios. See also RG RG Loss data analysis The responsible entity implements processes to analyse observed incidents to evaluate the actual losses caused by risks. Change management The responsible entity implements processes to assess how the business and schemes operated are affected by change, to ensure objectives are still met. Electronic systems The responsible entity uses purpose-built computer software to assess risks. Responsible entities may also seek expert advice and appoint an external consultant to help in the process of assessing the likelihood of a risk eventuating and the significance of its potential impact. Page 22

23 RG RG We do not consider that any one particular approach for assessing risks will be the most appropriate and applicable to the operation of all responsible entities. A responsible entity should document its risk assessment processes. Documenting the reasons why particular assessments are made, including the thinking that led to the decisions about identified risks, provides a useful context for future risk assessment. Selecting risk identification and assessment methodologies RG When considering which approach or combination of approaches to adopt in identifying and assessing risks, responsible entities may consider: (d) (e) (f) the nature, scale and complexity of the business; incidents and complaints, trends or developments in the industry, and changes to the business environment; processes based on a forward-looking analysis in accordance with strategic and business plans (e.g. when assessing the risk of not having adequate technological or human resources, identification of risks should be based on forward planning); the need to ensure there is an appropriate level of human input in the process sole or disproportionate reliance on electronic systems may not be adequate; senior management involvement in the process (e.g. any determination about whether an identified risk is at an acceptable level in light of the policy or statement on risk appetite); and if applicable, whether different processes should be used to identify and assess risks for different schemes in light of the operation of each particular scheme. Good practice guidance RG Responsible entities may use risk indicators to provide an early signal of increasing risk exposures in various areas of the business. Regular reporting on the risk indicators can give the board and senior management an insight into the changes in the external and internal environment that may indicate risk concerns. It can also help ensure that risk levels are managed within defined tolerances. Page 23

24 D Managing risks Key points This section sets out our guidance for responsible entities on managing risks, including: determining appropriate risk treatments; controls or measures to manage or mitigate risk; use of technology; compliance with other relevant obligations as an AFS licensee dealing with residual risks; monitoring and review; and stress testing and scenario analysis. It also sets out our good practice guidance for managing risks. Determining appropriate risk treatments RG RG There are different ways that responsible entities may manage risks. For example, they may: (d) (e) do nothing if the identified risk is within acceptable risk tolerance levels; avoid the risk by not undertaking the relevant activities that give rise to the risk; prevent the eventuation of the risk through specific actions, such as developing rules and documented policies and procedures; reduce or mitigate the consequences or impact of realised risks (e.g. through contingency, emergency or business continuity plans); and/or transfer the risks to other parties, through insurance, outsourcing or indemnification. Risks faced by the business should be considered as a whole, given that some risks may be interrelated (e.g. liquidity and valuation risks). Controls or measures to manage or mitigate risks RG We expect responsible entities to have adequate controls to manage or mitigate risks (e.g. performance standards for external service providers). It is also important for the responsible entity to implement a control monitoring and assurance process that considers the: adequacy of coverage of controls and whether appropriate remediation and response strategies are in place for material risks; Page 24

25 effectiveness of internal controls designed to ensure risks have been mitigated; and appropriateness of monitoring strategies and ongoing testing (e.g. selfassessment, real-time transaction monitoring and reporting, and control assurance reviews by independent teams). RG RG The appendix to this guide includes examples of controls and measures for treating the risks that we consider are most relevant to the business of a responsible entity. The examples of risk treatments in the appendix are not mandatory. Nor are the risk management strategies exhaustive. We expect responsible entities to implement strategies for managing risks that are appropriate to the nature, scale and complexity of the business and scheme operated. Use of technology RG There are a variety of technological resources that can be used to help responsible entities manage risks. These technologies come in a variety of forms. These technologies can help by analysing and storing data, automating compliance processes, monitoring trading and streamlining regulatory reporting. External service providers may be used to facilitate this process and also to store data. The use of these technologies may result in enhanced and more cost-effective management of risks. However, it is important to ensure that there is appropriate human oversight and review of any technological resources used. Compliance with other relevant obligations as an AFS licensee RG Apart from the obligations contained within s912a(1)(h), we expect responsible entities to comply with their other existing obligations as an AFS licensee. As outlined in Table 3, many of these obligations are also relevant to assisting the management of risks. Table 3: Other relevant AFS licence obligations Obligation Explanation Further guidance Compensation for retail clients: s912b If financial services are provided to retail clients, an AFS licensee must have arrangements for compensating those persons for loss or damage suffered due to breaches by the licensee or its representatives. We consider adequate PI insurance is another important measure to manage operational risk. Regulatory Guide 126 Compensation and insurance arrangements for AFS licensees (RG 126) Page 25

