RISK MANAGEMENT POLICY AND PROCEDURE

Transcription

1 RISK MANAGEMENT POLICY AND PROCEDURE GARDA Capital Limited ACN AFSL GARDA Funds Management Limited ACN AFSL The Plicy was updated and apprved by the Bards n 21 August 2018 and replaces any previus versins f the Plicy. 1 P a g e

2 Table f Cntents Part A Risk Management Plicy Cmmitment t the Plicy Plicy Owner Purpse f this Plicy Wh Shuld Knw and Understand the Plicy What is Risk Management? Respnsibilities... 6 Bard... 6 MD... 6 Cmpliance Manager... 6 Risk Owner Risks f Nn-Cmpliance... 7 Part B Risk Management Prcedure Summary f Prcedure Legislative and Regulatry Requirements Risk Management Prcess Risk Management Methdlgy Risk Appetite Statement Identificatin f Mst Significant Current and Emerging Risks Part C Operatinal Prcedures Mnitring Cmpliance with the Plicy Review f the Plicy Recrd Keeping Training n the Plicy Inductin Training Onging Training Applying Discretin t the Plicy Interactin with Cmpliance Plan and Cnstitutin Related Plicies Further Infrmatin Appendix A Legislative and Regulatry References Appendix B Risk Definitins and Classificatin Risk Categries Appendix C Risk Register P a g e

3 Part A Risk Management Plicy 1 Cmmitment t the Plicy The Bards f GARDA Capital Limited and GARDA Funds Management Limited (cllectively referred t as GARDA Capital Grup r the Cmpanies ) are cmmitted t the establishment and maintenance f adequate risk management systems are in place t mitigate expsure t relevant risks and infrm business decisin making. This Risk Management Plicy ( Plicy ) has been adpted by the Bards and presents the framewrk upn which the Cmpanies will meet their regulatry risk management bligatins under each Australian Financial Services ( AFS ) licence. Where there is any dubt as t the requirements cntained in this Plicy, yu shuld have regard t the principle that the Bards will always ensure the Cmpanies cnduct their financial services business in a fair, hnest and prfessinal manner in line with the regulatry bjective f ensuring the cnfident and infrmed participatin f cnsumers and investrs in the Australian financial system. 2 Plicy Owner The wner f this Plicy is the Managing Directr f the Cmpanies ( MD ) ( Plicy Owner ). The Plicy Owner is respnsible fr ensuring that the Plicy is reviewed at least annually r when it requires updating (e.g. because f regulatry r peratinal change). Where new r varied risks r gaps in existing cntrls are identified, they shuld be reprted t the Plicy Owner. The Plicy Owner will discuss these matters with the persn respnsible fr the relevant risk and cntrls ( Risk Owner ) and subsequently refer it fr cnsideratin and apprval at the next apprpriate meeting f the relevant Bard. 3 Purpse f this Plicy This Plicy relates t the Cmpanies in their capacity as an AFS licensee as Respnsible Entity ( RE ) f registered managed investment schemes ( Schemes ), including: Scheme ARSN GARDA Diversified Prperty Fund GARDA Capital Trust The purpse f this Plicy is t evidence the Bard s cmmitment t risk management and t demnstrate and acknwledge that at the GARDA Capital Grup, risk management: creates and prtects value; is an integral part f all rganisatinal prcesses; is part f decisin making; explicitly addresses uncertainty; is systematic, structure and timely; is based n the best available infrmatin; is tailred; 3 P a g e

