Asset Management Supervision: The landscape today and 2018 supervision priorities - Michael Hodson, Director of Asset Management Supervision

26 October 2017 Speech

Central Bank of Ireland

Speech delivered to A&L Goodbody seminar

Good evening ladies and gentlemen. I am very pleased to join you at this event today which has been kindly organised by A&L Goodbody.

My plan today is to address a number of topics including the Central Bank’s supervisory priorities for 2018, the outsourcing arrangements within the asset management sector and developments at a European level.

Financial Regulation Pillar

But first, may I take a few moments to speak about the recent structural changes introduced in the Central Bank.

Since 1 September, the financial regulation pillar has been restructured into two distinct pillars; prudential regulation and financial conduct. Ed Sibley has been appointed the Deputy Governor of the Prudential Regulation pillar, which includes the credit institutions, insurance and asset management directorates. Meanwhile Derville Rowland has been appointed the Director General of the Financial Conduct pillar and has responsibility for consumer protection, securities and markets supervision and enforcement.

The changes are, to a large extent, a direct result of the scale of financial regulation activity which has increased sharply in recent years and also due to the increased level of European engagement required by senior management. The creation of the two new pillars will ensure that the Central Bank continues to fulfil its mandate in an efficient and effective manner. I also hope that the new pillars conveys to industry the importance that we place on supervising both conduct and prudential risk.

Overview of AMS

Turning to my own area of responsibility, the Asset Management Supervision Directorate falls within the prudential regulation pillar and is responsible for the supervision and authorisation of a diverse array of firms within the asset management sector.

At present, we supervise 371 firms, across the MiFID investment services and fund services space.

  • The MiFID firms we supervise have approximately €433 billion1 assets under management and over 140,000 clients.
  • In the fund services sector, there are close to 13,000 funds administered and nearly €4 trillion assets under administration.

2018 Supervisory Priorities

Let me say a little bit now about our 2018 supervisory priorities in the context of asset management supervision. At the outset, I want to be clear that the deliverance of high quality risk based assertive supervision, inspections and a robust approach to authorisations will remain a key priority.

In 2018 our on-going supervision programme of full risk assessments and thematic inspections will continue to evolve across both the MiFID and Fund Service Providers space. Our “business as usual” firm engagement is underpinned by PRISM and is key to achieving our mandate of protecting consumers and safeguarding stability. Such engagement enables supervisors to understand what firms do and their compliance with set rules, requirements and regulatory guidance. In this regard, firms can expect enhanced engagement where we identify risks that are above our tolerance levels. Moreover, our engagement model for low impact firms has progressed a lot in 2017 and this will continue to be developed next year.

With regards to Brexit, we will continue to challenge our existing authorised entities to understand how they are preparing. Firms should be planning now to ensure they are adequately prepared should a hard Brexit materialise.

Furthermore, firms that are considering applying for authorisation in Ireland due to Brexit will find a regulatory authority that is open, consistent and transparent in its engagement with firms. We have expanded our authorisation teams to ensure that staff are available to review applications as they arise and where we are asked to consider the authorisation of a firm in Ireland, we will want to be satisfied that we are authorising a business or line of business that will be run from Ireland and which we can effectively supervise. As highlighted by Deputy Governor Ed Sibley in a recent address2, “the long term strength, reputation and functioning of Ireland as a financial services centre would be poorly served by the Central Bank engaging in a competitive race to the bottom by allowing ‘shell’ or ‘briefcase’ firms to relocate here”.

Concerning IT risk, you may recall that in September 2016 the Central Bank published a Cross Industry Guidance in respect of IT and cybersecurity risks. The Guidance paper outlines the Central Bank’s expectations across IT governance, risk management, cybersecurity and outsourcing of IT systems or services. The risks associated with IT continue to be a key concern for my staff in supervising the asset management sector and with that in mind, this year we have very much focused on building up our IT inspection capability. We now have an IT and operational risk inspection team in place and in 2018 this team will participate in assessing IT risks as part of Full Risks Assessments and through their own thematic reviews.

We have been and will continue to be proactive and challenging firms over their MiFID II preparation and implementation. This engagement is necessary to ensure that the key objectives of the legislation are met, namely enhanced consumer protection outcomes and increased transparency in the market place.

MiFID II will result in an increase of four times the quantity of data we receive, therefore, a key focus for the Central Bank will be to continue to develop and enhance our analysis / analytic capabilities.

It would be remiss of me not to refer to CP86 given the audience present here today. Looking forward, there are a number of key obligations to be mindful of, such as managerial functions, organisational effectiveness and retrievability of records. The deadlines applicable are dependent on when the relevant fund management company was established. Ultimately, fund management companies need to be mindful that the implementation of the CP86 rules and guidance will influence our supervisory focus in 2018 with all obligations applicable from 1 July 2018.

