Central Bank Securities Markets Risk Outlook Report 2023 – Action for Fund Management Companies
For further information on any of the issues discussed in this publication please contact the related contact(s) on this page.
Background
On 2 March 2023, the Central Bank of Ireland (Central Bank) published its third Securities Markets Risk Outlook Report (Report) in which it identifies the key risks and areas of focus it sees facing securities markets in 2023 and sets down its expectations of what financial service providers and market participants should do to effectively identify, mitigate and manage these risks.
Key Risks and Areas of Focus for 2023
While the Report identifies risks and areas of focus applicable to regulated financial service providers more generally, for the purposes of this briefing, we focus on the key risks most relevant to fund management companies (FMCs) and the funds that they manage and actions which the Central Bank has identified that should be taken to manage such risks.
Delegation and Outsourcing
Suggested Action to be taken
The Central Bank reminds FMCs of the importance of appropriate oversight of any delegated or outsourced activities and notes that non-compliance with domestic outsourcing rules “carries a credible threat of enforcement”.
Following a significant increase in FMCs providing services to third party funds, the Report emphasises the importance of such FMC having appropriate capacity to take on additional business, to include oversight of delegates, while continuing to meet the expected standards of the Central Bank and ensuring the protection of investors.[1]
Review and ensure compliance with the Central Bank’s Outsourcing Guidance.[2]
In the case of FMC managing third party funds, monitor resourcing and expertise and increase same as business expands.
Sustainable Investing
Suggested Action to be taken
In the Report, the Central Bank notes that compliance with the requirements of the SDFR is essential so that investors can have trust in products being marketed as sustainable and that this is an area of specific focus for both the Central Bank and ESMA which will conduct a common supervisory action on sustainability later this year. The Central Bank notes that FMCs are required to integrate sustainability risks into the management of their funds, the conflicts of interest procedures and their risk management processes.
Review existing disclosures for “green”/”sustainable” funds to ensure that they comply with applicable requirements and to ensure that investors are in no way misled”.
Review existing procedures and disclosures to ensure that sustainability risks are appropriately integrated as required under applicable rules.
External Risk Environment
Suggested Action to be taken
Highly Leveraged Funds
The Report notes that highly leveraged funds were impacted most significantly by the recent fall in asset prices as a result of being subject to higher margin requirements. It also identifies highly leveraged Liability Driven Investment Funds as particularly vulnerable to UK fiscal policy announcements in September 2022.
Less Liquid Funds
The Report outlines that instruments such as high yield bonds can be difficult to manage in periods of increased market volatility as a result of being less liquid and of lower credit quality. The Central Bank warns FMCs that funds must remain vigilant in meeting redemption requests, in ensuring that the redemption frequency is closely related to underlying asset liquidity and that appropriate liquidity management tools are in place and used to ensure fair treatment of investors.
Sanctions
The Central Bank notes that FMCs must at all times be in compliance with sanctions relating to any impacted asset or investor. The Report notes that further sanctions affecting assets may result in a reduction of liquidity for Irish funds when seeking to dispose of impacted Russian assets.
Have an appropriate risk management framework in place to identify, manage and mitigate the potential risks arising from the use of leverage within a fund’s portfolio (including liquidity stresses which may result from increased margin calls.)
Ensure that redemption frequency is closely correlated to the underlying asset and that LMTs are available for use when required and utilised when appropriate.
Ensure that appropriate systems and controls are in place to identify relevant sanctioned instruments and individuals.
Market Conduct Risk Management
Suggested Action to be taken
Risk Identification and Assessment
The Central Bank reminds regulated firms of its expectations to fully embed market conduct risk frameworks into their organisational arrangements. The Report outlines that the Central Bank has “observed across a cohort of firms that the internal reporting of conduct risk does not adequately provide for the ongoing monitoring of the conduct risks to which a firm is exposed, thereby inhibiting effective senior management oversight and challenge.”
Hybrid-Working Environment
The Report highlights the potential for market abuse related conduct risks to be heightened as a result of the new hybrid-working environment which will be relevant across FMCs.
Where relevant, ensure that a robust framework is in place to appropriately identify and assess market conduct risk and to monitor and manage any identified risks
Ensure that policies, procedures, controls and a monitoring regime is in place which has been adapted for alternative working arrangements. Ensure communications are not taking place through unauthorised channels
Market Integrity
Suggested Action to be taken
Market Surveillance
The Report notes that firms with obligations under the Market Abuse Regulation(MAR)should recalibrate and improve market surveillance systems to consider all types of market abuse risks to which they are exposed.
Cancellation/Amendment of Orders
The Report notes that the potential for market abuse is increased byhigher trading volumes, more automated trading processes and higher levels of order cancellation.
