Investment Management: Areas of Regulatory Concern and Risk Assessment Methods

Transcription

1 Investment Management: Areas f Regulatry Cncern and Risk Assessment Methds Reprt f the Technical Cmmittee f the Internatinal Organizatin f Securities Cmmissins Octber 2002

2 Part I: Intrductin Ratinale The IOSCO Technical Cmmittee thrugh its Standing Cmmittee n Investment Management (TCSC-5) has carried ut a range f wrk n the standards that cllective investment scheme (CIS) peratrs shuld be subject t and the supervisry arrangements that shuld be in place in member cuntries. This paper sets ut this backgrund and attempts t identify thse areas, which may cncern the regulatr in fulfilling his bjective f investr prtectin, whereby ne CIS peratr can be judged against anther CIS peratr. This paper is designed t help develp a cmmn view f the risks that CIS peratrs may pse r face relevant t the achievement f regulatry bjectives and f the relative imprtance f thse risks. T further this cmmn view the paper can be used as a starting pint fr explratin f differences and similarities in the regulatry appraches t certain risk areas. That shuld aid understanding and c-peratin between regulatrs, which has becme increasingly necessary as a result f the glbalizatin f fund management. The paper als prvides an insight int the methds used by regulatrs f CIS peratrs t assess the risks that the activities f CIS peratrs pse t the bjectives f securities regulatin and the methds used by regulatrs t determine their inspectin pririties and ther activities in relatin t CIS peratrs. Backgrund CIS peratrs are increasingly perating n a glbal basis and the Internet is encuraging that develpment. All natinal regulatrs experience limitatins n resurces and hence are under pressure t priritize the use f their scarce resurces. Priritizatin has becme a matter f risk identificatin nt nly in specific firms but als acrss the industry as a whle. The industry is nw glbal and therefre regulatrs are becming mre internatinal in their utlk and are als placing mre reliance n each ther. Internatinal c-peratin will be imprved if regulatrs frm a cmmn view n the risks inherent in the CIS business. That cmmn view shuld lead t mre efficient and effective cmmunicatin between regulatrs and als t a mre cnsistent regulatry respnse t issues arising. The Technical Cmmittee has published the fllwing key dcuments: Principles fr the Regulatin f Cllective Investment Schemes (1994), Discussin Paper n Internatinal Cperatin in relatin t Crss-Brder Activity f Cllective Investment Schemes (1996), Principles fr the Supervisin f Cllective Investment Schemes (1997), and Summary f Respnses t the Questinnaire n Principles and Best Practice Standards n Infrastructure fr decisin making fr CIS Operatrs (2000). There has als been detailed wrk n Pricing, Risk Disclsure, and Cnflicts f Interest and Delegated Functins. These papers cntain valuable material cncerning the jurisdictins f the Technical Cmmittee members and their regulatry apprach and highlight that the issues surrunding investr prtectin and the appraches t the regulatin f CIS peratrs are very similar in different jurisdictins.

3 3 Fcus Investr prtectin and market cnfidence are the cmmn bjectives f the Standing Cmmittee and the regulatrs represented n it. This paper attempts t identify thse areas, which may cncern the regulatr in fulfilling its bjective f investr prtectin, whereby ne CIS peratr can be judged against anther CIS peratr. This shuld facilitate a cmmn understanding between regulatrs as t why ne CIS peratr is viewed by its regulatr as mre risky than anther. This shuld help in cmmunicating particular cncerns abut industry participants between regulatrs as well as prviding a fcus fr the particular issue f cncern. It shuld als assist an individual regulatr in priritizing resurces and determining the fcus f his wrk. A listing f risk areas and risk assessment factrs assists the regulatr s staff in applying a cnsistent apprach in the risk assessment f firms. Risk areas and risk assessment factrs are set ut in part II f this paper. It is imprtant t make clear that this paper cvers risk assessment frm a regulatry pint f view, nt frm a CIS peratr pint f view. That wrk was primarily dealt with by the IOSCO Technical Cmmittee reprt f May 1998 Risk Management and Cntrl Guidance fr Securities Firms and their Supervisrs where many f the issues faced by securities firms can be translated t CIS peratrs. Thse jurisdictins that use risk assessment mst extensively d s because it is cnsidered an imprtant part f determining the allcatin f their wn resurces. The use f risk assessment techniques therefre varies depending upn the extent f resurces devted t inspectin visits by the regulatr s wn staff, cmpared with the reliance placed n external auditrs. 3

