alfi risk management 170412
TRANSCRIPT
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 1/64
risk management
guidelines
in association with
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 2/64
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 3/643
Foreword 4
Chapter I 6 Bs pcic psls ogisi ris Fuci
UCItS Mgm Cm UCItS Ism Cm 8
Chapter II 29 Guic is miig ucis usuc/
lg b mgm cm ism cm 30
Chapter III 44
aLFI ius - clll mgm 46
aix I - glss 59
aix II - aLFI ris Mgm Cmmi SC 62
table o contents
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 4/644
oreword
The nancial crisis has demonstrated how
important it is to have in place an eective
and robust risk management organisation.
In today’s ever more complex businessenvironment investment rms are required
to implement sound risk principles and
oversight mechanisms. This is not only o
interest or individual entities, but or the
nancial groups overall. The global
integration o markets, business and
operations triggers an integrated risk
management ramework. Risk management
has become a dominant topic in a number o
recent regulations. Whereas in the context o UCITS IV risk management has been
conrmed and clearly be expanded beyond
the traditional ocus on market risk, the
AIFMD has now introduced this broad
concept o risk management as an integral
part o the responsibilities o the AIFM.
In addition to the product specic risk
management regulations, the EU regulator
prepares new guidelines regarding the
trading o OTC derivatives and central
counterparties.
Besides ostering a risk awareness culture
and a holistic approach to risk management
as such, it has become apparent that risk
governance is paramount to the successul
business conduct.
As the European centre or UCITS und
domiciliation and distribution, Luxembourg
is positioned as the crossroad o regulatoryrisk management requirements and distribu-
tion risk reporting.
In practice, the und industry has organized
its risk management processes in a
centralized manner, supported by dedicated
‘centers o excellence’ dened within each
major asset management group. The
centralization is a consequence o the
increased sophistication o the riskmanagement as well as the economies o
scale in terms o systems and data history.
We believe that the scope o risk manage-
ment as required by the regulator does
broaden the responsibilities o the manage-
ment company and by such the riskmanagement unction. Due to its exposed
positioning in product governance and
international distribution, Luxembourg has
developed the overall understanding o the
entire value chain and is as such well placed
to play a leading role in risk management.
In light o the holistic risk management
approach, ALFI has created within its risk
management committee which ocuses and
all aspects o risk management in relation toLuxembourg domiciled investment unds,
proposes common interpretations, simplica-
tions or market industry standards and
prepares responses to consultations issued
by national or international bodies.
The working groups (market risk, liquidity
risk, credit and counterparty risk as well as
operational risk) address the risk categories
as outlined by the UCITS IV Directive and
its implementing measures. In the present
guidance paper, we hereby present the rst
results o some o these working groups.
We attached a special ocus on the key risk
topics that are newly addressed by UCITS IV.
It is the intention o this publication to assist
the market players in the pragmatic opera-
tional implementation o these regulations.
1 Liquii is
Q The liquidity risk is a risk which has been
underestimated or quite a long period, in
particular or certain asset classes
‘assumed’ to be liquid based on quotes
rom a limited number o market makers.
Measuring the liquidity risk is subject to
two main dimensions, (i) assets and (ii)
liabilities o the UCITS. In particular the
liability aspect is tricky due to the
‘intransparent’ and very complex
distribution structure making a ull
assessment o the investor base impossible.The present guidance intends to propose
practical measures to address asset
liquidity management.
Fostering a holistic
approach to risk
management moving
up the agenda
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 5/645
2 Ci & cu is
Q The assessment o counterparty risk has
undergone a complete reversal and has
become a major risk to be managed or allUCITS dealing in OTC contracts. In
particular the measurement o the risk as
well as the changing market practice with
regards to collateralisation put additional
pressure on risk management and
operational procedures or ManCo’s. The
role o the collateral managers in relation
to the depositary is currently unclear and
triggers additional issues one needs to take
into consideration. The guidance paper
summarises sound industry practicesregarding counterparty risk mitigation and
collateral management.
3 oil is
Q The need to manage operational risk is
well known and thus not a new aspect in
the und industry, but has become a ocal
point or regulation in the last years. The
term itsel reers to potential causes o loss
arising rom deciencies in internal controls,
human errors, physical systems ailures,and other business execution risks as well
as external events. Since Luxembourg is
traditionally making use o delegations to
third parties, the market participants have
built up experience in managing
outsourcing risks over many years. The
guidance paper has summarised selected
best practice measures to monitor
outsourced unctions and und specic
measures on operational risks.
However, the guidance given has to be put
into perspective o the respective company
environment and business model. Also, the
risk management process is subject to the
principle o proportionality as introduced
by UCITS IV.
We would like to thank all the participants o
the working groups or their dedication and
most valuable input. We are very much
looking orward to the new guidance paperscurrently in process as well as meeting you on
the events we will organize in the next months.
We hope that you nd these Guidelines
interesting and useul.
Sincerely,
ALFI
Association o the Luxembourg Fund
Industry
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 6/64
chapter I
Best Practice Proposals or theOrganisation o the Risk Function oa UCITS Management Company orUCITS Investment Company
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 7/647
IntrodUCtIon and LeGaL and reGULatory FraMework 8
1 IntrodUCtIon 8
2 key LeGaL and reGULatory FraMework 8
rISk ManaGeMent prInCIpLeS, rISk ManaGeMent FUnCtIon and
other ControL FUnCtIonS 9
1 rISk ManaGeMent FUnCtIon - prInCIpLeS 9
2 rISk ManaGeMent and ItS reLatIonShIp wIth
other ControL FUnCtIonS 10
BeSt praCtICe propoSaLS on praCtICaL IMpLeMentatIon oF
a rISk ManaGeMent FUnCtIon 12
1 GovernanCe and orGanISatIon 12
1.1 esblism rM uci 12
1.1.1 rl MC B dics 12
1.1.2 rl Si Mgm/Cucig oics 12
1.2 exmls rM gc sucus 13
1.2.1 Lg/M Cmlx Mgm Cm Sucus 13
1.2.2 Smll Mgm Cm Sucus 14
1.2.3 o gisil sucus 15
1.3 ris Mgm Sg/plic 16
2 IdentIFICatIon oF rISkS 172.1 pil riss icl cig UCItS 18
2.2 pil riss cig b UCItS MC 18
3 MeaSUreMent and ManaGeMent oF rISkS 20
4 reportInG 21
4.1 Gl icils ci rig riss Si
Mgm B 21
4.2 C Fquc rig 22
4.2.1 C Fquc ig Cos 22
4.2.2 C Fquc ig Mgm Cm SICav B 23
roLe oF rISk ManaGeMent In the LIFe-CyCLe oF a FUnd 24
appendIX LawS and reGULatIonS 25
Content
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 8/648
Best Practice Proposals or the Organisation o the Risk Function o
a UCITS Management Company or UCITS Investment Company
Introduction and legal
and regulatory
ramework
1 Iuci
Recent EU regulation, as implemented in
Luxembourg by the Law o 2010,
introduced in connection with the latestrevision to the UCITS Directive, has ocused
attention on the requirement or
management companies, pursuing the
activity o management o a UCITS, and
investment companies, that have not
designated a Management Company (Sel
Managed SICAV), to have in place an
adequate Risk Management (‘RM’) unction
that is proportionate to the business
conducted by those companies and the risk
proles o the UCITS which they manage.
The aim o this document is:
Q to highlight, in the rst place, the key legal
and regulatory sources in relation to RM in
order to get a common understanding
thereo and;
Q to propose a set o best practices that the
Boards and Senior Management o
Management Companies and Investment
Companies may wish to consider when
developing, or reviewing the adequacy o,their RM unctions.
Throughout this document ManCo will be
used to reer to a management company, or
a sel managed investment company where
no management company has beendesignated.
2 k lgl gul m
In relation to risk management a number o
laws and regulations have been issued on
European and Luxembourg level. In the
ollowing, please nd a brie overview table
including a non-exhaustive list o the key
legal and regulatory ramework in relation
to risk management.
rgul m ris Mgm
eu Ui Luxmbug
Level 1 legislation Directive 2009/65/EC Law o 17 December 2010
Uigs Cllci Ism
(2010 L lcs 2002 L)
Level 2 implementing
measures
Commission Directive 2010/43/EU CSSF Regulation No 10-4
Level 3 guidelines • ESMA Guidelines 09/178 s gs is mgm icils UCItS
• ESMA Guidelines 10/788 is msum clculi glbl xsu
cu is UCItS
• ESMA Guidelines 11/112 s gs is msum clculi
glbl xsu ci s sucu UCItS
CSSF Circular 11/498
CSSF Circular 11/508CSSF Circular 11/512
For some urther details see Appendix on page 25 to this document.
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 9/649
Risk Management
Principles, Risk
Management Function
and Other ControlFunctions
1 ris Mgm Fuci - picils
Risk management should be an integral part
o a ManCo’s control ramework and in
addition to the regulatory obligations aneective RM unction should assist the Senior
Management and Board o Directors in:
Q Optimising growth without exposing the
organisation to undue risk;
Q Demonstrating due diligence in daily
management;
Q Promoting proactive management and
early identication o risk;
Q Increasing accountability and
responsibility in the organisation;
Q Avoiding unnecessary risk exposures.
The management o risks is everyone’s
responsibility and needs to be enorced rom
the top o the organisation. A culture o risk
awareness and risk management within an
organisation is essential or a RM unction
to be eective.
The Board o Directors is thereore
ultimately responsible or ensuring that the
ManCo eectively manages its risk and therisks in the UCITS which it manages and
that it has policies and procedures in place
to measure and manage those risks.
A is mgm uci should be able
to perorm its role independently rom
operating units allowing the persons
responsible or risk management to interact
reely with all areas o the ManCo or the
purpose o identiying and escalating risk
issues or control gaps without any confictso interest. Its reporting line should be directly
to the Senior Management and/or to the
Board o Directors o the ManCo. Its resources
should commensurate with the size o the
institution, and the nature and complexity o
its activities. The sta executing the unction
has to have appropriate expertise and
knowledge o the ManCo business and o the
UCITS that it manages.
I the mc is mgm
uci is lg i , the
external rm must have access to all relevant
inormation and report to the SeniorManagement and/or Board o Directors o
the ManCo. In case o a delegation Senior
Management and/or the Board o Directors
retains ull responsibility or the eective
and appropriate execution and monitoring
o risk management. The entity providing
the outsourcing service must have sucient
technical and proessional expertise to
execute the unction. The entity providing
the outsourcing service should be assessed
regularly to ensure proper and eectivesupervision o the outsourced unction.
ManCos, in particular those that are part o
larger Group companies, may also
usuc scifc is mgm
csss to other areas o expertise (either
internal or external). The role o the local
risk management unction in this case will be
one o oversight on and coordination with
the outsourcing partner, i.e., ensuring that
the right risk inormation is received. Inthese cases, it is important that the local risk
management unction has sucient
knowledge to adequately oversee and
challenge the outsourcing partner and
provide adequate reporting to senior
management and/or the Board.
As a ManCo may decide to outsource all or
part o the risk management unction,
reerence can also be made to the Chapter II
”Guilis p ris Miig Fucis ousuc/dlg B
Mgm Cm Ism
Cm“ which has been produced by the
ALFI Technical Committee.
Each ManCo shall establish a rM m,
which comprise the ollowing components:
Q Governance and organisation o Risk
Management;
Q Identication o risks;
Q Measurement and management o risks; Q Reporting o risks and related inormation.
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 10/6410
Best Practice Proposals or the Organisation o the Risk Function o
a UCITS Management Company or UCITS Investment Company
Gc
gisi ris
Mgm
Iifci issMsum
Mgm issrig iss
l imi
Q Establishment o RM Function
(structure, proportionality)/
Roles and responsibilities
Q Risk management strategy
Q Identication o all relevant
risks or the ManCo and the
unds it manages.
Q Measure risks using
appropriate methods
Q Dene risk limits
Q Monitor compliance with
risk limits
Q Take appropriate actions in
case o limit breaches
Q Eective reporting to Senior
Management and the Board
Q Reporting to regulators
Risk Management and
its relationship with
other control unctions
al UCItS III s m
ris mgm uci. I ii,
UCItS Iv gulis ls qui
MC m Cmlic
Il aui uci; i c is
s cl ucis ligs UCItS i
MIFId quims i is g.
I g bi i c
cl uci summis scs. t m b ci
cl ucis
ulicig b cig u simil
cls, i cic ulfl
i ls ii MC.
ris Mgm has the ollowing
responsibilities as dened by CSSF
Regulation 10-4 Article 13 paragraph 3:
Q To implement the risk management policy
and procedures; Q Ensure compliance with the UCITS’ risk
limit system including statutory limits
concerning global exposure and
counterparty risk;
Q Provide advice to the Board o Directors as
regards the identication o the risk prole
o each managed UCITS;
Q Provide regular reports to the Board o
Directors on; the consistency between the
current levels o risk incurred by each
managed UCITS and the risk prole orthat UCITS, the compliance o each
managed UCITS with relevant risk limit
systems, and the adequacy and
eectiveness o the risk management
process including whether remedial
measures have been taken;
Q Provide regular reports to Senior Management
outlining the current level o risk incurred by
each managed UCITS and any actual or
oreseeable beaches o their limits;
Q Review and support the arrangements
and procedures or the valuation o OTC derivatives.
Cmlic has the ollowing
responsibilities as dened by CSSF
Regulation 10-4 Article 11 paragraph 2:
Q To monitor and, on a regular basis, to
assess the adequacy and eectiveness o
the measures, policies and procedures put
in place to detect any risk o ailure by the
ManCo to comply with its obligations
under the Law o 17 December 2010; Q To advise and assist the relevant persons
responsible or carrying out services and
activities in compliance with the ManCo
obligations under the Law.
Il aui has the ollowing
responsibilities as dened by CSSF
Regulation 10-4 Article 12 paragraph 2:
Q To establish, implement and maintain an
audit plan to examine and evaluate the
adequacy and eectiveness o the ManCosystems, internal controls mechanisms and
other arrangements;
Each o the ramework components will be explained below in the context o how to practically implement a risk management
unction and a risk ramework in a ManCo.
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 11/6411
Q To issue recommendations based on the
result o work carried out under the audit
plan and to ensure the recommendations
are complied with;
Q To report to Senior Management on a
requent basis in relation to internal audit
matters, indicating whether appropriate
remedial measures have been taken.
Ilusi ris Mgm uci is lisii cl ucis
Il ui
ris mgm cmlic
B &Si
Mgm
ois/ucis
Oversight
3rd line of defence
2nd line of defence
1st line of defence
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 12/6412
Best Practice Proposals or the Organisation o the Risk Function o
a UCITS Management Company or UCITS Investment Company
Best Practice proposals
on practical implemen-
tation o a Risk
Management Function
I llig scis umb
xmls i s
ciis m g bu imlmig
ig UCItS cmli risMgm Fuci.