4 takes human and cultural factrs int accunt; is transparent and inclusive; is dynamic, iterative and respnsive t change; and facilitates cntinual imprvement. In additin, the Plicy explicitly recrds the GARDA Capital Grup s risk and cntrls in a separate Risk Register. 4 Wh Shuld Knw and Understand the Plicy The fllwing peple shuld be aware f the cntents f this Plicy: Directrs and Respnsible Managers; all GARDA Capital Grup emplyees and representatives wh are directly r indirectly invlved in prviding financial services under the AFS licence; anyne prviding services t the GARDA Capital Grup that the Plicy Owner determines shuld cmply with the Plicy (e.g. service prviders, agents, cntractrs and temprary staff); and anyne else that the Plicy Owner determines shuld cmply with the Plicy. Where functins f the GARDA Capital Grup are utsurced (e.g. t service prviders, agents, cntractrs and temprary staff), GARDA remains respnsible and accuntable fr thse actins. The GARDA Capital Grup may include specific requirements in the utsurcing r ther agreements t ensure cmpliance with this Plicy and ther regulatry bligatins. Failure by a service prvider, agent, cntractr r temprary staff member t cmply with this Plicy r t deliver their cntracted services may result in a breach f the agreement and cnsequently a breach under this Plicy. The agreement shuld prvide fr actins that either party can take where a breach f the agreement has ccurred and/r it may be dealt with accrding t the Breach Management Plicy. T ensure all fficers, emplyees and agents are aware f the cntents f this Plicy, it will be made available electrnically n the GARDA Capital Grup s intranet r in a cmmn directry accessible by all relevant staff. 5 What is Risk Management? The fllwing definitins frm AS/NZS ISO 31000:2009 assist with understanding risk management: Risk - is the effect f uncertainty n bjectives (and usually described in terms f a cmbinatin f the cnsequences f an event ccurring and its likelihd f ccurring); Risk management - is the crdinated activities t detect and cntrl an rganisatin with regard t risk; Risk management framewrk - is the set f cmpnents that prvide the fundatins and rganisatinal arrangements fr designing, implementing, mnitring, reviewing and cntinually imprving risk management thrughut the rganisatin; and 4 P a g e

5 Risk management prcess - is the systematic applicatin f management plicies, prcedures and practices t the activities f cmmunicating, cnsulting, establishing the cntext, and identifying, analysing, evaluating, treating, mnitring and reviewing risk; and Risk assessment - is the verall prcess f risk identificatin, risk analysis and risk evaluatin. The GARDA Capital Grup s risk management system is designed t ensure that it has explicitly identified the risks it faces and has measures in place t keep thse risks t an acceptable minimum. The existence f risk presents bth threats and pprtunities t the GARDA Capital Grup. Risk Management is nt abut eliminating risk, but instead is abut helping it increase the likelihd f achieving its bjectives and reducing the likelihd f nt ding s, r failing. The GARDA Capital Grup treats its risks by identifying, assessing, dcumenting and implementing a range f measures and cntrls. Once implemented mitigants are mnitred and reviewed. Fr respnsible entities, ASIC cnsider that adequate risk management systems will help them t deliver their bjectives t retail investrs and financial cnsumers by mitigating the risk f investrs and cnsumers lsing their investment r nt being able t access it. Risk Owners have been assigned respnsibility fr the identified risks and assciated cntrls in the Risk Register. It is their respnsibility t ensure the measures and cntrls t treat the risks are adequate and are being apprpriately implemented. AS/NZS ISO 31000:2009 has been used as the benchmark in planning and implementing the risk management framewrk. This has been adapted t meet the requirements f the GARDA Capital Grup based n the nature, scale and cmplexity f its financial services business. AS/NZS ISO 31000:2009 recmmends that rganisatins shuld have a framewrk that integrates the prcess fr managing risk int the rganisatin s verall gvernance, strategy and planning, management, reprting prcesses, plicies, values and culture. The risk management framewrk f the GARDA Capital Grup includes: a strng cmmitment frm the Bard; an apprpriately designed framewrk fr managing risk, which is based n: understanding the cntext within which the GARDA Capital Grup perates (i.e. setting the risk appetite); establishing the risk management plicy; accuntability; integrating risk management int business prcesses; allcating sufficient resurces; and establishing internal and external cmmunicatin and reprting mechanisms; fully implementing the risk management framewrk and prcesses; mnitring and reviewing the framewrk; and an acceptance f cntinuus imprvement. 5 P a g e

