alfi risk management 170412

7/27/2019 ALFI Risk Management 170412

http://slidepdf.com/reader/full/alfi-risk-management-170412 1/64

risk management

guidelines

in association with



Foreword 4

Chapter I 6 Bs pcic psls ogisi ris Fuci

UCItS Mgm Cm UCItS Ism Cm 8

Chapter II 29 Guic is miig ucis usuc/

lg b mgm cm ism cm 30

Chapter III 44

aLFI ius - clll mgm 46

aix I - glss 59

aix II - aLFI ris Mgm Cmmi SC 62

table o contents



oreword

The nancial crisis has demonstrated how

important it is to have in place an eective

and robust risk management organisation.

In today’s ever more complex businessenvironment investment rms are required

to implement sound risk principles and

oversight mechanisms. This is not only o

interest or individual entities, but or the

nancial groups overall. The global

integration o markets, business and

operations triggers an integrated risk

management ramework. Risk management

has become a dominant topic in a number o

recent regulations. Whereas in the context o UCITS IV risk management has been

conrmed and clearly be expanded beyond

the traditional ocus on market risk, the

AIFMD has now introduced this broad

concept o risk management as an integral

part o the responsibilities o the AIFM.

In addition to the product specic risk

management regulations, the EU regulator

prepares new guidelines regarding the

trading o OTC derivatives and central

counterparties.

Besides ostering a risk awareness culture

and a holistic approach to risk management

as such, it has become apparent that risk

governance is paramount to the successul

business conduct.

As the European centre or UCITS und

domiciliation and distribution, Luxembourg

is positioned as the crossroad o regulatoryrisk management requirements and distribu-

tion risk reporting.

In practice, the und industry has organized

its risk management processes in a

centralized manner, supported by dedicated

‘centers o excellence’ dened within each

major asset management group. The

centralization is a consequence o the

increased sophistication o the riskmanagement as well as the economies o

scale in terms o systems and data history.

We believe that the scope o risk manage-

ment as required by the regulator does

broaden the responsibilities o the manage-

ment company and by such the riskmanagement unction. Due to its exposed

positioning in product governance and

international distribution, Luxembourg has

developed the overall understanding o the

entire value chain and is as such well placed

to play a leading role in risk management.

In light o the holistic risk management

approach, ALFI has created within its risk

management committee which ocuses and

all aspects o risk management in relation toLuxembourg domiciled investment unds,

proposes common interpretations, simplica-

tions or market industry standards and

prepares responses to consultations issued

by national or international bodies.

The working groups (market risk, liquidity

risk, credit and counterparty risk as well as

operational risk) address the risk categories

as outlined by the UCITS IV Directive and

its implementing measures. In the present

guidance paper, we hereby present the rst

results o some o these working groups.

We attached a special ocus on the key risk

topics that are newly addressed by UCITS IV.

It is the intention o this publication to assist

the market players in the pragmatic opera-

tional implementation o these regulations.

1 Liquii is

Q The liquidity risk is a risk which has been

underestimated or quite a long period, in

particular or certain asset classes

‘assumed’ to be liquid based on quotes

rom a limited number o market makers.

Measuring the liquidity risk is subject to

two main dimensions, (i) assets and (ii)

liabilities o the UCITS. In particular the

liability aspect is tricky due to the

‘intransparent’ and very complex

distribution structure making a ull

assessment o the investor base impossible.The present guidance intends to propose

practical measures to address asset

liquidity management.

Fostering a holistic

approach to risk

management moving

up the agenda



2 Ci & cu is

Q The assessment o counterparty risk has

undergone a complete reversal and has

become a major risk to be managed or allUCITS dealing in OTC contracts. In

particular the measurement o the risk as

well as the changing market practice with

regards to collateralisation put additional

pressure on risk management and

operational procedures or ManCo’s. The

role o the collateral managers in relation

to the depositary is currently unclear and

triggers additional issues one needs to take

into consideration. The guidance paper

summarises sound industry practicesregarding counterparty risk mitigation and

collateral management.

3 oil is

Q The need to manage operational risk is

well known and thus not a new aspect in

the und industry, but has become a ocal

point or regulation in the last years. The

term itsel reers to potential causes o loss

arising rom deciencies in internal controls,

human errors, physical systems ailures,and other business execution risks as well

as external events. Since Luxembourg is

traditionally making use o delegations to

third parties, the market participants have

built up experience in managing

outsourcing risks over many years. The

guidance paper has summarised selected

best practice measures to monitor

outsourced unctions and und specic

measures on operational risks.

However, the guidance given has to be put

into perspective o the respective company

environment and business model. Also, the

risk management process is subject to the

principle o proportionality as introduced

by UCITS IV.

We would like to thank all the participants o

the working groups or their dedication and

most valuable input. We are very much

looking orward to the new guidance paperscurrently in process as well as meeting you on

the events we will organize in the next months.

We hope that you nd these Guidelines

interesting and useul.

Sincerely,

ALFI

Association o the Luxembourg Fund

Industry



chapter I

Best Practice Proposals or theOrganisation o the Risk Function oa UCITS Management Company orUCITS Investment Company



IntrodUCtIon and LeGaL and reGULatory FraMework 8

1 IntrodUCtIon 8

2 key LeGaL and reGULatory FraMework 8

rISk ManaGeMent prInCIpLeS, rISk ManaGeMent FUnCtIon and

other ControL FUnCtIonS 9

1 rISk ManaGeMent FUnCtIon - prInCIpLeS 9

2 rISk ManaGeMent and ItS reLatIonShIp wIth

other ControL FUnCtIonS 10

BeSt praCtICe propoSaLS on praCtICaL IMpLeMentatIon oF

a rISk ManaGeMent FUnCtIon 12

1 GovernanCe and orGanISatIon 12

1.1 esblism rM uci 12

1.1.1 rl MC B dics 12

1.1.2 rl Si Mgm/Cucig oics 12

1.2 exmls rM gc sucus 13

1.2.1 Lg/M Cmlx Mgm Cm Sucus 13

1.2.2 Smll Mgm Cm Sucus 14

1.2.3 o gisil sucus 15

1.3 ris Mgm Sg/plic 16

2 IdentIFICatIon oF rISkS 172.1 pil riss icl cig UCItS 18

2.2 pil riss cig b UCItS MC 18

3 MeaSUreMent and ManaGeMent oF rISkS 20

4 reportInG 21

4.1 Gl icils ci rig riss Si

Mgm B 21

4.2 C Fquc rig 22

4.2.1 C Fquc ig Cos 22

4.2.2 C Fquc ig Mgm Cm SICav B 23

roLe oF rISk ManaGeMent In the LIFe-CyCLe oF a FUnd 24

appendIX LawS and reGULatIonS 25

Content



Best Practice Proposals or the Organisation o the Risk Function o

a UCITS Management Company or UCITS Investment Company

Introduction and legal

and regulatory

ramework

1 Iuci

Recent EU regulation, as implemented in

Luxembourg by the Law o 2010,

introduced in connection with the latestrevision to the UCITS Directive, has ocused

attention on the requirement or

management companies, pursuing the

activity o management o a UCITS, and

investment companies, that have not

designated a Management Company (Sel

Managed SICAV), to have in place an

adequate Risk Management (‘RM’) unction

that is proportionate to the business

conducted by those companies and the risk

proles o the UCITS which they manage.

The aim o this document is:

Q to highlight, in the rst place, the key legal

and regulatory sources in relation to RM in

order to get a common understanding

thereo and;

Q to propose a set o best practices that the

Boards and Senior Management o

Management Companies and Investment

Companies may wish to consider when

developing, or reviewing the adequacy o,their RM unctions.

Throughout this document ManCo will be

used to reer to a management company, or

a sel managed investment company where

no management company has beendesignated.

2 k lgl gul m

In relation to risk management a number o

laws and regulations have been issued on

European and Luxembourg level. In the

ollowing, please nd a brie overview table

including a non-exhaustive list o the key

legal and regulatory ramework in relation

to risk management.

rgul m ris Mgm

eu Ui Luxmbug

Level 1 legislation Directive 2009/65/EC Law o 17 December 2010

Uigs Cllci Ism

(2010 L lcs 2002 L)

Level 2 implementing

measures

Commission Directive 2010/43/EU CSSF Regulation No 10-4

Level 3 guidelines • ESMA Guidelines 09/178 s gs is mgm icils UCItS

• ESMA Guidelines 10/788 is msum clculi glbl xsu

cu is UCItS

• ESMA Guidelines 11/112 s gs is msum clculi

glbl xsu ci s sucu UCItS

CSSF Circular 11/498

CSSF Circular 11/508CSSF Circular 11/512

For some urther details see Appendix on page 25 to this document.



Risk Management

Principles, Risk

Management Function

and Other ControlFunctions

1 ris Mgm Fuci - picils

Risk management should be an integral part

o a ManCo’s control ramework and in

addition to the regulatory obligations aneective RM unction should assist the Senior

Management and Board o Directors in:

Q Optimising growth without exposing the

organisation to undue risk;

Q Demonstrating due diligence in daily

management;

Q Promoting proactive management and

early identication o risk;

Q Increasing accountability and

responsibility in the organisation;

Q Avoiding unnecessary risk exposures.

The management o risks is everyone’s

responsibility and needs to be enorced rom

the top o the organisation. A culture o risk

awareness and risk management within an

organisation is essential or a RM unction

to be eective.

The Board o Directors is thereore

ultimately responsible or ensuring that the

ManCo eectively manages its risk and therisks in the UCITS which it manages and

that it has policies and procedures in place

to measure and manage those risks.

A is mgm uci should be able

to perorm its role independently rom

operating units allowing the persons

responsible or risk management to interact

reely with all areas o the ManCo or the

purpose o identiying and escalating risk

issues or control gaps without any confictso interest. Its reporting line should be directly

to the Senior Management and/or to the

Board o Directors o the ManCo. Its resources

should commensurate with the size o the

institution, and the nature and complexity o

its activities. The sta executing the unction

has to have appropriate expertise and

knowledge o the ManCo business and o the

UCITS that it manages.

I the mc is mgm

uci is lg i , the

external rm must have access to all relevant

inormation and report to the SeniorManagement and/or Board o Directors o

the ManCo. In case o a delegation Senior

Management and/or the Board o Directors

retains ull responsibility or the eective

and appropriate execution and monitoring

o risk management. The entity providing

the outsourcing service must have sucient

technical and proessional expertise to

execute the unction. The entity providing

the outsourcing service should be assessed

regularly to ensure proper and eectivesupervision o the outsourced unction.

ManCos, in particular those that are part o

larger Group companies, may also

usuc scifc is mgm

csss to other areas o expertise (either

internal or external). The role o the local

risk management unction in this case will be

one o oversight on and coordination with

the outsourcing partner, i.e., ensuring that

the right risk inormation is received. Inthese cases, it is important that the local risk

management unction has sucient

knowledge to adequately oversee and

challenge the outsourcing partner and

provide adequate reporting to senior

management and/or the Board.

As a ManCo may decide to outsource all or

part o the risk management unction,

reerence can also be made to the Chapter II

”Guilis p ris Miig Fucis ousuc/dlg B

Mgm Cm Ism

Cm“ which has been produced by the

ALFI Technical Committee.

Each ManCo shall establish a rM m,

which comprise the ollowing components:

Q Governance and organisation o Risk

Management;

Q Identication o risks;

Q Measurement and management o risks; Q Reporting o risks and related inormation.





Gc

gisi ris

Mgm

Iifci issMsum

Mgm issrig iss

l imi

Q Establishment o RM Function

(structure, proportionality)/

Roles and responsibilities

Q Risk management strategy

Q Identication o all relevant

risks or the ManCo and the

unds it manages.

Q Measure risks using

appropriate methods

Q Dene risk limits

Q Monitor compliance with

risk limits

Q Take appropriate actions in

case o limit breaches

Q Eective reporting to Senior

Management and the Board

Q Reporting to regulators

Risk Management and

its relationship with

other control unctions

al UCItS III s m

ris mgm uci. I ii,

UCItS Iv gulis ls qui

MC m Cmlic

Il aui uci; i c is

s cl ucis ligs UCItS i

MIFId quims i is g.

I g bi i c

cl uci summis scs. t m b ci

cl ucis

ulicig b cig u simil

cls, i cic ulfl

i ls ii MC.

ris Mgm has the ollowing

responsibilities as dened by CSSF

Regulation 10-4 Article 13 paragraph 3:

Q To implement the risk management policy

and procedures; Q Ensure compliance with the UCITS’ risk

limit system including statutory limits

concerning global exposure and

counterparty risk;

Q Provide advice to the Board o Directors as

regards the identication o the risk prole

o each managed UCITS;

Q Provide regular reports to the Board o

Directors on; the consistency between the

current levels o risk incurred by each

managed UCITS and the risk prole orthat UCITS, the compliance o each

managed UCITS with relevant risk limit

systems, and the adequacy and

eectiveness o the risk management

process including whether remedial

measures have been taken;

Q Provide regular reports to Senior Management

outlining the current level o risk incurred by

each managed UCITS and any actual or

oreseeable beaches o their limits;

Q Review and support the arrangements

and procedures or the valuation o OTC derivatives.

Cmlic has the ollowing



Q To monitor and, on a regular basis, to

assess the adequacy and eectiveness o

the measures, policies and procedures put

in place to detect any risk o ailure by the

ManCo to comply with its obligations

under the Law o 17 December 2010; Q To advise and assist the relevant persons

responsible or carrying out services and

activities in compliance with the ManCo

obligations under the Law.

Il aui has the ollowing



Q To establish, implement and maintain an

audit plan to examine and evaluate the

adequacy and eectiveness o the ManCosystems, internal controls mechanisms and

other arrangements;

Each o the ramework components will be explained below in the context o how to practically implement a risk management

unction and a risk ramework in a ManCo.



Q To issue recommendations based on the

result o work carried out under the audit

plan and to ensure the recommendations

are complied with;

Q To report to Senior Management on a

requent basis in relation to internal audit

matters, indicating whether appropriate

remedial measures have been taken.

