9911796707
TMI BlogRisk Management Framework (RMF) for Mutual FundsX X X X Extracts X X X X X X X X Extracts X X X X ..... set classes, distribution landscape, technological evolution, investor penetration and awareness, increase in risk elements, etc. Accordingly, it has been decided to review the extant Risk Management Framework for Mutual Funds. The matter was deliberated in the Mutual Funds Advisory Committee (MFAC) based on the inputs received from the mutual fund industry. The recommendations of MFAC have been suitably incorporated in the Risk Management Framework for mutual funds. 3. With the overall objective of management of key risks involved in mutual fund operation, the revised Risk Management Framework (RMF) shall provide a set of principles or standards, which inter alia comprise the policies, procedures, risk management functions and roles & responsibilities of the management, the Board of AMC and the Board of Trustees. 4. The detailed RMF for mutual funds are placed at Annexure-A. 5. The elements of RMF, wherever applicable, have been segregated into 'mandatory elements' which should be implemented by the AMCs and 'recommendatory elements' which address other leading industry practices that can be considered for implementation by the AMCs, to the extent relevant to them. 6. ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... sist the management and the Board of Directors of both AMC and Trustees in: a. Demonstrating high standards of due diligence in daily management. b. Promoting proactive management and early identification of risk. c. Assigning and increasing accountability and responsibility in the organization. d. Managing risk within the tolerance limits defined in the RMF. iii. The RMF of mutual funds shall comprise the following components: a. Governance and Organization. b. Identification of Risks. c. Measurement and Management of Risks. d. Reporting of Risks and related Information. 1.1 Governance and Organization i. Risk Management shall be an independent and specific function of the AMC. ii. There should be at least one CXO level officer identified to be responsible for the risk management of specific functions of the AMC/Mutual Fund. For instance, there should be dedicated risk officers for various key risks such as Investment Risk (by Chief Investment Officer), Compliance Risk (by Chief Compliance Officer), Operational Risk (by Chief Operating Officer or similar functionary responsible for the respective functions overseen), Cyber Security (by Chief Information Secur ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ng roles and responsibilities of the Board of AMC and the three lines of defense - Management, Risk Management Team and Internal Auditor), the organization's risk appetite and key elements of its risk management process. The policy on the RMF shall be approved by the board of AMC and trustees. The mandatory and recommendatory elements for inclusion in the risk management policy, approved by the board of AMC and trustees, are outlined below: 1.1.1.1 Mandatory Elements i. There shall be an approved policy on the RMF both at AMC and scheme level. ii. A risk appetite framework should be in place at both AMC and scheme level. Quantification of the framework in the form of a metric for key risks shall include but not limiting to credit risk, market risk and liquidity risk, etc. and targeted path of improvement. The metric, wherever applicable, should incorporate an appropriate benchmark vis-à-vis which the measurements of risk and targeted risk levels may be made. iii. There should be a Delegation of Power (DoP) framework covering daily risk management, daily risk reporting and corrective actions at various levels of management. iv. Formation of RMCs (of both AMC and ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... Review of actions taken by Board of AMC and management in respect of risk management. viii. Reporting of material risk related observations to SEBI on periodic basis. ix. Setting up of the risk management function and developing appropriate structures and procedures to ensure that it can function independently. x. Approving a methodology for Board Evaluation of the RMF (either through outsourced or self-assessment) on an annual basis. xi. Annual review of effectiveness of the AMC and/or management's risk management function and policies including risk metrics to address the risk outcomes. xii. Trustee may recommend reduction/ change in the risk level of the schemes within the Potential Risk Class (PRC). xiii. For assessing the effectiveness of the RMF, a. The board of AMC should seek an annual report through an internal management assessment process or from a third party covering all key risks and key risk metrics both at the AMC and scheme level. b. The RMCs of both AMCs and Trustees shall meet at least once in a quarter to review various risks including the risk metrics at both AMC and scheme level. c. The Board of AMC should have all relevant information of app ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... MC and trustee regarding the same and also escalate to board of AMCs and trustees, if required, any major findings being reported. 