26 Obligation Explanation Further guidance Adequate financial resources: s912a(1)(d) Adequate records of scheme operation: s601ha(1)(e) Adequate technological resources: s912a(1)(d) Breach reporting: s912d An AFS licensee must have adequate financial resources. All responsible entities must comply with minimum financial requirements. We consider these requirements are another important measure to assist and manage liquidity risk affecting the responsible entity itself. We expect responsible entities to ensure that their financial resources will be adequate to be able to carry on their business in compliance with their licensee obligations, or to wind up their business in an orderly manner. The compliance plan of a registered scheme must set out the arrangements for ensuring adequate records of the scheme s operations are kept. In complying with this obligation, we expect that a responsible entity will ensure that it keeps adequate records of the establishment, implementation and review of its risk management system for the schemes operated. An AFS licensee must have adequate technological resources. We expect that in complying with this obligation a responsible entity will maintain secure and stable information systems. This will assist in managing relevant risks, including system failure and malicious cyber activity. An AFS licensee must tell ASIC in writing within 10 business days about any significant breach (or likely breach) of their obligations. We expect that a responsible entity will ensure that it reports any breach of s912a(1)(h). We consider processes to identify, escalate, report and analyse breaches (including trends) can help manage risks. Regulatory Guide 166 Licensing: Financial requirements (RG 166) and Class Order [CO 13/760] Financial requirements for responsible entities and operators of investor directed portfolio services. Regulatory Guide 134 Managed investments: Constitutions (RG 134) Report 429 Cyber resilience: Health check (REP 429) Regulatory Guide 78 Breach reporting by AFS licensees (RG 78) Residual risks RG Residual risks often remain, even after measures to treat risks have been applied. Understanding the concept of residual risk is an important consideration when identifying, assessing and managing risks, as it determines whether residual risks are within acceptable risk tolerance levels or require further treatment. It can also help inform future risk assessments. Monitoring residual risks can help ensure they do not increase to a level above the responsible entity s risk appetite, and determine whether further treatment should be applied to manage those risks. Page 26

Risk management systems of responsible entities: Further proposals

Risk management systems of responsible entities: Further proposals CONSULTATION PAPER 263 Risk management systems of responsible entities: Further proposals July 2016 About this paper This paper sets out our proposals to provide guidance to responsible entities on our

More information

Adequacy of risk management systems of responsible entities

Adequacy of risk management systems of responsible entities REPORT 298 Adequacy of risk management systems of responsible entities September 2012 About this report This report discusses the key findings of a proactive ASIC review of risk management systems of selected

More information

ASIC Consultation Paper 204 Risk management systems of responsible entities

ASIC Consultation Paper 204 Risk management systems of responsible entities 17 May 2013 Ms Violet Wong Investment Managers & Superannuation Australian Securities and Investments Commission By email: reriskmanagement@asic.gov.au Dear Ms Wong ASIC Consultation Paper 204 Risk management

More information

Foreign collective investment schemes

Foreign collective investment schemes REGULATORY GUIDE 178 Foreign collective investment schemes June 2012 About this guide This guide is for operators of foreign collective investment schemes (FCIS) that are authorised in other jurisdictions

More information

Compensation and insurance arrangements for AFS licensees

Compensation and insurance arrangements for AFS licensees REGULATORY GUIDE 126 Compensation and insurance arrangements for AFS licensees March 2008 About this guide This guide is for Australian financial services (AFS) licensees and representatives, their advisers

More information

Prudential Practice Guide

Prudential Practice Guide Prudential Practice Guide SPG 220 Risk Management July 2013 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal advice and users

More information

Objectives and key requirements of this Prudential Standard

Objectives and key requirements of this Prudential Standard Prudential Standard SPS 220 Risk Management Objectives and key requirements of this Prudential Standard This Prudential Standard establishes requirements for an RSE licensee to have systems for identifying,

More information

Compensation and insurance arrangements for AFS licensees

Compensation and insurance arrangements for AFS licensees REGULATORY GUIDE 126 Compensation and insurance arrangements for AFS licensees October 2009 About this guide This guide is for Australian financial services (AFS) licensees and representatives, their advisers

More information

Draft Prudential Practice Guide

Draft Prudential Practice Guide Draft Prudential Practice Guide SPG 532 Investment Risk Management May 2013 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal

More information

Monetary Authority of Singapore BOARD AND SENIOR MANAGEMENT

Monetary Authority of Singapore BOARD AND SENIOR MANAGEMENT Monetary Authority of Singapore BOARD AND SENIOR MANAGEMENT March 2013 Table of Contents 1 Introduction 1 1.1 Overview 1 1.2 Board Matters 2 1.3 Matters Relating to Senior Management 4 1.4 Reporting to

More information

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards. Aurora Energy Risk Management Policy Version History REV NO. DATE REVISION DESCRIPTION APPROVAL 0 19/11/98 Risk Management Policy Prepared by: Manager Internal Audit 1 March 2007 Risk Management Policy

More information

Compensation and insurance arrangements for AFS licensees

Compensation and insurance arrangements for AFS licensees REGULATORY GUIDE 126 Compensation and insurance arrangements for AFS licensees December 2010 About this guide This guide is for Australian financial services (AFS) licensees and their representatives,

More information

Hedge funds: Improving disclosure

Hedge funds: Improving disclosure REGULATORY GUIDE 240 Hedge funds: Improving disclosure October 2013 About this guide This guide is for those involved in the issue and sale of hedge funds. It sets out our guidance for improved disclosure

More information

ASIC s power to wind up abandoned companies

ASIC s power to wind up abandoned companies REGULATORY GUIDE 242 ASIC s power to wind up abandoned companies January 2013 About this guide This guide is for employees of abandoned companies who are owed employee entitlements and other interested

More information

AMP Capital Investors Limited ABN 59 001 777 591 AFSL 232497. AMP Capital Derivatives Risk Statement

AMP Capital Investors Limited ABN 59 001 777 591 AFSL 232497. AMP Capital Derivatives Risk Statement AMP Capital Investors Limited ABN 59 001 777 591 AFSL 232497 AMP Capital Derivatives Risk Statement April 2015 Table of Contents 1. Responsible party... 3 2. Objective of the DRS... 3 3. Definition of

More information

Governance requirements for RSE licensees: proposed amendments

Governance requirements for RSE licensees: proposed amendments 26 June 2015 To All RSE licensees Background Governance requirements for RSE licensees: proposed amendments The Government has recently released for consultation proposed changes to the Superannuation

More information

Solvency II Detailed guidance notes

Solvency II Detailed guidance notes Solvency II Detailed guidance notes March 2010 Section 1 - System of governance Section 1: System of Governance Overview This section outlines the Solvency II requirements for an effective system of governance,

More information

Credit licensing: Competence and training

Credit licensing: Competence and training REGULATORY GUIDE 206 Credit licensing: Competence and training December 2009 About this guide This guide is for credit licensees and licence applicants. It provides guidance on how credit licensees can

More information

Proposed guidance for firms outsourcing to the cloud and other third-party IT services

Proposed guidance for firms outsourcing to the cloud and other third-party IT services Guidance consultation 15/6 Proposed guidance for firms outsourcing to the cloud and other third-party IT services November 2015 1. Introduction and consultation 1.1 The purpose of this draft guidance is

More information

Over-the-counter contracts for difference: Improving disclosure for retail investors

Over-the-counter contracts for difference: Improving disclosure for retail investors REGULATORY GUIDE 227 Over-the-counter contracts for difference: Improving disclosure for retail investors August 2011 About this guide This guide is for those involved with the issue, sale or advertising

More information

The APRA Supervision Blueprint

The APRA Supervision Blueprint The APRA Supervision Blueprint May 2015 www.apra.gov.au Australian Prudential Regulation Authority Contents Introduction 3 Section 1: Principles and approach 4 APRA s mission and supervisory approach 4

More information

Audit, Risk Management and Compliance Committee Charter

Audit, Risk Management and Compliance Committee Charter Audit, Risk Management and Compliance Committee Charter Woolworths Limited Adopted by the Board on 27 August 2013 page 1 1 Introduction This Charter sets out the responsibilities, structure and composition

More information

Market assessment report: Reuters Transaction Services Limited

Market assessment report: Reuters Transaction Services Limited REPORT 181 Market assessment report: Reuters Transaction Services Limited ARBN 108 137 766 November 2009 About this report This report summarises ASIC s fifth annual assessment of Reuters Transaction Services