1 Gc ogisi
1.1 Establishment of a RM function
As the diagram below shows, a Risk
Management unction, together withCompliance and Internal Audit, should
support the Board o Directors and Senior
Management o the ManCo in ullling their
responsibilities towards internal control o
the ManCo. In this section we look at the
role o the Board and Senior Management in
the establishment o a RM unction.
Suisuci
SiMgm
oucis
B
dics*
Cucig
ofcs/
diig
Cmlicris
MgmIl aui
1.1.1 Role o the ManCo Board o Directors
To ull the requirements o the regulations
and ESMA guidelines the ManCo Board o
Directors may consider, or ull, the
ollowing roles:
n Deinition/approval o the company’s risk
principles/strategy;
n Authorisation o Senior Management toset up the RM unction;
n Promote the development o risk measures
n Periodic review o eectiveness o the RM
unction and policies;
n Review o how the company manages risk;
n Act as a direct line o escalation;
n Approve the documented Risk
Management Process (RMP);
n Approve the risk prole or each UCITS
as well as the risk limits and changes;
n Promote the implementation o a robustand pervasive risk culture;
n Approve and review the adequacy and
eectiveness o the risk management policy.
1.1.2 Role o Senior Management/
Conducting Ocers
Senior Management/Conducting Ocers o
the ManCo will typically be involved in the
RM process either in a supervisory and
oversight role, by assuring that the required
regulatory tasks are perormed in an appropri-
ate manner and by the approval o the docu-
mented Risk Management Process (RMP).They will also be the rst point o escalation
or all RM matters and provide regular
reporting to the Board o directors.
Collectively the BOD, Senior Management
and the persons appointed to conduct risk
management must have the competencies to
understand and to be able to identiy,
measure and manage the risks in the ManCo
and the UCITS that they manage.
* Normally the BoD
oversees the senior
management – depending
on the size and setup o
the ManCo the BoD
could be involved in
executive unctions.
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 13/6413
1.2 Examples for RM governance structures
w sig-u
rM Fuci su i ulfls
is m is il busiss MC?
Q dci sucu
- d I s rM m
(ili scs)?
- I s, I c ull-s
rM m I us xl
sic i?
- I , ill is b m b Co
usuc?
Q Imlm sucu b fig ls
ssibiliis ii cs
sucu
1.2.1 Larger/More Complex Management
Company Structures
Such structures are likely to establish anindependent risk management unction
managed by a Chie Risk Ocer reporting
to Senior Management or the Board. Larger
or more complex organisations may require
that a Risk Committee be established as a
sub-committee o the Board to ocus solely
on risk management issues.
In accordance with CSSF Regulation all, or
parts, o the risk management unction may
also be outsourced to other parts o theManCo’s Group Company or to a suitably
qualied third party. I the outsourcing route is
ollowed there will still need to be a
Conducting Ocer o the ManCo appointed
as the responsible person or risk management
and to whom the outsourced unction reports.
Diagrammatically the RM unction may t
into the ManCo structure as ollows:
Sisic Sucu
1 However, a management company providing, in addition to collective portolio management, one or more other services as reerred to in Article 101 (3) o the 2010 Law may not
delegate the compliance unction. It should be remembered that, in accordance with item 5.4.9. ) o Circular IML 98/143, a management company having one or more branches is
not authorised to use an external expert specialised in internal audit. This management company shall thereore have its own internal audit department on a permanent basis.
Board o the SICAV/ManCoManagement
committee
Internal
audit/compliance*(1)
Investment
compliance*Transert
agent*Fund
accounting*Investment
manager*Distributors*
Risk management committee
Conducting OfcersHead o risk, Heads o departments
Risk management/
committee
External
auditors
Depositary/
custodian
* These unctionscan be providedin-houseby the ManCoor outsourced
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 14/6414
Best Practice Proposals or the Organisation o the Risk Function o
a UCITS Management Company or UCITS Investment Company
In larger ManCo structures dierent types o
risk (see section 2 Identication o Risks)
may be managed in dierent locations.
For example:
Those risks - in particular the Portolio risks
- which are specic to the investment
management o the UCITS may be managed
by risk unctions that are located
geographically with the delegated investment
managers or the UCITS.
Operational risks are likely to be managed in
the country o the ManCo where Fund
Administration and Custody are domiciled.While Risk managers covering other risks,
such as Technology, may be located in yet
another location.
In such structures particular attention needs
to be paid to the escalation and reporting
processes to ensure that Senior Management
and the Board o Directors are kept adequatelyinormed (see section 4 Reporting).
1.2.2 Smaller Management Company
Structures
Smaller rms may comply in dierent
manners, depending on the risk prole and
strategies o the UCITS that they manage.
Outsourcing could in many cases be the
preerred solution, provided that the Board/
Senior Managers keep the responsibility o developing and controlling the risk
management ramework and the oversight o
an outsourced task.
1 However, a management company providing, in addition to collective portolio management, one or more other services as reerred to
in Article 101 (3) o the 2010 Law may not delegate the compliance unction. It should be remembered that, in accordance with item
5.4.9. ) o Circular IML 98/143, a management company having one or more branches is not authorised to use an external expert
specialised in internal audit. This management company shall thereore have its own internal audit department on a permanent basis.
Board o the SICAV/ManCo
Internal audit/
compliance(1)
risk management*
Investment
compliance*Transert
agent*Fund
accounting*Investment
manager*Distributors*
Conducting OfcersExternal
auditors
Depositary/
custodians
Siml sucu
* These unctions can be provided in-house by the ManCo or outsourced
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 15/6415
Examples o possible structures or smaller
entities may be:
Q The Board appoints a conducting ocerresponsible or Risk Management. The
conducting ocer may also be a Board
member. This person will be in charge o
ensuring that a complete risk management
ramework/process is in place as a separate
document or as part o the company’s
procedures and that regular reporting to
board and escalation is properly perormed;
Q A risk manager, reporting to the Board or
a Senior Manager is appointed to ensure
oversight o the delegated riskmanagement unction, as described above;
Q The Board can appoint a non-executive
committee, i.e. a Risk Management
Committee, who will be in charge o
ensuring oversight o the outsourced risk
management unction, reporting and
escalation to the board and the conducting
ocer responsible or risk management.
1.2.3 Other organisational structures
Other combinations o the examples above
could be put in place provided the
mentioned core principle o keeping control
and oversight at Board/Senior management
level is respected.
B SICav/MC
Cucig ofc
ssibl ris
Mgm
ousuc ris Mgm
Sic pi
F xml:
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 16/6416
Best Practice Proposals or the Organisation o the Risk Function o
a UCITS Management Company or UCITS Investment Company
1.3 Risk Management Strategy
hig g i rM
gisil sucu - lig i ll MC is sgis - rM
uci mus g i B,
Si Mgm, is sg
MC m
Fuci. tis ill c is xc
ris Mgm, ic is cgis
sul b csi, m scli
ig ill , c.
t is sg MC sul b
mul b ris Mgmpcss is cum i il
submissi CSSF i ccc
i Cicul 11/512.
The denition o a Risk Management
strategy o a ManCo is a useul tool or a
risk management unction (and/or or Senior
Management) to agree with the responsibleorganisational body (i.e. the BoD o the
ManCo) the scope o the mandate or Risk
Management. The RM strategy can be a
high-level description documenting the
dened RM governance (including roles and
responsibilities) as well as providing a
statement on risk appetite and the
expectations towards RM.
Low level o‘technical’
details
ris Mgmpcss
Scifc plicispcss pcus
ris
MgmSg
High level
o detail
In addition to the general risk strategy, a
ManCo must provide a Risk Management
Process (RMP) to the CSSF documenting the
detailed structures o Risk Management as
well as the Risk Policy (which itsel outlines
the procedures implemented or
the identication, measurement,
management and reporting o risks).
It is required to have a holistic view on the
risks a UCITS is exposed to as UCITS IV
denes a broad scope or Risk Management.
In addition to the RMP, urther process
documentation or RM processes and/or
specic RM policies (or related documents)
can help to clariy the tasks o the
RM unction.
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 17/6417
pli iss
riss ill cig b UCItS MC
oil iss
2 Iifci riss
t Bod Si Mgm
MC m is s msls llig -xusi qusis:
h ii il iss
ii MC UCItS
mg? (Iifci)
h i s iss xis
ii u busiss? (Iifci)
I xis i
s sigifc is?
(Msum)
Is is xsu / il lssccbl MC? (Msum
Mgm)
The risk strategy o the ManCo should be
ormulated beore the Risk ManagementProcess is documented in detail or
submission to the CSSF in accordance
with Circular 11/512.
Each ManCo will have to identiy on
on-going basis the specic risks to be
covered within the risk strategy/risk
management policy – based on the nature,
scale and complexity o its business and
the risk proles and strategies o the UCITS
it manages – the ollowing aims to providea non-exhaustive list o potential risks that
a ManCo should be considering.
M isCi is
(Issu/Cp)Liquii is
o
Ism is
p+L
m is
Busiss/
puc is
exml:
Fm is cgis UCItS Mgm Cm
riss icl cig UCItS riss cig MC
Ism
mc
is
...
MC
Liquii
is
...
tcicl
sucs ispl is
ogisil
is
exl cs
is
Lgl/
gul istx is
disibui
is...
ruil
is
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 18/6418
Best Practice Proposals or the Organisation o the Risk Function o
a UCITS Management Company or UCITS Investment Company
2.1 Potential Risks directly affecting UCITS
Each ManCo will have to speciy a ramework
or risks that have the potential to directlyaect the UCITS it manages (in line with
UCITS IV denition).
From the point o view o investors, UCITS are
subject to nancial risks and to certain
operational risks that can materialize into
capital losses or poor investment perormance.
The ramework may specically include the
ollowing risk categories:
Investment related risks
Q Market risk
Q Credit risk (issuer and counterparty risks)
Q Liquidity risk
Q Investment perormance risk
(e.g. underperormance vs.
benchmark/"Peer Group", etc.)
Among nancial risks, market risk is typically
reerred to as the risk o fuctuations in the
market value o the securities held by theUCITS, which may vary over time refecting
dierent market conditions. In ecient
markets, market risk may be considered as
the only value-related relevant risk actor,
either at the level o each security held by the
und or at the level o the entire portolio.
However since markets can have discontinuous
fows o inormation (that is, inormation can
be incomplete and asymmetrically distributed),
or are dispersed and consequently not able toproduce a robust stream o prices (in the case
o OTC bilateral trades), nancial exposure to
some classes and types o asset (ABS, OTC
derivatives etc.) eligible or UCITS investment
cannot be addressed by a single risk driver. With
such positions, market risk can still be thought
o as capturing the exposure to standard
movements in micro-economic and/or macro-
economic variables (sales, prots, equity
premium, interest rates and exchange rates).
Other risk actors, such as credit,
counterparty and liquidity risk, may impair
the trading conditions o certain securities
(illiquidity) or the credit rating o specic
issuers (deault) or counterparties o bilateral
transactions (insolvency). Specic risks, suchas credit or liquidity risk, may also reer to
the exposure to sudden sharp changes in the
macroeconomic environment (such as a
widening o risk premium - a “fight to
quality”- or a downgrading o a specic
sector or sovereign exposures).
When actors other than market risk become
relevant the overall nancial exposure o an
investment und may depend also on
additional specic risk drivers that emergeonly at the aggregate portolio level. This is
the case, or instance, or concentration risk
or or certain aspects o liquidity risk, when
liquidity is understood as the ability o a
UCITS to meet, at a reasonable cost, its
obligations (redemptions or debt
reimbursement) as they become due.
2.2 Potential Risks affecting both
UCITS and ManCo
Operational risks which may materially
aect the UCITS (these may also eect
the ManCo)
Q Technical resources/IT related risks
Q People risks
Q Organisational/Process risks
Q External actor risks
Q Fraud risks
Q Delegated unction risks
From the point o view o UCITS investors,
operational risks are attached to the dierent
eatures and quality o the trading, settlement
and valuation procedures operated by
ManCos and their service providers, which
may increase the chances o losses due to
human or technical errors. However, it must
be noted that as the burden o operational
risks is principally placed upon the ManCo,
only those operational risks that also aect
investors’ interests by their direct impact onthe und’s portolio should be considered.
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 19/6419
Legal/regulatory risks (these may also aect
the ManCo)
UCITS and any type o ManCo (Chapter 15and 16 o the Law o 2010) must comply with
a wide range o laws and governance -
imposed or industry standards regulations.
While compliance risk can be monitored and
recognised, legal risks are sometimes
unanticipated. Compliance-related risks
shall be considered as a component in the
risk management ramework. The nature o
those compliance-related risks needs to be
communicated and understood through all
levels o the ManCo. The compliance unctionshould monitor all issues relating to legal and
regulatory compliance and provide reports to
Senior Management/Conducting Ocers on a
regular basis, i necessary in cooperation with
the risk management unction.
Model risk
Models are used to support risk management
to measure and monitor various types o
risks aecting a UCITS respectively aManCo and thus are important tools to help
risk managers. However, one also needs to
understand the assumptions the various risk
models rest on and thus the possible
vulnerabilities respectively simplications o
their risk measurement techniques and
models (e.g. back testing outlier can give
indication on the quality a VaR model).
Thereore, a ManCo needs to assess and
review its risk measurement ramework on
an on-going base in order to ensure itsviability and robustness; i.e. to understand
suciently the shortcomings/risks o models.
Other types o risks
Risks evolve over time due to changes in the
environment, in the product or changing
circumstances. It is important that new risk
exposures which can become signicant are
identied quickly, so these risks can be
managed beore they cause signicant lossto the entity. There should be a mechanism
to periodically assess whether risk
exposures have changed. For example, the
recent nancial crisis has demonstrated that
custody risk and raud risk may not have
been adequately considered in someprevious risk management rameworks
applied to UCITS.
Potential Risks aecting the Management
Company
The ramework o risks will also include
those risks that directly aect the
Management Company:
Q Reputational risk
Q Own investment risk particularly inrelation to the provision o seed capital
Q Prot and Loss market risk
Q Business/Product risk
Q ManCo liquidity risk
The Management Company itsel is aced
with business risks linked to its specic
activities (e.g. processing transactions,
carrying out oversight, distributing
products), and compliance risks due to
increasing regulatory requirements in respecto, or example, investor protection
measures. In addition, i part o the
Management Company’s cash is invested in
market products, then market risk also
become relevant.
Any o the risks relating to the Management
Company’s activities or relating to the
investment und’s activities being managed,
which leads to signicant losses to
stakeholders, will damage the reputation o the Management Company, and can
jeopardize its existence.