If I can briefly touch on the management of client assets & investor money. This year the Central Bank completed a thematic review in relation to how investment firms holding client assets had implemented the new risk management requirements introduced in 2015. 2017 also saw a significant focus on MIFID II in order to identify changes required to the Client Asset Regulations and this culminated with the issuance of consultation paper CP 111 in July. It is intended that a feedback statement together with revised regulations will be published during Q4.

In 2018, the safeguarding of investor money will remain a key focus area, including engagement with fund service providers to assess the extent that the Investor Money Regulations are embedded in their arrangements. For investment firms, the protection of client assets will continue to be a key priority for the Central Bank. 2018 will see a regular schedule of onsite engagements, including focus on changes introduced by MIFID II and follow-up work in relation to the 2017 thematic findings. As always, our supervisory engagement is aimed at promoting the highest possible standards in relation to safeguarding client assets, in order to ensure risks to investor protection are effectively managed. 

Finally, in supervising, inspecting and indeed authorising firms in the asset management sector, an appropriate level of resourcing is paramount. The Central Bank has many dedicated and skilled people, I am always struck by the determination and commitment of our staff to ensure the work they do really does serve the interests of society at large. In my own area of AMS we, similar to other parts of the Bank, are recruiting to ensure we have sufficient staff to carry out the many tasks that we have and to deal with the increased level of authorisation activity as a result of Brexit and MiFID II.

A large part of this recruitment is at the more junior levels, with a high graduate intake planned for 2017/18. We do place a heavy emphasis on training new staff through our Learning and Development Centre in our North Wall Quay campus, a comprehensive mentoring programme and by providing in-house training courses such as our One Bank Curriculum. Moreover, to ensure our new staff can develop their careers and skillsets, we seek to involve them early in PRISM engagements, targeted firm meetings and thematic inspections with our more experienced staff.

Of course, hiring new staff that have industry knowledge and experience is always positive and in my view, even critical to delivering on our supervisory mandate. I am one of those industry hires, having just reached my 6th anniversary in the Bank, I can honestly say the Central Bank is a fantastic place to work. The breadth and variety of work involved, the commitment and quality of the people and the satisfaction one gets from knowing that you are working for the public good means it is a unique place to work.

Outsourcing

Moving on, I would now like to speak about outsourcing, how it feeds into our supervisory considerations.

Last year our supervisors carried out a review of outsourcing arrangements concentrating on the following areas (i) the extent to which larger Fund Administrators outsource their activities and (ii) the relevant control environment (governance and oversight arrangements) in place within these Fund Administrators in Ireland. The Dear CEO letter issued following this review has now been transposed into guidance and a Question and Answer document has been published.

This work has continued in 2017 with a review of the extent to which both (i) larger Irish Fund Administrators and (ii) Fund Administrators with a low impact PRISM rating, have outsourced activities.

What’s more, earlier this month the Central Bank issued a cross-sectoral survey on outsourcing activities to a sample of our regulated firms. The responses to the survey will facilitate the Central Bank in obtaining a holistic baseline view of outsourcing arrangements, including associated risks, across all regulated sectors at a point in time. The survey data will also assist us to ascertain the extent, nature, concentration and complexity of outsourcing arrangements and emerging trends from a cross sectoral perspective. Firms are requested to respond to the survey by 17 November and should you have any queries on the survey, please contact your supervisory team within the Central Bank.

Outsourcing and the Central Bank’s assessment of the risks will remain an area of focus across the different sectors in 2018. I am conscious that many of you in the audience today may ask why outsourcing remains a topic of interest for the Central Bank. The answer quite simply is that it is a material component of many firms’ operations in the Irish financial services sector today. On that note, I accept that outsourcing of certain activities makes sense from an operational and cost perspective. Outsourcing can also enable a firm to benefit from enhanced business processes and the additional expertise that the outsourcing service provider may have.

However, it does have associated risks that firms should consider and the Central Bank has to be mindful of. Examples of the risks, which can arise from outsourcing, include:

  • The concentration risk whereby a market or industry segment becomes over dependent on a few service providers.
  • The governance or oversight risk that stems from firms not taking reasonable steps to oversee the outsourced function in an effective manner and to ensure that the outsourced service does not have a negative impact on clients.
  • The contingency planning risk associated with the potential failure of the outsourced provider and the impact this could have on the regulated firm which could be largely unprepared.
  • From the Central Bank’s perspective, there is the mind and management risk whereby we could be presented with a firm seeking authorisation here that plans to delegate or outsource substantial activity to the extent that there is nothing more than a “letter box entity” in Ireland.