6 6 Respnsibilities Bard The Bards f the Cmpanies have respnsibility under this Plicy fr: apprval f the risk management system; setting the risk appetite; at each regular Bard meeting cnsider the mst significant current and emerging risk; receiving reprts frm management n the Risk Management Framewrk; and mnitring and versight f risk management activities. MD The MD f the GARDA Capital Grup has respnsibility under this Plicy fr: mnitring cmpliance with this Plicy n at least an annual basis (r mre frequently as required) t ensure it remains cnsistent with AS/NZS ISO 31000:2009. n a regular and rutine basis reprt the mst significant current and emerging risks t the Bard; recmmending the risk management system and changes t it (including cnsidering any changes which have been recmmended by, the Cmpliance Manager, external auditr, Risk Owners r ther staff); ensuring the risk management system has been implemented and that the Risk Register is up-t-date maintaining the Risk Register; reprting n risk management activities t the Bards; and ensuring that the Plicy is reviewed at least annually r when it requires updating (e.g. because f regulatry r peratinal change). Cmpliance Manager The Cmpliance Manager f the GARDA Capital Grup has respnsibility under this Plicy fr: reprting t the Cmpliance Cmmittee n cmpliance with this Plicy, in the cntext f the requirements f the relevant Cmpliance Plan (which is subsequently reprted t the Bard); regularly testing, mnitring and reviewing the measures and cntrls which have been established t treat the risks, in the cntext f testing cmpliance with the requirements f the Cmpliance Plan; and being the pint f cntact fr the external auditr and prvide assistance, where required, with their audits and reviews; and prviding training n this Plicy t staff (in cnjunctin with the MD, where required). Risk Owner The Risk Owner (as nted in the Risk Register) is respnsible fr ensuring n a day-t-day basis that the relevant peratinal prcedures and cntrls implemented t treat each risk area are adequate and effective. If a cntrl r prcedure is nt adequate and effective in treating the risk, the Risk Owner shuld reprt this, with a recmmendatin fr an alternative 6 P a g e

7 risk treatment, t the Cmpliance Manager fr cnsideratin and subsequent referral t the Bard fr apprval. 7 Risks f Nn-Cmpliance The risks t the Cmpanies f nt cmplying with this Plicy include: Regulatry risk the risk that the Cmpanies, their fficers, emplyees r agents will be subject t criminal, civil r administrative penalties r sanctins. This culd include the suspensin, cancellatin r impsitin f additinal cnditins n ur AFS licence, prviding an enfrceable undertaking, being subjected t investigative actin, r ther remedial actins fr nn-cmpliance with: financial services laws and regulatins; the AFS licence; the Scheme s Trust Deed/Cnstitutin and Cmpliance Plan; rganisatinal standards; and internal plicies and prcedures; Business risk the failure t establish adequate risk management systems may result in pr business utcmes fr the Cmpanies, with a key risk being lss f the AFS licence and a directin t cease peratins. Cmpliance with this Plicy will enable the Bards and delegated staff t apprpriately manage their risks; and Reputatinal risk the assciated damage t the reputatin f the GARDA Capital Grup as a result f public reprting f nn-cmpliance with ur bligatins r by being perceived as nn-cmpliant within the market r nt caring fr ur clients/investrs. This may als have a detrimental effect n the prfitability f the GARDA Capital Grup due t lss f cnfidence by clients. By apprving and implementing a rbust risk management system, the GARDA Capital Grup intends t mitigate its reputatinal risk. 7 P a g e

8 Part B Risk Management Prcedure 8 Summary f Prcedure Establish Cntext Cmmunicate and Cnsult Identify Risks Analyse Risks Evaluate Risks Risk Assessment & Risk Register Mnitr and Review Treat Risks Surce: Adapted frm AS/NZS ISO 31000: Legislative and Regulatry Requirements AFS licensees are subject t the general bligatins under s912a(1)(h) f the Crpratins Act 2001 ( the Act ) which includes an bligatin t establish and maintain adequate risk management systems. In Regulatry Guide 104 Licensing Meeting the general bligatins ( RG 104 ), ASIC expect that a licensee s risk management systems will: be based n a structured and systematic prcess that takes int accunt the licensee s bligatins under the Act; identify and evaluate risks faced by its business, fcusing n risks that adversely affect cnsumers r market integrity (this includes risks f nn-cmpliance with the financial services laws); establish and maintain measures and cntrls designed t treat thse risks; and fully implement and mnitr thse cntrls t ensure they are effective. 8 P a g e