4 4 Part II: Areas f regulatry cncern and risk assessment factrs The areas f regulatry cncern can be brken dwn int tw verall types: Areas f inherent business risk: the risk arising frm the type and nature f the business being undertaken; and Areas f cntrl risk: the risk f management s cntrl systems nt identifying and rectifying deficiencies. Under each verall risk type area a number f factrs can be identified that shuld be taken int accunt when assessing the risk in that area. Many f the risk assessment factrs described belw verlap with r impact n ther risk areas. Fr the purpses f this paper they are identified against the primary relevant risk area. The risk assessment factrs that can be used t identify inherent business risk areas are: Investr and prduct type factrs, fr example: the nature f custmer type; the financial sphisticatin f cnsumer type; the cmplexity f the investment prducts ffered. Explanatry nte: Examining the custmer base f a CIS peratr is relevant as retail investrs may require enhanced prtectin r mre detailed regulatin cmpared t institutinal investrs. Prducts that are targeted at and nly available t institutinal investrs generally require less intensive regulatin than thse targeted at retail investrs. The nature f the CIS prducts ffered by the peratr needs t be seen in the cntext f the peratr s custmer base and, hence, whether this pses a risk issue t the regulatr. The cmplexity f the prduct gives rise t tw cncerns: whether the investr understands the nature f the prduct; and whether the peratr can prperly manage the cmplex investment. It is als imprtant that the prmtinal material f the prducts ffered by the peratr reflects the cmplexity f the prduct. If nt, this culd lead t future misselling claims. Business strategy factrs, fr example: frequency f changes in prducts; intrductin f new prducts; distributin strategy (self-marketing r third party); mergers, acquisitins and grwth strategy; clarity f strategy and likelihd f achievement; ther business activities by the CIS peratr r related cmpanies. Explanatry nte: The regulatr needs t understand the strategy f the firms under its supervisin. Significant changes in business strategy r management structure inevitably place stress n the peratr and its staff, at least in the shrt term. Experience has shwn that ften a majr event at a firm such as a majr acquisitin has a detrimental effect n the business (and hence investrs may suffer). Equally this can happen with the rapid intrductin f new and cmplex prducts. Significant changes in prduct type require the 4

5 5 sales frce, asset managers and cmpliance staff t develp an understanding f the new prduct. S the regulatry questins wuld be: hw realistic are management's ambitins; has the peratr the capability e.g. systems and cntrls t intrduce new prducts ver a shrt perid f time? Financial viability factrs, fr example: financial histry f peratr; capital levels and cmpsitin; earnings stream relative t industry benchmarks. Explanatry nte: Althugh inslvency is nt a cmmn prblem in fund management it cannt be in the interests f investrs (r regulatrs) t have this ccur. Sme peratrs may vluntarily reimburse a CIS in the case f an peratinal errr r maintain hldings in the fund in rder t maintain an rderly market and stability in net asset values. It is imprtant that the regulatr is satisfied that the firm is sufficiently capitalized t cpe with issues such as peratinal risk as well as having a sund business base t cntinue as a financially viable peratin. The risk assessment factrs that can be used t identify cntrl risk areas are: Management culture and effectiveness factrs, fr example: quality f management; integrity f management; reputatin f management. Explanatry nte: The assessment f the quality and integrity f the management f a CIS peratr plays an imprtant rle in regulatry risk assessment. The regulatr must assess the intentins f management and its ability, and willingness, t identify and manage risks and act in the best interest f the CIS investrs. Their ability t d s depends largely n the quality f management, fr example their effectiveness, their expertise and the business culture they establish. The willingness f management t identify and manage risks and act in the best interest f investrs depends largely n their integrity and their apprach t management respnsibilities and business ethics. Inevitably, the regulatr must use cnsiderable subjective judgment in this area. Over the years the regulatr may have built up a wrking knwledge f the quality, integrity and reputatin which will influence that judgment. The regulatr must als take int accunt external infrmatin cncerning regulatry, financial, criminal and ther antecedents f management. Organizatinal factrs, fr example: crprate structure; ptential cnflicts f interests; segregatin f duties; delegatin f functins; utsurcing f functins; financial and human resurces. 5

