Asset Management & Investment Funds: Irish Practice Developments - Mar 2020
Asset Management & Investment Funds: Irish Practice Developments - Mar 2020
The European Union (Shareholders’ Rights) Regulations 2020 come into operation.
The European Union (Shareholders' Rights) Regulations 2020 (the Irish SRD II Regulations) come into force on 30 March 2020. This is the Irish implementing legislation for the Second Shareholders' Rights Directive or SRD II.
The Irish SRD II Regulations contain provisions applicable to AIFMs (including internally managed AIFs), UCITS ManCos and SMICs (including self-managed ICAVs) authorised and regulated by the Central Bank of Ireland (CBI).
Where an AIFM, UCITS ManCo or SMIC invests on behalf of investors in shares traded on a regulated market there is a requirement to:
have a shareholder engagement policy or to publicly explain why that policy is not in place. The engagement policy or explanation should be made available on a website
disclose particular information annually to institutional investors with which a certain arrangement is in place
Other requirements in the Irish SRD II Regulations relating to identification of shareholders, transmission of information, facilitation of exercise of shareholders’ rights, remuneration of directors and related party transactions do not apply to UCITS or AIFs.
ALG's Asset Management & Investment Funds team is actively monitoring the markets and the implications of the Coronavirus (COVID-19) on global asset managers, investment banks, fund administration groups and investors. We are continuously advising our clients on how to respond to the evolving issues that are having a profound impact on their business. In addition we are keeping a close eye on all regulatory developments in the industry. Read the latest from our team here.
Following the CBI COVID-19 Statement summarised in the above publication, Irish funds received the following CBI confirmation in light of the current situation and a curtailment of physical meetings:
“There are no Central Bank or legal rules regarding in-person voting for contractual or other arrangements.The ability of a board to hold telephonic (or other remotely held) meetings is a matter typically addressed by the constitutional documentation of the company (or by the Companies Act, in default of such provision being made)"
Additional weekly reporting to CBI for management companies. The CBI has increased its engagement with firms in response to COVID-19. As an example, the CBI wrote to management companies, recognising that firms are currently operating in challenging times, with increased market volatility and staffing issues. CBI requested management companies to engage at an early stage on emerging operational issues or issues within a fund range that have the potential to have an impact on investors. CBI introduced a requirement for weekly reporting from management companies, commencing 30 March on the topics detailed below.
update on BCP arrangements and any significant developments
delegates – whether any issues were identified within the delegates and whether any alternative options are being considered
liquidity – whether any liquidity management tools are being considered (e.g. gating, suspending funds)
valuation – whether any material issues have arisen in relation to pricing and valuation of securities
cyber-security – whether any material issues have arisen in relation to emerging threats (and see below on CBI engagement on cybersecurity)
CBI statement on its expectations of firms within the finance sector at this time. The CBI issued a statement referencing the "New Public Health Measures to prevent further spread of COVID-19". The statement highlights CBI expectations for processes to ensure that only individuals in roles necessary to perform essential financial services, who cannot work remotely, are designated as essential financial services workers.
The statement notes that firms will at this point be operating business continuity plans. Given the global nature of the COVID-19 emergency, interconnections between financial service providers and financial markets, reliance on outsourced service providers and firms' dependence on key staff, the CBI expects financial service firms' boards and senior management to actively monitor developments in order to be in the best position to pre-empt and respond to rapidly changing circumstances. In the context of maintaining essential financial services this includes, but is not limited to:
ensuring business continuity plans are kept under review with appropriate contingency plans in the context of evolving developments both locally and globally
ensuring appropriate designation of staff as essential financial services workers in order to be able to rotate and/or replace essential staff as necessary
engaging with critical services providers, contractors and other services to ensure maintenance of services and designation of their staff as essential service staff as necessary
ensuring cooperation with other financial services providers in order to seek to ensure continuity of essential consumers services in a service sector or region
notifying the CBI, as soon as possible, where they believe circumstances present a risk to the maintenance of essential services to consumers, industry or markets
We would also direct you to our COVID-19 Hub where you can access our latest thinking and analysis from out multi-disciplinary teams in Dublin and Belfast.
Central Registers of Beneficial Ownership for ICAVs and unit trusts
The CBI confirmed that they will be responsible for establishing the Central Beneficial Ownership Register in respect of ICAVs and unit trusts.
ICAVs and Unit Trusts are currently obliged to maintain their own internal register of beneficial ownership. The relevant statutory instruments are expected to issue soon.
The CBI indicated that they expect a five-month lead-in period (from the date of the statutory instruments) for ICAVs and unit trust schemes to file information with the CBI.
A&L Goodbody has extensive experience in advising on compliance with obligations to maintain and file information on beneficial ownership having helped many companies through the process in 2019. We are well placed to advise and assist ICAVs and unit trust structures.
CBI letter on cybersecuritymust be brought to the attention of boards by 30 April 2020
This focus on cybersecurity is of particular importance in the context of COVID-19 which is necessitating new working practices and creating new business challenges.
The letter is addressed to investment firms and fund service providers (asset management firms). Self-managed / internally managed funds are in scope and should review the letter proportionally, taking account of nature, scale and complexity and of their delegated business model. They will look to their service providers for assurances that cybersecurity risk management practices satisfy the CBI expectations on an ongoing basis.