More information

Sunsuper Pty Ltd ABN: AFSL No: RSE Licence No: L RSE Registration No: R

Sunsuper Pty Ltd ABN: AFSL No: RSE Licence No: L RSE Registration No: R Sunsuper Pty Ltd ABN: 88 010 720 840 AFSL No: 228975 RSE Licence No: L0000291 RSE Registration No: R1000337 Sunsuper Pty Ltd Sunsuper Superannuation Fund Sunsuper Financial Services Pty Ltd Sunsuper Pooled

More information

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES SD 0880/10 INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES Laid before Tynwald 16 November 2010 Coming into operation 1 October 2010 The Supervisor, after consulting

More information

Information guide: Accountants exemption reform

Information guide: Accountants exemption reform Information guide: Accountants exemption reform This information guide has been developed for members of CPA Australia and Chartered Accountants Australia and New Zealand (Chartered Accountants ANZ). 1.

More information

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES DRAFT FOR CONSULTATION June 2015 38 Cavenagh Street DARWIN NT 0800 Postal Address GPO Box 915 DARWIN NT 0801 Email: utilities.commission@nt.gov.au Website:

More information

DRAFT August Objective and key requirements of this Prudential Standard

DRAFT August Objective and key requirements of this Prudential Standard Prudential Standard SPS 512 Governance Transition Objective and key requirements of this Prudential Standard This Prudential Standard sets out minimum requirements for RSE licensees in relation to [Part

More information

Review of corporate governance reporting requirements within NZX Main Board Listing Rules

Review of corporate governance reporting requirements within NZX Main Board Listing Rules Review of corporate governance reporting requirements within NZX Main Board Listing Rules Discussion Document 2 November 2015 CONTENTS 1. Introduction... 3 2. Background... 5 3. Objectives of review and

More information

Final Draft Guidance on Audit Committees

Final Draft Guidance on Audit Committees Guidance Corporate Governance April 2016 Final Draft Guidance on Audit Committees The FRC is responsible for promoting high quality corporate governance and reporting to foster investment. We set the UK

More information

Credit licensing: Competence and training

Credit licensing: Competence and training REGULATORY GUIDE 206 Credit licensing: Competence and training July 2014 About this guide This guide is for credit licensees, licence applicants and unlicensed carried over instrument lenders (unlicensed

More information

Licensing: Financial product advice and dealing

Licensing: Financial product advice and dealing REGULATORY GUIDE 36 Licensing: Financial product advice and dealing August 2013 About this guide This guide is for persons who may provide financial product advice or deal in a financial product as defined

More information

Guidance Statement GS 003 Audit and Review Requirements for Australian Financial Services Licensees under the Corporations Act 2001

Guidance Statement GS 003 Audit and Review Requirements for Australian Financial Services Licensees under the Corporations Act 2001 GS 003 (October 2007) Guidance Statement GS 003 Audit and Review Requirements for Australian Financial Services Licensees under the Corporations Act 2001 Issued by the Auditing and Assurance Standards

More information

Hedge Fund Code of Practice

Hedge Fund Code of Practice Hedge Fund Code of Practice 2010 Introduction What does this Code of Practice cover? This Code of Practice ( the Code ) sets out best practice standards for Fund Managers of Hedge Funds in the DIFC (i.e.

More information

Code of Corporate Governance. Appendix 22 INTRODUCTION

Code of Corporate Governance. Appendix 22 INTRODUCTION Appendix 22 INTRODUCTION Corporate governance is a phrase used to describe how organisations direct and control what they do. For local authorities this also includes how a council relates to the communities

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

Guideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016

Guideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016 Guideline Subject: Category: Sound Business and Financial Practices No: E-21 Date: June 2016 1. Purpose and Scope of the Guideline This Guideline sets out OSFI s expectations for the management of operational

More information

Risk Management Policy Adopted by:

Risk Management Policy Adopted by: Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009

More information

Capital Requirements Directive Pillar 3 Disclosure. December 2015

Capital Requirements Directive Pillar 3 Disclosure. December 2015 Capital Requirements Directive Pillar 3 Disclosure December 2015 1. Background The purpose of this document is to outline the Pillar 3 disclosures for BlueBay Asset Management LLP ( BlueBay ). BlueBay

More information

Response to submissions on CP 146 OTC CFDs: Improving disclosure for retail investors

Response to submissions on CP 146 OTC CFDs: Improving disclosure for retail investors REPORT 246 Response to submissions on CP 146 OTC CFDs: Improving disclosure for retail investors August 2011 About this report This report highlights the key issues that arose out of the submissions received

More information

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012 GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental

More information

Doing financial services business in Australia

Doing financial services business in Australia REGULATORY GUIDE 121 Doing financial services business in Australia July 2013 About this guide This is a guide for people or companies from overseas who propose to conduct a financial services business

