Remarks delivered at Asset Management Independent Non-Executive Directors’ Day
I am pleased to join you at this Asset Management INED event and I would like to thank PWC for this opportunity to speak to you all here today.
In my remarks I will cover:
- Fund Management Company Effectiveness (better known as CP86);
- Some key topics from a regulatory perspective; and
Important role of INEDs
But first, in light of those in attendance, let me touch on the importance of the role you all play as INEDs.
As part of a well-functioning board, INEDs can bring objectivity to discussions and offer fresh ideas while also availing of their wide breadth of experience and knowledge to ensure a firm is effectively governed and operating a sustainable business model with a client-centric focus.
Moreover, in my view to fulfil this role effectively, there are three key elements that INEDs must demonstrate:
- Challenge: As an INED, it is imperative that you hold the board and senior management to account. I would even go so far as to say that this is at the core of your role. Therefore you must embrace your responsibility to challenge and to ask the hard questions concerning the quality of information or reporting to the board, the strategic direction of the firm, the culture that prevails, the emerging risks to the business model and so on.
- Independence: INEDs must maintain their independence to perform their distinct role and on that note, I would pose the question – can someone who has sat on a board for a considerable length of time still be considered independent?My concern here is that INEDs could easily stray into executive territory whereby they know the business inside out and begin to think like an executive instead of being a source of strength by providing robust challenge and independent counsel.
- Diversity: As highlighted in a recent address by the Central Bank’s Deputy Governor Ed Sibley, higher levels of diversity at senior levels can contribute to reducing the likelihood of groupthink, enhancing risk management and reducing overconfidence thereby improving decision making (Sibley, 2019).
As an INED, do you bring something different? Diversity of thought, experience, background or is it the case that you and your fellow board members are all “cut from the same cloth”.
To be brief, an INED role is a serious commitment which also carries a considerable level of responsibility. When it is done well, by committed and dedicated individuals, it has a significant positive impact on the firms they represent.
Fund Management Companies
In speaking about the role of the INEDs within the asset / wealth management sector, perhaps I can narrow my focus to fund management companies and CP86.
First and most importantly, we must not forget that it is the board that is the responsible body for ensuring that the fund management company is being run properly and that this is no different to the obligations placed on the board of directors in other industries.
Needless to say, while the Central Bank accepts that delegation is a part of the business model of the funds industry, no firm can ever delegate their responsibility. Therefore as regulators it is the fund management company that we hold to account should it or its delegates fail to meet their obligations to the funds and their investors.
In this regard, directors and in particular INEDs, must be able to demonstrate that they are satisfied that the fund management company for which they are responsible for, is operating as it should be.
To expand on this point, it is the board that is responsible for ensuring that all the necessary processes, policies, procedures and resources are in place within the fund management company to allow the firm to carry out its obligations, and just as important, that they are operating as expected and delivering their intended outcomes. This is a really significant point to note, it is not just good enough to say that the firm had all the necessary policies and procedures in place, you need to ensure that on a day to day basis they are being carried out.
You deliver this through the independent challenge that you provide to the executive team and by ensuring that the important day-to-day tasks are being completed and that there is sufficient substance in place to carry them out.
Fund Management Company Effectiveness (CP86)
Clearly I am making this statement with CP86 front and centre in my thoughts and on that note, you may be interested to hear that our work in assessing how CP86 has been implemented is continuing at pace.
The first phase of the review entailed the issuance of a questionnaire to over 300 in scope firms. This included UCITS management companies, AIFMS, self-managed UCITS and self-managed AIFs.
Based on our analysis of the questionnaire responses, we have now progressed to the desk-based review phase and following on from this, we expect that a series of onsite inspections will commence in November 2019 which will continue into Q1 2020.
Although the thematic review still has a distance to travel, I envisage that this body of work will be completed in H1 2020 and I expect that we will be communicating with industry in some form in the second half of next year. As with any thematic review undertaken by the Central Bank, this could include further consultations in terms of the domestic regulatory framework and the issuance of an industry letter outlining good or poor practices identified. Of course there may also be firm specific Risk Mitigation Programmes should we identify critical risks that require mitigation action.
This work is being driven domestically in that it is standard for the Central Bank to assess how any new piece of regulation has been implemented by industry. More broadly, as I have said in the past, this work is also a direct result of the uplift in authorisation cases we have been presented with since the Brexit vote in 2016.
Reviewing these applications for authorisation, against the backdrop of a funds sector that continues to grow in nature, scale and complexity, has given us a more detailed insight as to what is required of Designated Persons and boards under CP86. As a result, this has accelerated the need to undertake the review this year.
This broader consideration is important because a jurisdiction such as Ireland, with a large funds industry, must be in a position to demonstrate that the fund management company model, as prescribed by law, can be operated successfully.