Looking wider afield beyond our shores, it is most notable that the Central Bank is not alone in addressing outsourcing arrangements in the financial services industry. Many other National Competent Authorities such as the Australian Prudential Regulation Authority, the OSFI in Canada and the FCA in the UK have all published standards or guidance on their outsourcing expectations.

I think a proactive approach by National Competent Authorities, including the Central Bank is necessary, especially when one considers that the future of the outsourcing landscape could see cross-sectoral selling of products and services, hitherto only provided in their traditional sector of Banking, Insurance or Markets. This is likely to be further disrupted by the advent of Fintech service providers operating either as standalone service providers or in conjunction with existing firms in each of the sectors. Most of these arrangements will involve some form of outsourcing or “strategic partnering”.

European Participation

At this juncture, I would like to give you a flavour of the participation that the Central Bank has at a European level and outline why this is important. In my directorate for instance, management and senior staff represent the Central Bank at ESMA working groups, committees and task forces.

Moreover, in my role as Director, I represent the Central Bank on ESMA’s Supervisory Convergence Standing Committee and ESMA’s Supervisory Coordination Network. Supervisory convergence is a key part of ESMA’s work and it helps to promote a level playing field in regulation and supervision across EU member states. The Supervisory Coordination Network is equally as important as it provides a forum for exchanging views in relation to relevant Brexit applications received by national authorities on an anonymised basis.

It is my view that active participation at a European level is key to ensuring that the Central Bank’s supervisory priorities, opinions and concerns are considered. I think that this is most relevant today when one considers the scale of developments that we have seen and will continue to see in the future.

For example, earlier this year we saw the publication of the ESMA opinions which set out principles aimed at fostering consistency in authorisation, supervision and enforcement activities related to the relocation of entities, activities and functions from the UK. Central Bank staff provided input to the drafting of the opinions and overall, the Bank is supportive of the work of ESMA to ensure convergence in how national authorities respond to Brexit.

If one considers the content of the ESMA Work Programme for 2018 that was published last month, most notable is the focus on promoting supervisory convergence, as well as work on assessing risks to investors, markets and financial stability.

Another recent development you may be aware of is the European Commission’s proposed reforms that pave the way for further financial integration. The legislative measures under consideration would bring about significant changes to the governance and funding of the European Supervisory Authorities and to the role of ESMA as a direct supervisory authority over certain entities.

The Central Bank is currently analysing carefully the proposals, which are very detailed and far reaching. Although the Bank has not yet concluded on its assessment, there are elements that we are supportive of, for example, enhancing the consumer protection mandate and the centralisation of approval of critical benchmarks with ESMA.

Culture

Before I conclude let me pose the question to the audience present here today, what is good culture and more to the point, why does it matter.

First of all, when we talk about culture, we are really talking about behaviour, as a firm’s culture drives the behaviour of the individuals employed. If I can expand on this, I think to deliver a good firm culture, the tone from the top is key and so too is a firm’s vision and its values, which ultimately provide employees with a set of guidelines on the behaviours and mind-sets required to achieve that vision.

In speaking about culture, I am reminded of a well-known saying originated by the management consultant Peter Drucker who said that “culture eats strategy for breakfast”. Taking this a step further one could easily argue that a firm’s culture eats strategy for breakfast, lunch and dinner. Culture is important to us as supervisors because it seeps across many risks such as operational, market and conduct.
Undoubtedly setting a sound footing for a good culture will always fall to each individual firm. However, assessing culture risk is a priority for the Central Bank and in 2018 firms can expect their supervisors to challenge them on the appropriateness of their culture and the behaviours that culture is promoting.

Conclusion

I will leave you by saying that 2018 is already shaping up to be another interesting year in the asset management sector in Ireland. We will see the implementation of new rules, MiFID II and final pieces of CP86 as examples. The Brexit negotiations and the final outcome of any future trading relationship may have far reaching consequences for existing firms, while the potential for new firms types due to Brexit could transform the asset management landscape in Ireland. On top of all this, we have the continuing focus on the Capital Markets Union, the potential for significant changes to the capital requirements for investment firms, not to mention the review of the various European Supervisory Authorities.

As both Benjamin Franklin and closer to home Roy Keane have said ‘fail to prepare, prepare to fail’, both regulators and regulated entities need to spend time ensuring that they are prepared for the changes that will impact upon them. 

------------------------------------------------------------------

1 Figures in this paragraph are based on Central Bank estimates.

2 The Irish Financial Services sector: a Prudential Regulation Perspective - Deputy Governor Ed Sibley

* With thanks to Adrian O’Mahony for his contribution to these remarks.