6 6 Explanatry nte: The crprate structure and the rganizatinal set-up will infrm the regulatr as t the ability f the CIS peratr t tackle risks. A regulatry cncern is whether the peratr has identified ptential cnflicts f interest and has put in place structures and prcedures t mnitr and supervise these cnflicts. If the peratr has delegated r utsurced certain activities, the regulatr is interested in hw the peratr versees such delegatin r utsurcing and if the peratr cntains sufficient expertise t carry ut this supervisin effectively. This als entails assessment f the quality, reputatin and reliability f the third party invlved. Als it is imprtant t determine whether the firm has adequate financial and human resurce fr its activities. Factrs related t peratinal prcesses and prcedures, fr example: administrative systems and prcedures; internal cntrl prcedures; audit trail; nature and cmplexity f fee arrangements; investment decisin prcedures; management infrmatin systems; cmpliance histry and prcedures. Explanatry nte: Administrative systems and internal cntrl prcedures f the peratr must incrprate such safeguards that the assets and liabilities f the CIS and the changes therein can be accunted fr truly and fairly. It is imprtant fr a regulatr t assess whether imprtant prcesses, such as the NAV-calculatin prcess, the subscriptin and redemptin prcess and the investment prcess are well rganized and well dcumented. The investment prcess is als f interest t the regulatr with respect t adherence t the stated investment plicy and cmpliance t legal r internal requirements. Deviant r cmplex fee arrangements may give rise t extra regulatry attentin. Mrever, the way fees are calculated and paid may lead t aberrant practices, such as churning, which are t the detriment f the investr. The relatin between the scale f peratins and the extensiveness f the management infrmatin systems gives the regulatr a clue t hw management tries t cntrl peratins. Mandatry third party factrs, fr example: reputatin and quality f custdian; reputatin and quality f auditr. Explanatry nte: In mst jurisdictins invlvement f independent third parties is mandatry, fr instance fr safekeeping f assets and auditing reprts. These parties must be f gd reputatin and quality, s that the regulatr can depend n their prudence and judgment. Marketing practice factrs, fr example: aggressiveness f advertising and selling practices; use f past perfrmance claims; use f intermediaries; nature and cmplexity f sale cmmissins; cmplaints by investrs. 6