In order to do this, it is necessary to show that any delegation, including the delegation to an investment manager, can be carried out in such a way that the management company is able to robustly oversee the activities of the delegate and challenge if any deviation from the requirements emerge. If a funds domicile cannot demonstrate that, then it will not be successful in convincing European peers that the funds can operate effectively, to a high standard, on a cross border basis.
Hot topics – from a regulatory perspective
At this juncture and given the panel session that will follow, let me move away from CP86 and briefly speak about a number of other hot topics that you need to consider in your role as an INED.
- Sustainable Finance: We in the Central Bank have been steadily advancing our work on sustainable finance over the past year. Internally for instance, we have established a dedicated working group which serves as a forum to keep track of the various strands of work in this area, and also acts as a sounding board in developing the Central Bank’s sustainable finance policy.Wider afield, the Central Bank has been active in joining international networks that are focussed on sustainable finance. This includes the Network for Greening the Financial System (NGFS), setup in order to help strengthen the global response required to meet the goals of the Paris agreement and to enhance the role of the financial system in managing climate-related risks. We are also actively involved in IOSCO’s Sustainable Finance Network and, most recently, the UN-led Sustainable Insurance Forum.Moreover, in an ESMA context, we have recently seen the publication of technical advice to the European Commission on the integration of sustainability risks and factors, into MiFID II, AIFMD and UCITS Directive. This follows on from last year’s publication of Guidelines on certain aspects of the MiFID II suitability requirements by ESMA.All in all, things are moving at pace in sustainable finance. Directors must therefore be alive to these developments and consider the implications in the performance of their roles and what steps need to be taken for your firm to contribute to the development of a more sustainable financial system.
- Cyber Security: Members of the Central Bank’s Technology Risk Team have recently completed a thematic inspection on cybersecurity risk across four asset management firms with varying business models.The purpose of the inspection was to determine the adequacy of cybersecurity controls and cybersecurity risk management practices of the inspected firms and also to identify good practices and common issues in order to raise industry standards.At this point in time, we have issued Risk Mitigation Programmes to all of the firms included in the thematic and an industry letter will follow in due course. Once this letter is issued, I would encourage all firms to consider the findings identified against their own cybersecurity risk management practices to establish whether any of the findings identified also exist within their firm and, where necessary, take steps to remediate any issues or weaknesses.To this end, whilst some firms have made good progress in areas such as IT asset inventories and security incident management, many of the weaknesses highlighted in the Central Bank’s 2016 Cybersecurity Guidance are still prevalent in firms three years later.
We have found that boards are still not ensuring cybersecurity is embedded in their firms, which should be achieved through a mixture of awareness, building and enhancing resilience capabilities, and displaying adequate governance and oversight of the firms’ cybersecurity risk profiles.
To summarise, cybersecurity risk management is a practice that remains underdeveloped in the asset management industry and firms must give more consideration and support to identifying and managing the different threats they are exposed to, whilst recognising that the inherent risks of IT are continuously increasing.
- Corporate Governance: Earlier this year we completed a thematic review to evaluate the approaches in use regarding compliance, risk and internal audit services which form part of two of the three lines of defence.The thematic focussed on firms across both the fund service providers and MiFID sectors and one of the key findings from this body of work is that boards and senior management are not spending enough time reviewing the control frameworks in place. The risk environment that firms are faced with is continuously changing and therefore your control framework must be reviewed on a frequent basis, not just at the time it was introduced.In addition to the above, for a number of firms it was found that the risk framework document which underpins a firm’s operations, was not complete or being kept up to date. As a member of the board, you need to ensure that this document is reviewed on an annual basis and that it reflects not only the risk environment that your firm operates in but also has a clear outline on how these risks will be managed in line with the firm’s risk appetite.It is envisaged that an industry letter will be issued in the coming months and similar to the cyber security letter, I would encourage all firms to consider what actions need to be taken, if any, in light of the issues raised therein.
- Liquidity Management: In the funds industry, this is a topic that is currently getting a lot of attention. And on that note, in August the Central Bank wrote to all external fund management companies and internally managed funds regarding the importance of ongoing, effective liquidity management and ensuring compliance with relevant legislation and regulatory obligations for UCITS and AIFs.The letter highlighted the importance of the execution of an appropriately calibrated liquidity risk management framework for each fund under management, taking into account on an ongoing basis: (i) dealing frequency of the fund; (ii) the fund’s investment strategy; and (iii) the fund’s portfolio composition and investor profile.We noted that this might involve daily and intra-day monitoring and identified liquidity stress testing as a key part of the monitoring process, noting that liquidity and investor demands can change quickly and without warning.The letter emphasised that the use of liquidity management tools such as duties and charges, gates and suspensions should be transparent and proportionate, taking into account the best interests of the investors.
To ensure that the liquidity position of each fund under management is in line with the respective redemption policy, the Central Bank expects Fund Management Companies to conduct ongoing assessments of the liquidity position of each fund’s portfolio, taking into account potential investor redemption requests.