1.1.2.2.2 Risk Management - Role of Chief Risk Officer (CRO) i. The CRO shall be responsible for ensuring that there is an effective governance framework and reporting framework of risk management in line with the regulatory requirements. ii. The risk management roles of the CRO are as under: a. Implementation of Risk management framework across the organization. b. Review specific responsibility of management, including CEO, CIO, CXOs, and Fund Managers. c. Put in place mechanism for risk reporting at least on a quarterly basis to the board of AMC, trustees and RMCs, covering all risks including risk metrics, escalation of material risk related incidents, timely and corrective actions taken, if any. d. Independent assessment of reporting of risk to various committees and CEO, etc. e. Put in place mechanism for reporting to CEO - Including outcomes for risk management function on monthly basis. f. The reporting of risk as above is independent from the CIO and verified by the risk team. g. There is a DoP approved by the Board of AMC fo ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... egarding the risk reports. iv. The CXO shall escalate to CEO and the CRO any major findings reported by respective risk management function. 1.1.2.2.5 Risk Management - Role of Fund Manager (FM) i. The FM shall be responsible for daily management of investment risk of managed scheme(s) such as market Risk, liquidity Risk, credit risk and other scheme specific risks and appropriate risk reporting of any risk related event to CIO. ii. In respect of schemes managed by them, FMs should ensure: a. Adherence to relevant SEBI guidelines in respect of RMF and relevant principles thereunder including risk identification, risk management, reporting and corrective actions etc. b. Adherence to risk appetite framework to maintain appropriate risk level for schemes. c. If there is any need of change in the risk appetite of the scheme within the PRC of that particular scheme, the same is to be with the approval of the CIO. iii. The FM shall take corrective action, if required, as per the approved DoP and escalate major risk related event to CIO. 1.2 Identification of Risks For the identification of risks, the RMF should address the following key questions: 1.2.1 What are the dif ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ollowing needs to be considered for each risk category: i. Ascertaining the measurement criteria for each risk category (qualitative and quantitative criteria). ii. Documentation of measurement tool(s) for each risk category, i.e. Risk and Control Self-Assessment (RCSA), stress testing, scenario analysis, etc. iii. Determination of required frequency of monitoring. iv. Developing a process for escalation. v. Determination and documentation of remedial or mitigating actions. Wherever appropriate, it is recommended that AMCs consider documenting risk limits based on their risk appetite. 1.3.4 The mandatory and recommendatory elements for measurement and management of risks, are outlined below: 1.3.4.1 Mandatory Elements i. The AMCs shall have established structure and responsibility across the three lines of defense: a. Business Operations. b. Oversight functions like Risk Management and Compliance. c. Internal Audit. ii. Internal Audit and Oversight functions like Risk Management and Compliance shall ensure the following: a. There should be a dedicated internal auditor at the AMC level for audit of the RMF of the AMC. However, the same may be carried out b ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... stress tests are performed on critical risks and the impact of risks are assessed based on acceptable tolerances. viii. Based on the management of the risk level as defined by respective risk metric of CXOs, necessary corrective actions must be taken to address any short comings. The output of the risk level shall be an indicator of the performance of the respective CXOs and shall form one of the inputs for their performance review. 1.3.4.2 Recommendatory Elements i. There should be independent testing and verification of efficacy of corporate governance standards and business line compliances, validation of the RMF and assurance over the risk management processes by external agency. 1.4 Reporting of Risks and Related Information 1.4.1 Adequate risk reporting is an integral part of the risk management framework and it is important that those responsible for different functions within the AMC shall ensure that they exercise sufficient oversight to report on their risk profile and risk management actions. 