7 7 Explanatry nte: In this area the regulatr is attempting t ascertain hw aggressive the peratr is in its marketing and dealings with investrs. Misleading perfrmance claims, high sales cmmissins fr independent intermediaries r a high level f cmplaints frm investrs culd suggest a "business at whatever the cst" apprach by an peratr. Regulatry histry factrs, fr example: regulatry actins; fllw-up n regulatry actins and inspectin bservatins. Explanatry nte: As mentined earlier the regulatr will build up a wrking knwledge f the peratr. Althugh the past is nt always a gd guide t the future the regulatr s past experience f a CIS peratr can prvide useful clues as t the peratr s determinatin t take its cmpliance respnsibilities seriusly r nt. The regulatr may keep a histry nt nly f regulatry actins enfrced and the fllw-up n thse sanctins, but als f the results f n-site inspectins. Mst jurisdictins use an peratr-based apprach t assessment f the risk areas mentined abve. The risk type f prducts ffered is taken int accunt while assessing the peratr. The particular issues raised if an peratr is part f a grup are als taken int accunt in the assessment. Althugh all areas f regulatry cncern identified abve must be cnsidered while assessing the relative risk f an peratr, Management culture and effectiveness, Organizatinal factrs, Operatinal prcesses and prcedures and Marketing practices are seen as sme f the mre imprtant areas f regulatry cncern. Mst jurisdictins evaluate the risk assessment factrs qualitatively and in sme cases, depending n the factr, quantitatively. The views f different regulatrs n the nature f the cnnectin between the factrs and the particular areas f cncern are rughly the same. Fr example mre cmplex investment prducts, lack f internal cntrls and cmpliance r an aggressive style f advertising pse a higher risk t the bjectives f the regulatr. 7

8 8 Part III Characteristics f methds fr resurce allcatin A questinnaire n risk assessment methdlgy was sent t all TCSC-5 members and the main findings are stated belw. Nearly all jurisdictins use sme kind f assessment f risk areas; Sme jurisdictins use a mdeling technique which scales and weighs different risk factrs t create an verall risk indicatr; Mst jurisdictins d nt currently use a mdeling technique, but d emply a risk assessment in their supervisin; A few jurisdictins d nt emply explicit risk assessments f CIS peratrs, because f the limited size f their market, r because supervisin f CIS peratrs is part f the supervisin f financial cnglmerates as a whle, r because funds are rated by an authrized rating agency. Risk area assessment is mstly used t fcus supervisin and priritize (n-site) activity. The frequency f updates differs frm cntinuusly t nce every five years, but predminantly the assessment is updated annually. Sme jurisdictins argue that the individual analysis f each risk factr is cnsidered t be mre imprtant than btaining an individual verall risk indicatr because f the difficulty in synthesizing and hmgenizing the different risk factrs cnsidered in a mdel, and weighting them t prvide an verall risk indicatr. Whether r nt a mdel is used, sme internal guidelines fr harmnizatin f the evaluatin are necessary, especially in the case f qualitative factrs. But the regulatr s subjective pinin based n years f experience must nt be underestimated. Regulatry risk assessment mdels Regulatry risk assessment mdels attempt t view the relative riskiness f ne CIS peratr t anther in the cntext f the regulatr s missin f investr prtectin. They d nt therefre attempt t detail market risks (i.e. the expsure f investment prtflis t mre vlatile markets) r peratinal risks (i.e. the use f sphisticated IT systems) but d take sme accunt f these factrs. Mdels can cntain a mixture f qualitative and quantitative factrs. Wherever pssible hard, quantitative risk identificatin factrs shuld be utilized but ultimately the regulatr s experience and knwledge is a vital cmpnent. A critical area f judgment is the assessment f management f a CIS peratr. There are many demnstrable factrs that prvide evidence f sund management and the mdel shuld attempt t identify these. Mdels shuld be dynamic, altering in reactin t changes in the underlying market and individual peratrs within it. Regulatrs may find when intrducing r develping risk mdels that they d nt pssess all the infrmatin the mdel may suggest they require. The mdel might therefre need t perate, at least at first, n incmplete infrmatin and the intrductin f a mdel might stimulate wrk n the infrmatin needs f the regulatr. 8