Ilusi ris Mgm uci is lisii cl ucis

Il ui

ris mgm cmlic

B &Si

Mgm

ois/ucis

Oversight

3rd line of defence

2nd line of defence

1st line of defence





Best Practice proposals

on practical implemen-

tation o a Risk

Management Function

I llig scis umb

xmls i s

ciis m g bu imlmig

ig UCItS cmli risMgm Fuci.

1 Gc ogisi

1.1 Establishment of a RM function

As the diagram below shows, a Risk

Management unction, together withCompliance and Internal Audit, should

support the Board o Directors and Senior

Management o the ManCo in ullling their

responsibilities towards internal control o

the ManCo. In this section we look at the

role o the Board and Senior Management in

the establishment o a RM unction.

Suisuci

SiMgm

oucis

B

dics*

Cucig

ofcs/

diig

Cmlicris

MgmIl aui

1.1.1 Role o the ManCo Board o Directors

To ull the requirements o the regulations

and ESMA guidelines the ManCo Board o

Directors may consider, or ull, the

ollowing roles:

n Deinition/approval o the company’s risk

principles/strategy;

n Authorisation o Senior Management toset up the RM unction;

n Promote the development o risk measures

n Periodic review o eectiveness o the RM

unction and policies;

n Review o how the company manages risk;

n Act as a direct line o escalation;

n Approve the documented Risk

Management Process (RMP);

n Approve the risk prole or each UCITS

as well as the risk limits and changes;

n Promote the implementation o a robustand pervasive risk culture;

n Approve and review the adequacy and

eectiveness o the risk management policy.

1.1.2 Role o Senior Management/

Conducting Ocers

Senior Management/Conducting Ocers o

the ManCo will typically be involved in the

RM process either in a supervisory and

oversight role, by assuring that the required

regulatory tasks are perormed in an appropri-

ate manner and by the approval o the docu-

mented Risk Management Process (RMP).They will also be the rst point o escalation

or all RM matters and provide regular

reporting to the Board o directors.

Collectively the BOD, Senior Management

and the persons appointed to conduct risk

management must have the competencies to

understand and to be able to identiy,

measure and manage the risks in the ManCo

and the UCITS that they manage.

* Normally the BoD

oversees the senior

management – depending

on the size and setup o

the ManCo the BoD

could be involved in

executive unctions.



1.2 Examples for RM governance structures

w sig-u

rM Fuci su i ulfls

is m is il busiss MC?

Q dci sucu

- d I s rM m

(ili scs)?

- I s, I c ull-s

rM m I us xl

sic i?

- I , ill is b m b Co

usuc?

Q Imlm sucu b fig ls

ssibiliis ii cs

sucu

1.2.1 Larger/More Complex Management

Company Structures

Such structures are likely to establish anindependent risk management unction

managed by a Chie Risk Ocer reporting

to Senior Management or the Board. Larger

or more complex organisations may require

that a Risk Committee be established as a

sub-committee o the Board to ocus solely

on risk management issues.

In accordance with CSSF Regulation all, or

parts, o the risk management unction may

also be outsourced to other parts o theManCo’s Group Company or to a suitably

qualied third party. I the outsourcing route is

ollowed there will still need to be a

Conducting Ocer o the ManCo appointed

as the responsible person or risk management

and to whom the outsourced unction reports.

Diagrammatically the RM unction may t

into the ManCo structure as ollows:

Sisic Sucu

1 However, a management company providing, in addition to collective portolio management, one or more other services as reerred to in Article 101 (3) o the 2010 Law may not

delegate the compliance unction. It should be remembered that, in accordance with item 5.4.9. ) o Circular IML 98/143, a management company having one or more branches is

not authorised to use an external expert specialised in internal audit. This management company shall thereore have its own internal audit department on a permanent basis.

Board o the SICAV/ManCoManagement

committee

Internal

audit/compliance*(1)

Investment

compliance*Transert

agent*Fund

accounting*Investment

manager*Distributors*

Risk management committee

Conducting OfcersHead o risk, Heads o departments

Risk management/

committee

External

auditors

Depositary/

custodian

* These unctionscan be providedin-houseby the ManCoor outsourced





In larger ManCo structures dierent types o

risk (see section 2 Identication o Risks)

may be managed in dierent locations.

For example:

Those risks - in particular the Portolio risks

- which are specic to the investment

management o the UCITS may be managed

by risk unctions that are located

geographically with the delegated investment

managers or the UCITS.

Operational risks are likely to be managed in

the country o the ManCo where Fund

Administration and Custody are domiciled.While Risk managers covering other risks,

such as Technology, may be located in yet

another location.

In such structures particular attention needs

to be paid to the escalation and reporting

processes to ensure that Senior Management

and the Board o Directors are kept adequatelyinormed (see section 4 Reporting).

1.2.2 Smaller Management Company

Structures

Smaller rms may comply in dierent

manners, depending on the risk prole and

strategies o the UCITS that they manage.

Outsourcing could in many cases be the

preerred solution, provided that the Board/

Senior Managers keep the responsibility o developing and controlling the risk

management ramework and the oversight o

an outsourced task.

1 However, a management company providing, in addition to collective portolio management, one or more other services as reerred to

in Article 101 (3) o the 2010 Law may not delegate the compliance unction. It should be remembered that, in accordance with item

5.4.9. ) o Circular IML 98/143, a management company having one or more branches is not authorised to use an external expert

specialised in internal audit. This management company shall thereore have its own internal audit department on a permanent basis.

Board o the SICAV/ManCo

Internal audit/

compliance(1)

risk management*

Investment

compliance*Transert

agent*Fund

accounting*Investment


Conducting OfcersExternal

auditors

Depositary/

custodians

Siml sucu

* These unctions can be provided in-house by the ManCo or outsourced



Examples o possible structures or smaller

entities may be:

Q The Board appoints a conducting ocerresponsible or Risk Management. The

conducting ocer may also be a Board

member. This person will be in charge o

ensuring that a complete risk management

ramework/process is in place as a separate

document or as part o the company’s

procedures and that regular reporting to

board and escalation is properly perormed;

Q A risk manager, reporting to the Board or

a Senior Manager is appointed to ensure

oversight o the delegated riskmanagement unction, as described above;

Q The Board can appoint a non-executive

committee, i.e. a Risk Management

Committee, who will be in charge o

ensuring oversight o the outsourced risk

management unction, reporting and

escalation to the board and the conducting

ocer responsible or risk management.

1.2.3 Other organisational structures

Other combinations o the examples above

could be put in place provided the

mentioned core principle o keeping control

and oversight at Board/Senior management

level is respected.

B SICav/MC

Cucig ofc

ssibl ris

Mgm

ousuc ris Mgm

Sic pi

F xml:





1.3 Risk Management Strategy

hig g i rM

gisil sucu - lig i ll MC is sgis - rM

uci mus g i B,

Si Mgm, is sg

MC m

Fuci. tis ill c is xc

ris Mgm, ic is cgis

sul b csi, m scli

ig ill , c.

t is sg MC sul b

mul b ris Mgmpcss is cum i il

submissi CSSF i ccc

i Cicul 11/512.

The denition o a Risk Management

strategy o a ManCo is a useul tool or a

risk management unction (and/or or Senior

Management) to agree with the responsibleorganisational body (i.e. the BoD o the

ManCo) the scope o the mandate or Risk

Management. The RM strategy can be a

high-level description documenting the

dened RM governance (including roles and

responsibilities) as well as providing a

statement on risk appetite and the

expectations towards RM.

Low level o‘technical’

details

ris Mgmpcss

Scifc plicispcss pcus

ris

MgmSg

High level

o detail

In addition to the general risk strategy, a

ManCo must provide a Risk Management

Process (RMP) to the CSSF documenting the

detailed structures o Risk Management as

well as the Risk Policy (which itsel outlines

the procedures implemented or

the identication, measurement,

management and reporting o risks).

It is required to have a holistic view on the

risks a UCITS is exposed to as UCITS IV

denes a broad scope or Risk Management.

In addition to the RMP, urther process

documentation or RM processes and/or

specic RM policies (or related documents)

can help to clariy the tasks o the

RM unction.



pli iss

riss ill cig b UCItS MC

oil iss

2 Iifci riss

t Bod Si Mgm

MC m is s msls llig -xusi qusis:

h ii il iss

ii MC UCItS

mg? (Iifci)

h i s iss xis

ii u busiss? (Iifci)

I xis i

s sigifc is?

(Msum)

Is is xsu / il lssccbl MC? (Msum

Mgm)

The risk strategy o the ManCo should be

ormulated beore the Risk ManagementProcess is documented in detail or

submission to the CSSF in accordance

with Circular 11/512.

Each ManCo will have to identiy on

on-going basis the specic risks to be

covered within the risk strategy/risk

management policy – based on the nature,

scale and complexity o its business and

the risk proles and strategies o the UCITS

it manages – the ollowing aims to providea non-exhaustive list o potential risks that

a ManCo should be considering.

M isCi is

(Issu/Cp)Liquii is

o

Ism is

p+L

m is

Busiss/

puc is

exml:

Fm is cgis UCItS Mgm Cm

riss icl cig UCItS riss cig MC

Ism

mc

is

...

MC

Liquii

is

...

tcicl

sucs ispl is

ogisil

is

exl cs

is

Lgl/

gul istx is

disibui

is...

ruil

is





2.1 Potential Risks directly affecting UCITS

Each ManCo will have to speciy a ramework

or risks that have the potential to directlyaect the UCITS it manages (in line with

UCITS IV denition).

From the point o view o investors, UCITS are

subject to nancial risks and to certain

operational risks that can materialize into

capital losses or poor investment perormance.

The ramework may specically include the

ollowing risk categories:

Investment related risks

Q Market risk

Q Credit risk (issuer and counterparty risks)

Q Liquidity risk

Q Investment perormance risk

(e.g. underperormance vs.

benchmark/"Peer Group", etc.)

Among nancial risks, market risk is typically

reerred to as the risk o fuctuations in the

market value o the securities held by theUCITS, which may vary over time refecting

dierent market conditions. In ecient

markets, market risk may be considered as

the only value-related relevant risk actor,

either at the level o each security held by the

und or at the level o the entire portolio.

However since markets can have discontinuous

fows o inormation (that is, inormation can

be incomplete and asymmetrically distributed),

or are dispersed and consequently not able toproduce a robust stream o prices (in the case

o OTC bilateral trades), nancial exposure to

some classes and types o asset (ABS, OTC

derivatives etc.) eligible or UCITS investment

cannot be addressed by a single risk driver. With

such positions, market risk can still be thought

o as capturing the exposure to standard

movements in micro-economic and/or macro-

economic variables (sales, prots, equity

premium, interest rates and exchange rates).

Other risk actors, such as credit,

counterparty and liquidity risk, may impair

the trading conditions o certain securities

(illiquidity) or the credit rating o specic

issuers (deault) or counterparties o bilateral

transactions (insolvency). Specic risks, suchas credit or liquidity risk, may also reer to

the exposure to sudden sharp changes in the

macroeconomic environment (such as a

widening o risk premium - a “fight to

quality”- or a downgrading o a specic

sector or sovereign exposures).

When actors other than market risk become

relevant the overall nancial exposure o an

investment und may depend also on

additional specic risk drivers that emergeonly at the aggregate portolio level. This is

the case, or instance, or concentration risk

or or certain aspects o liquidity risk, when

liquidity is understood as the ability o a

UCITS to meet, at a reasonable cost, its

obligations (redemptions or debt

reimbursement) as they become due.

2.2 Potential Risks affecting both

UCITS and ManCo

Operational risks which may materially

aect the UCITS (these may also eect

the ManCo)

Q Technical resources/IT related risks

Q People risks

Q Organisational/Process risks

Q External actor risks

Q Fraud risks

Q Delegated unction risks

From the point o view o UCITS investors,

operational risks are attached to the dierent

eatures and quality o the trading, settlement

and valuation procedures operated by

ManCos and their service providers, which

may increase the chances o losses due to

human or technical errors. However, it must

be noted that as the burden o operational

risks is principally placed upon the ManCo,

only those operational risks that also aect

investors’ interests by their direct impact onthe und’s portolio should be considered.



Legal/regulatory risks (these may also aect

the ManCo)

UCITS and any type o ManCo (Chapter 15and 16 o the Law o 2010) must comply with

a wide range o laws and governance -

imposed or industry standards regulations.

While compliance risk can be monitored and

recognised, legal risks are sometimes

unanticipated. Compliance-related risks

shall be considered as a component in the

risk management ramework. The nature o

those compliance-related risks needs to be

communicated and understood through all

levels o the ManCo. The compliance unctionshould monitor all issues relating to legal and

regulatory compliance and provide reports to

Senior Management/Conducting Ocers on a

regular basis, i necessary in cooperation with

the risk management unction.

Model risk

Models are used to support risk management

to measure and monitor various types o

risks aecting a UCITS respectively aManCo and thus are important tools to help

risk managers. However, one also needs to

understand the assumptions the various risk

models rest on and thus the possible

vulnerabilities respectively simplications o

their risk measurement techniques and

models (e.g. back testing outlier can give

indication on the quality a VaR model).

Thereore, a ManCo needs to assess and

review its risk measurement ramework on

an on-going base in order to ensure itsviability and robustness; i.e. to understand

suciently the shortcomings/risks o models.

Other types o risks

Risks evolve over time due to changes in the

environment, in the product or changing

circumstances. It is important that new risk

exposures which can become signicant are

identied quickly, so these risks can be

managed beore they cause signicant lossto the entity. There should be a mechanism

to periodically assess whether risk

exposures have changed. For example, the

recent nancial crisis has demonstrated that

custody risk and raud risk may not have

been adequately considered in someprevious risk management rameworks

applied to UCITS.