1.4.2 The mandatory elements for reporting of risk and related information, are outlined below: 1.4.2.1 Mandatory Elements i. In order to ensure that the risk management ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... key risks may be divided in to two broad categories. i. Scheme specific risks ii. AMC specific risks c. The scheme specific risks are the risks majorly associated with the core activities of investment and portfolio management. The AMC specific risks are the risks associated with the functioning of the mutual fund business by the AMC. d. The scheme specific risks may be divided in to the following categories. i. Investment risk ii. Credit risk iii. Liquidity risk and iv. Governance risk The AMC specific risks may be divided in to the following categories. i. Operational Risk ii. Technology, Information Security and Cyber Risk iii. Reputation and Conduct Risks iv. Outsourcing Risk v. Sales and Distribution Risk vi. Financial Reporting Risk vii. Legal & Tax Risks and viii. Talent Risk The compliance risk shall be applicable for both investment management activity (scheme specific risk) and business activity of AMC (AMC specific risk). The following sections incorporate comprehensive guidelines for management of the key risks 2.1 Investment Risk 2.1.1 Investment risk can be defined as the probability or likelihood of occurrence of losses relative ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... y on trade allocation and Inter-Scheme Transfers (ISTs). f. Investment valuation policy. g. Broker empanelment policy. h. Trustee should review the portfolio at frequency as required by SEBI Regulations. ii. The AMC must ensure that investment risk is adequately factored in by: a. Setting up an Investment committee which has close coordination with related departments, and monitors market risk. b. Setting limits for issuer/ sector exposure vis-a-vis benchmark (in line with MF Regulations and internal limits). c. Setting limits for investment in debt and money market instruments of various credit qualities. d. Having all relevant documents and disclosures (that are required for listing) with regard to the debt and money market instruments before finalizing the deal for investment into the respective instruments so that mutual funds as investors into such instruments are not at an informational disadvantage vis-à-vis other market participants or lenders. e. Review of passive breaches and corrective actions. iii. Investment Committee shall be responsible for the following: a. Review of Investment Policy at a pre-defined frequency. b. Reviewing the Invest ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ns in style drift and portfolio concentration are reviewed. k. In cases of inter scheme transfer, the scheme (s) buying the securities must conduct an enhanced level of due diligence. 2.1.5.2 Recommendatory Elements The AMCs may consider the following practices: a. Regular analysis on bulk trades and block deals of large values. b. Formulating a plan for assessing and monitoring risks of investing in multiple markets. c. Setting limits for minimum number of stocks/securities, cash (net of derivatives), stocks/securities vis-a-vis benchmark and Beta range. 2.2 Credit Risk 2.2.1 The credit risk relevant to mutual funds is the issuer credit risk attributable to individual securities and the negative outlook on specific sectors or industries and its consequent impact on the credit exposures. 2.2.2 The mandatory and recommendatory elements for managing credit risk, are outlined below: 2.2.2.1 Mandatory Elements i. To manage credit risk, the AMC must have a robust framework comprising: a. An approved and documented Credit Risk Management policy. b. Analysis and evaluation of ratings received from multiple credit rating agencies for securities across portfolios, at all ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... or debt and money market instruments, the total asset value shall be classified in various maturity buckets for e.g. assets maturing in days 0-30, 30-60, 60-90 and so on. Debt and money market instruments that have a demonstrable secondary market liquidity shall be classified into a lesser maturity bucket depending upon the reasonable time in which particular value of the said instrument can be expected to be offloaded. In the absence of demonstrable secondary market liquidity, the instruments shall be strictly classified based only on the maturity dates. c. Liabilities of scheme shall be modelled in similar buckets based on back testing of historical data for subscription and redemption amounts in the respective schemes. The back testing period should be sufficiently long (say for last 5 years) to include spikes in redemptions because of market wide events. Organization specific factors/risks that may have a bearing on redemptions should also be factored into the model. d. Liquidation of assets at near the value ascribed to each asset in the scheme portfolio in specified period of time, shall be one of the factors to be considered in liquidity risk management. e. The model s ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... d early warning signals. d. Overview of funding plans/strategy during normal and stressed events, including contingency funding plan. v. Systematic classification and evaluation of liquidity risks should be initiated by performing following activities: a. Evaluation and disclosure of liquidity risk associated with schemes/products in the SID. b. Controls around preparation and accuracy of cash flows. c. Management of collateral and margins for execution and settlement of derivatives, securities and money-market instruments. 