A practical template which can be used by
governance bodies to obtain an overview
as to whether each relevant risk is properly
addressed under each component o the
ramework is given below, using
counterparty risk as an example.
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 20/6420
Best Practice Proposals or the Organisation o the Risk Function o
a UCITS Management Company or UCITS Investment Company
3 Msum mgm iss
hig iif cum licbl iss, rM uci s
cm u i ms/ls
msu mg s iss.
t llig b csi
c is cg:
Q h msu is cg
(qulii/quii cii)?
Q dcum u msum l
c is cg
Q dcum is limi bs msum Q esu is limis
Q dmi qui quc
miig
Q esu css scli
Q dmi cum mii/
miigi cis (.g. ici i
li mg, c.)
w lig i iss c
UCItS, is mgm uci
ill f sci msum
cs limis li
l is cgis bs
lsis is fl u,
i.., bs u ccisics
il i ism
icils s uli i scus.
Below you nd a non-exhaustive example how
a simplied documentary overview o risk
measurement and management approaches or
some risk categories may look like:
riscg
Iifris
ac
Msu-m
iss
ei/mmig
msum iss
tl/ssm us msu
iss[i ]
ac
Limii iss
ei/mssibl
miig
islimiis
Fquc
miig iss
ac milcis
(i.. scli bc
limis)
P o r t f o l i o r i s k s
M a r k e t R i s k
QGlobalExposure
QVaR or QCommitmentapproach
QRiskdepartment
Q Internal VaRcalculationtool; Q Internalcommitmentcalculationapproach
QSpecic risk limit perUCITS according toapproach used tomeasure risks. QVaR: absolute (max20%)/relative risklimit dened perUCITS. QCommitment:maximum exposuredue to derivatives o100% o NAV(in line with
CESR 10/788) QRisk limits acknowl-edged by BoD insemi-annual BoDmeeting.
QRiskdepartmentmonitorsrisk limitson dailybasis
Qdaily QDenedescalationprocess romRisk team toportoliomanager (PM)in case obreaches QDenedescalationprocess romRisk team toconducting
ocerresponsible orrisk manage-ment uponidentication.
k is Iifci issMsum
Mgm issrig iss
l imi
Q Counterparty risk Q Identication covers the
relevant sources o
counterparty risk:
- OTC derivatives
- Securities nancing
- Structured products
- Cash
- Collateral
- Failed trades
Q Measurement methods
dened by type o product,
and calculate aggregated
positions by counterparty
or connected group
Q Limit setting (Diversication;
Netting)
Q Collateral
Q Use o central counterparty
Q KRIs dened or counter-
party risk
Q Reporting o KRI on a regular
basis to conducting ocer
Q Reporting o KRIs on a
quarterly basis to Board.
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 21/6421
O p e r a t i o n
a l R i s k a n d O u t s o u r c i n g R i s k
QOpera-
tional
Risk
QQuanti-
cation o
general
operationalrisks per
UCITS not
easible/
ecient.
QOperational
risk incidents
are meas-
ured via
operational
loss
database. Q In addition,
operational
risk assess-
ments are
perormed
on a regular
basis.
QRisk
department
Q Internal loss
database;
QRisk and
Control Sel-Assessment
QQuantied
operational risk
limitation per
UCITS is noteasible.
QAll signicant
operational risk
incidents per UCITS
are documented,
monitored and
ollowed-up
according to
operational risk
policy.
QRisk
department
responsible
or review ooperational
risk
incidents
and
ollow-up
with
respective
business
owners.
QRisk
departmentresponsible
or opera-
tional risk
assess-
ments and
related
reporting.
Qongoing QOperational
risk incidents
are monitored
and ollowed-up according to
operational risk
policy.
QEscalation rom
Risk to Senior
Management/
BoD in place
via dened
reporting lines.
... ...
4 rig
a ig buil u ll-
sucu is uci, is mg
s m su ssibl
gc bis bl s
iss UCItS / MC is
xs , lisic is ig is
ums imc. h m is l?
4.1 General principles on effective Reporting
of Risks to Senior Management and
the Board
Adequate risk reporting is integral part or a
risk unction and in particular or the
Conducting Ocers o a ManCo to ensure
they can comply with their obligations and
responsibilities o oversight. In order to
ensure that the RM unction obtain the
necessary inormation rom otherdepartments as well as rom outsourcing
partners, a structured bottom up reporting is
needed. Based on the inormation received
and the analysis perormed by the (risk)
department(s) a meaningul reporting to the
COs or a Senior Risk Committee is key to
making risks transparent as well to propose
and nally decide on mitigating measures.
For the case the ManCo has an own risk
unction, they should provide reporting on
risk related topics to Senior Management/
COs at least on a monthly basis e.g. as part
o a Senior Risk Committee inormationpackage. The reporting contains detailed
inormation on the dierent risk categories
identied as being relevant or the UCITS
(see section 2 Identication o risks).
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 22/6422
Best Practice Proposals or the Organisation o the Risk Function o
a UCITS Management Company or UCITS Investment Company
Below the paper gives a best practice example how a risk ramework document could dene
a written standard/principles on risk reporting:
1. t Co/B ill ci lisic ll l is s ggg.tis ill b bs g bm u b is uci/Cos.
2. t h ris Mgm/Co is ssibl ci css bm u
s m l ms / lgs.
3. t h ris Mgm/Co ill ls qul B MC.
4. t h ris Mgm/Co ill su ris rs lisic
(csiig ll is cgis iif), iml ccu.
5. t ris s ill gi i cu/ iss icluig sm
si (.g. l, mium, ig) is lui im msus
miig xisig iss ssibl.
6. t ris rs mus i B i ll css imi ci
i msus b cl miig ll l iss.7. t h ris Mgm/Co mus su l is issus
m b ig ill b c Co/B.
8. t h ris Mgm/Co ill s iis i iml, ccu
cl m csis i m s b is uci.
It is important to stress that the nal
responsibility o the day to day management
and adequate conduct o the business,
including the implementation o a sound
risk management process relies on the COs,
who are in turn responsible or ensuringappropriate reporting and escalation to
the Board o Directors.
4.2 Content and Frequency o Reporting
4.2.1 Content and Frequency o reporting to
the COs
Frequency:
As mentioned above the nature and com-
plexity o a ManCo needs to be consideredand there is no such standard either on the
content or on the requency o a reporting
which ts to all ManCos equally.
For example it is advisable that the Head o
Risk Management has, besides a ormal
reporting, a regular (weekly/bi-weekly) xed
meeting with the responsible CO. For the
case where the responsible CO or RM is not
supported by a local/group risk team the CO
needs to establish clear standards concerning
content and requency o such reportingwhich in act might ask or a weekly or at
least monthly reporting.
The COs should meet regularly to review the
reporting provided. The COs/relevant
department would escalate immediately to
the Board any critical issues. Meetings
should be minuted and action points ol-
lowed up regularly through an updatedaction list.
Content:
Reporting rom the RM to the CO must be
comprehensive and cover all risks. Sucient
detail must be provided to allow the CO to
ully assess the implications o any issues,
risk limit breaches, etc.
Reporting may be in a standard ormat that
includes inormation on all risk categoriesidentied and laid down in the risk rame-
work (see section 2 Identication o Risks).
In particular the ollowing requirements in
relation to UCITS IV need to be refected in
a risk report to COs:
Q Overview o current levels o risk and the
risk prole agreed or each UCITS;
Q Overview o risk limit breaches or each UCITS;
Q Inormation on back testing results (“outlier”);
Q Inormation on stress test results; Q A statement on adequacy and eectiveness
o the risk management process, models
and methods used, indicating major
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 23/6423
remedial measures taken in the event o
any deciencies (at least on an annual
basis to CO/BoD);
Q Any incidents worth to report onoutsourcing risk issues;
Q Short description o an issue/incident/
claims occurred which could expose a
ManCo to a certain risk;
Q Any other material risks;
Q …
4.2.2 Content and Frequency o reporting
to the Management Company or
SICAV Board
The COs should report to the Board o the
ManCo at their regular meetings which should
be at least quarterly. I the Board meets less
requently a report should be sent to the
attention o the Board and a conerence call
held with representatives or delegates o the
Board. The COs/relevant department should
escalate immediately to the Board any critical
risk or control issues. The content o the
report would cover in general the same points
in the standard agenda discussed during the
monthly/regular meeting with COs; however, it
would be much more based on an “exception”
principle, i.e. escalation o main issues(ollowing a risk based approach/assessment).
Boards may nd a standard ormat useul.
The table below is a non-exhaustive example
o a summary report to the Board, the CO
would provide additional explanation and
details as necessary.
Reporting to regulatory authorities
The local regulatory authorities CSSF will be
provided, according to requirements outlinedin CSSF circular 11/512 and its appendix,
with regular ino/updates on the RMP.
Furthermore, the Risk unction/CO assesses
regularly (annual or, i required, on an ad-hoc
basis) the adequacy and eectiveness o the
RMP. The ManCo will provide inormation
updates in relation to the RMP to the local
regulatory authorities upon material changes
or at least on an annual basis.
ris tUCItS
cck riss iif/Sus Msus/rssibiliis
risassssm
M a r k e t R i s k / g l o b a l E x p o s u r e
XY
Q General market volatility remaining
fat overall, only slight increase in
Japanese Equities
Q Continue monitoring process o …
l Q Portolios well in line with regulatory
VaR-limits (i.e internal thresholds and
regulatory limits)
Q Back Test and Stress Test results
listed in appendix XY o the risk
report (see page xx)
Q Spreads on European government
bonds, in particular Greece and
Italy…
Q Monitoring o situation
(Risk Management, CIO)
mium Q Ongoing management o exposure by
portolio management (respective
portolio management)
M a r k e t R i s k / g l o b a l
E x p o s u r e AB Fixed
Income
Q Situation or assets like ABS, etc.
improved, but still threaten portolio
liquidity in some UCITS …
Q Continue selling o illiquid assets, in
particular … ig
Q ...
Q Overall Liquidity risk assessment
revealed in general a sucient levelo liquidity
Q Stress testing on Liquidity done and
results are in appendix XY(see general report on stress testing)
l
ig
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 24/6424
Best Practice Proposals or the Organisation o the Risk Function o
a UCITS Management Company or UCITS Investment Company
Role o Risk
Management in the
Lie-Cycle o a Fund
The risk management unction should be
deeply involved in all phases o a Lie-Cycle
o a Fund in order to ull the duty to
identiy measure and manage all risksrelevant to the UCITS.
The list o tasks and responsibilities below is
not exhaustive and should be customised to
each Management Company.
n-xusi xml ss b m b is mg:
ps pcss/pcu ris l css/ s
Initiation Product Development Assess the product risks and impact on ManCo risk prole
Assess adequacy o the investment strategy with regulatory risk requirements
(CSSF, ESMA guidelines on risk management)
Determine risk approach to be used (e.g., calculation methodologies, product
mapping with risk systems, data sources), update the RMP as necessary
Set internal and regulatory risk limits
Analyse whether the new product can be managed in the current processes
and systems
Fund Documentation Agree on the description o und in the und documentation
Sign o o risk narratives on KIID
Calculate and monitor the Synthetic Risk & Reward Indicator (SRRI) in the KIID
Fund launch Fund registration/
distribution
Assist conducting ocer in the oversight o the distribution network
Assess country risk i required
Ongoing Investment Management Coordinate with investment manager to understand the portolio allocation and
pay-o structure
Educate investment manager to seek or advice beore new product/strategy launch
Transer Agency Implement liquidity risk measures at ManCo level (matching cash fow orecasts
with net subscription/redemption levels)
Fund Administration Interact with pricing/valuation teams
Risk culture Assistance to the Board on ad-hoc queries/assessments
Risk trainings/education to the company senior management and sta
Assistance to the communication o the corporate risk culture to clients
Risk strategy/risk appetite Periodic assessment o risk strategy and risk appetite adequacy
Risk management
inrastructure
Periodic review and validation o the risk management tools and systems
adequacy (e.g., calculation methodologies, product mapping, data sources)
Recruiting o risk experts with quantitative, qualitative and industry back-
ground expertise
ManCo and product risk
calculation and oversight
Calculate and monitor products investment risk on a daily basis
Monitor on a regular basis ManCo risks and operational risks
Fund
restructuring/ Liquidation
Service providers Ensure service providers quality until nal restructuring/liquidation
Tax risk
…….
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 25/6425
t ics ci usul cs
ic mgm MC m
f lul i sblism
uig ris Mgm uci.
eu lgl gul m:
Q Directive 2009/65/EC o the European
Parliament and o the Council o
13 July 2009 on the coordination o laws,
regulations and administrative provisions
relating to undertakings or collective
investment in transerable securities (UCITS)
Q Commission Directive 2010/43/EU o
1 July 2010 implementing Directive2009/65/EC o the European Parliament
and o the Council (“Commission Directive
2010/43/EU”) as regards organisational
requirements, conficts o interest, conduct
o business, risk management and content
o the agreement between a depositary and
a management company
Q ESMA/CESR1 Guidelines on Risk
Measurement and the Calculation o
Global Exposure and Counterparty Risk
or UCITS dated 28 July 2010(CESR/10-788)
Q ESMA Final Report – Guidelines to
competent authorities and UCITS
management companies on risk measurement
and the calculation o global exposure or
certain types o structured UCITS dated
14 April 2011 (ESMA/2011/112)
Q ESMA/CESR Risk management principles
or UCITS dated February 2009
(CESR/09-178)
Luxmbug lgl gul m:
Q Law o 17 December 2010 relating to
undertakings or collective investment
Q CSSF Regulation No. 10-4 transposing
Commission Directive 2010/43/EU o
1 July 2010 implementing Directive
2009/65/EC o the European Parliament
and o the Council as regards organisational
requirements, conficts o interest, conduct
o business, risk management and contento the agreement between a depositary and
a management company
Q CSSF Circular 11/512 dated 30 May 2011
regarding:
- Presentation o the main regulatory
changes in risk management ollowingthe publication o CSSF Regulation
No. 10-4 and ESMA clarications;
- Further clarications rom the CSSF on
risk management rules;
- Denition o the content and ormat o
the risk management process to be
communicated to the CSSF;
- Replacing, as rom 1 July 2011, CSSF
Circular 07/308 on UCITS risk
management and the use o nancial
derivative instruments. Q CSSF Circular 11/508 dated 15 April 2011
regarding:
- New provisions applicable to Luxembourg
management companies subject to Chapter
15 o the Law o December 2010 relating
to undertakings or collective investment
and to investment companies which have
not designated a management company
within the meaning o Article 27 o the
Law o December 2010 relating to
undertakings or collective investment
In the ollowing are quoted, without being
exhaustive, some key texts o the laws and
regulations in relation to risk management:
a. eu lgisli:
Q Article 10 (1) o the Commission Directive
2010/43/EU:
“Member States shall ensure that manage-ment companies establish, implement and
maintain adequate policies and procedures
designed to detect any risk o ailure by the
management company to comply with its
obligations under Directive 2009/65/EC, as
well as the associated risks, and put in place
adequate measures and procedures designed
to minimise such risk and to enable the
competent authorities to exercise their
powers eectively under that Directive”
1 European Securities and Markets Authority (“ESMA”), which
has replaced the Committee o European Securities Regulators
(“CESR”) as rom 1 January 2011.