Potential Risks aecting the Management

Company

The ramework o risks will also include

those risks that directly aect the

Management Company:

Q Reputational risk

Q Own investment risk particularly inrelation to the provision o seed capital

Q Prot and Loss market risk

Q Business/Product risk

Q ManCo liquidity risk

The Management Company itsel is aced

with business risks linked to its specic

activities (e.g. processing transactions,

carrying out oversight, distributing

products), and compliance risks due to

increasing regulatory requirements in respecto, or example, investor protection

measures. In addition, i part o the

Management Company’s cash is invested in

market products, then market risk also

become relevant.

Any o the risks relating to the Management

Company’s activities or relating to the

investment und’s activities being managed,

which leads to signicant losses to

stakeholders, will damage the reputation o the Management Company, and can

jeopardize its existence.

A practical template which can be used by

governance bodies to obtain an overview

as to whether each relevant risk is properly

addressed under each component o the

ramework is given below, using

counterparty risk as an example.





3 Msum mgm iss

hig iif cum licbl iss, rM uci s

cm u i ms/ls

msu mg s iss.

t llig b csi

c is cg:

Q h msu is cg

(qulii/quii cii)?

Q dcum u msum l

c is cg

Q dcum is limi bs msum Q esu is limis

Q dmi qui quc

miig

Q esu css scli

Q dmi cum mii/

miigi cis (.g. ici i

li mg, c.)

w lig i iss c

UCItS, is mgm uci

ill f sci msum

cs limis li

l is cgis bs

lsis is fl u,

i.., bs u ccisics

il i ism

icils s uli i scus.

Below you nd a non-exhaustive example how

a simplied documentary overview o risk

measurement and management approaches or

some risk categories may look like:

riscg

Iifris

ac

Msu-m

iss

ei/mmig

msum iss

tl/ssm us msu

iss[i ]

ac

Limii iss

ei/mssibl

miig

islimiis

Fquc

miig iss

ac milcis

(i.. scli bc

limis)

P o r t f o l i o r i s k s

M a r k e t R i s k

QGlobalExposure

QVaR or QCommitmentapproach

QRiskdepartment

Q Internal VaRcalculationtool; Q Internalcommitmentcalculationapproach

QSpecic risk limit perUCITS according toapproach used tomeasure risks. QVaR: absolute (max20%)/relative risklimit dened perUCITS. QCommitment:maximum exposuredue to derivatives o100% o NAV(in line with

CESR 10/788) QRisk limits acknowl-edged by BoD insemi-annual BoDmeeting.

QRiskdepartmentmonitorsrisk limitson dailybasis

Qdaily QDenedescalationprocess romRisk team toportoliomanager (PM)in case obreaches QDenedescalationprocess romRisk team toconducting

ocerresponsible orrisk manage-ment uponidentication.

k is Iifci issMsum

Mgm issrig iss

l imi

Q Counterparty risk Q Identication covers the

relevant sources o

counterparty risk:

- OTC derivatives

- Securities nancing

- Structured products

- Cash

- Collateral

- Failed trades

Q Measurement methods

dened by type o product,

and calculate aggregated

positions by counterparty

or connected group

Q Limit setting (Diversication;

Netting)

Q Collateral

Q Use o central counterparty

Q KRIs dened or counter-

party risk

Q Reporting o KRI on a regular

basis to conducting ocer

Q Reporting o KRIs on a

quarterly basis to Board.



O p e r a t i o n

a l R i s k a n d O u t s o u r c i n g R i s k

QOpera-

tional

Risk

QQuanti-

cation o

general

operationalrisks per

UCITS not

easible/

ecient.

QOperational

risk incidents

are meas-

ured via

operational

loss

database. Q In addition,

operational

risk assess-

ments are

perormed

on a regular

basis.

QRisk

department

Q Internal loss

database;

QRisk and

Control Sel-Assessment

QQuantied

operational risk

limitation per

UCITS is noteasible.

QAll signicant

operational risk

incidents per UCITS

are documented,

monitored and

ollowed-up

according to

operational risk

policy.

QRisk

department

responsible

or review ooperational

risk

incidents

and

ollow-up

with

respective

business

owners.

QRisk

departmentresponsible

or opera-

tional risk

assess-

ments and

related

reporting.

Qongoing QOperational

risk incidents

are monitored

and ollowed-up according to

operational risk

policy.

QEscalation rom

Risk to Senior

Management/

BoD in place

via dened

reporting lines.

... ...

4 rig

a ig buil u ll-

sucu is uci, is mg

s m su ssibl

gc bis bl s

iss UCItS / MC is

xs , lisic is ig is

ums imc. h m is l?

4.1 General principles on effective Reporting

of Risks to Senior Management and

the Board

Adequate risk reporting is integral part or a

risk unction and in particular or the

Conducting Ocers o a ManCo to ensure

they can comply with their obligations and

responsibilities o oversight. In order to

ensure that the RM unction obtain the

necessary inormation rom otherdepartments as well as rom outsourcing

partners, a structured bottom up reporting is

needed. Based on the inormation received

and the analysis perormed by the (risk)

department(s) a meaningul reporting to the

COs or a Senior Risk Committee is key to

making risks transparent as well to propose

and nally decide on mitigating measures.

For the case the ManCo has an own risk

unction, they should provide reporting on

risk related topics to Senior Management/

COs at least on a monthly basis e.g. as part

o a Senior Risk Committee inormationpackage. The reporting contains detailed

inormation on the dierent risk categories

identied as being relevant or the UCITS

(see section 2 Identication o risks).





Below the paper gives a best practice example how a risk ramework document could dene

a written standard/principles on risk reporting:

1. t Co/B ill ci lisic ll l is s ggg.tis ill b bs g bm u b is uci/Cos.

2. t h ris Mgm/Co is ssibl ci css bm u

s m l ms / lgs.

3. t h ris Mgm/Co ill ls qul B MC.

4. t h ris Mgm/Co ill su ris rs lisic

(csiig ll is cgis iif), iml ccu.

5. t ris s ill gi i cu/ iss icluig sm

si (.g. l, mium, ig) is lui im msus

miig xisig iss ssibl.

6. t ris rs mus i B i ll css imi ci

i msus b cl miig ll l iss.7. t h ris Mgm/Co mus su l is issus

m b ig ill b c Co/B.

8. t h ris Mgm/Co ill s iis i iml, ccu

cl m csis i m s b is uci.

It is important to stress that the nal

responsibility o the day to day management

and adequate conduct o the business,

including the implementation o a sound

risk management process relies on the COs,

who are in turn responsible or ensuringappropriate reporting and escalation to

the Board o Directors.

4.2 Content and Frequency o Reporting

4.2.1 Content and Frequency o reporting to

the COs

Frequency:

As mentioned above the nature and com-

plexity o a ManCo needs to be consideredand there is no such standard either on the

content or on the requency o a reporting

which ts to all ManCos equally.

For example it is advisable that the Head o

Risk Management has, besides a ormal

reporting, a regular (weekly/bi-weekly) xed

meeting with the responsible CO. For the

case where the responsible CO or RM is not

supported by a local/group risk team the CO

needs to establish clear standards concerning

content and requency o such reportingwhich in act might ask or a weekly or at

least monthly reporting.

The COs should meet regularly to review the

reporting provided. The COs/relevant

department would escalate immediately to

the Board any critical issues. Meetings

should be minuted and action points ol-

lowed up regularly through an updatedaction list.

Content:

Reporting rom the RM to the CO must be

comprehensive and cover all risks. Sucient

detail must be provided to allow the CO to

ully assess the implications o any issues,

risk limit breaches, etc.

Reporting may be in a standard ormat that

includes inormation on all risk categoriesidentied and laid down in the risk rame-

work (see section 2 Identication o Risks).

In particular the ollowing requirements in

relation to UCITS IV need to be refected in

a risk report to COs:

Q Overview o current levels o risk and the

risk prole agreed or each UCITS;

Q Overview o risk limit breaches or each UCITS;

Q Inormation on back testing results (“outlier”);

Q Inormation on stress test results; Q A statement on adequacy and eectiveness

o the risk management process, models

and methods used, indicating major



remedial measures taken in the event o

any deciencies (at least on an annual

basis to CO/BoD);

Q Any incidents worth to report onoutsourcing risk issues;

Q Short description o an issue/incident/

claims occurred which could expose a

ManCo to a certain risk;

Q Any other material risks;

Q …

4.2.2 Content and Frequency o reporting

to the Management Company or

SICAV Board

The COs should report to the Board o the

ManCo at their regular meetings which should

be at least quarterly. I the Board meets less

requently a report should be sent to the

attention o the Board and a conerence call

held with representatives or delegates o the

Board. The COs/relevant department should

escalate immediately to the Board any critical

risk or control issues. The content o the

report would cover in general the same points

in the standard agenda discussed during the

monthly/regular meeting with COs; however, it

would be much more based on an “exception”

principle, i.e. escalation o main issues(ollowing a risk based approach/assessment).

Boards may nd a standard ormat useul.

The table below is a non-exhaustive example

o a summary report to the Board, the CO

would provide additional explanation and

details as necessary.

Reporting to regulatory authorities

The local regulatory authorities CSSF will be

provided, according to requirements outlinedin CSSF circular 11/512 and its appendix,

with regular ino/updates on the RMP.

Furthermore, the Risk unction/CO assesses

regularly (annual or, i required, on an ad-hoc

basis) the adequacy and eectiveness o the

RMP. The ManCo will provide inormation

updates in relation to the RMP to the local

regulatory authorities upon material changes

or at least on an annual basis.

ris tUCItS

cck riss iif/Sus Msus/rssibiliis

risassssm

M a r k e t R i s k / g l o b a l E x p o s u r e

XY

Q General market volatility remaining

fat overall, only slight increase in

Japanese Equities

Q Continue monitoring process o …

l Q Portolios well in line with regulatory

VaR-limits (i.e internal thresholds and

regulatory limits)

Q Back Test and Stress Test results

listed in appendix XY o the risk

report (see page xx)

Q Spreads on European government

bonds, in particular Greece and

Italy…

Q Monitoring o situation

(Risk Management, CIO)

mium Q Ongoing management o exposure by

portolio management (respective

portolio management)

M a r k e t R i s k / g l o b a l

E x p o s u r e AB Fixed

Income

Q Situation or assets like ABS, etc.

improved, but still threaten portolio

liquidity in some UCITS …

Q Continue selling o illiquid assets, in

particular … ig

Q ...

Q Overall Liquidity risk assessment

revealed in general a sucient levelo liquidity

Q Stress testing on Liquidity done and

results are in appendix XY(see general report on stress testing)

l

ig





Role o Risk

Management in the

Lie-Cycle o a Fund

The risk management unction should be

deeply involved in all phases o a Lie-Cycle

o a Fund in order to ull the duty to

identiy measure and manage all risksrelevant to the UCITS.

The list o tasks and responsibilities below is

not exhaustive and should be customised to

each Management Company.

n-xusi xml ss b m b is mg:

ps pcss/pcu ris l css/ s

Initiation Product Development Assess the product risks and impact on ManCo risk prole

Assess adequacy o the investment strategy with regulatory risk requirements

(CSSF, ESMA guidelines on risk management)

Determine risk approach to be used (e.g., calculation methodologies, product

mapping with risk systems, data sources), update the RMP as necessary

Set internal and regulatory risk limits

Analyse whether the new product can be managed in the current processes

and systems

Fund Documentation Agree on the description o und in the und documentation

Sign o o risk narratives on KIID

Calculate and monitor the Synthetic Risk & Reward Indicator (SRRI) in the KIID

Fund launch Fund registration/

distribution

Assist conducting ocer in the oversight o the distribution network

Assess country risk i required

Ongoing Investment Management Coordinate with investment manager to understand the portolio allocation and

pay-o structure

Educate investment manager to seek or advice beore new product/strategy launch

Transer Agency Implement liquidity risk measures at ManCo level (matching cash fow orecasts

with net subscription/redemption levels)

Fund Administration Interact with pricing/valuation teams

Risk culture Assistance to the Board on ad-hoc queries/assessments

Risk trainings/education to the company senior management and sta

Assistance to the communication o the corporate risk culture to clients

Risk strategy/risk appetite Periodic assessment o risk strategy and risk appetite adequacy

Risk management

inrastructure

Periodic review and validation o the risk management tools and systems

adequacy (e.g., calculation methodologies, product mapping, data sources)

Recruiting o risk experts with quantitative, qualitative and industry back-

ground expertise

ManCo and product risk

calculation and oversight

Calculate and monitor products investment risk on a daily basis

Monitor on a regular basis ManCo risks and operational risks

Fund

restructuring/ Liquidation

Service providers Ensure service providers quality until nal restructuring/liquidation

Tax risk

…….



t ics ci usul cs

ic mgm MC m

f lul i sblism

uig ris Mgm uci.

eu lgl gul m:

Q Directive 2009/65/EC o the European

Parliament and o the Council o

13 July 2009 on the coordination o laws,

regulations and administrative provisions

relating to undertakings or collective

investment in transerable securities (UCITS)

Q Commission Directive 2010/43/EU o

1 July 2010 implementing Directive2009/65/EC o the European Parliament

and o the Council (“Commission Directive

2010/43/EU”) as regards organisational

requirements, conficts o interest, conduct

o business, risk management and content

o the agreement between a depositary and

a management company

Q ESMA/CESR1 Guidelines on Risk

Measurement and the Calculation o

Global Exposure and Counterparty Risk

or UCITS dated 28 July 2010(CESR/10-788)

Q ESMA Final Report – Guidelines to

competent authorities and UCITS

management companies on risk measurement

and the calculation o global exposure or

certain types o structured UCITS dated

14 April 2011 (ESMA/2011/112)

Q ESMA/CESR Risk management principles

or UCITS dated February 2009

(CESR/09-178)

Luxmbug lgl gul m:

Q Law o 17 December 2010 relating to

undertakings or collective investment

Q CSSF Regulation No. 10-4 transposing

Commission Directive 2010/43/EU o

1 July 2010 implementing Directive

2009/65/EC o the European Parliament

and o the Council as regards organisational

requirements, conficts o interest, conduct

o business, risk management and contento the agreement between a depositary and

a management company

Q CSSF Circular 11/512 dated 30 May 2011

regarding:

- Presentation o the main regulatory

changes in risk management ollowingthe publication o CSSF Regulation

No. 10-4 and ESMA clarications;

- Further clarications rom the CSSF on

risk management rules;

- Denition o the content and ormat o

the risk management process to be

communicated to the CSSF;

- Replacing, as rom 1 July 2011, CSSF

Circular 07/308 on UCITS risk

management and the use o nancial

derivative instruments. Q CSSF Circular 11/508 dated 15 April 2011

regarding:

- New provisions applicable to Luxembourg

management companies subject to Chapter

15 o the Law o December 2010 relating

to undertakings or collective investment

and to investment companies which have

not designated a management company

within the meaning o Article 27 o the

Law o December 2010 relating to

undertakings or collective investment

In the ollowing are quoted, without being

exhaustive, some key texts o the laws and

regulations in relation to risk management:

a. eu lgisli:

Q Article 10 (1) o the Commission Directive

2010/43/EU:

“Member States shall ensure that manage-ment companies establish, implement and

maintain adequate policies and procedures

designed to detect any risk o ailure by the

management company to comply with its

obligations under Directive 2009/65/EC, as

well as the associated risks, and put in place

adequate measures and procedures designed

to minimise such risk and to enable the

competent authorities to exercise their

powers eectively under that Directive”

1 European Securities and Markets Authority (“ESMA”), which

has replaced the Committee o European Securities Regulators

(“CESR”) as rom 1 January 2011.