Reporting of Suspected Market Abuse
The Central Bank outlines in the Report that Suspicious Transaction and Order Reports (STORs) are an important tool in identifying potential instances of market abuse and highlights that the quality and number of STORs submitted by trading venues is of particular concern.
Inside Information
Ineffective frameworks and controls for the management of inside information and the maintenance of insider lists are called out within the Report.
Where relevant, ensure that appropriate transaction-monitoring systems, alerts systems and robust quality assurance processes are in place.
Where relevant, the Central Bank reminds FMCs to monitor all orders and trades, including cancelled and amended orders.
Where relevant, take action and submit a STOR to the Central Bank when a reasonable suspicion arises that the relevant conduct could constitute market abuse.
Where relevant, maintain robust frameworks and associated controls to comply with the provisions in MAR concerning inside information.
Cyber Security
Suggested Action to be taken
The Central Bank highlights that the frequency of cyber incidents impacting all financial sectors in Ireland increased significantly last year.
The Report points to the Digital Operational Resilience Act (DORA)[3], as an important upcoming “regulatory milestone” in the context of cybersecurity risks. DORA will introduce new rules which FMC will be required to comply with in the area of Information and Communications Technology (ICT) risk management.
Having regard to applicable Central Bank guidance and DORA, ensure that appropriate governance frameworks and tools are in place to identify, measure, manage, monitor and report ICT/cybersecurity risks to ensure that the FMC is made more resilient to possible disruption from cyber and operational risks.[4]
Guidance and to take steps, among other factors, to ensure that; (i) appropriate procedures and controls are in place to identify and minimise sources of information security risk; and (ii) critical business services are identified and made more resilient to possible disruption from cyber and operational risks.
Data Quality
Suggested Action to be taken
The Report highlights that data is a key element of the Central Bank’s supervisory approach[5] and that precise, comprehensive and consistent data submissions are critical to the Central Bank in fulfilling its supervisory responsibilities.
The Central Bank notes “Whilst there have been notable improvements in the quality of data reported for some datasets, we continue to see data quality issues in a number of key areas.”
Failure to engage promptly with the Central Bank where issues arise may result in “supervisory intervention up to and including enforcement action”.
Ensure that accurate data is submitted to the Central Bank on a timely basis.
Have appropriate escalation channels in place to address any data issues which are identified and engage with the Central Bank promptly where issues arise.
Have appropriate oversight of data reporting from board level down (including where data reporting is outsourced).
Digital Innovation
Suggested Action to be taken
New Technology
The Report acknowledges the benefits of technological developments but highlights that the developments may also give rise to risks. The Central Bank warns FMCs to carefully manage the use of new technologies and operational changes to ensure that safeguards and investor protection are maintained.
Crypto Assets
The Central Bank notes that its position, that it is highly unlikely to approve a UCITS or Retail Investor AIF proposing any direct or indirect exposure to crypto assets, is under review and will be informed by European regulatory discussions on the topic.
Implement and maintain governance, cybersecurity, privacy, product and operational risk frameworks to support the identification, mitigation and management of risks arising from the implementation of new technologies.
Next Steps
As a next step, we would encourage all FMC to scrutinise the risks and supervisory expectations outlined by the Central Bank in the Report and review same against their current business activities, practice, procedures and systems. Where required, FMC should consider putting an action plan in place to address any identified gaps in their existing arrangements when assessed against the Central Bank’s supervisory expectations outlined in the Report.
Should you require any assistance in carrying out a review of your existing framework and governance arrangements or have any queries in respect of the issues raised in this briefing, please get in touch with your usual contact in our Asset Management and Investment Funds Department.
Footnotes:
[1] Regard should be had to the findings outlined within Central Bank’s letter to industry regarding the thematic review of FMC’s governance and effectiveness available here
[2] Our detailed analysis of the implications of the Cross-Industry Guidance on Outsourcing for FMCs is available here
[3] For further details on DORA, please see our briefing available here
[4] Regard should be had to the Central Bank’s expectation, as outlined in its Cross Industry Guidance in respect of Information Technology and Cybersecurity Risks, for boards and senior management to understand and recognise their responsibility relating to IT, cybersecurity governance and risk management and to maintain oversight of these responsibilities as a priority. In addition, FMCs should be mindful of the Cross Industry Guidance in respect of Information Technology and Cybersecurity Risks, the Cross Industry Guidance on Operational Resilience and the Outsourcing Guidance.
[5] The Central Bank’s strategy for 2022-2024, available here, outlines its focus on data and analytics.
DISCLAIMER: This document is for information purposes only and does not purport to represent legal advice. If you have any queries or would like further information relating to any of the above matters, please refer to the contacts above or your usual contact in Dillon Eustace.
Copyright Notice: © 2024 Dillon Eustace LLP. All rights reserved.