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

Draft Prudential Practice Guide

Draft Prudential Practice Guide Draft Prudential Practice Guide LPG 270 Group Insurance Arrangements December 2013 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is

More information

Mortgage schemes improving disclosure for retail investors

Mortgage schemes improving disclosure for retail investors REGULATORY GUIDE 45 Mortgage schemes improving disclosure for retail investors September 2008 About this guide This is a guide for responsible entities, compliance committees, compliance plan auditors,

More information

Capital Adequacy: Advanced Measurement Approaches to Operational Risk

Capital Adequacy: Advanced Measurement Approaches to Operational Risk Prudential Standard APS 115 Capital Adequacy: Advanced Measurement Approaches to Operational Risk Objective and key requirements of this Prudential Standard This Prudential Standard sets out the requirements

More information

on Asset Management Management

on Asset Management Management 2008 Guidelines for for Insurance Insurance Undertakings Undertakings on Asset on Asset Management Management 2 Contents Context...3 1. General...3 2. Introduction...3 3. Regulations and guidelines for

More information

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS 1.0 Introduction 1.1 Good corporate governance practice improves safety and soundness through effective risk management and creates the ability to execute

More information

Compliance Policy AGL Energy Limited

Compliance Policy AGL Energy Limited Compliance Policy AGL Energy Limited November 2013 Table of Contents 1. About this Document... 3 2. Policy Statement... 4 3. Purpose... 4 4. AGL Compliance Context... 4 5. Scope... 5 6. Objectives... 5

More information

Objectives and key requirements of this Prudential Standard

Objectives and key requirements of this Prudential Standard Prudential Standard SPS 310 Audit and Related Matters Objectives and key requirements of this Prudential Standard This Prudential Standard establishes requirements for the provision, to the Board and senior

More information

Basel Committee on Banking Supervision. Supervisory guidance for assessing banks financial instrument fair value practices

Basel Committee on Banking Supervision. Supervisory guidance for assessing banks financial instrument fair value practices Basel Committee on Banking Supervision Supervisory guidance for assessing banks financial instrument fair value practices April 2009 Requests for copies of publications, or for additions/changes to the

More information

PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2

PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2 PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2 PART II POLICY REQUIREMENTS...3 Investment and Risk Management Policy...3 Monitoring and Control...5 Roles of

More information

Licensing: Training of financial product advisers

Licensing: Training of financial product advisers REGULATORY GUIDE 146 Licensing: Training of financial product advisers July 2012 About this guide This is a guide for: advisers (i.e. Australian financial services (AFS) licensees and representatives who

More information

Central Bank of Ireland Guidelines on Preparing for Solvency II System of Governance

Central Bank of Ireland Guidelines on Preparing for Solvency II System of Governance 2013 Central Bank of Ireland Guidelines on Preparing for Solvency II System of Governance Contents 1 Context... 1 2 General... 2 3 Guidelines on the System of Governance... 3 3.1 Section I General Provisions...

More information

Statement of Guidance: Outsourcing All Regulated Entities

Statement of Guidance: Outsourcing All Regulated Entities Statement of Guidance: Outsourcing All Regulated Entities 1. STATEMENT OF OBJECTIVES 1.1. 1.2. 1.3. 1.4. This Statement of Guidance ( Guidance ) is intended to provide guidance to regulated entities on

More information

RISK MANAGEMENT AND COMPLIANCE

RISK MANAGEMENT AND COMPLIANCE RISK MANAGEMENT AND COMPLIANCE Contents 1. Risk management system... 2 1.1 Legislation... 2 1.2 Guidance... 3 1.3 Risk management policy... 4 1.4 Risk management process... 4 1.5 Risk register... 8 1.6

More information

Licensing: Financial product advisers Conduct and disclosure

Licensing: Financial product advisers Conduct and disclosure REGULATORY GUIDE 175 Licensing: Financial product advisers Conduct and disclosure May 2009 About this guide This is a guide for persons who provide financial product advice and their professional advisers

More information

Draft code of governance principles February 25, Institute of Directors in Southern Africa. All rights reserved Page 1

Draft code of governance principles February 25, Institute of Directors in Southern Africa. All rights reserved Page 1 DRAFT CODE OF GOVERNANCE PRINCIPLES FOR SOUTH AFRICA - 2009 KING COMMITTEE ON GOVERNANCE 2009 Institute of Directors in Southern Africa. All rights reserved Page 1 THE BUSINESS LEADERS Corporate governance