Appendix Laws and

regulations





Q Article 12 (1) and (2) o subsection 1 o

the Commission Directive 2010/43/EU:

“Member States shall require managementcompanies to establish and maintain a

permanent risk management unction”.

“The permanent risk management unction

shall be hierarchically and unctionally

independent rom operating units”.

Q Recital (5) o the Commission Directive

2010/43/EU:

“To avoid the application o dierent

standards to management companies andinvestment companies which have not

designated a management company, the

latter should be subject to the same rules o

conduct and provisions regarding conficts o

interest and risk management as manage-

ment companies [...]”

B. Luxmbug guli:

Q Article 10 o the Regulation No. 10-4 –

Control by senior management andsupervisory unction:

1. Management companies, when allocating

unctions internally, shall ensure that senior

management and, where appropriate, the

supervisory unction, are responsible or

the management company’s compliance

with its obligations under the Law o

December 2010 concerning undertakings

or collective investment.

2. The management company shall ensure

that its senior management:

a) is responsible or the implementation o

the general investment policy or each

managed UCITS, as dened, where

relevant, in the prospectus, the und

rules or the instruments o incorporation

o the investment company;

b) oversees the approval o investment

strategies or each managed UCITS;c) is responsible or ensuring that the

management company has a permanent

and eective compliance unction, as

reerred to in Article 11 o the

Regulation No. 10-4, even i this

unction is perormed by a third party;

d) ensures and regularly veries that the

general investment policy, the investmentstrategies and the risk limits o each

managed UCITS are properly and

eectively implemented and complied

with, even i the risk management

unction is perormed by third parties;

e) approves and regularly reviews the

adequacy o the internal procedures or

undertaking investment decisions or

each managed UCITS, so as to ensure

that such decisions are consistent with

the approved investment strategies;) approves and regularly reviews the risk

management policy and arrangements,

processes and techniques or

implementing that policy, as reerred to

in Article 43 o the Regulation No. 10-4,

including the risk limit system or each

managed UCITS.

3. The management company shall also ensure

that its senior management and, where

appropriate, its supervisory unction shall:

a) assess and regularly review the

eectiveness o the policies,

arrangements and procedures put in

place to comply with the obligations in

the Law o 2010 concerning

undertakings or collective investment;

b) take appropriate measures to remedy

any deciencies.

4. Management companies shall ensure thattheir senior management receives on a

requent basis, and at least annually,

written reports on matters o compliance,

internal audit and risk management

indicating in particular whether

appropriate remedial measures have been

taken in the event o any deciencies.

5. Management companies shall ensure that

their senior management regularly receives

reports on the implementation o investment strategies and o the internal

procedures or taking investment decisions

reerred to in paragraph (2), points b) to e).




the supervisory unction, i any, regularly

receives written reports on the matters

reerred to in paragraph (4).


Permanent risk management unction:

1. Management companies shall establish

and maintain a permanent risk

management unction.

2. The permanent risk management unction

reerred to in paragraph (1) shall be

hierarchically and unctionallyindependent rom operating units.

However, the CSSF may allow a

management company to derogate rom

that obligation where the derogation is

appropriate and proportionate in view o

the nature, scale and complexity o the

management company’s business and o

the UCITS it manages.

A management company shall be able todemonstrate that appropriate saeguards

against conficts o interest have been

adopted so as to allow an independent

perormance o risk management

activities, and that its risk management

process satises the requirements o

Article 42 o the Law o 2010 concerning

undertakings or collective investment.

3. The permanent risk management

unction shall:

a. implement the risk management policy

and procedures;

b. ensure compliance with the UCITS’ risk

limit system, including statutory limits

concerning global exposure and counter-

party risk in accordance with Articles 46,

47 and 48 o the Regulation No. 10-4;

c. provide advice to the board o directors

as regards the identication o the risk

prole o each managed UCITS;d. provide regular reports to the board o

directors and, where it exists, the

supervisory unction, on:

i. the consistency between the current

levels o risk incurred by each

managed UCITS and the risk prole

agreed or that UCITS,ii. the compliance o each managed

UCITS with relevant risk limit

systems,

iii. the adequacy and eectiveness o the

risk management process, indicating

in particular whether appropriate

remedial measures have been taken in

the event o any deciencies;

e. provide regular reports to the senior

management outlining the current level

o risk incurred by each managedUCITS and any actual or oreseeable

breaches o their limits, so as to ensure

that prompt and appropriate action can

be taken;

. review and support, where appropriate, the

arrangements and procedures or the

valuation o OTC derivatives as reerred to

in Article 49 o the Regulation No. 10-4.

4. The permanent risk management unction

shall have the necessary authority andaccess to all relevant inormation necessary

to ull the tasks set out in paragraph (3).


Risk management policy:

1. Management companies shall establish,

implement and maintain an adequate and

documented risk management policy

which identies the risks the UCITS they

manage are or might be exposed to.

The risk management policy shall com-

prise such procedures as are necessary to

enable the management company to assess

or each UCITS it manages the exposure

o that UCITS to market, liquidity and

counterparty risks, and the exposure o

the UCITS to all other risks, including

operational risks, which may be material

or each UCITS it manages.





Management companies shall address at

least the ollowing elements in the risk

management policy:

a. the techniques, tools and arrangements

that enable them to comply with the

obligations set out in Articles 45 and 46

o the Regulation No. 10-4;

b. the allocation o responsibilities within

the management company pertaining to

risk management.


the risk management policy reerred to in

paragraph (1) states the terms, contentsand requency o reporting o the risk

management unction reerred to in

Article 13 o the Regulation No. 10-4 to

the board o directors and to senior

management and, where appropriate, to

the supervisory unction.

3. For the purposes o paragraphs (1) and (2),

management companies shall take into

account the nature, scale and complexity o

their business and o the UCITS they manage.


Assessment, monitoring and review o risk

management policy:

1. Management companies shall assess,

monitor and periodically review:

a. the adequacy and eectiveness o the

risk management policy and o the

arrangements, processes and techniquesreerred to in Articles 45 and 46 o the

Regulation No. 10-4;

b. the level o compliance by the

management company with the risk

management policy and with the

arrangements, processes and techniques

reerred to in Articles 45 and 46 o the

Regulation No. 10-4;

c. the adequacy and eectiveness o

measures taken to address any

deciencies in the perormance o therisk management process.

2. Management companies shall notiy the

CSSF o any material changes to the risk

management process.

CSSF Circular 11/512:

Q In addition, a ManCo also needs to

consider the more technical regulatory

requirements laid down in CSSF Circular

11/512 which refects ESMA’s ‘Principles

on Risk management or UCITS,

CESR2 /09-178 issued in February 2009

when looking at the requirements or a

RM unction.

CSSF Circular 11/508:

Q Further regulatory guidance is given by the

CSSF Circular 11/508, which also

introduces the requirement or a

permanent compliance unction and a

permanent internal audit unction.

2 As o 1 January 2011, the Committee o European Securities

Regulators (“CESR”) has been replaced by the European Securities

and Markets Authority (“ESMA”).



chapter II

Guidance paper or the risk monitoringo unctions outsourced/delegatedby a management company orinvestment company



guidance paper or the risk monitoring o unctions outsourced/delegated

by a management company or investment company

30

IntrodUCtIon 31

CLaSSIFICatIon oF oUtSoUrCInG reLatIonShIpS 32

LIFe CyCLe oF an oUtSoUrCInG reLatIonShIp 32

1 InItIatIon phaSe 33

1.1 vibili usucig 33

1.2 Slci il lgs 33

1.3 du iligc 33

1.4 Lgl gm 33

1.5 Sic Ll agm oig Mmum 33

2 LIFe phaSe – onGoInG deLeGate MonItorInG 34

2.1 Iuci 34

2.1.1 Siml sucu 34

2.1.2 Mil sucu 35

2.1.3 Sisic sucu 36

2.2 Miig 36

2.3 rig 36

3 terMInatIon phaSe 37

appendICeS 38

aix I – exmls mil usuc ucis 38

aix II – exml “bsli is ssssm usuc sics” 38

aix III – Ims b csi ii u iligc css 39

aix Iv – Ims b csi usucig gm 39

aix v – Lis cmm ls gigmiig usucig lisis (-xusi lis) 39

aix vI – exmls kpI/krI ss

mgm ucis 40

Content



Introduction The scope o this chapter is to share within

the Luxembourg Investment Fund industry

“best practice” standards or ManCos when

delegating services to third parties. ManCosas dened hereunder retain ull responsibility

to ensure that they have the adequate

resources and processes in place to comply

at all times to existing regulations and

legal requirements.

Outsourcing occurs when a management

company or an investment company that has

not designated a management company makes

arrangements or third parties ("delegates") to

carry out some o their activities.

A ManCo delegating unctions to third party

service providers, including those which are

part o the same group as the ManCo, should

do so in accordance with an established

policy that documents the due diligence and

oversight standards that will be applied.

What unctions may be delegated and location

o the delegates is subject to the law o the

jurisdiction in which the ManCo is located.Delegation will require notication to the

ManCo’s regulator and disclosure in the prospec-

tuses o the unds managed by the ManCo.1

The topic o delegation to third parties is

currently subject o a wide variety o dier-

ent initiatives both rom regulators and/or

other industry bodies. In particular the EU

Commission Directive implementing Direc-

tive 2009/65/EC (‘UCITS IV’) states:

“As ar as allowed by national law, manage-

ment companies should be able to make

arrangements or third parties to carry out

some o their activities. The implementing rules

should be read accordingly. The management

company should in particular perorm due

diligence in order to determine whether, having

regard to the nature o the unctions to be

carried out by third parties, the undertaking

perorming those activities can be considered

as qualied and capable o undertaking theunctions in question. The third party should

thereore ull all the organisational and

conficts o interest requirements in relation to

the activity to be carried out. It also ollows

that the management company should veriy

that the third party has taken the appropriate

measures in order to comply with the said requirements and should monitor eectively

the compliance by the third party with these

requirements. Where the delegatee is respon-

sible or applying the rules governing the

delegated activities, equivalent organisational

and confict o interests requirements should

apply to the activity o monitoring the del-

egated activities. The management company

should be able to take into account in the due

diligence process the act that the third party to

whom activities are delegated will oten besubject to Directive 2004/39/EC.”2

There are dierent levels/degrees o outsourc-

ing possible by a ManCo. Luxembourg

ManCos are permitted to, and typically do,

delegate several unctions to third parties,

including group companies, these include:

transer agency, und accounting and

administration, investment management and

marketing & distribution. In addition the

implementing directive or UCITS IV allowsor an appropriate and proportionate view to

be taken to the provision o a risk manage-

ment and internal audit unctions and this

may include the outsourcing o these

unctions to external expert providers or

internal group company centres o expertise.

A non-exhaustive list o potentially out-

sourced unctions is attached in Appendix I.

When delegating certain o its unctions to a

third party the ManCo always retains theultimate legal responsibility or the outsourced

unctions. The nal design o an outsourcing

risk ramework needs to be proportionate to

and depends on the structure o the ManCo

itsel, in particular whether dedicated depart-

ments, a dedicated risk unction or directly the

conducting ocers/designated directors are

perorming the day-to-day oversight o

outsourced relationships.

1 See Art.110 (1) a) and i) o the UCI Law o 17 December 2010

2 Recital 4 o the Commission Directive 2010/43/EU o 1 July 2010





32

Classifcation o

outsourcing

relationships

Each ManCo shall have at any time a compre-

hensive overview o all outsourcing relationships.

Depending on the business model o theManCo, a large variety o dierent services may

be outsourced. Thereore a distinction should be

made between dierent types o outsourcing

relationships, i.e. material or non-material,

depending on the risks associated with the

outsourced unction and the delegate.

Material outsourcing relationships may be

those when a ManCo relies on the services o a

delegate that are essential or conducting the

business o the ManCo and where a partial ortotal ailure o the outsourced unction would

materially impair the quality or continuity o

its service, the nancial perormance or the

continuing compliance with the regulatory

requirements o the ManCo3.

A ManCo may consider using a standardised

initial risk assessment or outsourced services

to determine which delegations are consid-

ered material or non-material. Please reer to

Appendix II or an example o a baseline riskassessment o outsourced unctions.

The ManCo may consider appropriate

thresholds related to each risk category or

determining a high, medium or low expo-

sures and thereore an overall risk assess-ment. In determining those thresholds the

ManCo may consider the nancial, commer-

cial or regulatory impact o any ailure o the

delegate to perorm the outsourced services

adequately.

Dierent requirements should be set by the

ManCo when entering into, monitoring or

terminating outsourcing relationships

depending on the classication o an out-

sourcing relationship.