Appendix Laws and
regulations
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 26/6426
Best Practice Proposals or the Organisation o the Risk Function o
a UCITS Management Company or UCITS Investment Company
Q Article 12 (1) and (2) o subsection 1 o
the Commission Directive 2010/43/EU:
“Member States shall require managementcompanies to establish and maintain a
permanent risk management unction”.
“The permanent risk management unction
shall be hierarchically and unctionally
independent rom operating units”.
Q Recital (5) o the Commission Directive
2010/43/EU:
“To avoid the application o dierent
standards to management companies andinvestment companies which have not
designated a management company, the
latter should be subject to the same rules o
conduct and provisions regarding conficts o
interest and risk management as manage-
ment companies [...]”
B. Luxmbug guli:
Q Article 10 o the Regulation No. 10-4 –
Control by senior management andsupervisory unction:
1. Management companies, when allocating
unctions internally, shall ensure that senior
management and, where appropriate, the
supervisory unction, are responsible or
the management company’s compliance
with its obligations under the Law o
December 2010 concerning undertakings
or collective investment.
2. The management company shall ensure
that its senior management:
a) is responsible or the implementation o
the general investment policy or each
managed UCITS, as dened, where
relevant, in the prospectus, the und
rules or the instruments o incorporation
o the investment company;
b) oversees the approval o investment
strategies or each managed UCITS;c) is responsible or ensuring that the
management company has a permanent
and eective compliance unction, as
reerred to in Article 11 o the
Regulation No. 10-4, even i this
unction is perormed by a third party;
d) ensures and regularly veries that the
general investment policy, the investmentstrategies and the risk limits o each
managed UCITS are properly and
eectively implemented and complied
with, even i the risk management
unction is perormed by third parties;
e) approves and regularly reviews the
adequacy o the internal procedures or
undertaking investment decisions or
each managed UCITS, so as to ensure
that such decisions are consistent with
the approved investment strategies;) approves and regularly reviews the risk
management policy and arrangements,
processes and techniques or
implementing that policy, as reerred to
in Article 43 o the Regulation No. 10-4,
including the risk limit system or each
managed UCITS.
3. The management company shall also ensure
that its senior management and, where
appropriate, its supervisory unction shall:
a) assess and regularly review the
eectiveness o the policies,
arrangements and procedures put in
place to comply with the obligations in
the Law o 2010 concerning
undertakings or collective investment;
b) take appropriate measures to remedy
any deciencies.
4. Management companies shall ensure thattheir senior management receives on a
requent basis, and at least annually,
written reports on matters o compliance,
internal audit and risk management
indicating in particular whether
appropriate remedial measures have been
taken in the event o any deciencies.
5. Management companies shall ensure that
their senior management regularly receives
reports on the implementation o investment strategies and o the internal
procedures or taking investment decisions
reerred to in paragraph (2), points b) to e).
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 27/6427
6. Management companies shall ensure that
the supervisory unction, i any, regularly
receives written reports on the matters
reerred to in paragraph (4).
Q Article 13 o the Regulation No. 10-4 –
Permanent risk management unction:
1. Management companies shall establish
and maintain a permanent risk
management unction.
2. The permanent risk management unction
reerred to in paragraph (1) shall be
hierarchically and unctionallyindependent rom operating units.
However, the CSSF may allow a
management company to derogate rom
that obligation where the derogation is
appropriate and proportionate in view o
the nature, scale and complexity o the
management company’s business and o
the UCITS it manages.
A management company shall be able todemonstrate that appropriate saeguards
against conficts o interest have been
adopted so as to allow an independent
perormance o risk management
activities, and that its risk management
process satises the requirements o
Article 42 o the Law o 2010 concerning
undertakings or collective investment.
3. The permanent risk management
unction shall:
a. implement the risk management policy
and procedures;
b. ensure compliance with the UCITS’ risk
limit system, including statutory limits
concerning global exposure and counter-
party risk in accordance with Articles 46,
47 and 48 o the Regulation No. 10-4;
c. provide advice to the board o directors
as regards the identication o the risk
prole o each managed UCITS;d. provide regular reports to the board o
directors and, where it exists, the
supervisory unction, on:
i. the consistency between the current
levels o risk incurred by each
managed UCITS and the risk prole
agreed or that UCITS,ii. the compliance o each managed
UCITS with relevant risk limit
systems,
iii. the adequacy and eectiveness o the
risk management process, indicating
in particular whether appropriate
remedial measures have been taken in
the event o any deciencies;
e. provide regular reports to the senior
management outlining the current level
o risk incurred by each managedUCITS and any actual or oreseeable
breaches o their limits, so as to ensure
that prompt and appropriate action can
be taken;
. review and support, where appropriate, the
arrangements and procedures or the
valuation o OTC derivatives as reerred to
in Article 49 o the Regulation No. 10-4.
4. The permanent risk management unction
shall have the necessary authority andaccess to all relevant inormation necessary
to ull the tasks set out in paragraph (3).
Q Article 43 o the Regulation No. 10-4 –
Risk management policy:
1. Management companies shall establish,
implement and maintain an adequate and
documented risk management policy
which identies the risks the UCITS they
manage are or might be exposed to.
The risk management policy shall com-
prise such procedures as are necessary to
enable the management company to assess
or each UCITS it manages the exposure
o that UCITS to market, liquidity and
counterparty risks, and the exposure o
the UCITS to all other risks, including
operational risks, which may be material
or each UCITS it manages.
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 28/6428
Best Practice Proposals or the Organisation o the Risk Function o
a UCITS Management Company or UCITS Investment Company
Management companies shall address at
least the ollowing elements in the risk
management policy:
a. the techniques, tools and arrangements
that enable them to comply with the
obligations set out in Articles 45 and 46
o the Regulation No. 10-4;
b. the allocation o responsibilities within
the management company pertaining to
risk management.
2. Management companies shall ensure that
the risk management policy reerred to in
paragraph (1) states the terms, contentsand requency o reporting o the risk
management unction reerred to in
Article 13 o the Regulation No. 10-4 to
the board o directors and to senior
management and, where appropriate, to
the supervisory unction.
3. For the purposes o paragraphs (1) and (2),
management companies shall take into
account the nature, scale and complexity o
their business and o the UCITS they manage.
Q Article 44 o the Regulation No. 10-4 –
Assessment, monitoring and review o risk
management policy:
1. Management companies shall assess,
monitor and periodically review:
a. the adequacy and eectiveness o the
risk management policy and o the
arrangements, processes and techniquesreerred to in Articles 45 and 46 o the
Regulation No. 10-4;
b. the level o compliance by the
management company with the risk
management policy and with the
arrangements, processes and techniques
reerred to in Articles 45 and 46 o the
Regulation No. 10-4;
c. the adequacy and eectiveness o
measures taken to address any
deciencies in the perormance o therisk management process.
2. Management companies shall notiy the
CSSF o any material changes to the risk
management process.
CSSF Circular 11/512:
Q In addition, a ManCo also needs to
consider the more technical regulatory
requirements laid down in CSSF Circular
11/512 which refects ESMA’s ‘Principles
on Risk management or UCITS,
CESR2 /09-178 issued in February 2009
when looking at the requirements or a
RM unction.
CSSF Circular 11/508:
Q Further regulatory guidance is given by the
CSSF Circular 11/508, which also
introduces the requirement or a
permanent compliance unction and a
permanent internal audit unction.
2 As o 1 January 2011, the Committee o European Securities
Regulators (“CESR”) has been replaced by the European Securities
and Markets Authority (“ESMA”).
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 29/64
chapter II
Guidance paper or the risk monitoringo unctions outsourced/delegatedby a management company orinvestment company
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 30/64
guidance paper or the risk monitoring o unctions outsourced/delegated
by a management company or investment company
30
IntrodUCtIon 31
CLaSSIFICatIon oF oUtSoUrCInG reLatIonShIpS 32
LIFe CyCLe oF an oUtSoUrCInG reLatIonShIp 32
1 InItIatIon phaSe 33
1.1 vibili usucig 33
1.2 Slci il lgs 33
1.3 du iligc 33
1.4 Lgl gm 33
1.5 Sic Ll agm oig Mmum 33
2 LIFe phaSe – onGoInG deLeGate MonItorInG 34
2.1 Iuci 34
2.1.1 Siml sucu 34
2.1.2 Mil sucu 35
2.1.3 Sisic sucu 36
2.2 Miig 36
2.3 rig 36
3 terMInatIon phaSe 37
appendICeS 38
aix I – exmls mil usuc ucis 38
aix II – exml “bsli is ssssm usuc sics” 38
aix III – Ims b csi ii u iligc css 39
aix Iv – Ims b csi usucig gm 39
aix v – Lis cmm ls gigmiig usucig lisis (-xusi lis) 39
aix vI – exmls kpI/krI ss
mgm ucis 40
Content
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 31/6431
Introduction The scope o this chapter is to share within
the Luxembourg Investment Fund industry
“best practice” standards or ManCos when
delegating services to third parties. ManCosas dened hereunder retain ull responsibility
to ensure that they have the adequate
resources and processes in place to comply
at all times to existing regulations and
legal requirements.
Outsourcing occurs when a management
company or an investment company that has
not designated a management company makes
arrangements or third parties ("delegates") to
carry out some o their activities.
A ManCo delegating unctions to third party
service providers, including those which are
part o the same group as the ManCo, should
do so in accordance with an established
policy that documents the due diligence and
oversight standards that will be applied.
What unctions may be delegated and location
o the delegates is subject to the law o the
jurisdiction in which the ManCo is located.Delegation will require notication to the
ManCo’s regulator and disclosure in the prospec-
tuses o the unds managed by the ManCo.1
The topic o delegation to third parties is
currently subject o a wide variety o dier-
ent initiatives both rom regulators and/or
other industry bodies. In particular the EU
Commission Directive implementing Direc-
tive 2009/65/EC (‘UCITS IV’) states:
“As ar as allowed by national law, manage-
ment companies should be able to make
arrangements or third parties to carry out
some o their activities. The implementing rules
should be read accordingly. The management
company should in particular perorm due
diligence in order to determine whether, having
regard to the nature o the unctions to be
carried out by third parties, the undertaking
perorming those activities can be considered
as qualied and capable o undertaking theunctions in question. The third party should
thereore ull all the organisational and
conficts o interest requirements in relation to
the activity to be carried out. It also ollows
that the management company should veriy
that the third party has taken the appropriate
measures in order to comply with the said requirements and should monitor eectively
the compliance by the third party with these
requirements. Where the delegatee is respon-
sible or applying the rules governing the
delegated activities, equivalent organisational
and confict o interests requirements should
apply to the activity o monitoring the del-
egated activities. The management company
should be able to take into account in the due
diligence process the act that the third party to
whom activities are delegated will oten besubject to Directive 2004/39/EC.”2
There are dierent levels/degrees o outsourc-
ing possible by a ManCo. Luxembourg
ManCos are permitted to, and typically do,
delegate several unctions to third parties,
including group companies, these include:
transer agency, und accounting and
administration, investment management and
marketing & distribution. In addition the
implementing directive or UCITS IV allowsor an appropriate and proportionate view to
be taken to the provision o a risk manage-
ment and internal audit unctions and this
may include the outsourcing o these
unctions to external expert providers or
internal group company centres o expertise.
A non-exhaustive list o potentially out-
sourced unctions is attached in Appendix I.
When delegating certain o its unctions to a
third party the ManCo always retains theultimate legal responsibility or the outsourced
unctions. The nal design o an outsourcing
risk ramework needs to be proportionate to
and depends on the structure o the ManCo
itsel, in particular whether dedicated depart-
ments, a dedicated risk unction or directly the
conducting ocers/designated directors are
perorming the day-to-day oversight o
outsourced relationships.
1 See Art.110 (1) a) and i) o the UCI Law o 17 December 2010
2 Recital 4 o the Commission Directive 2010/43/EU o 1 July 2010
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 32/64
guidance paper or the risk monitoring o unctions outsourced/delegated
by a management company or investment company
32
Classifcation o
outsourcing
relationships
Each ManCo shall have at any time a compre-
hensive overview o all outsourcing relationships.
Depending on the business model o theManCo, a large variety o dierent services may
be outsourced. Thereore a distinction should be
made between dierent types o outsourcing
relationships, i.e. material or non-material,
depending on the risks associated with the
outsourced unction and the delegate.
Material outsourcing relationships may be
those when a ManCo relies on the services o a
delegate that are essential or conducting the
business o the ManCo and where a partial ortotal ailure o the outsourced unction would
materially impair the quality or continuity o
its service, the nancial perormance or the
continuing compliance with the regulatory
requirements o the ManCo3.
A ManCo may consider using a standardised
initial risk assessment or outsourced services
to determine which delegations are consid-
ered material or non-material. Please reer to
Appendix II or an example o a baseline riskassessment o outsourced unctions.
The ManCo may consider appropriate
thresholds related to each risk category or
determining a high, medium or low expo-
sures and thereore an overall risk assess-ment. In determining those thresholds the
ManCo may consider the nancial, commer-
cial or regulatory impact o any ailure o the
delegate to perorm the outsourced services
adequately.
Dierent requirements should be set by the
ManCo when entering into, monitoring or
terminating outsourcing relationships
depending on the classication o an out-
sourcing relationship.
The principles set out below are aimed at
material outsourcing relationships. The
standards described can also serve as a
guideline when entering into non-material
outsourcing relationships. A ManCo may
simpliy the requirements, where, due to the
nature o the outsourcing relationship, there
are specic reasons to do so.
Any outsourcing relationship can be characterised by three distinct phases.Lie cycle o an
outsourcing
relationship
3
See also MiFID denition o ‘critical and important operational
unction’
INITIATION
eig iusuciglisis
LIFE
ogig
sig usucig
lisis
TERMINATION
tmii usuciglisis
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 33/6433
1 Iiii s
All delegations should be subject to appro-
priate due diligence (prior to the delegation)
and legal documentation (in the orm o asigned agreement).
