ASIC’s expectations of responsible entities when complying with 912A(1)(h) to have adequate risk management systems is outlined in its regulatory guidance – RG 259 Risk Management Systems of Responsible Entities. When introduced in March 2017, ASIC allowed a facilitative approach. This ceased on 27 March 2018, which could mean a tougher stand from the regulator for any breaches. The journey to this point has been an arduous one, building on several proactive inquiries, surveys and two consultation papers, that were undertaken by the regulator over the past five years, with different types of publications released over that time as per the diagram below. Background There has been a significant change in the fund management industry over the last few years. As per the regulatory impact statement on RG 259, the number of registered schemes has doubled since 2002, from approximately 1806 to 3619. And there are around 448 registered entities. In 2015, ASIC did a proactive survey of 118 responsible entities and found some significant inconsistencies between their risk management practices. Some were more robust than the others; some did liquidity and stress testing while others didn’t; and many relied heavily on external service providers. In addition to this there have also been new innovative schemes, and offshore and alternative investments with unique risks to be managed. What is in RG 259? The guidance is structured around the three key elements of a RMS: Establish the RMS Identify and assess the risks and Manage risks For each of these elements, ASIC has outlined its expectation for compliance with s912A(1)(h). It has further provided good practice guidance which is not mandatory. Who does it apply to? This is primarily designed for responsible entities of registered schemes. However, ASIC has clearly stated that this is also ‘relevant for’: Responsible entities not currently operating a scheme IDPS and MDA operators and Operators of unregistered schemes. Timeline RG 259 is applicable from its issue date 27 March 2017. Submissions received in response to the consultation paper 263 requested transition periods of 6-18 months. The regulator rejected on the basis that the REs have an existing legal obligation under the Corporations Act to have an adequate RMS. This RG is ASIC’s view of that existing requirement. However, ASIC proposed to take a ‘facilitative approach’ to any breaches of this guidance for 12 months. This was to assist those REs who are working to bring their RMS into compliance with the expectations. This facilitative period ended on 27 March 2018. What now? If you are a Responsible Entity of a registered scheme, we highly recommend that you review your Risk Management Systems against the expectations in RG 259. Appropriate documentation is critical to be able to demonstrate compliance. Some examples of expectations include: Review your risk management systems at least annually Maintain risk registers and include relevant risks categories at both responsible entity and scheme level Conduct stress testing and/or scenario analysis of liquidity risks at least annually Based on the nature, size and extent of the activities of the responsible entity and the underlying schemes, you may consider adopting the good practice guidance contained in RG 259. Some examples include: Comprehensive review of your risk management systems every three years Use risk indicators and regularly report to board and senior management Regular stress testing and scenario analysis of all material risks For the full content of RG 259 click here.