The principles set out below are aimed at

material outsourcing relationships. The

standards described can also serve as a

guideline when entering into non-material

outsourcing relationships. A ManCo may

simpliy the requirements, where, due to the

nature o the outsourcing relationship, there

are specic reasons to do so.

Any outsourcing relationship can be characterised by three distinct phases.Lie cycle o an

outsourcing

relationship

3

See also MiFID denition o ‘critical and important operational

unction’

INITIATION

eig iusuciglisis

LIFE

ogig

sig usucig

lisis

TERMINATION

tmii usuciglisis



1 Iiii s

All delegations should be subject to appro-

priate due diligence (prior to the delegation)

and legal documentation (in the orm o asigned agreement).

1.1 Viability of outsourcing

When planning to outsource activities o a

ManCo, the ManCo has to analyse whether

the activity should be outsourced based on

an analysis o the risks associated with the

outsourcing and taking into consideration

other aspects such as cost benets and data

secrecy. Consideration should be given as towhether client and/or regulatory approvals

will be required or the outsourcing. This

may be particularly the case i the delegate is

located in another jurisdiction. The ManCo

may wish to consider discussing potential

outsourcing arrangements with their regula-

tors at an earlier stage. Agreement in prin-

ciple to the outsourcing o a unction should

be given by the Board or Directors o the

ManCo prior to detailed due diligence being

perormed on potential delegates.

1.2 Selection of potential delegates

It is the responsibility o the Board o the

ManCo to ensure that only delegates who

are suitably qualied and have the required

level o proessional expertise are appointed

to perorm unctions on behal o the ManCo.

Having identied a selection o service

providers who meet these requirements it

is good practice to request the completion

o a “Request or Proposal” (RFP) in orderto identiy a list o candidates on whom

detailed due diligence will be completed.

1.3 Due diligence

The objective o a due diligence process is to

determine whether, having regard to the

unctions to be carried out by the delegate,

the potential delegate can be considered as

qualied and capable o undertaking the

outsourced unctions.

The use o a due diligence questionnaire

enables an assessment o the qualication

and capability o the delegate and its

adherence to regulatory and other business

requirements. A non-exhaustive list o items

that may be considered as part o the due

diligence process is included as Appendix III.

The due diligence process should be docu-

mented by the ManCo. The Board o the

ManCo should approve the nal selection o

a Delegate.

1.4 Legal agreement

The relationship between the ManCo and

the delegate should be governed by a legal

agreement duly signed by both parties.

Particular attention should be paid to the

clauses in the agreement that detail the

liability o the parties. The ManCo should

consider careully, with their legal advisor,

whether the potential damage to their

business resulting rom none, or erroneous,

perormance by the delegate is adequately

covered.

A non-exhaustive list o items to be consid-

ered and included in a contract is outlined inAppendix IV.

1.5 Service Level Agreement

or Operating Memorandum

Besides the legal agreement, it is recom-

mended to urther detail the service scope

in an additional Service Level Agreement

(SLA) or Operating Memorandum (OM)

to be entered into with the delegate.

The SLA/OM shall serve to provide urtherdetails on the services, rights and obliga-

tions, as well as to dene the responsibilities

and process interaces o the outsourcing

relationship.

The SLA/OM may document urther guid-

ance in relation to:

Q Operational details

Q Cut-o times

Q Agreed escalation process/penalty regime

(i service levels are not met) Q Annual review o SLA/OM

Q KPI/KRI

Q Reporting content and requency





34


Internal audit/

compliance(1)

risk management*

Investment

compliance*

Transert

agent*

Fund

accounting*

Investment


Conducting OfcersExternal

auditors

Depositary/

custodians

2 Li s - ogig lg miig

2.1 Introduction

The Board o Directors o the ManCo is

ultimately responsible or ensuring that aneective monitoring system is in place or

all outsourcing arrangements.

Ongoing monitoring o the Delegate is

required to assess the standard o peror-

mance o the delegate, their continuing

adherence to all regulatory requirements and

in general to eectively supervise the out-

sourced relationship and manage the risks

associated with the outsourced unction.

It is important to clearly dene within the

ManCo the responsibilities in relation to the

outsourced unctions, i.e. to dene who in

the ManCo is taking care o the day-to-day

oversight o the delegate or each outsourc-

ing relationship.

The structure and governance o the ongoing

monitoring o delegates may vary dependingon the structure o the ManCo (e.g. size,

internal organisation, degree o risk involved

in the delegated activity, etc.). In all cases

it is crucial that the conducting persons (CP),

to whom the investment company

or management company’s Board has

entrusted the day-to-day operation o the

Fund receive regular reporting on the

delegated unctions. In turn the CP (or their

delegates) report to the Board o the SICAV

and management company.

Below are examples o the structure that

could be put in place, depending on the

size and sophistication o the ManCo.

2.1.1 Siml sucu








In this model the CP receive inormation

directly rom the service providers, and

perorm their own controls and reviews.

The CP should meet regularly(i.e. monthly) to review such reports

and agree actions, directions as t.

On a quarterly basis (at minimum)

they would report to the Board. Depending

on the structure and remit given by the

Board, the CP may also require reporting

rom the custodian and be the rst pointo contact or the external auditors.


Internal audit/

compliance(1)

risk management*

Investment

compliance*

Transert

agent*

Fund

accounting*

Investment


Management committeeHeads o departments in charge

o unctions or delegations/

Conducting ofcers

External

auditors

Depositary/

custodians

2.1.2 Mil sucu

In this structure the responsibility or

ongoing delegate monitoring and reporting

is that o the dierent department heads that

would be in charge o the delegated unction,

either directly or indirectly. The Manage-

ment Committee (or similar) which would

be comprised o, or example, the CP and

heads o departments will meet regularly

(i.e. monthly) to review such reports, to agree

actions and to provide directions as necessary.On a quarterly basis (at minimum) the CPs

would report to the Board.

Responsibility or interace, on behal o the

SICAV Board, to the custodian and external

auditors is oten given to specic departments

who will report to the CP.










36


Management

committee

Internal

audit/compliance*(1)

Investment

compliance*

Transert

agent*

Fund

accounting*

Investment


Risk management committee

Conducting OfcersHead o risk, Heads o departments

Risk management/

committee

External

auditors

Depositary/ custodian

2.1.3 Sisic sucu

The sophisticated structure is likely to have

an independent risk management department

which is in charge o ensuring that the

proper risk ramework is in place and that

reporting to the CP and/or the Board is

produced. In addition, a specic committee,

or example a risk management committee

may be appointed to specically review risk

issues on a regular, i.e. monthly basis.

2.2 Monitoring

The oversight approach needs to assure

compliance with regulatory, and the Man-

Co’s risk management, requirements. The

level and detail o the ongoing monitoring

should be derived rom a risk assessment o

the outsourcing relationships (e.g. material

outsourcing relationships vs. non-material

outsourcing relationships).

There is no one single standard to be applied or

oversight o outsourcing relationships but rather

a range o activities including reporting,

meetings and visits. Appendix V provides a

non-exhaustive list o the tools that the ManCo

may apply to ull monitoring requirements.

The ManCo should ensure that procedures are

established or the ongoing monitoring and

periodic assessment o the delegate’s ability to

provide the delegated services.

A documented escalation procedure should

exist to ensure that issues identied as parto the monitoring processes are promptly

advised to the CP and, as appropriate,

to the ManCo Board or review and action.

2.3 Reporting

Reporting on outsourcing relationships and

the related controls perormed by the ManCo

should be provided on a regular basis to the

responsible person/committees (depending on

the internal structure o the ManCo).

Reporting is basically at two levels:

Q agreed regular reporting rom each

delegate to the CP or other unction within

the ManCo that is responsible

* These unctions

can be providedin-houseby the ManCoor outsourced







or the oversight, and

Q periodic reporting rom the CP, or other

unctions, to the management committee and

subsequently to the Board o the ManCo.

Regular reporting on outsourcing risks

may include:

Q Any regulatory breaches and other issues

such as; advertent/active investment

breaches, NAV errors, illiquid securities,

pricing or valuation issues, unsatisactory

KPI/KRIs, etc.;

Q Inormation on material outsourcing risks

identied, proposed mitigation measures,

current status o ollow-up; Q Inormation on new and terminated

outsourcing relationships;

Q Inormation on risk and quality assessments

or material outsourcing relationships;

Q Inormation on outsourcing risk oversight

ramework;

Q Results o the monitoring process o delegates.

The requency o regular reporting on

outsourced unctions to the CP should be at

least monthly. It is unlikely that less requentreporting would enable the CP to ull their

responsibilities.

The CP should escalate immediately to the

Board any signicant or critical issues that

have occurred within the unctions handled

by delegates.

A non-exhaustive list o possible KPI/KRIs

is included in Appendix VI.

Any meetings held to review the results o the

monitoring process and issues arising should

be minuted and action points ollowed up

regularly through an updated action list.

Representatives o the Delegates should be

invited to attend meetings at regular intervals.

CP should report to the Board o the

ManCo at least on a quarterly basis.

I the Board meets less requently it is

suggested that at least a report is sentregularly to the attention o the Board.

Additionally a conerence call may be held

with representatives or delegates o the

Board to review the report.

3 tmii s

I an outsourcing relationship is terminated,

either by the ManCo or the delegate, the

Board o the ManCo must decide whether to: Q Bring the unction back in-house;

Q Appoint a new Delegate; or

Q Discontinue the unction as it is no longer

required.

The termination o an outsourcing relationship

has to be duly managed by the ManCo to ensure

a continuance o the services o the ManCo.

Consideration must be given to the act that in

the case o the delegation o specic material

unctions the regulator o the ManCo may notpermit an agreement to be terminated until a new

delegate has agreed to take on the unction.

I notice to termination the agreement has

been given to a Delegate based on unsatisac-

tory perormance the ManCo must closely

manage the potential impact to the business

during the termination process.

Where the decision is taken to appoint

a new Delegate the process as documentedin the Initiation Section o this document

should be ollowed.

In all cases specic attention should be paid

to the ollowing points:

How will the ManCo ensure continued

access to records, both hardcopy and IT

systems, covering the period o the out-

sourcing relationship with the Delegate?

Will all data retention and data privacy

requirements as established by the laws o the ManCo and the delegates jurisdictions,

where these are dierent, be observed.

Has the continued liability o the Delegate

or actions taken during their period o

appointment been established in a legally

binding agreement?

What level o commitment is there or the

retiring delegate to work with the ManCo

and any new delegate to ensure a smooth

transition o responsibilities?

The ManCo may wish to consider theinvolvement o the external auditors in the

validation o transerred activities particu-

larly with regard to the reconciliation o

account balances and assets.





38

Q Investment management

Q (Fund) Administration- legal and und management

accounting services

- client inquiries

- valuation and pricing

(incl. tax returns)

- regulatory compliance monitoring

- maintenance o unit-holder register

- distribution o income

- unit issues and redemptions

- contract settlements

(including certicate dispatch)- record keeping

Q Tax services (e.g. German Tax)

Q Marketing and distribution,including the handling o complaints

Q Risk management

- Portolio risk management

(calculation and monitoring)

- Other Aspects o RM

Q Compliance unction or processes

(e.g. investment restriction monitoring)

Q Internal audit unction

Q IT and Inrastructure (including DR site)

Q Client reporting (including statements,

contract notes, shareholder mailings) Q Translation services

Q Domiciliary agent

Q Complaints treatment

aix II – exml “Bsli is ssssm usuc sics”

aix I – exmls mil usuc ucisAppendices

ris l lg uci ris l lg cm

TOTALrisk

assess-ment

Outsourced

unction

[briedescription]

Delegate

company

Responsible

specialistdepartment/

businessowner/

ConductingPerson

[ManCo level]

Financial

risk

Reputa-

tionalrisk

Regula-

toryrisk

Impact

onconti-

nuanceo

service

Extent

o out-sourcing

or ManCo

[...] Amount and

signifcanceo errorswith out-sourcingcompany(historic)

Risk

manage-ment/

Compliance/ Internal auditramework

Audit results

Out-

sourcingcompany

Risk reregulation

status

[...]

Fund

administration

Fu

ccuig/

vlui

aBC

Cm

S.a.

os

mMium Mium Mium hig hig L L L Mium

MC f ssssm cgis ( iss i li lg uci

lg cm) ig m (.g., l, mium, ig)

Scig c f

ig bsis c cg

tl is ssssm

clssi usucig lisi

SCorInG Card

CATEGORY LOW MEDIUM HIGH CATEGORY LOW MEDIUM HIGH

ris l usuc uci ris l usuc uci

Financial riskdescription o lowrisk threshold

description o mediumrisk threshold

description o highrisk threshold

Amount and signicanceo errors with outsourcingcompany

description o lowrisk threshold



Reputational riskdescription o lowrisk threshold



Risk management/compliance/Internal auditramework audit results




Regulatory riskdescription o low

risk threshold

description o medium

risk threshold

description o high

risk threshold

Outsourcing company

Risk re regulation status

description o low

risk threshold

description o medium

risk threshold

description o high

risk thresholdImpact on continuance oservice




[...]description o lowrisk threshold



Extent o outsourcing orManCo




[...]description o lowrisk threshold





aix III – Ims b csi ii u iligc css

The ollowing items can be seen as a set o items

to be considered during a due diligence process:

Q Holds necessary licences/ regulatory approvals

Q On-site visit(s)

Q Financial assessment

Q Medium/long term business viability

and depency o outsourcer on key/

dominant clients

Q Controls review

(including SAS 70 i applicable)

Q Insurance coverage

Q Capabilities and capacity

(consider existing clients)

Q Reerences rom existing clients

Q Potential conficts o interest

(consider existing clients) Q IT (medium/long term viability

and scalability o technology solution

(vendor) used as well as BCP)

Q Risk management unction

Q Internal & external audit reports

Q Perorm additional legal review

i work is perormed oshore

Q HR issues (particularly i sta

are to be transerred

aix Iv – Ims b csi usucig gm

The ollowing list o items shall be considered/

refected in a contract with a delegate:

Q Services covered

Q Services not provided

Q Giving & receiving instructions

Q Fees & expenses

Q Representations Q Liability clauses

Q Right to audit

Q Term and termination rights

Q Intellectual property

Q Condentiality/data protection

Q Force majeure provisions

Q Business continuity

Q Sub-delegationQ Reporting requirements

aix v – Lis cmm ls gig miig usucig lisis

(-xusi lis)

1 Review of SAS 70 and other control/

audit reports

Internal audit

External audit reports (such as SAS 70)

2 Questionnaire/annual review3 Review of KPI/KRI

Statistics

Reconciliations – number and value

o outstanding items

Missed deadlines

Error rates

Non-Standard pricing

Accounts opened & closed

All gures provided year on year

and month on month

All Figures provided in comparisonto target perormance

4 Service review meetings

Agreed agenda

Previous period’s service level

(Perormance against SLA/D)

Issue log (including any errors)IT issues (including any xes

or enhancements)

KPIs

Project pipeline

Frequency

Right level o participation

5 On-site visits

Agreed requency at least annual

Meetings with key personnel

6 Reviews of internal control framework

7 Regular day-to-day oversight controls





40

aix vI – exmls kpI/krI ss mgm ucis

This table presents a non-exhaustive list o

Key Perormance Indicators (KPI) and Key

Risk Indicators (KRI) applicable to assetmanagement activities.