9 In additin, ASIC expect that the GARDA Capital Grup will have measures in place t ensure that it cmplies with its risk management bligatins n an nging basis 1. In Regulatry Guide 259, ASIC prvides risk management guidance which fcuses specifically n respnsible entities, the Schemes they perate and the particular risks they face. The GARDA Capital Grup currently perates registered schemes and has cnsidered relevant aspects f the guidance and has incrprated int the GARDA Capital Grup s risk management system. The guidance als includes examples f gd practice which are impractical t implement due t the small scale f business peratins (fr e.g. independent review every three years, having a designed risk management cmmittee and appinting a Chief Risk Officer). 10 Risk Management Prcess The main elements and steps fllwed in the develpment f the GARDA Capital Grup s risk management system are as fllws: Cmmunicate and cnsult with internal and external stakehlders as apprpriate at each stage f the risk management system and cncerning the prcess as a whle; Establish the cntext cnsidering internal and external factrs which impact n the risks t the GARDA Capital Grup s financial services business and setting ut clear criteria against which these risks will be identified, analysed, evaluated, assessed and recrded and setting the risk appetite; Identify risks identify where, when, why and hw events culd prevent, degrade, delay r enhance the achievement f the GARDA Capital Grup s bjectives and in particular regularly cnsider and dcument the mst significant current and emerging risks; Analyse risks identify and evaluate existing cntrls. Determine likelihd and impact (r cnsequence) hence the level f risk by analysing the range f ptential cnsequences and hw these culd ccur; Evaluate risks cmpare estimated levels f risk against the pre-established criteria and cnsider the balance between ptential benefits and adverse utcmes. This enables decisins t be made abut the extent and nature f treatments required and abut pririties; Treat risks develp and implement specific measures and cntrls t mitigate the ptential risks; and Mnitr and review fr cntinuus imprvement, mnitr the effectiveness f all steps f the risk management prcess and the risk management system itself t ensure n an nging basis that changing circumstances are reflected in the verall level f risk r risk pririties. A risk identified by the GARDA Capital Grup may cme frm any internal r external event which, if it ccurs, may affect the ability t efficiently, hnestly and fairly perate in the financial services industry: Internal risks thse risks that specifically relate t the GARDA Capital Grup s business itself and as such are generally within its cntrl. They include risks such as peple risks, strategic risks, AFS licence bligatins and insurance arrangements; and External risks thse risks that are utside the cntrl f the GARDA Capital Grup. They include risks such as market cnditins, ecnmic cnditins and legislative change. 1 RG P a g e

10 Risks are managed by the GARDA Capital Grup thrugh the effective implementatin f varius measures and cntrls which include: Bard apprved cmpliance arrangements and risk management framewrk; dcumented plicies, prcedures, cmpliance registers and checklists; nging mnitring f regulatry bligatins; nging supervisin f representatives; and internal and external reprting. The effectiveness f the implementatin f the varius measures and cntrls t treat the risks is assessed thrugh: regular testing, mnitring and reviews undertaken by the Cmpliance Manager; audit and reviews undertaken by the external auditrs; and management supervisin and reprting. 11 Risk Management Methdlgy The methdlgy adpted by the GARDA Capital Grup fr managing and treating its risks can be defined as fllws: Step 1. Step 2. Step 3. Step 4. Step 5. Step 6. generate Bard supprt; dcument a risk management framewrk (i.e. the cntext) and wt the risk appetite; identify the general activities invlved in running the business (i.e. risk categries) and separate the Risk Register int the varius risk categries; identify the risks invlved in each risk categry by undertaking the specific business activity by asking the questins: a. what culd happen? b. hw and why culd it happen? rate the likelihd f the business activity nt being prperly perfrmed r the relevant risk eventuating. Likelihd is assessed n the assumptin that there is n existing risk management and cmpliance prcesses in place. Likelihd is assessed as either: a. rare; b. unlikely; c. pssible; d. likely; r e. cmmn; Rate the impact (r cnsequence) f nt prperly perfrming the business activity r the relevant risk eventuating. Damage can be quantified in terms f financial lss t clients and the GARDA Capital Grup itself. Impact is assessed as either: a. insignificant; b. minr; c. mderate; d. majr; r e. significant; 10 P a g e