1.1 Viability of outsourcing
When planning to outsource activities o a
ManCo, the ManCo has to analyse whether
the activity should be outsourced based on
an analysis o the risks associated with the
outsourcing and taking into consideration
other aspects such as cost benets and data
secrecy. Consideration should be given as towhether client and/or regulatory approvals
will be required or the outsourcing. This
may be particularly the case i the delegate is
located in another jurisdiction. The ManCo
may wish to consider discussing potential
outsourcing arrangements with their regula-
tors at an earlier stage. Agreement in prin-
ciple to the outsourcing o a unction should
be given by the Board or Directors o the
ManCo prior to detailed due diligence being
perormed on potential delegates.
1.2 Selection of potential delegates
It is the responsibility o the Board o the
ManCo to ensure that only delegates who
are suitably qualied and have the required
level o proessional expertise are appointed
to perorm unctions on behal o the ManCo.
Having identied a selection o service
providers who meet these requirements it
is good practice to request the completion
o a “Request or Proposal” (RFP) in orderto identiy a list o candidates on whom
detailed due diligence will be completed.
1.3 Due diligence
The objective o a due diligence process is to
determine whether, having regard to the
unctions to be carried out by the delegate,
the potential delegate can be considered as
qualied and capable o undertaking the
outsourced unctions.
The use o a due diligence questionnaire
enables an assessment o the qualication
and capability o the delegate and its
adherence to regulatory and other business
requirements. A non-exhaustive list o items
that may be considered as part o the due
diligence process is included as Appendix III.
The due diligence process should be docu-
mented by the ManCo. The Board o the
ManCo should approve the nal selection o
a Delegate.
1.4 Legal agreement
The relationship between the ManCo and
the delegate should be governed by a legal
agreement duly signed by both parties.
Particular attention should be paid to the
clauses in the agreement that detail the
liability o the parties. The ManCo should
consider careully, with their legal advisor,
whether the potential damage to their
business resulting rom none, or erroneous,
perormance by the delegate is adequately
covered.
A non-exhaustive list o items to be consid-
ered and included in a contract is outlined inAppendix IV.
1.5 Service Level Agreement
or Operating Memorandum
Besides the legal agreement, it is recom-
mended to urther detail the service scope
in an additional Service Level Agreement
(SLA) or Operating Memorandum (OM)
to be entered into with the delegate.
The SLA/OM shall serve to provide urtherdetails on the services, rights and obliga-
tions, as well as to dene the responsibilities
and process interaces o the outsourcing
relationship.
The SLA/OM may document urther guid-
ance in relation to:
Q Operational details
Q Cut-o times
Q Agreed escalation process/penalty regime
(i service levels are not met) Q Annual review o SLA/OM
Q KPI/KRI
Q Reporting content and requency
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 34/64
guidance paper or the risk monitoring o unctions outsourced/delegated
by a management company or investment company
34
Board o the SICAV/ManCo
Internal audit/
compliance(1)
risk management*
Investment
compliance*
Transert
agent*
Fund
accounting*
Investment
manager*Distributors*
Conducting OfcersExternal
auditors
Depositary/
custodians
2 Li s - ogig lg miig
2.1 Introduction
The Board o Directors o the ManCo is
ultimately responsible or ensuring that aneective monitoring system is in place or
all outsourcing arrangements.
Ongoing monitoring o the Delegate is
required to assess the standard o peror-
mance o the delegate, their continuing
adherence to all regulatory requirements and
in general to eectively supervise the out-
sourced relationship and manage the risks
associated with the outsourced unction.
It is important to clearly dene within the
ManCo the responsibilities in relation to the
outsourced unctions, i.e. to dene who in
the ManCo is taking care o the day-to-day
oversight o the delegate or each outsourc-
ing relationship.
The structure and governance o the ongoing
monitoring o delegates may vary dependingon the structure o the ManCo (e.g. size,
internal organisation, degree o risk involved
in the delegated activity, etc.). In all cases
it is crucial that the conducting persons (CP),
to whom the investment company
or management company’s Board has
entrusted the day-to-day operation o the
Fund receive regular reporting on the
delegated unctions. In turn the CP (or their
delegates) report to the Board o the SICAV
and management company.
Below are examples o the structure that
could be put in place, depending on the
size and sophistication o the ManCo.
2.1.1 Siml sucu
* These unctions can be provided in-house by the ManCo or outsourced
1 However, a management company providing, in addition to collective portolio management, one or more other services as reerred to
in Article 101 (3) o the 2010 Law may not delegate the compliance unction. It should be remembered that, in accordance with item
5.4.9. ) o Circular IML 98/143, a management company having one or more branches is not authorised to use an external expert
specialised in internal audit. This management company shall thereore have its own internal audit department on a permanent basis.
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 35/6435
In this model the CP receive inormation
directly rom the service providers, and
perorm their own controls and reviews.
The CP should meet regularly(i.e. monthly) to review such reports
and agree actions, directions as t.
On a quarterly basis (at minimum)
they would report to the Board. Depending
on the structure and remit given by the
Board, the CP may also require reporting
rom the custodian and be the rst pointo contact or the external auditors.
Board o the SICAV/ManCo
Internal audit/
compliance(1)
risk management*
Investment
compliance*
Transert
agent*
Fund
accounting*
Investment
manager*Distributors*
Management committeeHeads o departments in charge
o unctions or delegations/
Conducting ofcers
External
auditors
Depositary/
custodians
2.1.2 Mil sucu
In this structure the responsibility or
ongoing delegate monitoring and reporting
is that o the dierent department heads that
would be in charge o the delegated unction,
either directly or indirectly. The Manage-
ment Committee (or similar) which would
be comprised o, or example, the CP and
heads o departments will meet regularly
(i.e. monthly) to review such reports, to agree
actions and to provide directions as necessary.On a quarterly basis (at minimum) the CPs
would report to the Board.
Responsibility or interace, on behal o the
SICAV Board, to the custodian and external
auditors is oten given to specic departments
who will report to the CP.
* These unctions can be provided in-house by the ManCo or outsourced
1 However, a management company providing, in addition to collective portolio management, one or more other services as reerred to
in Article 101 (3) o the 2010 Law may not delegate the compliance unction. It should be remembered that, in accordance with item
5.4.9. ) o Circular IML 98/143, a management company having one or more branches is not authorised to use an external expert
specialised in internal audit. This management company shall thereore have its own internal audit department on a permanent basis.
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 36/64
guidance paper or the risk monitoring o unctions outsourced/delegated
by a management company or investment company
36
Board o the SICAV/ManCo
Management
committee
Internal
audit/compliance*(1)
Investment
compliance*
Transert
agent*
Fund
accounting*
Investment
manager*Distributors*
Risk management committee
Conducting OfcersHead o risk, Heads o departments
Risk management/
committee
External
auditors
Depositary/ custodian
2.1.3 Sisic sucu
The sophisticated structure is likely to have
an independent risk management department
which is in charge o ensuring that the
proper risk ramework is in place and that
reporting to the CP and/or the Board is
produced. In addition, a specic committee,
or example a risk management committee
may be appointed to specically review risk
issues on a regular, i.e. monthly basis.
2.2 Monitoring
The oversight approach needs to assure
compliance with regulatory, and the Man-
Co’s risk management, requirements. The
level and detail o the ongoing monitoring
should be derived rom a risk assessment o
the outsourcing relationships (e.g. material
outsourcing relationships vs. non-material
outsourcing relationships).
There is no one single standard to be applied or
oversight o outsourcing relationships but rather
a range o activities including reporting,
meetings and visits. Appendix V provides a
non-exhaustive list o the tools that the ManCo
may apply to ull monitoring requirements.
The ManCo should ensure that procedures are
established or the ongoing monitoring and
periodic assessment o the delegate’s ability to
provide the delegated services.
A documented escalation procedure should
exist to ensure that issues identied as parto the monitoring processes are promptly
advised to the CP and, as appropriate,
to the ManCo Board or review and action.
2.3 Reporting
Reporting on outsourcing relationships and
the related controls perormed by the ManCo
should be provided on a regular basis to the
responsible person/committees (depending on
the internal structure o the ManCo).
Reporting is basically at two levels:
Q agreed regular reporting rom each
delegate to the CP or other unction within
the ManCo that is responsible
* These unctions
can be providedin-houseby the ManCoor outsourced
1 However, a management company providing, in addition to collective portolio management, one or more other services as reerred to
in Article 101 (3) o the 2010 Law may not delegate the compliance unction. It should be remembered that, in accordance with item
5.4.9. ) o Circular IML 98/143, a management company having one or more branches is not authorised to use an external expert
specialised in internal audit. This management company shall thereore have its own internal audit department on a permanent basis.
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 37/6437
or the oversight, and
Q periodic reporting rom the CP, or other
unctions, to the management committee and
subsequently to the Board o the ManCo.
Regular reporting on outsourcing risks
may include:
Q Any regulatory breaches and other issues
such as; advertent/active investment
breaches, NAV errors, illiquid securities,
pricing or valuation issues, unsatisactory
KPI/KRIs, etc.;
Q Inormation on material outsourcing risks
identied, proposed mitigation measures,
current status o ollow-up; Q Inormation on new and terminated
outsourcing relationships;
Q Inormation on risk and quality assessments
or material outsourcing relationships;
Q Inormation on outsourcing risk oversight
ramework;
Q Results o the monitoring process o delegates.
The requency o regular reporting on
outsourced unctions to the CP should be at
least monthly. It is unlikely that less requentreporting would enable the CP to ull their
responsibilities.
The CP should escalate immediately to the
Board any signicant or critical issues that
have occurred within the unctions handled
by delegates.
A non-exhaustive list o possible KPI/KRIs
is included in Appendix VI.
Any meetings held to review the results o the
monitoring process and issues arising should
be minuted and action points ollowed up
regularly through an updated action list.
Representatives o the Delegates should be
invited to attend meetings at regular intervals.
CP should report to the Board o the
ManCo at least on a quarterly basis.
I the Board meets less requently it is
suggested that at least a report is sentregularly to the attention o the Board.
Additionally a conerence call may be held
with representatives or delegates o the
Board to review the report.
3 tmii s
I an outsourcing relationship is terminated,
either by the ManCo or the delegate, the
Board o the ManCo must decide whether to: Q Bring the unction back in-house;
Q Appoint a new Delegate; or
Q Discontinue the unction as it is no longer
required.
The termination o an outsourcing relationship
has to be duly managed by the ManCo to ensure
a continuance o the services o the ManCo.
Consideration must be given to the act that in
the case o the delegation o specic material
unctions the regulator o the ManCo may notpermit an agreement to be terminated until a new
delegate has agreed to take on the unction.
I notice to termination the agreement has
been given to a Delegate based on unsatisac-
tory perormance the ManCo must closely
manage the potential impact to the business
during the termination process.
Where the decision is taken to appoint
a new Delegate the process as documentedin the Initiation Section o this document
should be ollowed.
In all cases specic attention should be paid
to the ollowing points:
How will the ManCo ensure continued
access to records, both hardcopy and IT
systems, covering the period o the out-
sourcing relationship with the Delegate?
Will all data retention and data privacy
requirements as established by the laws o the ManCo and the delegates jurisdictions,
where these are dierent, be observed.
Has the continued liability o the Delegate
or actions taken during their period o
appointment been established in a legally
binding agreement?
What level o commitment is there or the
retiring delegate to work with the ManCo
and any new delegate to ensure a smooth
transition o responsibilities?
The ManCo may wish to consider theinvolvement o the external auditors in the
validation o transerred activities particu-
larly with regard to the reconciliation o
account balances and assets.
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 38/64
guidance paper or the risk monitoring o unctions outsourced/delegated
by a management company or investment company
38
Q Investment management
Q (Fund) Administration- legal and und management
accounting services
- client inquiries
- valuation and pricing
(incl. tax returns)
- regulatory compliance monitoring
- maintenance o unit-holder register
- distribution o income
- unit issues and redemptions
- contract settlements
(including certicate dispatch)- record keeping
Q Tax services (e.g. German Tax)
Q Marketing and distribution,including the handling o complaints
Q Risk management
- Portolio risk management
(calculation and monitoring)
- Other Aspects o RM
Q Compliance unction or processes
(e.g. investment restriction monitoring)
Q Internal audit unction
Q IT and Inrastructure (including DR site)
Q Client reporting (including statements,
contract notes, shareholder mailings) Q Translation services
Q Domiciliary agent
Q Complaints treatment
aix II – exml “Bsli is ssssm usuc sics”
aix I – exmls mil usuc ucisAppendices
ris l lg uci ris l lg cm
TOTALrisk
assess-ment
Outsourced
unction
[briedescription]
Delegate
company
Responsible
specialistdepartment/
businessowner/
ConductingPerson
[ManCo level]
Financial
risk
Reputa-
tionalrisk
Regula-
toryrisk
Impact
onconti-
nuanceo
service
Extent
o out-sourcing
or ManCo
[...] Amount and
signifcanceo errorswith out-sourcingcompany(historic)
Risk
manage-ment/
Compliance/ Internal auditramework
Audit results
Out-
sourcingcompany
Risk reregulation
status
[...]
