ASIC says four out of five managed funds aren't compliant

Australian Financial Review Jun 13 2017 5:11 PM

James Frost

Surveillance by the Australian Securities and Investments Commission found four out of every five fund managers failed some aspect of compliance in the regulator's annual review of the sector.

The operation involved 28 fund managers with $100 billion in assets under management and was conducted in 2016. The regulator said that three entities continue to remain the subject of high-intensity broad-based surveillance.

Responsible entities (REs) were the focus of the surveillance. REs are structures designed to hold assets on behalf of scheme members and were created by the Managed Investments Act of 1998.

ASIC said the aims of the review was to show the sector "what good looks like" in so far as treating investors fairly, providing transparent products, balance risk and ensure that clients are fully compensated where losses flow from poor conduct.

Among the key areas of concern identified by ASIC were risk management systems, cyber resilience, levels of professional indemnity insurance, the ability to manage conflicts of interest, dispute resolution processes and whistle-blowing measures.

Worryingly for investors, two of the responsible entities investigated had no risk management systems in place at all. Two others were asked to update their existing plans to comply with their obligations.

The ability to withstand cyber attacks was another area of concern, with nine of the firms and three of their service providers subject to malicious cyber activity in the preceding 12 months.

Seven firms were asked to review their policies with ASIC, continuing to monitor one because of concerns about the robustness of their response.

The report said that while all responsible entities had professional indemnity insurance in place, that some were junk policies with two responsible entities having less than the minimum level of cover in place. The minimum level is either $5 million or the sum of the fund's entire assets, whichever is lower.

Breach reporting was another area found wanting in the sample. ASIC found that 19 of the 28 responsible entities identified compliance breaches or control failure incidents. Six of the 28 identified 10 or more breaches and incidents in the 12-month period.

ASIC said that two of the 28 responsible entities recorded high numbers of disputes and were analysed further to rule out the prospect of systematic weaknesses.

Only three of the firms reviewed explicitly identified the board as having a role in reviewing complaints, and ASIC reminded all the participants that board oversight of the complaints process was essential.