From a disclosure perspective, all fund documentation should be clear, accurate and in line with relevant legislative and regulatory requirements. The letter also reiterated that responsibility for liquidity risk management (including all legislative and regulatory obligations) of each fund under management rests with the board and the relevant Designated Persons.
- The Regulatory Landscape: The regulatory landscape continues to evolve and perhaps I can hone in on some key areas that I believe will warrant your attention at board level over both the short and long term.
On outsourcing for instance, the EBA’s guidelines on outsourcing arrangements entered into force last week and are applicable to all entities under the EBA’s mandate – namely credit institutions, investment firms subject to CRD as well as payment and e-money institutions. However, the principles are equally relevant to fund management companies.
In particular, the guidelines clarify that the management body of each institution remains responsible for that institution and its activities at all times.
From a Central Bank viewpoint, we have undertaken a considerable body of work on this topic which culminated in the publication of a paper last November titled ‘Outsourcing – Findings and Issues for Discussion’ (Central Bank, 2018). And while we accept that outsourcing is an integral part of the business model for many firms, it should never lead to a regulated entity becoming an empty shell with no substance and in your role on the board, you must not lose sight of your obligation to challenge management on the suitability of the outsourcing arrangements in place.
Moreover, you may be aware that the Central Bank is now accepting and considering applications under the Benchmark Regulation. A separate benchmark issue on our regulatory agenda is the transition from IBOR to alternative reference rates. At this stage, impacted firms should have clearly identified their transition strategy and begun work on the necessary changes in order to avoid a disorderly and chaotic move. Like Brexit, you can expect to be queried by the Central Bank as to the level of progress and each firm’s readiness for transition.
What’s more, the European Commission is currently in the process of carrying out a review of the AIFMD and while a timeline remains uncertain, I expect that it will be a topic of consideration for policy makers in the coming months.
Since its introduction in 2013, there is no doubt that AIFMD has played a major role in developing the EU market for AIFs. However, there is more that could be done to support the EU’s internal market for AIFs and this review is an excellent opportunity to consider what exactly is required.
Finally, the European Commission is also in the process of introducing a new bespoke prudential regime for investment firms (European Commission, 2019).
The IFR aims to be an appropriate, tailored and proportionate prudential regime that will categorise investment firms based on their nature, scale and complexity, each category of investment firm will have a differing set of requirements.
During the preparatory stages for MIFID II, I spoke to the merit of effectively preparing to meet the challenge which MIFID II presented. I would now call on the boards of investment firms to start considering the new prudential regime. For example has your firm considered if it will be a small and non-interconnected firm? If it is likely that your firm is going to be a “class two” firm, have you started to consider what needs to be done to determine the firm’s own funds requirements?
In short, these are live industry topics and you should expect regular supervisory engagement on a number of them throughout the course of the next 12 months.
Before I conclude, I think it would be remiss of me not to refer to Brexit.
I will take this opportunity to repeat the recent remarks of Deputy Governor, Ed Sibley (Sibley, 2019), in that the Irish financial system as a whole is sufficiently resilient to withstand a hard Brexit.
And while the immediate cliff-edge risks of a no-deal Brexit are broadly manageable, with less than one month to go, now is not the time to be complacent. Firms must continue to prepare for all plausible scenarios, to consider how Brexit will impact their business models and also ensure that they have contingency plans in place that are tried and tested.
At the same time, in your role on the board, I expect that Brexit will be one of the main topics discussed at your meetings this month and over the course of your engagement with the executive team. Underpinning such discussions should be a clear focus on the material risks presented by a hard Brexit, business continuity post the 31st October and the duty of care that your firm has to its clients and investors.
In the case of those firms that have recently been authorised, I must emphasise how important it is for you to build out your operations in line with any conditions included in the letter of authorisation. As I have highlighted in an address back in June, compliance with licence conditions is not optional, and breaches are treated seriously by the Central Bank (Hodson, 2019).
Lastly, as supervisors we continue to play our part and have enhanced our industry engagement in recent weeks with a Brexit questionnaire issued in August covering operational readiness, cyber security and also the risks associated with Brexit – both known and potential. All responses have now been received and the analysis we have since completed will feed into our ongoing supervision work and engagement with firms over the coming weeks.
I will stop there.
With the Rugby World Cup currently in full swing, I am reminded of a well-known phrase that is often associated with the All Blacks – “leave the jersey in a better place”.
Such a phrase is designed to give players a compelling sense of purpose and it also serves as a reminder that it should be their actions that remain after them once they have retired.
In this context, I wonder what your legacy will be as an INED and indeed mine as a regulator. At a minimum I hope one day we will all be able to look back and say that in the face of a changing landscape and a great deal of uncertainty, we stood up and met our responsibilities for the good of clients, the sector and the wider society.
Thank you for your attention.