2.3.2.2 Recommendatory Elements i. AMCs may consider introducing the following measures: a. Judicious use of intraday / overnight borrowing lines to address liquidity / settlement risks faced by the mutual funds. Uncommitted lines of credit available with the AMC may not be useful in real time of stress and therefore while assessing liquidity risk of AMC, these lines should be treated differently than committed lines. b. Internal committee with the mandate to review and provide direction on liquidity risk management. c. Identifying and reporting appropriate and relevant information to the management, for decision making. d. Reporting to the ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... s that tracks the various elements of operational risk over time, to identify trends that could be an early warning signal, and to implement an exception/escalation process that ensures the problems which are significant, large, aged or growing dealt with at increasingly higher levels of management. 2.5.4 SEBI vide circular SEBI/HO/IMD/DF2/CIR/P/2019/57, dated April 11, 2019 has provided indicative guidelines encompassing system audit framework. The systems and processes as elaborated in the aforementioned circulars must be in place and any future guidelines issued by SEBI in this regard may be suitably followed. 2.5.5 The mandatory elements for managing operational risk, are outlined below: 2.5.5.1 Mandatory Elements i. The AMC should implement the following policies: a. Operational risk management policy, shall cover the following key elements: 1. Purpose and scope. 2. Governance Structure - Roles and Responsibilities. 3. Identification of operational risk events. 4. Management of the operational risk events, e.g. reversal of positions, rectifications, etc. 5. Guidelines regarding transactions with associates, group entities, related parties or even with other st ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... organization) and external (by persons outside the organization) frauds, identify root causes and incorporate monitoring mechanisms to address fraud scenarios. 2. Reporting of frauds and near miss incidents to the Board of AMC and Trustees on quarterly basis. f. Insurance cover shall be obtained for first and third party losses: 1. The mutual fund must have insurance cover against third party losses arising from errors and omissions: (a) Third party liabilities refer to liabilities arising out of financial loss to investors or any other third party, incurred due to errors and omissions of directors, officers, employees, trustees, R&T agents, custodians etc. (b) The level and type of cover should be recommended by the AMC and approved by the Trustees. 2. Further, the AMC shall have insurance to cover first party losses: (a) First party losses are those which impact the insured and include asset based losses (due to natural or unnatural disasters such as fire, flood, burglary, etc.) as well as financial or data losses. (b) They also include losses due to the acts of employees of the insured and computer based crimes such as hacking or virus attacks that may impact th ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ce Risk 2.6.1 Failure by the AMC to meet its regulatory obligations or manage changes in legal statutory and regulatory requirements may result in investigations, fines, financial forfeiture, or regulatory sanctions and material loss to investors and the organization. 2.6.2 The mandatory and recommendatory elements for managing compliance risk, are outlined below: 2.6.2.1 Mandatory Elements i. The AMC shall establish and maintain policies as required by applicable statutes and regulations, including policies to address the following: a. Know Your Client (KYC), Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) b. Outsourcing c. Customer Complaints & Investor Grievance - Should inter alia include details of adherence to SEBI regulations with regard to investor servicing and complaint resolution, tracking complaint resolution, update of complaint log and forwarding of complaints and the Management Information System (MIS) to compliance officer, complaint resolution process being reviewed by compliance officer. The compliance officer shall review the complaints with an objective to catch early warning signs for fraud or any systemic issues. d. Rela ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... d to trustees on a quarterly basis. b. Trustees may forward the results along with their comments and steps taken, if any, to SEBI in the half-yearly trustee reports. 2.6.2.2 Recommendatory Elements i. The following policies may be incorporated by the AMCs depending on complexity and scale of operations: a. Political Contributions. b. Outside business activity policy. ii. The AML/CFT program of the AMCs may include the following depending on the size and scale: a. investor awareness programs (literature or pamphlets or such) to educate clients about the AMC's AML/CFT obligations. b. Review of client risk scoring model to ensure effectiveness of the AML/CFT program. c. Independent or External review of AML/CFT policies to ensure their effectiveness. 2.7 Technology, Information Security and Cyber Risk 2.7.1 Given the huge dependence on technology, any system failure could trigger a variety of risks, e.g. operational risk, compliance risk. etc. Technology Operations should support processing and storage of information, such that the required information is available in a timely, reliable, secure and resilient manner. 