Compliance may still annoy many entrepreneurs. Compliance costs money, generates costs, and is possibly still somewhat unfamiliar to some asset managers. Nevertheless, we love compliance because it allows us as entrepreneurs to control our risks and differentiate ourselves from the competition. Therefore, an intelligent compliance organisation strengthens entrepreneurial action. The regulatory requirements for asset managers have become more stringent in recent years and the list of ongoing regulatory projects is long. Hence, the importance of the independent compliance function within a company is constantly increasing. Especially for small and medium-sized asset managers, it is becoming increasingly difficult to maintain compliance resources. Therefore, we have decided to outsource a large part of the compliance function.
The following considerations have led to this decision. Asset managers can generally be divided into two categories: those who manage collective investments such as funds and those who manage individual assets. While the former have been subject to the licensing requirement and ongoing prudential supervision by the Swiss Financial Market Supervisory Authority (FINMA) since the Collective Investment Schemes Act (CISA) came into force on January 1st, 2007, the latter, the “simple” or “independent” asset managers (IAM), have only been subject to this requirement since January 1st, 2020. Before, these were only subject to the selective supervision by a self-regulatory organisation (SRO) concerning the Anti-Money Laundering Act (AMLA). With the introduction of the Financial Institutions Act (FinIA) and the Financial Services Act (FinSA), all asset managers, i.e. also the IAM, are now subject to the licensing requirement and ongoing prudential supervision. Existing IAM had to notify FINMA by end of June 2020 and, by the end of 2022, shall apply for a pertaining asset management license.
Semi-governmental supervisory organisations (SOs) are being formed for the supervision of the IAM, which in turn will itself be subject to supervision by FINMA. In July 2020, the first SOs have been granted a FINMA license.
In connection with FinSA and FinIA, there is often talk of professionalising the areas of risk management and compliance by establishing an “appropriate organisation” or an “effective internal control system” (ICS). In the future, the IAM will be required by supervisory law to ensure, among other things, that it (and the persons entrusted with administration and management) ensures proper business conduct, have employees with appropriate professional qualifications and a functional and appropriate organisation. Also, they must have an appropriately equipped risk management system and effective internal controls, which ensure, among other things, compliance with legal, regulatory and internal company rules and observance of market standards and codes of conduct, also to identify and control potential conflicts of interest. This includes not only AML-compliance but also compliance with customer investment strategies and other activities of the IAM.
The tasks of risk management and internal control must be performed by a person qualified for this purpose. The compliance function should also occupy a strong position within the IAM and enjoy the full support of the management in fulfilling its tasks. The compliance function should also be independent and be provided with sufficient resources. The compliance function can be performed by a qualified member of the management member or reports directly to management. Relevant experience in compliance and risk management should also be available at the level of the board of directors so that the overall supervision within the company can be exercised accordingly.
For small and medium-sized IAMs, it may be more difficult to maintain or expand their compliance resources that are commensurate with the complexity and multi-faceted nature of regulation and business and yet financially viable. The FinIA, therefore, allows that risk management and compliance may be outsourced (cf. articles 14, 21, and 27 FinIA). This applies both to asset managers according to articles 17 et seq. FinIA and managers of collective assets according to article 24 et seq. FinIA.
Even in the case of outsourcing, a certain level of professional qualification remains necessary for the asset manager because otherwise careful instruction, monitoring, and control cannot be ensured. The internal monitoring function must be assigned (usually at management level), i.e. in addition to the actual tasks, interfaces, responsibilities, reporting lines, and escalation must be regulated. Accordingly, only people or companies qualified to perform the task properly may be commissioned. The external service provider has to ensure a permanent service provision.
It is also necessary to conclude a written outsourcing contract between the outsourcing company and the commissioned compliance service provider. In particular, the contractual agreement must specify the tasks assigned, any powers of subcontracting, rights of instruction and information as well as the outsourcing company’s control options with the agent, accountability, and civil liability. All significant outsourced functions must be described in the asset manager’s organisational regulations. Because the organisational regulations and the business organisation, as well as their amendments, must be approved by the supervisory authority, in practice, any outsourcing of essential functions is subject to approval.
Our early and voluntary submission to FINMA as manager of collective assets reflects our attitude. At Pactum, we have opted for the efficient and effective combination of the Compliance Officer on the management level and outsourcing to an experienced partner. This gives us maximum competence at a reasonable cost. Outsourcing the compliance function to a qualified person or company is legally possible today and will probably become even more important in the future. However, the overall regulatory responsibility always remains entirely with the outsourcing asset manager.
Text written by: Dr. Mark-Oliver Baumgarten, Legal, Compliance & Risk