11 Step 7. Step 8. Step 9. Step 10. Step 11. Step 12. assign the risk rating (r risk pririty) based n the cmbinatin f likelihd and impact (r cnsequence). The level f risk is assessed within the risk analysis matrix as either: a. very lw; b. lw; c. medium; d. high; r e. very high; Very high and high risks generally require regular Bard mnitring and reprting. It is typically sufficient fr medium risks t be managed thrugh nging senir management mnitring and supervisin. Lw and very lw risks are nrmally managed thrugh the implementatin f rutine prcedures; cnsider and dcument all significant measures and cntrls which treat the relevant risk; assess whether the existing measures and cntrls are adequate r whether further nes are required t effectively treat the risks. Allcate the respnsibility f mnitring the cntrl t treat the risk t the Risk Owner; n a regular and rutine basis dcument the mst significant current and emerging risks and cnsider these at Bard level; raise awareness abut managing risks acrss the GARDA Capital Grup thrugh cmmunicating the Plicy and respnsibilities and prmting a culture f understanding risk and hw it can be effectively managed and mnitred; and mnitr and review nging risks and cntrls t ensure their effective management. 12 Risk Appetite Statement Risk appetite is the measure f risk that the GARDA Capital Grup is willing t take t pursue its business strategies and achieve its bjectives. Determining the amunt and type f risk it is willing t pursue r retain in respect f its business peratins is a key step in setting the cntext in which risk management is set. The risk appetite sets the tne and culture fr risk management acrss the GARDA Capital Grup and is cnsidered when peratinal bjectives and business strategy is set. The GARDA Capital Grup has identified that the fllwing material risks are faced by its business and the peratins f the Schemes: Strategic risk being any risk that arises ut f business strategies and business plans; Gvernance risk being any risk that threatens the ability f the GARDA Capital Grup t make reasnable and impartial business decisins in the best interests f members which may arise if the GARDA Capital Grup des nt have the apprpriate prcesses in place t: supprt sund and transparent decisin making that is nt influenced by cnflicts f interests; and ensure that decisins related t the Schemes are in the best interests f members. Operatinal risk being the risk f lss, fr the GARDA Capital Grup r Schemes resulting frm inadequate r failed internal prcesses, peple and systems r frm external events; Market and investment risk being the risk that the GARDA Capital Grup r the Schemes will nt meet stated bjectives as a result f investment risks including thse 11 P a g e

12 relating t investment gvernance and structure, market cnditins, prduct suitability and valuatin pricing; Liquidity risk being the risk that the GARDA Capital Grup will nt have adequate financial resurces t meet its financial bligatins and needs, either at the licensee level r at the Scheme level. The risk appetite f the GARDA Capital Grup is set based n the nature f activities it is invlved in and bradly it can be summarised as fllws: GARDA Capital Limited and GARDA Funds Management Limited which are primarily the entities which perate the Schemes as respnsible entity: have a lw appetite fr risk and expsing members t pr gvernance; have limited tlerance fr significant cmpliance breaches and member cmplaints; accept that they shuld prudently manage the peratins f the Schemes; and accept that they will need t make investment decisins which carry a measured level f risk in rder fr the Schemes t maintain their value and incrementally grw ver time. Registered Schemes: have a lw appetite fr business risk; has a lw appetite fr causing lss thrugh inadequate r failed internal prcesses, peple and systems r frm external events has a mderate appetite fr prudently maximising the revenue and capital value f its assets; have a mderate appetite fr prperty related peratinal risks which will enhance value; and in cntext, accept that their fcus is n prudently maximising the revenue and stability f its prperty and ther assets. 12 P a g e

13 13 Identificatin f Mst Significant Current and Emerging Risks The Risk Register tends t cntain risks which are mre static and therefre are reviewed n annual basis r as the cntext within which it has been set changes. Hwever, frm an peratinal perspective, the Bard and senir management need t remain nimble and dynamic in hw they cnsider, embed and manage business related peratinal risks. Accrdingly, at each regular Bard meeting, the MD is t reprt the Bard the mst significant current and emerging risks facing the GARDA Capital Grup. Such risks culd include, but are nt limited t, the fllwing: lan cvenants; assets letting; asset specific risks; interest rates; investr sentiment; cntinuus disclsure; and strategic plan and directin. Rutine cnsideratin f these current and emerging risks, including the likelihd f their ccurrence, their ptential impact and the adequacy f their mitigants at Bard level n a regular basis ensures that risk management is tp f mind and embedded in the GARDA Capital Grup s culture. 13 P a g e