The letter emphasises that "a review of cybersecurity risk management and the issues raised in the letter may form part of any future [CBI] risk assessments, including inspections. Moreover, supervisors will have regard to the consideration given by a firm to the matters raised in this letter. Supervisors will discuss with the firm matters raised in this letter during future supervisory engagement meetings."
Key CBI expectations detailed in the letter are set out below:
Cybersecurity Risk Governance - Firms should have a comprehensive, documented and Board-approved IT and cybersecurity strategy, supported by sufficient resources and aligned with the overall business strategy. Firms’ senior management should ensure that there is a well-defined and comprehensive IT and cybersecurity risk management framework in place that provides effective oversight of IT related risks and gives assurance to the Board regarding the management of these risks within the firm
Cybersecurity Risk Management - Firms should implement, maintain and communicate an appropriate cybersecurity risk management framework that includes risk identification, assessment and monitoring, the design and implementation of risk mitigation and recovery strategies, and testing for effectiveness. Cybersecurity risk assessments should be conducted at regular intervals, at least annually, and should be comprehensive, considering internal and external sources of risk. Assessments should have appropriate parameters for evaluating and prioritising risk, such as risk likelihood and potential impact on the business operations of the firm
IT Asset Inventories – Firms should have and maintain a thorough inventory of IT assets, classified by business criticality. Firms should regularly assess the business criticality of IT assets. Firms should establish configuration baselines for IT assets, with divergence from the baselines identified and managed appropriately
Vulnerability Management - Firms should assessexposure to vulnerabilities continuously, on the entirety of the IT estate, and include identification of external and internal vulnerabilities. Firms should put robust safeguards in place, including a proactive patch management process and a comprehensive configuration hardening activity, to protect against cybersecurity threats
Security Event Monitoring – Firms should operate cybersecurity management practices to ensure the timely detection of security events and incidents, ensure comprehensive monitoring of all assets containing or processing critical data, and assess the potential impact to the business. Regular reviews should take place to assess the effectiveness of detection processes and procedures
Security Incident Management - Firms should have documented cybersecurity incident response and recovery plans in place that provide a roadmap for the actions the firm will take during and after a security incident. Incident response plans should include roles and responsibilities of staff, incident detection and assessment, reporting and escalation, as well as response and recovery strategies. Communication with relevant external stakeholders, including customers and the CBI, should also form a part of the response plan
Michael Hodson, Director of Asset Management and Investment Banking Supervision said:
"Firms must give more consideration and support to identifying and managing the different threats they are exposed to, whilst recognising that the inherent risks of IT are continuously increasing."
"Firms must focus on increasing the maturity of their cybersecurity model by driving a process of continuous improvement…..We expect all Asset Management firms to fully consider these findings and evaluate their own cybersecurity risk management practices to establish if any improvements are required."
Irish Funds Financial Intermediary Guidelines - Approach to AML CDD
Irish Funds issued the following Guidance and Templates prepared by its Anti Money Laundering (AML) Working Group in the context of AML customer due diligence (CDD).
Guidance on the treatment of financial intermediaries
Regulated intermediary letter - template example
Regulated parent letter - template example
Declaration of Beneficial Ownership - template example (in the context of this guidance)
The guidance provides for the suggested approach that funds may adopt where the named investor is a regulated entity or nominee acting as an intermediary. The Irish Funds AML Working Group published this guidance in advance of the Funds Sectoral Guidance as a result of the critical need to provide clarity to firms on this important topic.
Please speak with your usual contact on our Asset Management & Investment Funds team if this topic is of particular interest to you.
CBI proposal to split PCF-39 Designated Person into six PCF roles.
As noted previously, the CBI published a ‘Notice of Intention’ which included a proposal to split PCF-39 Designated Person roles into six PCF roles aligned to the specific managerial functions set out in the CBI's UCITS Regulations, the CBI's AIF Rulebook requirements and the CBI's Fund Management Companies – Guidance 2016 (discussed here). CBI invited comments by 26 March 2020.
The notice included FAQs which clarified that persons already in place for PCF-39 roles on the date the amended regulations come into effect will not be required to seek the CBI approval to continue to perform one of the new PCF roles.
Assuming that the proposal is implemented, regulated financial service providers (RFSPs) will be required to review their assessment of persons already in place for PCF-39 roles under Section 21 of the Central Bank Reform Act 2010. This assessment involves consideration of whether the relevant person complies with the Fitness and Probity Standards 2014 and ensuring that that person has agreed to abide by those standards. The RFSP will be required to submit confirmation of such an assessment to the CBI within 6 weeks of the amended regulations coming into effect. Should the person in the role change after the new PCF roles have been introduced, he/she will be required to seek the CBI's prior approval in writing to that appointment by means of a new IQ submission.
RFSPs may choose to refresh their existing F&P documentation in advance of giving such confirmation, to reflect the new PCF roles in their policies, letters of engagement and letters of confirmation.
Annual Report on Money Laundering
The Department of Justice and Equality published its Annual Report on Money Laundering and Terrorist Financing for 2018. EU member states are required by 4AMLD to publish an annual report providing data on the reporting, investigation and judicial phases of the national AML/CFT regime, including the number of suspicious transaction reports made to the Financial Intelligence Unit and the number of cases investigated, as well as prosecution and conviction rates for ML/TF offences.