In July 2018 ASIC issued its Regulatory Guide 132: Funds Management: Compliance and Oversight (" RG 132") which looks into what constitutes an effective and responsive compliance management system for a fund manager under the financial services laws.
While RG 132 applies primarily to responsible entities of registered managed investment schemes some parts of it apply to the operator of an IDPS as well as what ASIC refers to as "wholesale scheme operators" – that is, trustees of unregistered managed investment schemes who hold an AFSL.
Given the large proportion of fund managers that are wholesale scheme operators it is worth looking into what ASIC requires such operators to comply with under RG132 and also to look into what general guidance in relation to compliance can otherwise be gleaned.
Registered, unregistered or unregulated?
From a financial services regulatory perspective there are 3 categories of managed investment schemes:
- Unregulated – funds with less than 20 investors and where the promoters are not in the business of promoting managed investment schemes. These funds are not financial products and are, therefore, outside of the financial services laws. The exclusion of these funds is designed to ensure that the large number of private and family trusts are not covered by those laws – but it does allow a small scale investment fund to be operated in limited circumstances.
- Regulated – the remaining schemes further divide into two
- Unregistered – where offers to investors do not require a product disclosure statement (e.g. where investors are wholesale clients).
- Registered – all other schemes. As the name implies these funds must be registered with ASIC and are subject to a much more onerous regulatory regime than unregistered schemes. However, they have no limits on the number or types of investors that they can be offered to.
All regulated funds are financial products and the trustee must hold an AFSL and meet regulatory capital requirements. Beyond that, most of the disclosure and conduct rules apply only to registered schemes.
What does ASIC require?
Under RG 132 ASIC splits compliance and oversight obligations into 4 areas:
- Compliance management systems.
- Compliance plans.
- Compliance committees.
- Compliance plan audits.
All operators of regulated funds must have a compliance management system. However, only registered schemes are legally required to meet the additional obligations.
Traditionally, a compliance program would be set out in a written compliance plan, operationally supervised by a compliance manager and monitored by a compliance committee. This is the basis of the current law for registered schemes which was originally introduced in 1998.
However, advances in the digital delivery and storing of information and the development of proprietary online compliance management software have resulted in a move from that traditional structure to an approach that looks at compliance as an integrated operational system.
What is a compliance management system?
Given that ASIC will expect wholesale fund operators to have a compliance management system what does one actually look like?
ASIC defines a compliance management system at RG132.33 as
"... an integrated system comprised of written documents, functions, processes, controls and tools that help an organisation comply with its legislative requirements, industry codes, standards of good corporate governance, best practices, ethics and community expectations."
This definition aligns with the international standard for compliance management systems: AS ISO 19600:2015. That standard provides generic guidance on the key considerations that should be addressed in developing a compliance management system.
Meeting your compliance obligations will, obviously, vary with the nature, scale and complexity of your operations, the number of funds and investors and the investment activities. It is not possible to provide guidance as to specific compliance procedures in an article such as this.
ASIC also refers to the commonly adopted "3 line defence" compliance model which comprises:
- Operational compliance controls at the "coal face" of the business.
- An independent internal compliance function to monitor operational compliance.
- Internal and external audit and assurance oversight.
Is your compliance management system fit for purpose?
In our experience, a fit for purpose compliance management system should address the following areas:
- developing a corporate culture that expresses the operator's values, objectives and a commitment to compliance;
- identifying the applicable licensing regimes and product areas of relevance;
- the identification and risk assessment of applicable compliance obligations within those areas;
- developing organisational support such as through the appointment of qualified compliance staff (with defined roles and responsibilities) and a dedicated compliance committee (with a formal charter);
- direct compliance reporting channels to senior management and the directors;
- the implementation of an effective compliance policy and procedures (preferably through an online system) which establishes compliance controls and systematic monitoring;
- appropriate record keeping, documentation and audit trails;
- appropriate periodic report preparation and analysis;
- procedures for reporting and assessment of compliance incidents;
- staff induction and ongoing training on compliance obligations;
- the operation of a complaints handling system and remediation process;
- potential adverse consequences for staff involved in compliance failures coupled with whistle-blower protections;
- periodic reviews and updating of the system to reflect regulatory developments and as an ongoing improvement exercise; and
- prompt implementation of adjustments to the system to reflect periodic reviews, complaints and identified compliance failures.
Many of these areas are considered in detail by ASIC under RG 132.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.