Fund
administration
Fu
ccuig/
vlui
aBC
Cm
S.a.
os
mMium Mium Mium hig hig L L L Mium
MC f ssssm cgis ( iss i li lg uci
lg cm) ig m (.g., l, mium, ig)
Scig c f
ig bsis c cg
tl is ssssm
clssi usucig lisi
SCorInG Card
CATEGORY LOW MEDIUM HIGH CATEGORY LOW MEDIUM HIGH
ris l usuc uci ris l usuc uci
Financial riskdescription o lowrisk threshold
description o mediumrisk threshold
description o highrisk threshold
Amount and signicanceo errors with outsourcingcompany
description o lowrisk threshold
description o mediumrisk threshold
description o highrisk threshold
Reputational riskdescription o lowrisk threshold
description o mediumrisk threshold
description o highrisk threshold
Risk management/compliance/Internal auditramework audit results
description o lowrisk threshold
description o mediumrisk threshold
description o highrisk threshold
Regulatory riskdescription o low
risk threshold
description o medium
risk threshold
description o high
risk threshold
Outsourcing company
Risk re regulation status
description o low
risk threshold
description o medium
risk threshold
description o high
risk thresholdImpact on continuance oservice
description o lowrisk threshold
description o mediumrisk threshold
description o highrisk threshold
[...]description o lowrisk threshold
description o mediumrisk threshold
description o highrisk threshold
Extent o outsourcing orManCo
description o lowrisk threshold
description o mediumrisk threshold
description o highrisk threshold
[...]description o lowrisk threshold
description o mediumrisk threshold
description o highrisk threshold
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 39/6439
aix III – Ims b csi ii u iligc css
The ollowing items can be seen as a set o items
to be considered during a due diligence process:
Q Holds necessary licences/ regulatory approvals
Q On-site visit(s)
Q Financial assessment
Q Medium/long term business viability
and depency o outsourcer on key/
dominant clients
Q Controls review
(including SAS 70 i applicable)
Q Insurance coverage
Q Capabilities and capacity
(consider existing clients)
Q Reerences rom existing clients
Q Potential conficts o interest
(consider existing clients) Q IT (medium/long term viability
and scalability o technology solution
(vendor) used as well as BCP)
Q Risk management unction
Q Internal & external audit reports
Q Perorm additional legal review
i work is perormed oshore
Q HR issues (particularly i sta
are to be transerred
aix Iv – Ims b csi usucig gm
The ollowing list o items shall be considered/
refected in a contract with a delegate:
Q Services covered
Q Services not provided
Q Giving & receiving instructions
Q Fees & expenses
Q Representations Q Liability clauses
Q Right to audit
Q Term and termination rights
Q Intellectual property
Q Condentiality/data protection
Q Force majeure provisions
Q Business continuity
Q Sub-delegationQ Reporting requirements
aix v – Lis cmm ls gig miig usucig lisis
(-xusi lis)
1 Review of SAS 70 and other control/
audit reports
Internal audit
External audit reports (such as SAS 70)
2 Questionnaire/annual review3 Review of KPI/KRI
Statistics
Reconciliations – number and value
o outstanding items
Missed deadlines
Error rates
Non-Standard pricing
Accounts opened & closed
All gures provided year on year
and month on month
All Figures provided in comparisonto target perormance
4 Service review meetings
Agreed agenda
Previous period’s service level
(Perormance against SLA/D)
Issue log (including any errors)IT issues (including any xes
or enhancements)
KPIs
Project pipeline
Frequency
Right level o participation
5 On-site visits
Agreed requency at least annual
Meetings with key personnel
6 Reviews of internal control framework
7 Regular day-to-day oversight controls
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 40/64
guidance paper or the risk monitoring o unctions outsourced/delegated
by a management company or investment company
40
aix vI – exmls kpI/krI ss mgm ucis
This table presents a non-exhaustive list o
Key Perormance Indicators (KPI) and Key
Risk Indicators (KRI) applicable to assetmanagement activities.
It is based on the loss event type classica-
tion dened by the Basel Committee on
Banking Supervision or the identication
o operational risk.
Management companies should read this
table either rom the "Business line" column
entry or rom the "Category" column entry(people, process or system) and identiy the
applicable perormance and risk indicators
or their business and outsourced unctions.
Busiss
Lipcss ris krI Cg
C Ll/Sucu
Employment practices andworkplace saety (HR/acilitymanagement)
1. Impact o compensation,benet, discrimination andtermination issues
2. General liability (slip and all etc.)
Number o pending lawsuits/claims against company
People
Number o potential lawsuits/claims against company
People
Monetary value o pending/potential items
People
Facility management/HR Natural disaster losses Historic gures vs. actual gures Process
Human losses rom external sources Specic patterns o events Process
Business disruption and systemailures
Breakdown o business/communica-tion or production process
Number o system ailuresidentied and resolved
System
Recurrence o specic ailures Process
Severity o IT issues System
All (raud risk) Risk o noncompliant bribes/kick backs
People
Hacking damage/Thet oinormation
Number o hacking attempts/cases System
Monetary value o losses romhacking activities
System
Thet/Fraud/Forgery Number o events/number oraud attempts
Process
Monetary losses rom events Process
Outsourcing (oversight) Failure to perorm oversightresponsibilities or outsourcedunctions
Turnover o the employees Process
Press coverage Process
Prot/loss gures Process
Investments realised/Budgetdedicated to projects
Process
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 41/6441
Busiss
lipcss ris krI Cg
Ism mgm
Portolio analysis Violation o ethical standards(insider dealing, market abuse)
Number o violations Process
Confict o Interest Number o conficts logged/approval obtained
People
Investment decision Breach o regulatory and othermandatory guidelines
Number o active breaches People
Monetary impact o breaches Process
Number o passive breaches Process
Disputes over perormance oadvisory activities
Number o complaints and valueo claims
People
Disclosure o inormation to clients Unequal treatment o clients Number breaches o disclosurerules
Process
Risk management Breakdown o controls perormed Number o controls not executed Process
amiisi
Transeragent
Client order Incomplete application AML/KYC Number o accounts withincomplete KYC
Process
Late trading Number o exceptions romstandard cut o times
Process
Market timing Number o suspicious
transactions (monetary amount)
Process
Incorrect processing (manual errors) Number o revised trades Process
Monetary impact o revised trades Process
Incorrect/incomplete registrationdetails
Number o dormant accounts Process
Number o accounts with missinglegal documentation
Process
Electronic dealing IT risk (SWIFT) Number o incorrect/revisedelectronic trades
System
Reconciliations/collection accounts Accounts are not accurate Material items > X days old Process
Unsettled subscriptions Number o unsettled subs > X days Process
Returned redemptions Number o returned transactions Process
Monetary value o returnedtransactions
Process
Cash fow reporting to portoliomanager
Material overdrats/activebreaches
Number/amount o overdrats Process
Reporting is late or inaccurate Number o days target times not met Process
Number o days corrections required Process
Contract Notes/client reporting Client complaints Number o complaints received People
Number o late submissions Process
Commission payments Incorrect payments to distributors Number o payments reissued Process
Client payments Claims rom clients Losses rom incorrect payments Process
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 42/64
guidance paper or the risk monitoring o unctions outsourced/delegated
by a management company or investment company
42
Busiss
lipcss ris krI Cg
All Data privacy Number o breaches reported Process
Number o complaints linked todata privacy
Process
All Fraud Number o events occurred People
Number o events prevented People
Monetary impact o raud cases People
Investmentoperations
Security pricing Use o stale prices Prices unchanged > X days Process
Breakdown o external price eed Number o such events Process
Incorrect eed rom externalvendors
Number o such events Process
Illiquid/unquoted securities Number o illiquid positions Process
Share write o's Process
Number o deaulted securities Process
Monetary Impact o write o/deaults
Process
Broker provided prices Process
Trading Trades place incorrect in system Number o revised/ailed trades System
Financial loss on trades System
Use o non-approvedcounterparties
Number o deviations romCounterparty list
Process
Breach o best execution policy Number o complaints Process
Number o exceptions reported Process
Settlement Incorrect settlement o trades Financial loss rom incorrectsettlements
System
Backlog o trade reconciliation Settlements O/S > X days Process
Corporate actions Accounts not accurate Number o O/S dividend payments Process
Asset reconciliation Accounts not accurate Number o material items O/S >X days
Process
Monetary value o O/S items Process
Collateral management Collateral management ailure Number o incorrect booking entries Process
Asset reconciliation Accounts not accurate Number o Material items O/S >X days
Process
Monetary value o O/S items Process
Collateral management Collateral management ailure Number o incorrect booking entries Process
Fee calculation Incorrect set up o perormanceee calculation model
Number o revised ee statements Process
Fee accrual errors Process
Fundaccounting
NAV calculation Financial/reputation risk arisingrom material NAV errors
Number o NAV material NAVerrors
Process
Monetary impact o errors Process
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 43/6443
Busiss
lipcss ris krI Cg
Frequent immaterial NAV errors Number o NAV errors <10% Process
Incorrect application o swing pricing Number o recalculated NAVs Process
NAV release process Risk o incorrect/late price release Number o incidents Process
Tax reporting Submission o incorrect gures/claims
Number o calculation/submission errors
Process
Monetary impact o reporting errors Process
Perormed on behal o the SICAV Board
Depositary Saeguarding o assets Number o sub-custodians Process
Appointment o new sub-custodians Process
% o assets transerred tosub-custodian
Process
% o assets not held with the maincustodian
Process
disibui
Marketing Preparation o marketing material Misinormation o current/prospect clients
Number o client complaints Process
Errors in translations Number o errors identied postinternal reviews
Process
Incorrect actsheets Number o errors identied post
internal reviews
Process
Failure to comply with localregulations
Number and monetary impact ocompliance breaches
Process
Sales Distributor on boarding Inadequate due diligence Number o accounts aected Process
Incomplete AML/KYC Number o accounts aected Process
Missing legal agreements Number o accounts aected Process
Client on boarding Misselling o products/services Number o serious clients complaints Process
Incorrect set up o electroniccontrols or client orders
Number o incorrect transactionsnot suitable or the client/Lossesrom correction
System
Incomplete Legal documents Number o accounts aected Process
Incomplete AML/KYC Number o accounts aected Process
Client permissions/disclaimersmissing
Number o cases identied Process
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 44/64
chapter III
ALFI industry work paper -collateral management
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 45/644545
Update on reGULatIonS and Market 46
rguli 46
M 46
CoLLateraL ManaGeMent In the ConteXt oF UCItS
and UCItS ManaGeMent CoMpanIeS 47
1 In-hoUSe 48
2 oUtSoUrCInG 49
2.1 dsi b 49
2.2 o i 49
3 SynChronISed SetUp 50
4 non-SynChronISed SetUp 51
5 LeGaL ChaLLenGeS 51
6 roLeS and reSponSIBILItIeS In CaSe oF
oUtSoUrCInG/deLeGatIon oF CoLLateraL ManaGeMent 52
7 InveStMent reStrICtIonS – the otC CoUnterparty rISk eXpoSUre LIMIt and the ConSIderatIon oF CoLLateraL 53
BeSt praCtICe For taSkS and ControLS reGardInG
CoLLateraL ManaGeMent 57
Content
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 46/6446
ALFI industry work paper - collateral management
46
Update on regulations
and market
rguli
The market turmoil since early 2008 and the
ailure o Lehman Brothers have raised
particular anxiety in relation to counterpartyrisk. Regulators have increasingly called or
major eciency improvements in the credit
deault swap market to reduce systemic risk.
The industry will be required to take urther
steps to limit the domino eect o lagging and
uncertain post-trade processes in the event o
a counterparty deault or ailure. This
includes the use o legally enorceable netting
and master collateral agreements between
counterparties where possible.
In July 2010 the OTC derivatives market in
the United States experienced signicant
regulatory change as the Dodd-Frank Financial
Reorm Bill was passed. From July 2011, swap
dealers as well as major swap participants are
required to comply with signicant new
regulatory requirements, including mandatory
clearing, exchange trading, reporting, business
conduct standards, and enhanced segregation
and margin requirements. Moreover the
CTFC/SEC are obliged to dene rules anddenitions governing qualied institutions as
well as OTC derivative types requiring central
clearing by July 2011. It is expected that a vast
majority o OTC derivative transactions will
require a central counterparty (CCP), however,
a robust bilateral market will remain, e.g. or
swaps too complex or illiquid to be cleared
by a CCP.
In contrast to the United States much o the
European legislation has yet to be nalised.In October 2008 the European Commission
called upon the nancial industry to reduce
the risks inherent in the credit deault swaps
market, in particular by moving the clearing
o the contracts onto European CCPs. CCPs
are intended to allow or greater transparency
on the one hand and on the other hand by
acting as central clearer mitigate credit risk in
order to allow greater stability o the nancial
system. In July 2009 the Commission
announced that credit deault swaps relatingto European entities and indices based on
these entities started clearing through CCPs
regulated in the EU. Three European CCPs
(ICE Clear, Eurex Clearing and LCH.Clear-
net) have obtained the necessary regulatory
approvals and have begun to clear credit
deault swaps. Indeed, the CDS clearingthrough CCPs is still in a start-up phase, but
due to the current policy sentiment within the
EU, a rise in centralized CDS clearing can be
expected. In order to monitor the rollout o
the central CDS clearing the European
Commission has set up a working group,
involving dealers, the buy-side (e.g. asset
managers, banks and insurance companies),
CCPs and supervisors.
In July 2010 the Committee o EuropeanSecurities Regulators (CESR) published its
guidelines on risk management and the
calculation o global exposure and counter-
party risk or UCITS (CESR/10-788), which
have considerable impact with respect to the
credit risk calculation method. Additionally,
emphasis has been put on the use o collateral
or counterparty risk mitigation subject to
distinct requirements to be ullled (e.g.
liquidity, valuation, correlation, saekeeping,
enorceability, operational risks, etc.).
As o 15 September 2010, the European
Commission has put orward the European
Markets Inrastructure Regulation or consid-
eration and co-decision by the European
Council and Parliament. Key elements o the
proposal include mandatory reporting o all
OTC derivative positions to the EU regulators,
mandatory clearing o “standardised” OTC
derivatives, and reduction o operating risk
through automation and standardisation CDSclearing through regulated CCPs.
M
Since the nancial market crises and the
above depicted rise in regulatory requirements
the nancial services industry has ocused its
attention towards active counterparty risk
management. A recent study conducted by
TowerGroup ound that counterparty
exposure was the second most requently
cited driver o operational improvement atthe OTC derivative market participants
surveyed; over 60% o respondents indicated
that it is a major risk ocus. Consequently,
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 47/644747
market participants ocus attention on the
use and proper management o collateral
to mitigate counterparty risks arising rom
transactions such as securities lending,repurchase agreements and OTC derivatives.
An example o the industry ocus on improve-
ments is the recently best practices or the
OTC derivatives collateral process, published
ISDA (the International Swaps and Deriva-
tives Association). These best practices or
the collateral process summarise key elements
o the previous ISDA publications
(e.g. standards or the electronic exchange
o OTC derivative margin calls) aiming to
increase prudent practice.
Moreover market statistics refect the
growing demand and importance o counter-
party risk mitigation by using collateral
management. The estimated amount o
collateral in use in connection with over-the-
counter derivatives transactions grew rom
$2.1 to almost $4.0 trillion during 2008(a growth rate o 86%). The OTC derivative
exposure covered by collateral amounted to
around 66%, whereas around 83% o the
collateral was cash ollowed by government
securities used as collateral (around 9% o
collateral received and around 15% o
collateral delivered). Furthermore the
signicant use o cash and government
securities as collateral (around 95%) con-
rms a trend towards reducing collateral
complexity as both types o collateralsimpliy collateral management tasks such as
the collateral processing, reconciliation,
valuation, etc.
Collateral management
in the context o UCITS
and UCITS
management companies
The CSSF Circular 07/308 addresses practical
issues regarding collateral usage as a technique
to mitigate counterparty risk and it requires
that leverage generated through the reinvest-ment o collateral in the context o repurchase
transactions or the lending/borrowing o
securities must be taken into account or the
determination o the UCITS global exposure.
