FIDLEG SOLUTION - News 4/2019

Risk Management and Compliance of Swiss Asset Managers according to FinIA

Pursuant to art. 2 para. 1 of the new Financial Institutions Act (FinIA), asset managers who are currently "only" subject to the Ant Money Laundering Act (AMLA) will be deemed to be financial institutions which, on the basis of art. 5 para. 1 FinIA, require a licence from FINMA and, on the basis of art. 7 para. 2 FinIA, are supervised by a supervisory organisation. In addition, based on art. 7 para. 1 FinIA, they must also fulfill the general requirements set out in section 2 of FinIA (i.e. art. 5 - 16 FinIA) and the specific requirements for asset managers (i.e. art. 17 - 23 FinIA).

WHAT DOES FINIA REQUIRE IN TERMS OF RISK MANAGEMENT AND COMPLIANCE?

In general, art. 9 FinIA requires every financial institution (and thus also every asset manager) to lay down appropriate corporate governance rules and to be organised in such a way that it can fulfill its legal obligations (para. 1). Paragraph 2 becomes somewhat more concrete and calls for the following:

2 It shall identify, measure, control and monitor its risks, including legal and reputational risks, and organise effective internal controls.

This means that every asset manager must have risk management and compliance in place that covers not only investment risks, but also legal and reputational risks, and thus probably the entire business area. This is also explicitly stated in the message.

Based on this, art. 21 FinIA clarifies for asset managers:

1 Portfolio managers and trustees must have an appropriately defined risk management system in place as well as an effective internal control structure to ensure, among other requirements, compliance with legal and internal provisions.

2 The tasks of risk management and internal control may be carried out by a qualified manager or delegated to one or more suitably qualified employees or to a qualified external entity.

3 Persons who carry out the tasks of risk management and internal control may not be involved in the activities which they supervise.

At first glance, it is assumed that para. 3 is important. This provision requires that risk management and compliance must be functionally and personally independent and separate from the bodies to be audited. This is usually also the case with financial institutions. Anything else would make no sense, as otherwise the persons entrusted with risk management and compliance would check themselves. This would mean, however, that very small asset managers, especially one- or two-man businesses, would no longer be permitted. Because this rule would require that an asset manager must have on the one hand at least one person entrusted with asset management / customer service, but on the other hand also at least one person plus deputy entrusted with risk management and compliance.

This art. 21 FinIA would undoubtedly have been a bitter blow for many small asset managers who, therefore, feared for their business model. And it can rightly be assumed that this art. 21 para. 3 FinIA alone would have set the consolidation of the asset management industry in further motion. But perhaps this is not the case after all.

THE DRAFT FINIO PROVIDES FOR A RELIEF

The concept of the offer is, therefore, narrower than that of distribution. This is particularly noticeable in two respects: On the one hand, the offer requires that it contains sufficient information to enable a conscious decision to be taken. On the other hand, pure advertising is not covered by the concept of offer. The draft Financial Institutions Ordinance (FinIO) is now available and it confirms in art. 6 para. 3 FinIO the purely organisational requirements according to art. 9 FinIA:

3 Risk management must cover the entire business activity and be organised in such a way that all significant risks can be identified, assessed, controlled and monitored.

Art. 19 FinIO, however, seems to bring the great relief of art. 21 FinIA. It sets out this provision:

1 Asset managers and trustees regulate the main features of risk management and determine the asset manager's or trustee's willingness to take risks.

2 The independence of risk management and internal control from profit-oriented activities is not required if the asset manager or trustee:

  1. has a company size of five or fewer persons or an annual gross income of less than CHF 1.5 million; and
  2. there is a business model without increased risks.

3 If the annual gross income exceeds CHF 10 million, FINMA may, if the scope and nature of the activity so require, require the appointment of an internal auditor who is independent of management.

This provision means that independent and separate risk management and compliance are not required if

  • the asset manager employs a maximum of five people (probably 5 FTE); or
  • has an annual gross income of less than CHF 1.5 million; and
  • there is a business model without increased risks.

While the first two criteria offer little scope for interpretation, the third criterion, the business model, probably requires an overall analysis. This should above all take into account the origin and size of the customers.

As advantageous as this provision is for small asset managers in particular, it is clearly contrary to art. 21 FinIA. It remains to be seen how the Federal Council will deal with this contradiction when issuing the FinIO.

WHAT DOES THAT EXACTLY MEAN?

On the assumption that art. 19 draft-FinIO will be included in the final form of the FinIO, the question now arises as to exactly what this means.

From a personnel point of view, this means that

  • ­every asset manager must have risk management and compliance in place;
  • ­risk management and compliance must in principle be independent of the bodies to be monitored;
  • ­this independence is not required if the limits set out in art. 19 draft-FinIO are not reached
  • ­If these limits are not reached, however, it must at least be ensured that independent risk management and compliance are in place when these limits are reached.

From an organisational point of view, small asset managers in particular, i.e. asset managers with non-separated risk management and compliance, require that

  • ­Risk Management and Compliance is organized as a structured process;
  • ­the structured risk management and compliance process is meticulously adhered to, even if it reveals errors or misconduct on the part of the auditors;
  • ­­­Compliance with the structured risk management and compliance process is documented;
  • ­­the structured risk management and compliance process also regulates how to proceed in the event of detection of errors / misconduct.

All this requires that risk management and compliance are regulated in internal directives - which can be purchased as part of the FIDLEG SOLUTION package.

RISK MANAGEMENT AND COMPLIANCE CAN BE OUTSOURCED

As is already the case under current law, the FinIA also provides that certain tasks may be delegated to third parties. Art. 14 FinIA stipulates this:

1 Financial institutions may only delegate a task to third parties who possess the skills, knowledge and experience required for this activity and the necessary licences. They carefully instruct and supervise the third parties involved.

2 FINMA may make the transfer of investment decisions to a person abroad subject to the conclusion of a cooperation and information exchange agreement between FINMA and the competent foreign supervisory authority, in particular if foreign law requires the conclusion of such an agreement.

This means that:

  • ­­outsourcing is permitted;
  • ­­­the outsourcing asset manager must ensure that the third party has the necessary skills, knowledge, experience and licences;
  • ­­­the outsourcing asset manager instructs and supervises the third party.

Art. 9 draft-FinIO requires that

  • ­no tasks are delegated that fall within the decision-making authority of the Executive Board and the Board of Directors;
  • ­­­­the delegation does not impair the adequacy of the business organisation;
  • ­the delegating asset manager remains responsible for the delegated activities;
  • ­­the delegation is regulated in written contracts.

In addition, the financial services provider also has to satisfy the organisational measures pursuant to art. 21 ss. FSA.

To this end, Kellerhals Carrard and its experienced team of lawyers offer outsourcing opportunities in the areas of risk management and compliance. Find out more here or contact us here.

THERE IS MORE TO COME…

The next issue of FIDLEG SOLUTION – News will deal with client segmentation according to FinSA, which under FinSA will be mandatory for every financial service provider and therefore also for every asset manager.

Your FIDLEG SOLUTION Team
www.fidlegsolution.ch


© 2019 FIDLEG SOLUTION. All rights reserved.