More information

Regulator Performance Framework: ASIC evidence metrics

Regulator Performance Framework: ASIC evidence metrics Regulator Performance Framework: Contents The Regulator Performance Framework (Framework) provides common performance measures to assess how Commonwealth regulators operate. The Framework is designed to

More information

Insurance Guidance Note No. 14 System of Governance - Insurance Transition to Governance Requirements established under the Solvency II Directive

Insurance Guidance Note No. 14 System of Governance - Insurance Transition to Governance Requirements established under the Solvency II Directive Insurance Guidance Note No. 14 Transition to Governance Requirements established under the Solvency II Directive Date of Paper : 31 December 2013 Version Number : V1.00 Table of Contents General governance

More information

Electronic trading REGULATORY GUIDE 241. About this guide. August 2013

Electronic trading REGULATORY GUIDE 241. About this guide. August 2013 REGULATORY GUIDE 241 Electronic trading August 2013 About this guide This guide is for market participants of the markets operated by ASX Limited (ASX), Chi-X Australia Pty Ltd (Chi-X) and Asia Pacific

More information

Resignation, removal and replacement of auditors

Resignation, removal and replacement of auditors REGULATORY GUIDE 26 Resignation, removal and replacement of auditors June 2015 About this guide This is a guide for public companies, responsible entities of registered managed investment schemes, Australian

More information

Capital Management Standard Banco Standard de Investimentos S/A

Capital Management Standard Banco Standard de Investimentos S/A Capital Management Standard Banco Standard de Investimentos S/A Level: Entity Type: Capital Management Owner : Financial Director Approved by: Board of Directors and Brazilian Management Committee (Manco)

More information

The Compliance Universe

The Compliance Universe The Compliance Universe Principle 6.1 The board should ensure that the company complies with applicable laws and considers adherence to non-binding rules, codes and standards This practice note is intended

More information

Guideline. Corporate Governance. Category: Sound Business and Financial Practices. I. Purpose and Scope of the Guideline. Date: January 2013

Guideline. Corporate Governance. Category: Sound Business and Financial Practices. I. Purpose and Scope of the Guideline. Date: January 2013 Guideline Subject: Category: Sound Business and Financial Practices Date: January 2013 I. Purpose and Scope of the Guideline The purpose of this guideline is to communicate OSFI s expectations with respect

More information

Derivative transaction reporting

Derivative transaction reporting REGULATORY GUIDE 251 Derivative transaction reporting February 2015 About this guide This guide is for reporting entities that are subject to the reporting obligations under the ASIC Derivative Transaction

More information

Part 1 Independent Auditor s report on financial statements

Part 1 Independent Auditor s report on financial statements Superannuation Industry (Supervision) Act 1993 (SIS Act) Section 35C Approved form This approved form is effective for reporting periods commencing on or after 1 July 2010. Please ensure that all parts

More information

Focusing on the purpose of the authority and on outcomes for the community and creating and implementing a vision for the local area

Focusing on the purpose of the authority and on outcomes for the community and creating and implementing a vision for the local area CODE OF CORPORATE GOVERNANCE INTRODUCTION Corporate Governance is a term used to describe how organisations direct and control what they do. As well as systems and processes this includes cultures and

More information

Managing Risk at Bank of America Corporation. Overview

Managing Risk at Bank of America Corporation. Overview Managing Risk at Bank of America Corporation Overview Risk is inherent in every material business activity that we undertake. Our business exposes us to strategic, credit, market, liquidity, compliance,

More information

Going Concern and Viability Statements

Going Concern and Viability Statements Going Concern and Viability Statements Introduction In 2014 the Financial Reporting Council (FRC) made changes to the UK Corporate Governance Code (the Code) implementing certain recommendations of the

More information

Risk Management at ANZ

Risk Management at ANZ Introduction ANZ recognises the importance of effective risk management to its business success. Management is committed to achieving strong control, and a distinctive risk management capability that enables

More information

Basel Committee on Banking Supervision. Review of the Principles for the Sound Management of Operational Risk

Basel Committee on Banking Supervision. Review of the Principles for the Sound Management of Operational Risk Basel Committee on Banking Supervision Review of the Principles for the Sound Management of Operational Risk 6 October 2014 This publication is available on the BIS website (www.bis.org). Bank for International

More information

Facilitating debt raising

Facilitating debt raising REGULATORY GUIDE 213 Facilitating debt raising May 2012 About this guide This guide is for listed entities, their advisers and investors involved in offers of quoted corporate bonds or convertible notes.