It is based on the loss event type classica-

tion dened by the Basel Committee on

Banking Supervision or the identication

o operational risk.

Management companies should read this

table either rom the "Business line" column

entry or rom the "Category" column entry(people, process or system) and identiy the

applicable perormance and risk indicators

or their business and outsourced unctions.

Busiss

Lipcss ris krI Cg

C Ll/Sucu

Employment practices andworkplace saety (HR/acilitymanagement)

1. Impact o compensation,benet, discrimination andtermination issues

2. General liability (slip and all etc.)

Number o pending lawsuits/claims against company

People

Number o potential lawsuits/claims against company

People

Monetary value o pending/potential items

People

Facility management/HR Natural disaster losses Historic gures vs. actual gures Process

Human losses rom external sources Specic patterns o events Process

Business disruption and systemailures

Breakdown o business/communica-tion or production process

Number o system ailuresidentied and resolved

System

Recurrence o specic ailures Process

Severity o IT issues System

All (raud risk) Risk o noncompliant bribes/kick backs

People

Hacking damage/Thet oinormation

Number o hacking attempts/cases System

Monetary value o losses romhacking activities

System

Thet/Fraud/Forgery Number o events/number oraud attempts

Process

Monetary losses rom events Process

Outsourcing (oversight) Failure to perorm oversightresponsibilities or outsourcedunctions

Turnover o the employees Process

Press coverage Process

Prot/loss gures Process

Investments realised/Budgetdedicated to projects

Process



Busiss

lipcss ris krI Cg

Ism mgm

Portolio analysis Violation o ethical standards(insider dealing, market abuse)

Number o violations Process

Confict o Interest Number o conficts logged/approval obtained

People

Investment decision Breach o regulatory and othermandatory guidelines

Number o active breaches People

Monetary impact o breaches Process

Number o passive breaches Process

Disputes over perormance oadvisory activities

Number o complaints and valueo claims

People

Disclosure o inormation to clients Unequal treatment o clients Number breaches o disclosurerules

Process

Risk management Breakdown o controls perormed Number o controls not executed Process

amiisi

Transeragent

Client order Incomplete application AML/KYC Number o accounts withincomplete KYC

Process

Late trading Number o exceptions romstandard cut o times

Process

Market timing Number o suspicious

transactions (monetary amount)

Process

Incorrect processing (manual errors) Number o revised trades Process

Monetary impact o revised trades Process

Incorrect/incomplete registrationdetails

Number o dormant accounts Process

Number o accounts with missinglegal documentation

Process

Electronic dealing IT risk (SWIFT) Number o incorrect/revisedelectronic trades

System

Reconciliations/collection accounts Accounts are not accurate Material items > X days old Process

Unsettled subscriptions Number o unsettled subs > X days Process

Returned redemptions Number o returned transactions Process

Monetary value o returnedtransactions

Process

Cash fow reporting to portoliomanager

Material overdrats/activebreaches

Number/amount o overdrats Process

Reporting is late or inaccurate Number o days target times not met Process

Number o days corrections required Process

Contract Notes/client reporting Client complaints Number o complaints received People

Number o late submissions Process

Commission payments Incorrect payments to distributors Number o payments reissued Process

Client payments Claims rom clients Losses rom incorrect payments Process





42

Busiss

lipcss ris krI Cg

All Data privacy Number o breaches reported Process

Number o complaints linked todata privacy

Process

All Fraud Number o events occurred People

Number o events prevented People

Monetary impact o raud cases People

Investmentoperations

Security pricing Use o stale prices Prices unchanged > X days Process

Breakdown o external price eed Number o such events Process

Incorrect eed rom externalvendors

Number o such events Process

Illiquid/unquoted securities Number o illiquid positions Process

Share write o's Process

Number o deaulted securities Process

Monetary Impact o write o/deaults

Process

Broker provided prices Process

Trading Trades place incorrect in system Number o revised/ailed trades System

Financial loss on trades System

Use o non-approvedcounterparties

Number o deviations romCounterparty list

Process

Breach o best execution policy Number o complaints Process

Number o exceptions reported Process

Settlement Incorrect settlement o trades Financial loss rom incorrectsettlements

System

Backlog o trade reconciliation Settlements O/S > X days Process

Corporate actions Accounts not accurate Number o O/S dividend payments Process

Asset reconciliation Accounts not accurate Number o material items O/S >X days

Process

Monetary value o O/S items Process

Collateral management Collateral management ailure Number o incorrect booking entries Process

Asset reconciliation Accounts not accurate Number o Material items O/S >X days

Process

Monetary value o O/S items Process

Collateral management Collateral management ailure Number o incorrect booking entries Process

Fee calculation Incorrect set up o perormanceee calculation model

Number o revised ee statements Process

Fee accrual errors Process

Fundaccounting

NAV calculation Financial/reputation risk arisingrom material NAV errors

Number o NAV material NAVerrors

Process

Monetary impact o errors Process



Busiss

lipcss ris krI Cg

Frequent immaterial NAV errors Number o NAV errors <10% Process

Incorrect application o swing pricing Number o recalculated NAVs Process

NAV release process Risk o incorrect/late price release Number o incidents Process

Tax reporting Submission o incorrect gures/claims

Number o calculation/submission errors

Process

Monetary impact o reporting errors Process

Perormed on behal o the SICAV Board

Depositary Saeguarding o assets Number o sub-custodians Process

Appointment o new sub-custodians Process

% o assets transerred tosub-custodian

Process

% o assets not held with the maincustodian

Process

disibui

Marketing Preparation o marketing material Misinormation o current/prospect clients

Number o client complaints Process

Errors in translations Number o errors identied postinternal reviews

Process

Incorrect actsheets Number o errors identied post

internal reviews

Process

Failure to comply with localregulations

Number and monetary impact ocompliance breaches

Process

Sales Distributor on boarding Inadequate due diligence Number o accounts aected Process

Incomplete AML/KYC Number o accounts aected Process

Missing legal agreements Number o accounts aected Process

Client on boarding Misselling o products/services Number o serious clients complaints Process

Incorrect set up o electroniccontrols or client orders

Number o incorrect transactionsnot suitable or the client/Lossesrom correction

System

Incomplete Legal documents Number o accounts aected Process

Incomplete AML/KYC Number o accounts aected Process

Client permissions/disclaimersmissing

Number o cases identied Process



chapter III

ALFI industry work paper -collateral management



Update on reGULatIonS and Market 46

rguli 46

M 46

CoLLateraL ManaGeMent In the ConteXt oF UCItS

and UCItS ManaGeMent CoMpanIeS 47

1 In-hoUSe 48

2 oUtSoUrCInG 49

2.1 dsi b 49

2.2 o i 49

3 SynChronISed SetUp 50

4 non-SynChronISed SetUp 51

5 LeGaL ChaLLenGeS 51

6 roLeS and reSponSIBILItIeS In CaSe oF

oUtSoUrCInG/deLeGatIon oF CoLLateraL ManaGeMent 52

7 InveStMent reStrICtIonS – the otC CoUnterparty rISk eXpoSUre LIMIt and the ConSIderatIon oF CoLLateraL 53

BeSt praCtICe For taSkS and ControLS reGardInG

CoLLateraL ManaGeMent 57

Content



ALFI industry work paper - collateral management

46

Update on regulations

and market

rguli

The market turmoil since early 2008 and the

ailure o Lehman Brothers have raised

particular anxiety in relation to counterpartyrisk. Regulators have increasingly called or

major eciency improvements in the credit

deault swap market to reduce systemic risk.

The industry will be required to take urther

steps to limit the domino eect o lagging and

uncertain post-trade processes in the event o

a counterparty deault or ailure. This

includes the use o legally enorceable netting

and master collateral agreements between

counterparties where possible.

In July 2010 the OTC derivatives market in

the United States experienced signicant

regulatory change as the Dodd-Frank Financial

Reorm Bill was passed. From July 2011, swap

dealers as well as major swap participants are

required to comply with signicant new

regulatory requirements, including mandatory

clearing, exchange trading, reporting, business

conduct standards, and enhanced segregation

and margin requirements. Moreover the

CTFC/SEC are obliged to dene rules anddenitions governing qualied institutions as

well as OTC derivative types requiring central

clearing by July 2011. It is expected that a vast

majority o OTC derivative transactions will

require a central counterparty (CCP), however,

a robust bilateral market will remain, e.g. or

swaps too complex or illiquid to be cleared

by a CCP.

In contrast to the United States much o the

European legislation has yet to be nalised.In October 2008 the European Commission

called upon the nancial industry to reduce

the risks inherent in the credit deault swaps

market, in particular by moving the clearing

o the contracts onto European CCPs. CCPs

are intended to allow or greater transparency

on the one hand and on the other hand by

acting as central clearer mitigate credit risk in

order to allow greater stability o the nancial

system. In July 2009 the Commission

announced that credit deault swaps relatingto European entities and indices based on

these entities started clearing through CCPs

regulated in the EU. Three European CCPs

(ICE Clear, Eurex Clearing and LCH.Clear-

net) have obtained the necessary regulatory

approvals and have begun to clear credit

deault swaps. Indeed, the CDS clearingthrough CCPs is still in a start-up phase, but

due to the current policy sentiment within the

EU, a rise in centralized CDS clearing can be

expected. In order to monitor the rollout o

the central CDS clearing the European

Commission has set up a working group,

involving dealers, the buy-side (e.g. asset

managers, banks and insurance companies),

CCPs and supervisors.

In July 2010 the Committee o EuropeanSecurities Regulators (CESR) published its

guidelines on risk management and the

calculation o global exposure and counter-

party risk or UCITS (CESR/10-788), which

have considerable impact with respect to the

credit risk calculation method. Additionally,

emphasis has been put on the use o collateral

or counterparty risk mitigation subject to

distinct requirements to be ullled (e.g.

liquidity, valuation, correlation, saekeeping,

enorceability, operational risks, etc.).

As o 15 September 2010, the European

Commission has put orward the European

Markets Inrastructure Regulation or consid-

eration and co-decision by the European

Council and Parliament. Key elements o the

proposal include mandatory reporting o all

OTC derivative positions to the EU regulators,

mandatory clearing o “standardised” OTC

derivatives, and reduction o operating risk

through automation and standardisation CDSclearing through regulated CCPs.

M

Since the nancial market crises and the

above depicted rise in regulatory requirements

the nancial services industry has ocused its

attention towards active counterparty risk

management. A recent study conducted by

TowerGroup ound that counterparty

exposure was the second most requently

cited driver o operational improvement atthe OTC derivative market participants

surveyed; over 60% o respondents indicated

that it is a major risk ocus. Consequently,



market participants ocus attention on the

use and proper management o collateral

to mitigate counterparty risks arising rom

transactions such as securities lending,repurchase agreements and OTC derivatives.

An example o the industry ocus on improve-

ments is the recently best practices or the

OTC derivatives collateral process, published

ISDA (the International Swaps and Deriva-

tives Association). These best practices or

the collateral process summarise key elements

o the previous ISDA publications

(e.g. standards or the electronic exchange

o OTC derivative margin calls) aiming to

increase prudent practice.

Moreover market statistics refect the

growing demand and importance o counter-

party risk mitigation by using collateral

management. The estimated amount o

collateral in use in connection with over-the-

counter derivatives transactions grew rom

$2.1 to almost $4.0 trillion during 2008(a growth rate o 86%). The OTC derivative

exposure covered by collateral amounted to

around 66%, whereas around 83% o the

collateral was cash ollowed by government

securities used as collateral (around 9% o

collateral received and around 15% o

collateral delivered). Furthermore the

signicant use o cash and government

securities as collateral (around 95%) con-

rms a trend towards reducing collateral

complexity as both types o collateralsimpliy collateral management tasks such as

the collateral processing, reconciliation,

valuation, etc.

Collateral management

in the context o UCITS

and UCITS

management companies

The CSSF Circular 07/308 addresses practical

issues regarding collateral usage as a technique

to mitigate counterparty risk and it requires

that leverage generated through the reinvest-ment o collateral in the context o repurchase

transactions or the lending/borrowing o

securities must be taken into account or the

determination o the UCITS global exposure.

