Sarah Lane outlines the top 10 questions that should be on the minds of directors and management teams.
In March 2017, the Central Bank of Ireland published the Central Bank Investment Firms Regulations. This document consolidates all requirements for investment firms into one document, which is timely given the imminent overhaul of EU legislation for markets in financial instruments. For example, MiFID II will go live on 3 January 2018 while other ongoing regulatory changes continue to affect the industry. These include European Market Infrastructure Regulation (EMIR), Base Erosion and Profit Sharing (BEPS) and General Data Protection Regulation (GDPR).
The regulations supplement existing legislative requirements, most notably MiFID (European Communities (Markets in Financial Instruments) Regulations 2007) and the Investment Intermediaries Act 1995. While the majority of regulations remain the same, there are some new requirements – particularly for fund administrators.
Below, we summarise the top 10 questions for directors and management teams of the affected entities.
1. Who do the regulations apply to?
The new regulations apply to investment firms, certain investment business firms (excluding retail intermediaries) and fund administrators.
2. What is the application date of the regulations?
The Central Bank Investment Firms Regulations (S.I. No 60/2017) came into force on 7 March 2017.
3. What is the background to the legislation?
The Central Bank consulted twice in relation to the regulations, first of all in CP 97 (Investment Firms Regulations) and secondly, in CP 100 (Risk Assessment and Capital Planning for Fund Administrators).
The regulations are legislated for through a statutory instrument. Therefore, non-compliance may constitute a prescribed contravention under Part IIIC of the Central Bank Act 1942, giving rise to Central Bank enforcement action.
4. Which sections apply to MiFID investment firms?
MiFID investment firms are subject to the requirements detailed in Part 2 (including relationship with the Central Bank, internal audit requirements and reporting requirements). Investment business firms that are not fund administrators are subject to the requirements in Part 2 and Part 3 (additional supervisory requirements, including organisational requirements and telephone recording).
5. What topics do the regulations cover for MiFID investment firms?
The general requirements for MiFID investment firms can be split into the following broad headings: relationship with the Central Bank; acquisition and disposal of assets; internal audit requirements; change in auditor; and reporting requirements.
There are also additional supervisory requirements for investment business firms including: organisational requirements; client borrowing; books and records; and telephone recording.
6. What guidance did the Central Bank issue alongside the regulations?
The Central Bank published guidance on the following topics: relationship with the Central Bank; fund administrators outsourcing; and own funds, risk assessment and capital planning for fund administrators.
The Central Bank, on the same date, also published the Central Bank Investment Firms Regulations Q&A to set out answers to queries likely to arise in relation to the new regulations.
7. Which sections apply to fund administrators?
Fund administrators are subject to the requirements in Parts 2-5 (including requirements around directors, client assets, fund prospectus, outsourcing and capital adequacy). It is important to note that the obligations of fund administrators under the regulations and the guidance apply to both Irish and non-Irish administered funds and also apply equally to intra-group outsourcing arrangements.
8. What topics do the regulations cover for fund administrators?
The regulations replace Chapter 5 of the AIF Rulebook entitled Fund Administrator Requirements, and include those requirements outlined above as well as the following:
- Fund prospectus;
- Client assets;
- Directors: residency is now defined as being present in the State for 110 working days;
- Outsourcing: a new annual return to the Central Bank is required (see question nine below) and certain activities are prohibited from being outsourced (see question 10 below); and
- Own funds and capital adequacy requirements for fund administrators: similar to the Capital Requirements Directive (CRD), there is a requirement to develop a risk analysis and capital adequacy assessment process which is documented to identify, assess and manage risk.
9. What is the annual outsourcing return requirement for fund administrators?
The Central Bank issued a letter to all fund administrators on 7 March 2017, which emphasised that requirements on the outsourcing of administration activities in relation to investment funds are structured so that all fund administrators maintain a consistent standard of oversight of Outsourcing Service Providers (OSPs) and retain ultimate responsibility for the outsourced activities.
The letter stated that between 48-61% of fund administration activities were carried out by OSPs as at 31 December 2015, based on the five larger Irish fund administrators they reviewed. To that end, the new regulations require fund administrators to submit an outsourcing return to the Central Bank annually, which contains the following information at the end of the calendar year:
- All outsourcing arrangements entered into by the fund administrator;
- The location of the outsourcing service provider;
- The date from which the fund administrator was permitted to enter into the outsourcing arrangement; and
- The names of all investment funds in the event that the fund administrator has outsourced the release of the final net asset value (NAV) where permitted (under permission from the Central Bank).
It is important to note that governance and oversight of outsourcing remains a key control for the directors in order to ensure they minimise potential risks arising from outsourcing. The Central Bank included observations and recommendations regarding outsourcing arrangements within Irish fund administrators, which should be adhered. The recommendations include a documented, formalised outsourcing policy and the establishment of an outsourcing committee.
10. What activities cannot be outsourced for fund administrators?
The Central Bank guidance for fund administrator outsourcing dictates that core management functions shall not be outsourced in order for the fund administrator to exercise adequate and effective control and decision-making. Core management functions include:
- Setting the risk strategy;
- Setting the risk policy;
- Setting the risk-bearing capacity of the fund administrator;
- Management functions, such as the setting of strategies and policies in respect of the fund administrator’s risk profile and control;
- Oversight of the operation of the fund administrator’s processes;
- The final responsibility towards clients and the Central Bank;
- Maintenance of the shareholder register; and
- The check and release of the investment fund’s final NAV.
Sarah Lane is Director, Financial Services Risk & Regulation, at Mazars.