There is no possibility or UCITS to positively
aect the probability o deault or OTC
counterparties. However, the loss arising outo the deault risk can be reduced through the
use o collateral as it provides additional
protection in such event.
miisis csss
96 time
100
98
102
97
101
99
103
liquii is
collateral value
eective cash value
minimum collateralisation
hicu ssssm - illusih
i=h
i(o, T
liq )
price
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 48/6448
ALFI industry work paper - collateral management
48
Counterparty credit risk is thus reduced, but
replaced by the ull range o risks related to
the collateral management process: these are
on the one hand nancial risks related to thecollateral itsel and on the other hand opera-
tional risks as well as legal risks within related
processes. To account or these risks and thus
to measure the eective realisation value (in
case o deault), haircuts need to be applied
or the valuation o collateral assets. For these
haircuts to be meaningul, i.e. to assess the
real level o protection, these haircuts need to
refect the variety o legal and operational
actors, as well as correlation with the
counterparty, the assets’ volatility. Finally, theliquidity risk should be considered. Depend-
ing whether one needs to liquidate 0.1% or
200% o e.g. the average daily traded volume
or a specic instrument, the proceeds o the
collateral liquidation process will presumably
be subject to considerable variations.
The CSSF Circular 07/308 requires UCITS and
UCITS management companies to address the
risks resulting rom collateral management
through appropriate procedures and controls.
The need or a sound inrastructure and
organisation is restated by the CSSF Circular08/356. Even though the extent o the CSSF
Circular 08/356 is limited to securities lending,
repurchase and reverse repurchase transactions,
the application o these principles to other
OTC transactions is considered a prudent
administrative practice. However, the exact
monitoring and supervision o collaterals,
especially the permissibility o “non-segregated”
collaterals held at the counterparty or the
re-hypothecation o collaterals by the
counterparty remain uncertain.
Dierent models can be set-up or collateral
management purposes. The collateral
management can be perormed in-house by
the management company or delegated/
outsourced to a third party, typically the
depositary or other third party. For illustration
purposes an exemplary process setup or each
operating model is depicted below.
1 I-us
Cu
Cu-cusis
ISDA/CSA
DRV/Dt. Bes.
Clll mgm
OTCPositioninormationrom FAand/or romdepositarybank
Approve
collateralOUT or SWITCH
Margin calculation
Settlement instructions
Settlementinstructions
Collateral reporting
Verication notication and eligibility checks
Ex-post compliance check
refecting CM-impact
Credit support balance in avor o und
Credit support balance in avor o counterparty
OTC accounting & valuation
Verication notication
Margin calculation
Custody-
services
dsi b
OTC accounting& valuation
Credit risk mea-surement incl.
CM impact
MC/SICav
Fu-ccuig
Fu-cmlic
Timelines to be agreed between all participants
Notication time and cut-o time on a cristal path
6b
8d
b
9b
5b
8b
5a
8a
9a
6a
8c
a
2 11
11
7b3
2
4OTC trade1
4
10
P o s i t i o n
r e p o r t i n g
/ N o t i f c a t i
o n
P o s i t i o n
r e p o
r t i n g
/ N o t i f c a t i o
n
C o n f r m
a t i o n
C o n f r m
a t i o n
D e l i v e r
y
D e l i v e r
y
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 49/64
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 50/6450
ALFI industry work paper - collateral management
50
Generally the implemented collateral manage-
ment process will depend upon the existing IT
inrastructure, however automation (e.g. or
collateral valuation, netting o exposures andmargin calls) and adequate risk and exposure
aggregation systems are strongly advocated.
Collateral as a risk management tool should
be integrated into the overall risk manage-
ment ramework. The operational challenge
o managing collateral relates to tasks such as
collateral processing (collecting and returning
cash and other collateral, recalling and
substituting collateral), mark-to-market
valuation o collateral, assessment o relevant
haircuts, collateral reconciliation, monitoringo collateral eligibility and the ollow-up on
disputes. Especially the accurate valuation
and haircut assessment o the OTC derivative
position is crucial, as it ensures a precise
calculation o the collateral coverage allowing
or proper collateral management andeective counterparty risk mitigation. This
valuation must be done by a unit independent
rom the counterparty, respectively the asset
management department. Moreover, robust
dispute resolution practices must be in place
to address pricing discrepancies within the
reconciliation process. Consequently timing
and valuation method need careul consider-
ation or OTC derivative positions collateral
management. Below illustrative examples o
two dierent setups or the timing o OTCderivative and collateral position valuation
are depicted.
3 Scis su
Pricing snapshoto collateral
Pricing snapshoto OTC
instruments
Pricing o collateraland OTC aresynchronized
Valuation time
o collateral
Valuation time
o und OTC
instruments
Ofcial NAV
publication
Notifcation
time
Overnight collateralmanagement data
import to investmentcompliance system
Collateralmanagement
timeline
Fundtimeline
Ex postinvestmentrestrictions(5/10 OTC)
Calculationo amounts
Fund NAVcalculation
Return amounts>CP demands
Receivessecurities
with SC+1
Receivessecurities
with SC+2
Delivery amounts
> Fund demandsReceives
cashcollateral
VD-1VD=
Valuation DateSD=VD+1 SD=VD+2
Margin call
Exposure
Value
Timelineto calculatemargin calls
1
1
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 51/645151
4 n-scis su
As the objective o collateral management is
to mitigate the counterparty exposure/risk,
a non-synchronised setup oers the advantage
o an intraday collateral management(i.e. no time lag), thereore allowing an exact
matching o OTC derivative and correspond-
ing collateral positions. On the other hand the
synchronised setup allows matching OTC
derivative and collateral valuations allowing
or a consistent investment restriction.
5 Lgl cllgs
The legal risks associated with collateral
management are related to contractual risks in
connection with master agreements (e.g. ISDAmaster agreement including Credit Support
Annex/Deed) and, in the case o delegation,
collateral management agreements. Thereore
a close collaboration with the portolio
manager and legal department is required toensure an appropriate legal ramework
covering all collateral management tasks and
responsibilities. Moreover a clear understand-
ing o the contract terms (e.g. types o
OTC derivatives covered by the agreements,
denition o deault events, etc.) is essential or
an accurate legal set-up o the collateral
management process.
The main other risks inherent to such process are:
Q Concentration o collaterals with single"counterparty" (i.e. collateral manager);
Pricing snapshot
o collateral
Pricing snapshot
o OTCinstruments
Pricing snapshoto OTC
instruments
Valuation time
o und OTC
instruments
Ofcial NAV
publication
Notifcation
time
Overnight collateralmanagement data
import to investmentcompliance system
Collateralmanagement
timeline
Fundtimeline
Ex postinvestment
restrictions(5/10 OTC)
Calculationo amounts
Front oce:Trading system
Fund NAV
calculation
Return amounts
>CP demands
Receives
securitieswith SC+1
Receives
securitieswith SC+2
Delivery amounts> Fund demands
Receivescash
collateral
VD-1VD=
Valuation DateSD=VD+1 SD=VD+2
Margin call
Exposure
Value
Timelineto calculatemargin calls
1
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 52/6452
ALFI industry work paper - collateral management
52
Q Valuation o collaterals and settlement cycle;
Q Follow-up on disputes with counterparties;
Q Segregation o collaterals rom other
holdings o collateral manager(in particular cash holdings).
The recommended controls to ensure a sound
and ecient collateral management process are:
Q Ensure timely and adequate inormation
fow between organisational unit/entity
responsible or contractual setup and
organisational unit/entity involved in the
ongoing collateral management process;
Q Use standardised contractual ramework;
Q Apply consistent haircuts, which accountor all risk-dimensions the collateral is
exposed to;
Q Dene precisely the standard eligible
collateral universe (e.g. cash: yes/no,
security types, min. quality etc.);
Q Apply consistent valuation principles
(e.g. requency, valuation time and source);
Q Agree on consistent collateral exchange
requency - ensure practical viability;
Q Dene consistent thresholds/minimum
transer amounts/collateral selection
hierarchy;
Q Apply one communication standard
- ideally allowing matching o instructions;
Q Foresee exception handling scenarios and
implement robust and proven escalation
process, e.g.
- extraordinary events in-between
monitoring dates having a signicant
impact on contract/collateral value;
- event o deault.
6 rls ssibiliis
i cs usucig/lgi
clll mgm
The previously-cited market trends and
operational complexity o collateral manage-
ment have caused a rise in outsourcing o
collateral management by UCITS management
companies. Nevertheless, as stated in Article 110
Section 2 o the Law 17 December 2010 the
management company liability is not aectedby the delegation o any unctions.
I a UCITS management company plans to
outsource the collateral management ollowing
preconditions set out in Article 110 Section 1
o Law 17 December 2010 claried by CSSFCircular 03/108 have to be satised:
Q notication o the CSSF in an appropriate
manner, i.e.
- detailed description o unctions to be
delegated as well as the measures
available to the management company
to monitor the outsourced duties;
Q delegation/outsourcing does not prevent an
eective supervision over the management
company, i.e.
- compliance with rules stated in Article 110o the Law 17 December 2010 is ensured
and can be monitored at any time by the
management company;
Q the management company has to
implement measures to eectively monitor
at any time the outsourced duties;
Q contractual rights granting the management
company discretionary powers as well as
termination rights have to be agreed upon
with the outsourcing provider;
Q the outsourcing provider must be qualiedand capable o providing the duties concerned;
Q unctions (CSSF may require specic
outsourcing providers to be named) which the
management company is permitted to outsource
have to be disclosed in the UCITS’ prospectuses.
In order to comply with the above-mentioned
preconditions a management company has to
perorm a thorough due diligence beore
delegating collateral management duties.
Particularly the requirement to implementmeasures in order to ensure a continuous and
eective monitoring o the delegated unc-
tions necessitates the implementation o
ormal outsourcing controlling procedures.
These procedures can be twoold:
(i) regular monitoring via reports rom the
collateral manager and (ii) spot checks comple-
mented by an annual due diligence o the
service provider based on internal documenta-
tion and external reports (e.g. SAS 70 control
reports). Preerable the reports received romthe collateral manager should include sucient
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 53/645353
inormation to monitor in particular the
valuation o the assets or OTC positions and
collateral assets, the collateral coverage, asset
eligibility and open disputes (in case thecollateral management has been contracted
with this scope). Furthermore appropriate
escalation procedures need to be dened as
part o the monitoring process.
The exact requency o the regular monitoring
activity has to be determined by the manage-
ment company based upon the volume and
complexity o the collateral management
activity. Finally, as the depositary bank o a
UCITS has a responsibility o saekeeping as
well as monitoring and supervising the assetso a UCITS, it is directly involved in the
collateral management process. Thus it is
advisable that both parties work closely
together in perorming an adequate supervi-
sion o the collateral manager.
7 Ism sicis – t otC
cu is xsu limi
csii clll
The Law 17 December 2010 relating to
undertakings or collective investments setstwo concentration limits that are applicable
or the OTC counterparty risk exposure.
According to Article 43(1) the risk exposure
o a UCITS to a counterparty arising rom
OTC derivative transactions must not exceed
5% o its net assets and 10% in the case the
counterparty is a credit institution. In addi-
tion, the OTC counterparty risk exposure has
to be included in the 20% issuer concentra-
tion limit according to Article 43(2).
The CSSF Regulation N° 10-04 transposing
Commission Directive 2010/43/EU o 1 July 2010
implementing Directive 2009/65/EC o the
European Parliament and o the Council
(Article 48) denes the OTC counterparty
risk exposure calculation:
Q The OTC counterparty risk exposure
should be calculated by using the positive
mark to market value o all OTC derivative
transactions with the same counterparty;
Q Provided that there are legally enforceablenetting arrangements (e.g. ISDA) in place,
the risk exposure arising rom OTC
derivative transactions with the same
counterparty may be netted;
Q A UCITS may reduce its OTC counterparty
risk exposure through the receipt o collateral.
The collateral assets used or risk mitigation
need to be valued at market prices taking intoaccount appropriate haircuts and must comply
with urther high-level principles (e.g. liquidity,
collateral diversication, etc.) set by CESR.
It should be noted that the ormula or
the calculation o the counterparty risk
(as previously dened in the CSSF Circular
07/308) has been changed signicantly: When
calculating the counterparty risk associated
with the use o OTC derivatives as the positive
mark to market value o the OTC derivative
contract only, as described above, the poten-
tial uture credit risk (“add-on”) and the
weighting actor are no longer taken into account.
Depending on the specics o the respective OTC
contract, the sole implementation o the new
calculation method could increase the results o
the counterparty risk calculation by actor ve in
the extreme case. The impact o this regulatory
adjustment should thereore be assessed in order
to pave the way or potential mitigating measures.
Also the Directive 2010/43/EU and CESR/10-788
denes the level high-level principles as to the use
and eligibility o collateral in order to reduce the
OTC counterparty risk or UCITS are set:
Q collateral must
- be suciently liquid;
- have a short settlement cycle;
- be capable o being valued at least on
daily basis;
- be o a sound credit quality or subject
to appropriate haircuts;
- display little correlation with the OTC
counterparty;
- be suciently diversied;
- be held with a third party custodian or
whom specic requirements (e.g. subject
to prudential supervision) are stated in
CESR/10-788 and;
- be ully enorceable by the UCITS
without prior consent or reerence to
the counterparty. Q non-cash collateral cannot be sold,
re-invested or pledged;
Q cash collateral can only be reinvested in
risk-ree assets.
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 54/6454
ALFI industry work paper - collateral management
54
1 Article 43 (2) o the Law 17 December 2010
2 See also: CSSF Regulation N° 10-04 transposing Commission
Directive 2010/43/EU o 1 July 2010 implementing Directive
2009/65/EC o the European Parliament and o the Council
3 Article 43 and 46 o the Law o 17 December 2010
These high-level principles are already or the
most part refected in CSSF Circulars 07/308
and 08/356. However, or example the require-
ments as to collateral being capable o at least
daily valuation and certain requirements as to
the third party custodian constitute a degree o
variation that should be noted and i necessary
processes adapted accordingly. In order to assess
and monitor whether specic assets are eligible,
it is essential to have qualitative policies and
quantitative tools available in order to accurately
measure liquidity, correlation and haircuts.
Besides the calculation o the OTC counterparty
risk exposure, Article 48 o the CSSF Regulation
N° 10-04 (Article 43 o Directive 2010/43/EU)
gives urther clarication on collateral netting
eects. It is stated that on und-level the net
amount o the collateral passed to and received
rom the same counterparty can be taken into
account provided that a legally enorceable
netting arrangement is in place.
In this context it must be considered that
– although the aim o a collateral management
is to mitigate OTC counterparty risks – in some
circumstances collateral management can also
generate counterparty risk. This might be the
case when the collateral value passed to the
counterparty exceeds the negative mark to
market value o the OTC derivative transactions
(over-collateralisation). Such over-collateralisa-
tion exposes an UCITS to a counterparty risk
and should be taken into account in calculating
the OTC counterparty risk exposure.