There is no possibility or UCITS to positively

aect the probability o deault or OTC

counterparties. However, the loss arising outo the deault risk can be reduced through the

use o collateral as it provides additional

protection in such event.

miisis csss

96 time

100

98

102

97

101

99

103

liquii is

collateral value

eective cash value

minimum collateralisation

hicu ssssm - illusih

i=h

i(o, T

liq )

price




48

Counterparty credit risk is thus reduced, but

replaced by the ull range o risks related to

the collateral management process: these are

on the one hand nancial risks related to thecollateral itsel and on the other hand opera-

tional risks as well as legal risks within related

processes. To account or these risks and thus

to measure the eective realisation value (in

case o deault), haircuts need to be applied

or the valuation o collateral assets. For these

haircuts to be meaningul, i.e. to assess the

real level o protection, these haircuts need to

refect the variety o legal and operational

actors, as well as correlation with the

counterparty, the assets’ volatility. Finally, theliquidity risk should be considered. Depend-

ing whether one needs to liquidate 0.1% or

200% o e.g. the average daily traded volume

or a specic instrument, the proceeds o the

collateral liquidation process will presumably

be subject to considerable variations.

The CSSF Circular 07/308 requires UCITS and

UCITS management companies to address the

risks resulting rom collateral management

through appropriate procedures and controls.

The need or a sound inrastructure and

organisation is restated by the CSSF Circular08/356. Even though the extent o the CSSF

Circular 08/356 is limited to securities lending,

repurchase and reverse repurchase transactions,

the application o these principles to other

OTC transactions is considered a prudent

administrative practice. However, the exact

monitoring and supervision o collaterals,

especially the permissibility o “non-segregated”

collaterals held at the counterparty or the

re-hypothecation o collaterals by the

counterparty remain uncertain.

Dierent models can be set-up or collateral

management purposes. The collateral

management can be perormed in-house by

the management company or delegated/

outsourced to a third party, typically the

depositary or other third party. For illustration

purposes an exemplary process setup or each

operating model is depicted below.

1 I-us

Cu

Cu-cusis

ISDA/CSA

DRV/Dt. Bes.

Clll mgm

OTCPositioninormationrom FAand/or romdepositarybank

Approve

collateralOUT or SWITCH

Margin calculation

Settlement instructions

Settlementinstructions

Collateral reporting

Verication notication and eligibility checks

Ex-post compliance check

refecting CM-impact

Credit support balance in avor o und

Credit support balance in avor o counterparty

OTC accounting & valuation

Verication notication

Margin calculation

Custody-

services

dsi b

OTC accounting& valuation

Credit risk mea-surement incl.

CM impact

MC/SICav

Fu-ccuig

Fu-cmlic

Timelines to be agreed between all participants

Notication time and cut-o time on a cristal path

6b

8d

b

9b

5b

8b

5a

8a

9a

6a

8c

a

2 11

11

7b3

2

4OTC trade1

4

10

P o s i t i o n

r e p o r t i n g

/ N o t i f c a t i

o n

P o s i t i o n

r e p o

r t i n g

/ N o t i f c a t i o

n

C o n f r m

a t i o n

C o n f r m

a t i o n

D e l i v e r

y

D e l i v e r

y




50

Generally the implemented collateral manage-

ment process will depend upon the existing IT

inrastructure, however automation (e.g. or

collateral valuation, netting o exposures andmargin calls) and adequate risk and exposure

aggregation systems are strongly advocated.

Collateral as a risk management tool should

be integrated into the overall risk manage-

ment ramework. The operational challenge

o managing collateral relates to tasks such as

collateral processing (collecting and returning

cash and other collateral, recalling and

substituting collateral), mark-to-market

valuation o collateral, assessment o relevant

haircuts, collateral reconciliation, monitoringo collateral eligibility and the ollow-up on

disputes. Especially the accurate valuation

and haircut assessment o the OTC derivative

position is crucial, as it ensures a precise

calculation o the collateral coverage allowing

or proper collateral management andeective counterparty risk mitigation. This

valuation must be done by a unit independent

rom the counterparty, respectively the asset

management department. Moreover, robust

dispute resolution practices must be in place

to address pricing discrepancies within the

reconciliation process. Consequently timing

and valuation method need careul consider-

ation or OTC derivative positions collateral

management. Below illustrative examples o

two dierent setups or the timing o OTCderivative and collateral position valuation

are depicted.

3 Scis su

Pricing snapshoto collateral

Pricing snapshoto OTC

instruments

Pricing o collateraland OTC aresynchronized

Valuation time

o collateral

Valuation time

o und OTC

instruments

Ofcial NAV

publication

Notifcation

time

Overnight collateralmanagement data

import to investmentcompliance system

Collateralmanagement

timeline

Fundtimeline

Ex postinvestmentrestrictions(5/10 OTC)

Calculationo amounts

Fund NAVcalculation

Return amounts>CP demands

Receivessecurities

with SC+1

Receivessecurities

with SC+2

Delivery amounts

> Fund demandsReceives

cashcollateral

VD-1VD=

Valuation DateSD=VD+1 SD=VD+2

Margin call

Exposure

Value

Timelineto calculatemargin calls

1

1



4 n-scis su

As the objective o collateral management is

to mitigate the counterparty exposure/risk,

a non-synchronised setup oers the advantage

o an intraday collateral management(i.e. no time lag), thereore allowing an exact

matching o OTC derivative and correspond-

ing collateral positions. On the other hand the

synchronised setup allows matching OTC

derivative and collateral valuations allowing

or a consistent investment restriction.

5 Lgl cllgs

The legal risks associated with collateral

management are related to contractual risks in

connection with master agreements (e.g. ISDAmaster agreement including Credit Support

Annex/Deed) and, in the case o delegation,

collateral management agreements. Thereore

a close collaboration with the portolio

manager and legal department is required toensure an appropriate legal ramework

covering all collateral management tasks and

responsibilities. Moreover a clear understand-

ing o the contract terms (e.g. types o

OTC derivatives covered by the agreements,

denition o deault events, etc.) is essential or

an accurate legal set-up o the collateral

management process.

The main other risks inherent to such process are:

Q Concentration o collaterals with single"counterparty" (i.e. collateral manager);

Pricing snapshot

o collateral

Pricing snapshot

o OTCinstruments

Pricing snapshoto OTC

instruments

Valuation time

o und OTC

instruments

Ofcial NAV

publication

Notifcation

time

Overnight collateralmanagement data

import to investmentcompliance system

Collateralmanagement

timeline

Fundtimeline

Ex postinvestment

restrictions(5/10 OTC)

Calculationo amounts

Front oce:Trading system

Fund NAV

calculation

Return amounts

>CP demands

Receives

securitieswith SC+1

Receives

securitieswith SC+2

Delivery amounts> Fund demands

Receivescash

collateral

VD-1VD=

Valuation DateSD=VD+1 SD=VD+2

Margin call

Exposure

Value

Timelineto calculatemargin calls

1




52

Q Valuation o collaterals and settlement cycle;

Q Follow-up on disputes with counterparties;

Q Segregation o collaterals rom other

holdings o collateral manager(in particular cash holdings).

The recommended controls to ensure a sound

and ecient collateral management process are:

Q Ensure timely and adequate inormation

fow between organisational unit/entity

responsible or contractual setup and

organisational unit/entity involved in the

ongoing collateral management process;

Q Use standardised contractual ramework;

Q Apply consistent haircuts, which accountor all risk-dimensions the collateral is

exposed to;

Q Dene precisely the standard eligible

collateral universe (e.g. cash: yes/no,

security types, min. quality etc.);

Q Apply consistent valuation principles

(e.g. requency, valuation time and source);

Q Agree on consistent collateral exchange

requency - ensure practical viability;

Q Dene consistent thresholds/minimum

transer amounts/collateral selection

hierarchy;

Q Apply one communication standard

- ideally allowing matching o instructions;

Q Foresee exception handling scenarios and

implement robust and proven escalation

process, e.g.

- extraordinary events in-between

monitoring dates having a signicant

impact on contract/collateral value;

- event o deault.

6 rls ssibiliis

i cs usucig/lgi

clll mgm

The previously-cited market trends and

operational complexity o collateral manage-

ment have caused a rise in outsourcing o

collateral management by UCITS management

companies. Nevertheless, as stated in Article 110

Section 2 o the Law 17 December 2010 the

management company liability is not aectedby the delegation o any unctions.

I a UCITS management company plans to

outsource the collateral management ollowing

preconditions set out in Article 110 Section 1

o Law 17 December 2010 claried by CSSFCircular 03/108 have to be satised:

Q notication o the CSSF in an appropriate

manner, i.e.

- detailed description o unctions to be

delegated as well as the measures

available to the management company

to monitor the outsourced duties;

Q delegation/outsourcing does not prevent an

eective supervision over the management

company, i.e.

- compliance with rules stated in Article 110o the Law 17 December 2010 is ensured

and can be monitored at any time by the

management company;

Q the management company has to

implement measures to eectively monitor

at any time the outsourced duties;

Q contractual rights granting the management

company discretionary powers as well as

termination rights have to be agreed upon

with the outsourcing provider;

Q the outsourcing provider must be qualiedand capable o providing the duties concerned;

Q unctions (CSSF may require specic

outsourcing providers to be named) which the

management company is permitted to outsource

have to be disclosed in the UCITS’ prospectuses.

In order to comply with the above-mentioned

preconditions a management company has to

perorm a thorough due diligence beore

delegating collateral management duties.

Particularly the requirement to implementmeasures in order to ensure a continuous and

eective monitoring o the delegated unc-

tions necessitates the implementation o

ormal outsourcing controlling procedures.

These procedures can be twoold:

(i) regular monitoring via reports rom the

collateral manager and (ii) spot checks comple-

mented by an annual due diligence o the

service provider based on internal documenta-

tion and external reports (e.g. SAS 70 control

reports). Preerable the reports received romthe collateral manager should include sucient



inormation to monitor in particular the

valuation o the assets or OTC positions and

collateral assets, the collateral coverage, asset

eligibility and open disputes (in case thecollateral management has been contracted

with this scope). Furthermore appropriate

escalation procedures need to be dened as

part o the monitoring process.

The exact requency o the regular monitoring

activity has to be determined by the manage-

ment company based upon the volume and

complexity o the collateral management

activity. Finally, as the depositary bank o a

UCITS has a responsibility o saekeeping as

well as monitoring and supervising the assetso a UCITS, it is directly involved in the

collateral management process. Thus it is

advisable that both parties work closely

together in perorming an adequate supervi-

sion o the collateral manager.

7 Ism sicis – t otC

cu is xsu limi

csii clll

The Law 17 December 2010 relating to

undertakings or collective investments setstwo concentration limits that are applicable

or the OTC counterparty risk exposure.

According to Article 43(1) the risk exposure

o a UCITS to a counterparty arising rom

OTC derivative transactions must not exceed

5% o its net assets and 10% in the case the

counterparty is a credit institution. In addi-

tion, the OTC counterparty risk exposure has

to be included in the 20% issuer concentra-

tion limit according to Article 43(2).

The CSSF Regulation N° 10-04 transposing

Commission Directive 2010/43/EU o 1 July 2010

implementing Directive 2009/65/EC o the

European Parliament and o the Council

(Article 48) denes the OTC counterparty

risk exposure calculation:

Q The OTC counterparty risk exposure

should be calculated by using the positive

mark to market value o all OTC derivative

transactions with the same counterparty;

Q Provided that there are legally enforceablenetting arrangements (e.g. ISDA) in place,

the risk exposure arising rom OTC

derivative transactions with the same

counterparty may be netted;

Q A UCITS may reduce its OTC counterparty

risk exposure through the receipt o collateral.

The collateral assets used or risk mitigation

need to be valued at market prices taking intoaccount appropriate haircuts and must comply

with urther high-level principles (e.g. liquidity,

collateral diversication, etc.) set by CESR.

It should be noted that the ormula or

the calculation o the counterparty risk

(as previously dened in the CSSF Circular

07/308) has been changed signicantly: When

calculating the counterparty risk associated

with the use o OTC derivatives as the positive

mark to market value o the OTC derivative

contract only, as described above, the poten-

tial uture credit risk (“add-on”) and the

weighting actor are no longer taken into account.

Depending on the specics o the respective OTC

contract, the sole implementation o the new

calculation method could increase the results o

the counterparty risk calculation by actor ve in

the extreme case. The impact o this regulatory

adjustment should thereore be assessed in order

to pave the way or potential mitigating measures.

Also the Directive 2010/43/EU and CESR/10-788

denes the level high-level principles as to the use

and eligibility o collateral in order to reduce the

OTC counterparty risk or UCITS are set:

Q collateral must

- be suciently liquid;

- have a short settlement cycle;

- be capable o being valued at least on

daily basis;

- be o a sound credit quality or subject

to appropriate haircuts;

- display little correlation with the OTC

counterparty;

- be suciently diversied;

- be held with a third party custodian or

whom specic requirements (e.g. subject

to prudential supervision) are stated in

CESR/10-788 and;

- be ully enorceable by the UCITS

without prior consent or reerence to

the counterparty. Q non-cash collateral cannot be sold,

re-invested or pledged;

Q cash collateral can only be reinvested in

risk-ree assets.




54

1 Article 43 (2) o the Law 17 December 2010

2 See also: CSSF Regulation N° 10-04 transposing Commission

Directive 2010/43/EU o 1 July 2010 implementing Directive

2009/65/EC o the European Parliament and o the Council

3 Article 43 and 46 o the Law o 17 December 2010

These high-level principles are already or the

most part refected in CSSF Circulars 07/308

and 08/356. However, or example the require-

ments as to collateral being capable o at least

daily valuation and certain requirements as to

the third party custodian constitute a degree o

variation that should be noted and i necessary

processes adapted accordingly. In order to assess

and monitor whether specic assets are eligible,

it is essential to have qualitative policies and

quantitative tools available in order to accurately

measure liquidity, correlation and haircuts.

Besides the calculation o the OTC counterparty

risk exposure, Article 48 o the CSSF Regulation

N° 10-04 (Article 43 o Directive 2010/43/EU)

gives urther clarication on collateral netting

eects. It is stated that on und-level the net

amount o the collateral passed to and received

rom the same counterparty can be taken into

account provided that a legally enorceable

netting arrangement is in place.

In this context it must be considered that

– although the aim o a collateral management

is to mitigate OTC counterparty risks – in some

circumstances collateral management can also

generate counterparty risk. This might be the

case when the collateral value passed to the

counterparty exceeds the negative mark to

market value o the OTC derivative transactions

(over-collateralisation). Such over-collateralisa-

tion exposes an UCITS to a counterparty risk

and should be taken into account in calculating

the OTC counterparty risk exposure.

