www.pwc.com.au

RG 259 – Risk management systems of responsible entities

Issued March 2017

The Corporations Act requires licencees to have adequate risk management systems in place. Previously there was limited guidance on this, and consequently, ASIC has issued RG 259. ASIC has stated that there is no transitional period for compliance, but they will take a facilitative approach until March 2018.

What do you need to do?Some of the key aspects of the guide requires a responsible entity to:

• Document its risk appetite statement which aligns to the strategic risks of the responsible entity at the entity and scheme level

• Foster a strong risk management culture across the organisation • Assess the level and detail of documentation prepared around

material risks at both the responsible entity and scheme level, particularly around risks that affect consumers or market integrity

• Conduct an annual objective review to determine whether the risk management systems have been complied with and are operating effectively

Good practice guidance encourages a responsible entity to:

• Conduct regular stress testing and scenario analysis of all material risks, particular focused on investment and liquidity risk

• Adjust the managed investment schemes’ compliance plan to ensure key risks are managed on an ongoing basis if they are not already covered.

How can PwC help ?

Independent annual and comprehensive review of compliance with RG 259

Prepare gap analysis and independently challenge approach

Review existing systems, processes, controls and documentation to ensure fit for purpose

Assess requirements of RG 259

Expectations for compliance – what you need to doRG 259 section Expectations for compliance with s912A(1)(h) Good practice guidance

Establishing a risk management system

• Maintain documented risk management systems, including: – Clearly defined roles and responsibilities – Policies and procedures for identifying, assessing and

understanding each of the material risks of the responsible entity’s business and schemes operated

– Policies and procedures for ensuring there are adequate controls in place to manage the risks identified

– Policies and procedures for ensuring there is adequate oversight of the risk management systems by both the party responsible for ownership of the risk and the compliance function, including appropriate reporting

– A policy or statement on the responsible entity’s risk appetite and the risk tolerance for each material risk identified

• Foster a strong risk management culture• Take into account relevant industry, local and

international guidance• Include, as a component of the risk management systems,

a liquidity risk management process• At least annually, conduct an objective review over risk

management systems• If relying on external service providers for risk management

functions, have sufficient skills to independently monitor and assess the performance of the service provider.

• At least every three years, conduct a comprehensive independent review

• Segregate functions to allow for independent checks and balances

• Establish a designated risk management function and/or risk management committee

• Appoint a chief risk officer • Publicly disclose appropriate details

of the responsible entity’s risk management systems.

Identifying and assessing risks

• Maintain one or more risk registers as part of the risk identification and assessment process

• Ensure that risk management systems address all material risks including (but not limited to) strategic risk, governance risk, operational risk, market and investment risk, and liquidity risk at both the responsible entity and scheme level

• When choosing methodologies for identifying and assessing risks, consider nature, scale and complexity of the business and ensure senior management involvement

• Adopt appropriate methods to assess risks.

• Responsible entities may use risk indicators and regularly report on these to the board and senior management.

Managing risks

• Implement appropriate strategies for managing each of the risks identified, including a control monitoring and assurance process in addition to conducting stress testing

• Have adequately experienced staff regularly review and monitor the risks identified

• Ensure there is regular reporting and escalation of issues to the board, risk committee and compliance committee, as appropriate

• Ensure compliance with other relevant obligations as an AFS licensee.

• Conduct regular stress testing and/or scenario analysis of all material risks of the business and the schemes they operate

• Have a written risk remediation plan • Include in the compliance plan for

schemes, procedures for ensuring that the key risks identified for the responsible entity and relevant schemes are managed on an ongoing basis.

PwC contactsFor assistance in managing these changes, please contact your PwC team or the contacts listed below:

Craig CumminsPartner – Asset Management Leader, Assurance Financial Services, SydneyP: 02 8266 7937 | E: craig.cummins@pwc.com

Klynton HankinDirector – Asset Management Financial Services, SydneyP: 02 8266 0028 | E: klynton.hankin@pwc.com

Sarah HofmanPartner – Regulation LeaderFinancial Services, SydneyP: 02 8266 2231 | E: sarah.hofman@pwc.com

George SagonasPartner – Assurance Financial Services, MelbourneP: 03 8603 2160 | E: george.sagonas@pwc.com

Simon CuthbertPartner – Asset ManagementFinancial Services, SydneyP: 02 8266 5328 | E: simon.cuthbert@pwc.com

Paul CollinsDirector – Asset ManagementFinancial Services, BrisbaneP: 07 3257 8558 | E: paul.d.collins@pwc.com

James DunningPartner – Real EstateFinancial Services, SydneyP: 02 8266 2933 | E: james.dunning@pwc.com

© 2017 PricewaterhouseCoopers. All rights reserved. PwC refers to the Australia member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.

127047991

Deanna CheslerDirector – Regulation Financial Services, SydneyP: 02 8266 0003 | E: deanna.chesler@pwc.com

Source: RG 259 - Table 1, pages 6-8