14 Part C Operatinal Prcedures 14 Mnitring Cmpliance with the Plicy The MD (in cnjunctin with the Cmpliance Manager, where required) is respnsible fr mnitring cmpliance with this Plicy n at least an annual basis (r mre frequently as required) t ensure it remains cnsistent with the Australian Standard n Risk Management. As part f the mnitring prcess, the MD (in cnjunctin with the Cmpliance Manager, were required) will review external audit reprts and all ther relevant plicies, prcedures and registers t identify any instances f nn-cmpliance. This will als invlve a full review f the Risk Register. Any instances f nn-cmpliance by fficers, emplyees and/r agents f the GARDA Capital Grup will be reprted t the Cmpliance Manager (and subsequently the Bard). Instances f nn-cmpliance may als be treated as a ptential r actual breach and dealt with accrding t the Breach Management Plicy and Prcedure. Where instances f nn-cmpliance with the Plicy have been identified the MD (in cnjunctin with the Cmpliance Manager, if required) is respnsible fr determining and/r recmmending apprpriate remedial actin. Intentinal r reckless nn-cmpliance with this Plicy is nt tlerated by the Bard. Depending n the nature and extent f nn-cmpliance, remedial actin culd include: additinal training; additinal mnitring r supervisin; frmal reprimand; ntificatin t relevant regulatry bdy r industry assciatin; and terminatin f emplyment (in particularly serius cases). In determining what remedial actin will be apprpriate, the MD (in cnjunctin with the Cmpliance Manager, if required) may have regard t the fllwing matters: the number r frequency f similar previus instances f nn-cmpliance by the fficer, emplyee and/r agent (including r service prviders); whether the nn-cmpliance was intentinal r reckless; the impact the nn-cmpliance has n the ability f the GARDA Capital Grup t cntinue t prvide the financial services cvered by its relevant AFS licence; the actual r ptential lss arising t the GARDA Capital Grup r a client as a result f the nn-cmpliance; any ther relevant facts assciated with the nn-cmpliance; and any ther relevant issues raised. If systemic nn-cmpliance is the result f actin by a service prvider, then this is an event which shall be reprted t the Bard fr their cnsideratin. The Bard will cnsider what additinal mnitring and remedial actin may be required which culd include cnsideratin as t whether the service agreement shuld be terminated. 15 Review f the Plicy The MD, in cnjunctin with the Bard, shall review the cntents f this Plicy at least annually t ensure it remains current and relevant t the peratins f the GARDA Capital Grup. 14 P a g e

15 As part f the review, the MD, in cnjunctin with the Cmpliance Manager, shall als ensure that any related plicies r prcedures are reviewed by relevant fficers, emplyees and/r agents. The Cmpliance Manager shall cnsider, as part f the Cmpliance Plan testing, whether the reviews are being undertaken. 16 Recrd Keeping The MD and Cmpliance Manager are respnsible fr ensuring that the fllwing infrmatin in relatin t this Plicy is retained fr a perid f at least 7 years: all apprved versins f this Plicy (including details f their apprval); any relevant registers which relate t the Plicy; recrds evidencing cmpliance r nn-cmpliance with the Plicy; details f any reviews undertaken; evidence f inductin and nging training; and any ther dcumentatin relevant t the implementatin f and cmpliance with the Plicy. 17 Training n the Plicy As the Bard is cmmitted t ensuring the cntinued cmpliance with this Plicy, a prgram f regular training sessins will be prvided t staff bth when they cmmence and n an nging basis. Training attendance will be recrded in the Training Register and it is the respnsibility f the Cmpliance Manager t review whether relevant persnnel have attended apprpriate training. Inductin Training Where required, the MD will prvide training n the risk management plicy as part f the inductin training fr all relevant new fficers, emplyees and Respnsible Managers. Onging Training The MD will als prvide refresher training n the Plicy at least annually t all relevant staff (r as required where a material change is made t the Plicy). 18 Applying Discretin t the Plicy Ntwithstanding any requirement cntained in this Plicy, the Plicy Owner may apply, r authrise the applicatin f, reasnable discretin in cnsidering hw t apply the requirements f the Plicy. When applying discretin in relatin t a particular matter, the Plicy Owner shall have regard t the level f risk psed by that matter and relevant regulatry bjectives. Whenever discretin has been exercised in relatin t the plicy, it shuld be recrded and reprted t the Cmpliance Manager and Bard. 15 P a g e

16 19 Interactin with Cmpliance Plan and Cnstitutin T the extent that any prcedures set ut in this Plicy are incnsistent with the Cmpliance Plans r the Cnstitutin fr each Scheme, the prcesses set ut in the Cmpliance Plan and Cnstitutin shall take precedence. Any such discrepancies shuld be reprted t the Plicy Owner. 20 Related Plicies All ther plicies and prcedures in place fr the GARDA Capital Grup cntain prvisins which are directly r indirectly related t the cntents f this Plicy. 21 Further Infrmatin If yu need further infrmatin regarding this Plicy and hw it is implemented yu shuld cntact the Plicy Owner. 16 P a g e