One specication regarding the investment

restrictions monitoring is given when a

UCITS receives cash collateral and re-invests

it in order to generate a risk-ree return

(according to CESR, cash collateral can only

be invested in risk-ree assets).

A risk-ree asset is dened as per CESR, as an

asset providing the return o a short maturity

(generally 3 months), high quality govern-

ment bonds or sovereign debt. Given the

recent market turmoil, we suggest to enhance

this denition by the ollowing criteria:

Q High quality sovereign debt and/or debt

guaranteed by an eligible sovereign subject

to a AAA-equivalent rating;

Q Any other government bonds generallyconsidered risk-ree in reerence toAAA-equivalent rating;

Q Short-term money-market unds according

to the denition o CESR subject to aAAA-equivalent rating;

Q Or plain-vanilla corporate bonds orplain-vanilla money-market instrumentswith a short maturity (generally 3 months)rom issuers within the OECD subject toa AAA-equivalent rating.

In such cases, the exposures created throughthe re-investments must be taken into accountin calculating the 20% issuer-concentrationlimit as specied in Article 52(2) o Directive2009/65/EC1 on und-level.

Example:Fund holds German Government Bonds

15% o NAVCollateral reinvestment in German T-Bills

5% o NAVGerman Government Exposure

20% of NAV

The investment restriction monitoring o thecollaterals posted by the und (i.e. transerredas collateral to a counterparty) is not chang-

ing, i.e. the issuer-concentration limits and theinvestment objective have to be applied. Inrelation to the collateral assets received roma counterparty the UCITS issuer-concentra-tion limits and the und-specic investmentobjectives are not applicable.

Per Commission Directive 2010/43/EU2 andCESR/10-788, it is worth noting also theollowing:

Q Initial margin posted to and (excess)variation margin receivable rom a broker

relating to both exchange traded and OTCderivatives (unless protected under clientmoney rules) must be included in the OTCcounterparty exposure limits;

Q Position exposures o assets underlyingnancial derivative instruments must beincluded in the calculation o the issueconcentration limits per [Articles 52 and55 o 2009/65/EC3] using the commitmentapproach, except in the case o (qualiying)index based FDIs.



Best practice or tasks

and controls regarding

collateral management

To ensure UCITS management companies adequately implement the collateral management

ollowing tasks and controls along the process chain have been identied as best practice.

tss rssibiliis Cls

pM MC CUS CM Fa Fa – accuig Fa – Cmlic

1.1. Slci

cu X X

•Monitoringoftheapproved counterparties(ex-post acceptancecontrol)

1.2. ngii

sigig otC

CSa gms

i cu

(.g. slci

ligibl clll,

lui

ssibili

-ci

clll)

X X X

•Agreementonaccountingand valuation principles

1.3. dsi clll

sss sgg

ccus i

i i

X X

•Reviewofcustodian/collateral manageragreements/conrmations withregards to collateralsaekeeping details

1.4. dfii ul

s i ISda

gm

cuslicbl i suc

cicumscs

X X

•Set-upofaccountingprocedure relative toOTC deaults andcollateral treatment

oil

1.5. du iligc

clll mgm

sic iX X X

1.6. nifci

rgul (CSSF)

X

1. Initiation2. Transaction

validation3. Monitoring 4. Reporting 5. Reconciliation




56

tss rssibiliis Cls


2.1. rcig

scis

(clll s

ci)

X X X

•AccountingofOTCtransactions

•FilingofISDA

agreements/CAS inaccounting records

2.2. ts clll

sss s

(clll ccus)X X X

•Accountingofcollateralsposted (i.e. on-balance)

•Accountingofcollateralsreceived (i.e. o-balance)

•Monitoringofinitialcollateral postings

2.3. vlui otC

siis

clll sssX (X) X

•ValuationofOTCpositions

•Valuationofcollaterals(i.e. in case o securities)

•Monitoring o variationpostings on collaterals

2.4. rccilii

clll lui

i navX

•ReconciliationofOTCvaluation

•Adjustmentofvaluation(in case required)

2.5. vii sig/

ci

clll sssX X X

•Accountingofcollateralsposted (i.e. on-balance)

•Accountingofcollateralsposted (i.e. o-balance)

•Monitoringofvariationpostings on collaterals

2.6. Miig

cllci/m is cs

clll

X (X) X

•Accountingofinterest

accruals•Accountingoninterest

paid/received

2.7. Miig

lcm

clll (i..

c ci

l sics)

X (X) X

•Accountingofcollateralswitches (i.e. in case osecurities collateral)

•(potentially)accountingo corporate actions

•Monitoringofcollateralswitches regardingeligibility and collateralcoverage

2.8. Miig

cssig uls X (X) X

•Accountingofdefaultevents (e.g. write downs,impairments)

•Accountingofcollateral“realisation”

•Monitoringofcollateral“realisation” (i.e. receptiono collateral due)


validation3. Monitoring 4. Reporting 5. Reconciliation



tss rssibiliis Cls


3.1. eligibili

clll s li

i CSa

X X X

•Monitoringofcollateraleligibility

3.2. eligibili

clll s qui

i lgl isiX X

•Monitoringofcollateralcoverage (i.e. sucientcollateral received/posted)

3.3. Clll cg

X X X

•Monitoringofappliedhaircuts

•Monitoringofcollateralcoverage (i.e. sucientcollateral received/posted)

•MonitoringofCPexposure in case oover-collaterisation

3.4. Cmlic i

ism

sicis li

i

scus /

lgl isis

X X

•Monitoringoflegalandcontractual counterparty risk restrictionsconsidering collateralsreceived and re-used(i.e. o-balance)

3.5. nig otC

xsuX X

•Monitoring o legal andcontractual counterpartyrisk restrictionsconsidering collateralsnetting provisions asper ISDA agreements

3.6. plusibili cc

clll luis(X) X

•ReconciliationofOTCvaluation

•Adjustmentofvaluation(in case required)

3.7. Suisi

sub-cusis

clll otC

l sss

X


Validation3. Monitoring 4. Reporting 5. Reconciliation




58

tss rssibiliis Cls


4.1. disclsu otC

l imi

i fcil

sms

X X

•DisclosureonvalueofOTC derivatives

•(optional)Notedetailing

mark to market value ocollateral

4.2. rig

xcis/bcsX

•Escalation procedure(internal)

•Escalationprocedure

(external – CSSF 02/77)

4.3. Fll-u

isusX X X

•ReconciliationofOTCvaluation ater disputesettlement

•Adjustmentofvaluationand collaterals

•(potentially)Monitoringo dispute settlement

4.4. Is x

igX

•Taxreportingincludingcollateral income

4.5. osig ig

ilig clll

mms

-- siis

X X X X



tss rssibiliis Cls


5.1. rccilii

clll siisX X X

•Reconciliationofsecurityand cash collaterals

•Follow-upon

un-reconciled collaterals





aML Anti-Money Laundering

BCp Business Continuity Planning

B dics Means the Board o Directors o the Management Company;The term “Board o Directors” shall not comprise the supervisoryboard where management companies have a dual structurecomposed o a Board o Directors and a supervisory board

CCp Central Counterparty

CdS Credit Deault Swap

CeSr Committee o European Securities Regulators

CeSr/10-788 CESR’s Guidelines on Risk Measurement and the Calculationo Global Exposure and Counterparty Risk or UCITS

Cicul 02/77 Protection o investors in case o NAV calculation error andcorrection o the consequences resulting rom non-compliancewith the investment rules applicable to undertakings orcollective investment

Cicul 03/108 Luxembourg management companies subject to Chapter 13o the Law o 20 December 2002 concerning undertakings orcollective investment, as well as Luxembourg sel-managedinvestment companies subject to Article 27 or Article 40 o the Law o 20 December 2002 concerning undertakings orcollective investment

Cicul 07/308 Rules o conduct to be adopted by undertakings or collectiveinvestment in transerable securities with respect to the use o a method or the management o nancial risks, as well as the

use o derivative nancial instrumentsCicul 08/356 Rules applicable to undertakings or collective investment

when they employ certain techniques and instruments relatingto transerable securities and money market instruments

Cicul 11/512 This Circular claries the Risk Management requirementsapplicable to Luxembourg UCITS Management Companiesand Luxembourg domiciled UCITS

CM Collateral Management

Cucig ofc/Co Means the Person(s) appointed by the Board o Directors to

oversee the day to day operations o the ManCo

Cu ris Means the risk o loss or the UCITS resulting rom the act that

the counterparty to a transaction may deault on its obligations

prior to the nal settlement o the transaction’s cash fow

Cp Conducting Person

CSSF Commission de Surveillance du Secteur Financier, theLuxembourg supervisory authority o the nancial sector

CtFC Commodity Futures Trading Commission

CUS Custody Services / Depositary

dr Disaster RecoveryeSMa European Securities and Market Authority, known as CESR

until 1st January 2011

appendix I - glossary




60

eU The European Union

Fa Fund Accounting

hr Human Resources

ISda International Swaps and Derivatives Association, Inc.

kpI Key Perormance Indicator

krI Key Risk Indicator

kyC Know Your Customer

Liquii ris Means the risk that a position in the UCITS’ portolio cannot besold, liquidated or closed at limited cost in an adequately shorttime rame and that the ability o the UCITS to comply at anytime with Article 11, paragraph (2) and Article 28, paragraph(1), point b) o the Law o 17 December 2010 concerningundertakings or collective investment is thereby compromised

MC MgmCm

Means, throughout the document, reerence to managementcompany or sel managed company unless i not expresslysaid otherwise

M ris Means the risk o loss or the UCITS resulting romfuctuation in the market value o positions in the UCITS’portolio attributable to changes in market variables, such asinterest rates, oreign exchange rates, equity and commodityprices or an issuer’s creditworthiness

oM Operating Memorandum

oil ris Means the risk o loss or the UCITS resulting rom

inadequate internal processes and ailures in relation topeople and systems o the management company or romexternal events, and includes legal and documentation riskand risk resulting rom the trading, settlement and valuationprocedures operated on behal o the UCITS

otC Over The Counter

pM Portolio Management

rguli n. 10-4 CSSF regulation No. 10-4 transposing commission directive2010/43/EU o 1 July 2010 implementing directive 2009/65/ECo the European Parliament and o the Council as regardsorganisational requirements, conficts o interest, conduct

o business, risk management and content o the agreementbetween a depositary and a management company

rl ps In relation to a management company, means any o the ollowing: Q a director, partner or equivalent, or manager o themanagement company;

Q an employee o the management company, as well as anyother natural person whose services are placed at thedisposal and under the control o the management companyand who is involved in the provision by the managementcompany o collective portolio management;

Q a natural person who is directly involved in the provision o services to the management company under a delegation

arrangement to third parties or the purpose o theprovision by the management company o collectiveportolio management.



ruil is Means the risk o damaging an entity’s trustworthiness inthe marketplace, i.e. the impact o specic events that couldworsen or negatively aect the perception o an entity

rFp Request or Proposalris ai ms The amount o risk exposure (e.g. expressed as monetary),

or potential adverse impact rom an event, that a Manco iswilling to accept/retain

rM Risk Management

rMp Shall stand or Risk Management Process

SaS 70 Statement o Auditing Standards No. 70

SeC Securities & Exchange Commission

Si Mgm Means the persons who eectively conduct the business o a management company in accordance with Article 102,

paragraph (1), point c) o the Law o 17 December 2010concerning undertakings or collective investment

Sl Mg SICav UCITS SICAV established under the Law o 2010 which hasnot appointed a Management Company

SICav Société d’Investissement à Capital Variable (investmentcompany with variable capital)

SLa Service Level Agreement

Suis Fuci Means the relevant persons or body or bodies responsibleor the supervision o its senior management and or theassessment and periodical review o the adequacy and

eectiveness o the risk management process and o thepolicies, arrangements and procedures put in place to complywith the obligations under the Law o 17 December 2010concerning undertakings or collective investment

t L 2010 Luxembourg Law o 17 December 2010 concerningundertakings or collective investment

UCItS Undertaking or Collective Investment in Transerable Securitiessubject to Part I o the Law o 2010, as amended

UCItS dici Council directive 2009/65/EC o the European Parliamentand o the Council o 13 July 2009 on the coordinationo laws, regulations and administrative provisions relating

to undertakings or collective investment in transerablesecurities (UCITS) glossary




62

appendix II aLFI ris mgm cmmi SC

Chairman: Jean-Christoph Arntz

Thomas NummerOlivier Carré

ALFI Coordinator: Alexander Fischer

K Risk

Management

Steering

Committee

K1 Market

Risk SC

K2 Counterparty,

Issuer and

Diversifcation

Risk SC

K3 Operational

Risk SC

K4 Liquidity

Risk SC

k1 M ris SC

Cecilia Lazzari

Dominique Marchal

Laurent Denayer (Co-chairman)

Luc Neuberg (Co-chairman)

Michael Derwael

Steania Serato

Xavier Zaegel

k2 Cu, Issu

disifci SC

Gabrielle Jamion

Guy ReiterHenning Schwabe

Justin Egan

Kai Nemec

Mario Koster

Olivier Carré (Co-chairman)

Peter Schmitt

Thomas Nummer (Co-chairman)

Utz Schüller

Valerie Bernard

k3 oil ris SC

Christoph Adamy

Dale Quarry

Daniela Klasen-Martin

Graham Goodhew (Chair)

Mike Sommer

Sacha Reverdiau

Sonia Thein-Biraschi

Stean Lieser

Thomas Nummer

k4 Liquii ris SC

Alain Ottelé

Bastian Wagner (Co-chairman)

Elie Flatter

Frank Schaer

Michael Rieer

Remi Kamiya

Sascha Schultz

Sasha Reverdiau

Sven Muehlenbrock (Co-chairman)



Revised version March 2012.

For any urther inormation about this brochure or risk management address

alfi risk management 170412

Documents