9 9 Mdels can fllw a simple scring mechanism fr each f the identified risk factrs with the individual being ttaled. A regulatry respnse, including a visit cycle, can be prduced frm the scres. The purpse f the risk assessment mdels in thse cuntries where it is used tends t be limited t the allcatin f resurces and the fcus f inspectin visits. The ratings therefre tend t be relatively crude, merely rating each factr as high, medium r lw fr each peratr. The emphasis is n the relative risk assessment the rating f ne peratr relative t anther peratr. Risk mdels need t be: simple and easy t understand simple t maintain and adapt ver time sufficiently cmprehensive, drawing n a wide range f infrmatin easily accessible by the regulatr's staff and take accunt f the regulatr's experience and knwledge. Training in the mdel is imprtant t prvide a cnsistent utput frm the regulatr's staff. Issues arise n the cnfidentiality r therwise f the verall rating. Fr example, in the UK, IMRO did nt reveal the relative risk ratings t firms. Hwever, the general publicatin f the effect f the rating n visit frequency meant that an peratr culd estimate its wn risk rating. IMRO s successr regulatr in the UK, the FSA, is develping a cmmn risk assessment mdel fr all financial services businesses in the UK. The FSA envisages cmmunicating t the peratr the utcme f the FSA s risk assessment. The risk assessment prcess used by many regulatrs prvides an imprtant resurce allcatin methd fr inspectin visits. In additin, ther supervisry tls are used either t identify apprpriate peratrs t visit r t identify issues t fcus wrk n during an inspectin visit r as an alternative t inspectin visits. Inspectin visits and ther activities As nted abve, the use f inspectin visits varies depending upn the extent f reliance placed n inspectin visits cmpared with ther tls f supervisin, fr example reprts frm external auditrs. Where regulatrs relied n inspectin visits, these cmprised a variety f types f inspectin visits: 1 (1) Regular, peridic, rdinary r rutine inspectin visits either with the frequency f visits the same fr all CIS peratrs r with the frequency dependent upn the risk assessment prcess which is the subject f this paper. Depending upn the nature f the risk assessment prcess undertaken by the regulatr, the wrk carried ut n the 1 IOSCO members in describing their types f inspectin visits used different terms t describe visits, but the visits appeared t fall within the fllwing categries. 9

10 10 inspectin visit may vary dependent upn the risks identified in the risk assessment prcess. (2) Cause, emergency r special inspectin visits, where the regulatr has a particular reasn t visit an peratr; fr example, the peratr s auditr has reprted a matter t the regulatr which requires further investigatin. These visits might arise as a result f a matter identified by ne f the supervisin tls set ut belw. (3) Theme r sweep inspectin visits where the regulatr fcuses n a particular issue which it is cnsidered may ccur acrss a number f different CIS peratrs, fr example sft cmmissin arrangements r cntrls n pricing arrangements. Many regulatrs rely extensively n annual returns prepared by CIS peratrs and reprts prepared by external auditrs n these returns. Reviews f publicly available infrmatin and f cmplaints can als help fcus wrk. In sme jurisdictins mvements in the net asset value are reprted n a very regular basis and analyzed by special sftware vis-à-vis a pre-determined r expected mvement fr that type f fund. Strange patterns in the net asset value trigger the regulatr t make enquiries. This culd lead t a special inspectin visit. 10

11 11 Part IV: Cnclusin and Future Wrk Many regulatrs have fund that undertaking sme frm f risk assessment, either as part f scheduled inspectin visits, r in rder t priritize which firms t inspect and what aspects t inspect in detail, is a useful regulatry tl. This paper is designed t prvide a descriptin f the categries f risk that might be cnsidered in any risk assessment relevant t CIS peratrs. These categries will evlve ver time, as risk assessments becme mre detailed r change t fcus n the areas f greatest perceived risk. The Technical Cmmittee has cntinued its wrk in the area f risk assessment, by fcusing n sme particular risk categries and giving mre thught t tw key questins: (1) Hw des the regulatr in practice assess r measure that particular risk categry? and (2) What tls are available r steps may be taken by the regulatr t address that categry f risk? The Technical Cmmittee intends t publish further mre detailed papers in the future n the fllwing risk categries: management culture and effectiveness; peratinal prcesses and prcedures; and marketing practices. 11