More information

CORPORATE GOVERNANCE FRAMEWORK

CORPORATE GOVERNANCE FRAMEWORK CORPORATE GOVERNANCE FRAMEWORK TABLE OF CONTENTS 1 INTRODUCTION 3 2 PURPOSE 3 3 SCOPE 3 4 GOVERNANCE PRINCIPLES 3 4.1 THREE LINES OF DEFENCE 4 4.2 COMBINED ASSURANCE 4 4.3 FIT AND PROPER REQUIREMENTS FOR

More information

A Guide to Corporate Governance for QFC Authorised Firms

A Guide to Corporate Governance for QFC Authorised Firms A Guide to Corporate Governance for QFC Authorised Firms January 2012 Disclaimer The goal of the Qatar Financial Centre Regulatory Authority ( Regulatory Authority ) in producing this document is to provide

More information

CONSIDERATIONS WHEN SELECTING AN AUSTRALIAN FINANCIAL SERVICES (AFS) LICENSEE

CONSIDERATIONS WHEN SELECTING AN AUSTRALIAN FINANCIAL SERVICES (AFS) LICENSEE CONSIDERATIONS WHEN SELECTING AN AUSTRALIAN FINANCIAL SERVICES (AFS) LICENSEE FOR CPA AUSTRALIA PUBLIC PRACTITIONERS FINANCIAL ADVISORY SERVICES Many practices provide integrated accounting and financial

More information

CAYMAN ISLANDS. Supplement No. 5 published with Gazette No. 19 dated 14 September, STATEMENT OF GUIDANCE: OUTSOURCING REGULATED ENTITIES

CAYMAN ISLANDS. Supplement No. 5 published with Gazette No. 19 dated 14 September, STATEMENT OF GUIDANCE: OUTSOURCING REGULATED ENTITIES CAYMAN ISLANDS Supplement No. 5 published with Gazette No. 19 dated 14 September, 2015. STATEMENT OF GUIDANCE: OUTSOURCING REGULATED ENTITIES Statement of Guidance: Outsourcing Regulated Entities 1. STATEMENT

More information

Improving consumer and investor confidence

Improving consumer and investor confidence Improving consumer and investor confidence A speech by Peter Kell, Commissioner, Australian Securities and Investments Commission ASFA NSW February Luncheon Briefing 14 February 2012 Introduction Thank

More information

Corporate Governance Requirements for Insurance Undertakings 2015

Corporate Governance Requirements for Insurance Undertakings 2015 2015 Corporate Governance Requirements for Insurance Undertakings 2015 3 Corporate Governance Requirements for Insurance Undertakings 2015 Table of Contents Section No. Contents Page No. 1 Scope 4 2 Definitions

More information

R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K

R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K VERSION REV 4.0 OWNER VP OPS AND ENG EFFECTIVE DATE MARCH 2014 REVIEW DATE MARCH 2014 1. PURPOSE, APPLICATION AND SCOPE This Management System

More information

Terms of Reference - Board Risk Committee

Terms of Reference - Board Risk Committee Terms of Reference - Board Risk Committee The Board Risk Committee is authorised by the Board to oversee the Group s risk management arrangements. It ensures that the overarching risk appetite is appropriate

More information

EUROPEAN CENTRAL BANK

EUROPEAN CENTRAL BANK 19.2.2013 Official Journal of the European Union C 47/1 III (Preparatory acts) EUROPEAN CENTRAL BANK OPINION OF THE EUROPEAN CENTRAL BANK of 24 May 2012 on a draft Commission delegated regulation supplementing

More information

MERCHANT NAVY OFFICERS PENSION FUND STATEMENT OF INVESTMENT PRINCIPLES

MERCHANT NAVY OFFICERS PENSION FUND STATEMENT OF INVESTMENT PRINCIPLES MERCHANT NAVY OFFICERS PENSION FUND STATEMENT OF INVESTMENT PRINCIPLES Introduction The main purpose of the MNOPF is the provision of pensions for Officers in the British Merchant Navy on retirement at

More information

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY RISK MANAGEMENT POLICY Approved by Governing Authority February 2016 1. BACKGROUND 1.1 The focus on governance in corporate and public bodies continues to increase. It resulted in an expansion from the

More information

COMPLAINT HANDLING POLICY

COMPLAINT HANDLING POLICY COMPLAINT HANDLING POLICY September 2012 Page 1 of 11 VERSION HISTORY RECORD OF CHANGES 15/05/02 Document Created 23/07/03 Updated on establishment of business 12/12/05 Review of Policy 04/06/09 Review