One specication regarding the investment
restrictions monitoring is given when a
UCITS receives cash collateral and re-invests
it in order to generate a risk-ree return
(according to CESR, cash collateral can only
be invested in risk-ree assets).
A risk-ree asset is dened as per CESR, as an
asset providing the return o a short maturity
(generally 3 months), high quality govern-
ment bonds or sovereign debt. Given the
recent market turmoil, we suggest to enhance
this denition by the ollowing criteria:
Q High quality sovereign debt and/or debt
guaranteed by an eligible sovereign subject
to a AAA-equivalent rating;
Q Any other government bonds generallyconsidered risk-ree in reerence toAAA-equivalent rating;
Q Short-term money-market unds according
to the denition o CESR subject to aAAA-equivalent rating;
Q Or plain-vanilla corporate bonds orplain-vanilla money-market instrumentswith a short maturity (generally 3 months)rom issuers within the OECD subject toa AAA-equivalent rating.
In such cases, the exposures created throughthe re-investments must be taken into accountin calculating the 20% issuer-concentrationlimit as specied in Article 52(2) o Directive2009/65/EC1 on und-level.
Example:Fund holds German Government Bonds
15% o NAVCollateral reinvestment in German T-Bills
5% o NAVGerman Government Exposure
20% of NAV
The investment restriction monitoring o thecollaterals posted by the und (i.e. transerredas collateral to a counterparty) is not chang-
ing, i.e. the issuer-concentration limits and theinvestment objective have to be applied. Inrelation to the collateral assets received roma counterparty the UCITS issuer-concentra-tion limits and the und-specic investmentobjectives are not applicable.
Per Commission Directive 2010/43/EU2 andCESR/10-788, it is worth noting also theollowing:
Q Initial margin posted to and (excess)variation margin receivable rom a broker
relating to both exchange traded and OTCderivatives (unless protected under clientmoney rules) must be included in the OTCcounterparty exposure limits;
Q Position exposures o assets underlyingnancial derivative instruments must beincluded in the calculation o the issueconcentration limits per [Articles 52 and55 o 2009/65/EC3] using the commitmentapproach, except in the case o (qualiying)index based FDIs.
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 55/645555
Best practice or tasks
and controls regarding
collateral management
To ensure UCITS management companies adequately implement the collateral management
ollowing tasks and controls along the process chain have been identied as best practice.
tss rssibiliis Cls
pM MC CUS CM Fa Fa – accuig Fa – Cmlic
1.1. Slci
cu X X
•Monitoringoftheapproved counterparties(ex-post acceptancecontrol)
1.2. ngii
sigig otC
CSa gms
i cu
(.g. slci
ligibl clll,
lui
ssibili
-ci
clll)
X X X
•Agreementonaccountingand valuation principles
1.3. dsi clll
sss sgg
ccus i
i i
X X
•Reviewofcustodian/collateral manageragreements/conrmations withregards to collateralsaekeeping details
1.4. dfii ul
s i ISda
gm
cuslicbl i suc
cicumscs
X X
•Set-upofaccountingprocedure relative toOTC deaults andcollateral treatment
oil
1.5. du iligc
clll mgm
sic iX X X
1.6. nifci
rgul (CSSF)
X
1. Initiation2. Transaction
validation3. Monitoring 4. Reporting 5. Reconciliation
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 56/6456
ALFI industry work paper - collateral management
56
tss rssibiliis Cls
pM MC CUS CM Fa Fa – accuig Fa – Cmlic
2.1. rcig
scis
(clll s
ci)
X X X
•AccountingofOTCtransactions
•FilingofISDA
agreements/CAS inaccounting records
2.2. ts clll
sss s
(clll ccus)X X X
•Accountingofcollateralsposted (i.e. on-balance)
•Accountingofcollateralsreceived (i.e. o-balance)
•Monitoringofinitialcollateral postings
2.3. vlui otC
siis
clll sssX (X) X
•ValuationofOTCpositions
•Valuationofcollaterals(i.e. in case o securities)
•Monitoring o variationpostings on collaterals
2.4. rccilii
clll lui
i navX
•ReconciliationofOTCvaluation
•Adjustmentofvaluation(in case required)
2.5. vii sig/
ci
clll sssX X X
•Accountingofcollateralsposted (i.e. on-balance)
•Accountingofcollateralsposted (i.e. o-balance)
•Monitoringofvariationpostings on collaterals
2.6. Miig
cllci/m is cs
clll
X (X) X
•Accountingofinterest
accruals•Accountingoninterest
paid/received
2.7. Miig
lcm
clll (i..
c ci
l sics)
X (X) X
•Accountingofcollateralswitches (i.e. in case osecurities collateral)
•(potentially)accountingo corporate actions
•Monitoringofcollateralswitches regardingeligibility and collateralcoverage
2.8. Miig
cssig uls X (X) X
•Accountingofdefaultevents (e.g. write downs,impairments)
•Accountingofcollateral“realisation”
•Monitoringofcollateral“realisation” (i.e. receptiono collateral due)
1. Initiation2. Transaction
validation3. Monitoring 4. Reporting 5. Reconciliation
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 57/645757
tss rssibiliis Cls
pM MC CUS CM Fa Fa – accuig Fa – Cmlic
3.1. eligibili
clll s li
i CSa
X X X
•Monitoringofcollateraleligibility
3.2. eligibili
clll s qui
i lgl isiX X
•Monitoringofcollateralcoverage (i.e. sucientcollateral received/posted)
3.3. Clll cg
X X X
•Monitoringofappliedhaircuts
•Monitoringofcollateralcoverage (i.e. sucientcollateral received/posted)
•MonitoringofCPexposure in case oover-collaterisation
3.4. Cmlic i
ism
sicis li
i
scus /
lgl isis
X X
•Monitoringoflegalandcontractual counterparty risk restrictionsconsidering collateralsreceived and re-used(i.e. o-balance)
3.5. nig otC
xsuX X
•Monitoring o legal andcontractual counterpartyrisk restrictionsconsidering collateralsnetting provisions asper ISDA agreements
3.6. plusibili cc
clll luis(X) X
•ReconciliationofOTCvaluation
•Adjustmentofvaluation(in case required)
3.7. Suisi
sub-cusis
clll otC
l sss
X
1. Initiation2. Transaction
Validation3. Monitoring 4. Reporting 5. Reconciliation
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 58/6458
ALFI industry work paper - collateral management
58
tss rssibiliis Cls
pM MC CUS CM Fa Fa – accuig Fa – Cmlic
4.1. disclsu otC
l imi
i fcil
sms
X X
•DisclosureonvalueofOTC derivatives
•(optional)Notedetailing
mark to market value ocollateral
4.2. rig
xcis/bcsX
•Escalation procedure(internal)
•Escalationprocedure
(external – CSSF 02/77)
4.3. Fll-u
isusX X X
•ReconciliationofOTCvaluation ater disputesettlement
•Adjustmentofvaluationand collaterals
•(potentially)Monitoringo dispute settlement
4.4. Is x
igX
•Taxreportingincludingcollateral income
4.5. osig ig
ilig clll
mms
-- siis
X X X X
1. Initiation2. Transaction
Validation3. Monitoring 4. Reporting 5. Reconciliation
tss rssibiliis Cls
pM MC CUS CM Fa Fa – accuig Fa – Cmlic
5.1. rccilii
clll siisX X X
•Reconciliationofsecurityand cash collaterals
•Follow-upon
un-reconciled collaterals
1. Initiation2. Transaction
Validation3. Monitoring 4. Reporting 5. Reconciliation
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 59/645959
aML Anti-Money Laundering
BCp Business Continuity Planning
B dics Means the Board o Directors o the Management Company;The term “Board o Directors” shall not comprise the supervisoryboard where management companies have a dual structurecomposed o a Board o Directors and a supervisory board
CCp Central Counterparty
CdS Credit Deault Swap
CeSr Committee o European Securities Regulators
CeSr/10-788 CESR’s Guidelines on Risk Measurement and the Calculationo Global Exposure and Counterparty Risk or UCITS
Cicul 02/77 Protection o investors in case o NAV calculation error andcorrection o the consequences resulting rom non-compliancewith the investment rules applicable to undertakings orcollective investment
Cicul 03/108 Luxembourg management companies subject to Chapter 13o the Law o 20 December 2002 concerning undertakings orcollective investment, as well as Luxembourg sel-managedinvestment companies subject to Article 27 or Article 40 o the Law o 20 December 2002 concerning undertakings orcollective investment
Cicul 07/308 Rules o conduct to be adopted by undertakings or collectiveinvestment in transerable securities with respect to the use o a method or the management o nancial risks, as well as the
use o derivative nancial instrumentsCicul 08/356 Rules applicable to undertakings or collective investment
when they employ certain techniques and instruments relatingto transerable securities and money market instruments
Cicul 11/512 This Circular claries the Risk Management requirementsapplicable to Luxembourg UCITS Management Companiesand Luxembourg domiciled UCITS
CM Collateral Management
Cucig ofc/Co Means the Person(s) appointed by the Board o Directors to
oversee the day to day operations o the ManCo
Cu ris Means the risk o loss or the UCITS resulting rom the act that
the counterparty to a transaction may deault on its obligations
prior to the nal settlement o the transaction’s cash fow
Cp Conducting Person
CSSF Commission de Surveillance du Secteur Financier, theLuxembourg supervisory authority o the nancial sector
CtFC Commodity Futures Trading Commission
CUS Custody Services / Depositary
dr Disaster RecoveryeSMa European Securities and Market Authority, known as CESR
until 1st January 2011
appendix I - glossary
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 60/6460
ALFI industry work paper - collateral management
60
eU The European Union
Fa Fund Accounting
hr Human Resources
ISda International Swaps and Derivatives Association, Inc.
kpI Key Perormance Indicator
krI Key Risk Indicator
kyC Know Your Customer
Liquii ris Means the risk that a position in the UCITS’ portolio cannot besold, liquidated or closed at limited cost in an adequately shorttime rame and that the ability o the UCITS to comply at anytime with Article 11, paragraph (2) and Article 28, paragraph(1), point b) o the Law o 17 December 2010 concerningundertakings or collective investment is thereby compromised
MC MgmCm
Means, throughout the document, reerence to managementcompany or sel managed company unless i not expresslysaid otherwise
M ris Means the risk o loss or the UCITS resulting romfuctuation in the market value o positions in the UCITS’portolio attributable to changes in market variables, such asinterest rates, oreign exchange rates, equity and commodityprices or an issuer’s creditworthiness
oM Operating Memorandum
oil ris Means the risk o loss or the UCITS resulting rom
inadequate internal processes and ailures in relation topeople and systems o the management company or romexternal events, and includes legal and documentation riskand risk resulting rom the trading, settlement and valuationprocedures operated on behal o the UCITS
otC Over The Counter
pM Portolio Management
rguli n. 10-4 CSSF regulation No. 10-4 transposing commission directive2010/43/EU o 1 July 2010 implementing directive 2009/65/ECo the European Parliament and o the Council as regardsorganisational requirements, conficts o interest, conduct
o business, risk management and content o the agreementbetween a depositary and a management company
rl ps In relation to a management company, means any o the ollowing: Q a director, partner or equivalent, or manager o themanagement company;
Q an employee o the management company, as well as anyother natural person whose services are placed at thedisposal and under the control o the management companyand who is involved in the provision by the managementcompany o collective portolio management;
Q a natural person who is directly involved in the provision o services to the management company under a delegation
arrangement to third parties or the purpose o theprovision by the management company o collectiveportolio management.
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 61/646161
ruil is Means the risk o damaging an entity’s trustworthiness inthe marketplace, i.e. the impact o specic events that couldworsen or negatively aect the perception o an entity
rFp Request or Proposalris ai ms The amount o risk exposure (e.g. expressed as monetary),
or potential adverse impact rom an event, that a Manco iswilling to accept/retain
rM Risk Management
rMp Shall stand or Risk Management Process
SaS 70 Statement o Auditing Standards No. 70
SeC Securities & Exchange Commission
Si Mgm Means the persons who eectively conduct the business o a management company in accordance with Article 102,
paragraph (1), point c) o the Law o 17 December 2010concerning undertakings or collective investment
Sl Mg SICav UCITS SICAV established under the Law o 2010 which hasnot appointed a Management Company
SICav Société d’Investissement à Capital Variable (investmentcompany with variable capital)
SLa Service Level Agreement
Suis Fuci Means the relevant persons or body or bodies responsibleor the supervision o its senior management and or theassessment and periodical review o the adequacy and
eectiveness o the risk management process and o thepolicies, arrangements and procedures put in place to complywith the obligations under the Law o 17 December 2010concerning undertakings or collective investment
t L 2010 Luxembourg Law o 17 December 2010 concerningundertakings or collective investment
UCItS Undertaking or Collective Investment in Transerable Securitiessubject to Part I o the Law o 2010, as amended
UCItS dici Council directive 2009/65/EC o the European Parliamentand o the Council o 13 July 2009 on the coordinationo laws, regulations and administrative provisions relating
to undertakings or collective investment in transerablesecurities (UCITS) glossary
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 62/6462
ALFI industry work paper - collateral management
62
appendix II aLFI ris mgm cmmi SC
Chairman: Jean-Christoph Arntz
Thomas NummerOlivier Carré
ALFI Coordinator: Alexander Fischer
K Risk
Management
Steering
Committee
K1 Market
Risk SC
K2 Counterparty,
Issuer and
Diversifcation
Risk SC
K3 Operational
Risk SC
K4 Liquidity
Risk SC
k1 M ris SC
Cecilia Lazzari
Dominique Marchal
Laurent Denayer (Co-chairman)
Luc Neuberg (Co-chairman)
Michael Derwael
Steania Serato
Xavier Zaegel
k2 Cu, Issu
disifci SC
Gabrielle Jamion
Guy ReiterHenning Schwabe
Justin Egan
Kai Nemec
Mario Koster
Olivier Carré (Co-chairman)
Peter Schmitt
Thomas Nummer (Co-chairman)
Utz Schüller
Valerie Bernard
k3 oil ris SC
Christoph Adamy
Dale Quarry
Daniela Klasen-Martin
Graham Goodhew (Chair)
Mike Sommer
Sacha Reverdiau
Sonia Thein-Biraschi
Stean Lieser
Thomas Nummer
k4 Liquii ris SC
Alain Ottelé
Bastian Wagner (Co-chairman)
Elie Flatter
Frank Schaer
Michael Rieer
Remi Kamiya
Sascha Schultz
Sasha Reverdiau
Sven Muehlenbrock (Co-chairman)
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 63/64
7/27/2019 ALFI Risk Management 170412
http://slidepdf.com/reader/full/alfi-risk-management-170412 64/64
Revised version March 2012.
For any urther inormation about this brochure or risk management address