2.7.2 Increasing disclosure requirements on publ ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ng, etc. c. Preventive measures and monitoring mechanism should be implemented to mitigate mis-selling risks. 2.8.3.2 Recommendatory Elements i. AMCs may consider adopting: a. Reputation risk policy. b. Media interaction policy and procedures c. Assessment and management of reputation via brand management tools, data analytics, business intelligence. d. Framework / Process to review and action any negative mention in traditional or social media. e. Procedures to monitor reputation risk on an ongoing basis. ii. The management may be involved in increasing awareness about conduct risk within the AMCs by: a. Conducting training programs for conduct risk awareness. b. Monitoring conduct risk indicators. c. Incorporating conduct performance as part of the AMCs' sales and marketing team metrics. 2.9 Outsourcing Risk 2.9.1 Inadequate management of outsourced processes lead to errors, frauds, Inefficiencies, poor quality investor services, breach of fiduciary duties data pilferages and long term impact on reputation and contractual obligations. 2.9.2 Asset management companies often rely on third parties including Custodians, Fund Administrators, R&T agents, and v ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... per the law. b. Due diligence (including AML/CFT, if applicable) is conducted on the service provider, where the outsourced activity is material, which may include the following considerations: 1. Availability of qualified and experienced service providers to perform the service on an ongoing basis 2. Arrangements for structured review of the capability and experience of service providers 3. Evaluation of relevant personnel for critical functions, to evaluate their specific competencies and execution capabilities 4. A disaster recovery and business continuity plan exist with regard to the contracted services and products, and that the adequacy and effectiveness of the same is maintained and tested periodically by the service provider. c. Analysis of the benefits and risks of outsourcing the proposed activity as well as the service provider risk, and determination of the cost implications for establishing the outsourcing arrangement. v. After outsourcing any activity, the AMC shall ensure: a. Outsourcing vendors' process/people/systems are reviewed. b. A periodic internal review is done on the functioning of outsourced activities (like Fund Accounting and R&T agent ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... d distribution risk, are outlined below: 2.10.2.1 Mandatory Elements i. The KRA/performance appraisal at the relevant CXO level must capture the performance in managing the risk of mis-selling. The risk of mis-selling may incorporate the components like the number of mis-sellings, outcomes in the inspection report, analysis of the portfolio of investors, analysis based on assessment of appropriateness to the investors, etc. As an example, a parameter to gauge mis-selling may be the analysis of whether growth in the AUM of a scheme is on account of performance or mainly due to higher commission paid to distributor. ii. The AMC shall also be responsible for the mis-selling done by the persons associated with selling of mutual funds including distributors. The performance disclosure to investors, if any, by the distributors should be true and fair. It should not be misleading to the investor by representing any selective time period representing the favorable return. iii. Detailed analysis should be done at the AMC level to verify mis-sellings, if any. iv. All the sales staff and distributers must be NISM certified with the required qualifications prescribed by SEBI/AMFI. v ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ernal controls over financial reporting of Mutual Fund schemes. 2.12 Legal & Tax Risks 2.12.1 Legal & Tax risk is the risk of loss to an institution which is primarily caused by: i. A defective transaction. ii. A claim (including a defense to a claim or a counterclaim) being made or some other event occurring which results in a liability for the institution or other loss (for example, as a result of the termination of a contract). iii. Failing to take appropriate measures to protect assets (for example, intellectual property) owned by the institution. iv. Change in law v. Misinterpretation of statutes and regulations. vi. Failure to collect or pay appropriate taxes, or submit required returns or information. 2.12.2 The mandatory elements for managing legal and tax risk, are outlined below: 2.12.2.1 Mandatory Elements i. The AMC should have documented processes and defined responsibilities for: a. Calculation and deposit statutory levies applicable to Mutual Funds. b. Acceptance of applications from permitted jurisdictions. c. Monitoring of risks emanating from tax related aspects and their redressal. d. Implementation of new and amended statutory and regul ..... X X X X Extracts X X X X X X X X Extracts X X X X
|