More information

SPG 223 Fraud Risk Management. June 2015

SPG 223 Fraud Risk Management. June 2015 SPG 223 Fraud Risk Management June 2015 Disclaimer and copyright This prudential practice guide is not legal advice and users are encouraged to obtain professional advice about the application of any legislation

More information

Basel Committee on Banking Supervision - Guidelines on the corporate governance principles for banks

Basel Committee on Banking Supervision - Guidelines on the corporate governance principles for banks Basel Committee on Banking Supervision - Guidelines on the corporate governance principles for banks Basel Committee on Banking Supervision Guidelines on the corporate governance principles for banks (

More information

Governance, Risk & Compliance Management. Julian Hunn, Operations Manager Professional Standards

Governance, Risk & Compliance Management. Julian Hunn, Operations Manager Professional Standards Governance, Risk & Compliance Management Julian Hunn, Operations Manager Professional Standards Session Plan GRC Governance, Risk & Compliance Management What is corporate governance? Directors duties

More information

TGA key performance indicators and reporting measures

TGA key performance indicators and reporting measures TGA key indicators and reporting measures Regulator Performance Framework Version 1.0, May 2015 About the Therapeutic Goods Administration (TGA) The Therapeutic Goods Administration (TGA) is part of the

More information

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting Guidance Corporate Governance Financial Reporting Council September 2014 Guidance on Risk Management, Internal Control and Related Financial and Business Reporting The FRC is responsible for promoting

More information

CRO Forum Paper on the Own Risk and Solvency Assessment (ORSA): Leveraging regulatory requirements to generate value. May 2012.

CRO Forum Paper on the Own Risk and Solvency Assessment (ORSA): Leveraging regulatory requirements to generate value. May 2012. CRO Forum Paper on the Own Risk and Solvency Assessment (ORSA): Leveraging regulatory requirements to generate value May 2012 May 2012 1 1. Introduction 1.1. Purpose of the paper In this discussion paper

More information

MLC Derivatives Policy

MLC Derivatives Policy MLC Derivatives Policy 1 Overview The purpose of this policy is to provide guiding principles and policy directives for the use and oversight of derivatives used within the products, investment portfolios

More information

Disclosure: Product Disclosure Statements (and other disclosure obligations)

Disclosure: Product Disclosure Statements (and other disclosure obligations) REGULATORY GUIDE 168 Disclosure: Product Disclosure Statements (and other disclosure obligations) October 2011 About this guide This is a guide for persons responsible for Product Disclosure Statements

More information

Prudential Practice Guide

Prudential Practice Guide Prudential Practice Guide LPG 260 Conflicts of Interest under Section 48 March 2007 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is

More information

GUIDELINES ON INVESTMENT MANAGEMENT FOR LABUAN INSURANCE AND TAKAFUL BUSINESS

GUIDELINES ON INVESTMENT MANAGEMENT FOR LABUAN INSURANCE AND TAKAFUL BUSINESS GUIDELINES ON INVESTMENT MANAGEMENT FOR LABUAN INSURANCE AND TAKAFUL BUSINESS 1.0 Introduction 1.1 The Guidelines on Investment Management for Labuan Insurance and Takaful Business (the Guidelines) sets

More information

Government Owned Corporations. Corporate Governance Guidelines for Government Owned Corporations

Government Owned Corporations. Corporate Governance Guidelines for Government Owned Corporations Government Owned Corporations Corporate Governance Guidelines for Government Owned Corporations Version 2.0 The State of Queensland (Queensland Treasury) The Queensland Government supports and encourages

More information

Risk and Audit Committee Terms of Reference. 16 June 2016

Risk and Audit Committee Terms of Reference. 16 June 2016 Risk and Audit Committee Terms of Reference 16 June 2016 Risk and Audit Committee Terms of Reference BHP Billiton Limited and BHP Billiton Plc Approved by the Boards of BHP Billiton Limited and BHP Billiton

More information

High level principles for risk management

High level principles for risk management 16 February 2010 High level principles for risk management Background and introduction 1. In their declaration of 15 November 2008, the G-20 leaders stated that regulators should develop enhanced guidance

More information

Example Statement of Advice: Scaled advice for a new client

Example Statement of Advice: Scaled advice for a new client REGULATORY GUIDE 90 Example Statement of Advice: Scaled advice for a new client August 2013 About this guide This guide is for Australian financial services (AFS) licensees, authorised representatives,

More information