17 Appendix A Legislative and Regulatry References The fllwing surces f infrmatin have been used in develping this Plicy: Crpratins Act: Crpratins Regulatins: ASIC Class Order: s.912a(1)(h) Nil. CO 04/194 Managed discretinary accunts Cmpliance Plan: Clause 4.25 AFS special licence cnditins: ASIC plicy/guides: Australian Standards: Cmmitments made t ASIC: Frms: Nil. RG 1 AFS Licensing Kit: Part 1 Applying fr and varying an AFS licence RG 2 AFS Licensing Kit: Part 2 Preparing yur AFS licence applicatin RG 3 AFS Licensing Kit: Part 3 Preparing yur additinal prfs RG 104 Licensing: Meeting the General Obligatins RG 259: Risk Management systems f respnsible entities Australian/New Zealand Standard Risk Management Principles and guidelines (AS/NZS ISO ) Nil. Nil. 17 P a g e

18 Appendix B Risk Definitins and Classificatin Risk Categries The Cmpanies have adpted eight risk management categries, based n key business functins. These categries are divided int main business functins within each, as well as sub categries: RISK CATEGORY Operatinal Risk Strategic Risk Legal and Cmpliance Risk Liquidity Risk Market Risk Peple Risk Infrmatin Technlgy Risk Insurance Risk RISK SUB CATEGORIES Investment Management Service Prvider Management Administratin Sharehlders & Scheme Members Business Reputatin Cmpliance Management Legal Cntract & Obligatins Prfessinal Advice Financial Management External Risk Human Resurce Management Systems failure Insurance Management Definitins f Risk Categries Descriptr Example Descriptin Operatinal Risk Operatinal and Investment events. Strategic Risk Implementing Strategies. Legal and Cmpliance Risk Legal and Regulatry cmpliance. Liquidity Risk Being unable t fund peratins r cnvert assets int cash. Market Risk Changes in market and ecnmy. Peple Risk Human resurces. IT Risk Risk f systems failure. Insurance Risk Adequacy f insurance plicies. 18 P a g e

19 Qualitative Measures f the Likelihd Descriptr Cmmn Likely Pssible Unlikely Rare Example Descriptin This risk is almst certain t ccur mre than nce in the next 2 years. This risk is almst certain t ccur nce ver the next 2 years. This risk culd pssibly ccur at least nce in the next 2 5 years. This risk is unlikely t ccur in the next 2 5 years. This risk will prbably nt ccur within the next 5 year perid. Qualitative Measures f the Cnsequence r Impact Descriptr Significant Majr Mderate Minr Business Objectives Severe impact which threatens the ability f the GARDA Capital Grup t sustain nging peratins. High impact n the achievement f the GARDA Capital Grup s strategic business bjectives r ability t perate. Mderate impact n the achievement f the GARDA Capital Grup s strategic business bjectives r ability t perate. N material impact n the achievement f the GARDA Capital Grup s strategic business bjectives r ability t perate. Example Descriptin > $2 millin $1 millin t $2 millin $250,000 t $1 millin $50,000 and $250,000 Insignificant Negligible impact n the GARDA Capital Grup. < $50,000 Qualitative risk analysis matrix level f risk Cnsequences Likelihd Insignificant Minr Mderate Majr Significant Cmmn Medium High Very high Very high Very high Likely Medium Medium High Very high Very high Pssible Lw Medium Medium High Very high Unlikely Very Lw Lw Medium Medium High Rare Very Lw Very Lw Lw Medium Medium Overall Level f Risk & Risk Pririty Very High and High Risk regular Bard mnitring and reprting; Medium Risk nging senir management mnitring and supervisin; and Lw and Very Lw Risk managed by rutine prcedures. Residual Risk Lw the identified cntrls reduce risk t an acceptable level; Medium additinal cntrls shuld be identified and implemented as a pririty; and High urgent attentin must be allcated t identifying and implementing additinal cntrls. 19 P a g e

20 Appendix C Risk Register The Risk Register is maintained as a separate dcument, which shuld be read n cnjunctin with this Plicy. 20 P a g e