14 November 2018
On 23 August 2018, the financial supervisor CSSF issued Circular 18/698 addressed to Luxembourg based Investment Fund Managers (‘IFMs’). The Circular covers the required level of local substance, the organizational requirements for core business activities, internal control functions, and the conditions for delegation of activities.
The Circular came into effect immediately although no time-frame has been given to the IFMs to adapt to these new provisions. However, delegation oversight activities should be properly performed, well documented and appropriate follow-up should be given. IFMs should be able to present the regulator with complete documentation, correct reports from A to Z.
Yes, that can be somewhat challenging. For most IFMs delegation monitoring is a manual process, and very much dependent on individual employees. But it is exactly for this reason, the inherent risk of inconsistencies in the process and quality of reporting, that the CSSF will no longer tolerate incomplete and inadequate delegation monitoring. As you can see, adhering to this new Circular is a priority task.
So, are you compliant? Below we outline the main considerations.
The Circular states that third parties are subject to both initial due diligence and ongoing monitoring. These requirements are outlined in sub chapter 6.2 ‘Delegation Control Arrangements’. Similar requirements apply in the event of sub delegation. It also doesn’t matter if the delegate is within the same corporate structure or an external third party.
When assessing the risks arising from the delegation several elements must be taken into account, including the jurisdiction, ownership, control functions, reputation, expertise, the financial situation of the delegate – and many more.
The (initial)due diligence for each delegate must be formalized to take actions that are in line with the risk based approach. Furthermore, all observations and the detailed analysis of the information from the due diligence procedure should be properly documented.
The initial due diligence documentation must be available at the registered office and should be – at the request of the CSSF- provided immediately.
The services provided by the delegate should be compliant all the time, not just in terms of the regulations, but also from a legal and contractual perspective. Furthermore, to determine whether the delegate is qualified and capable to perform the respective delegated task, its organizational structure and applicable procedures should be assessed long term. The risk arising from the respective delegated activity should be reassessed on a regular basis.
In addition to performing periodic due diligence, a requirement for the ongoing monitoring is that a control mechanism should be put in place. Not only to properly document the data of the delegated activities, but also – following the risk based approach – the IFM should have a methodology for analyzing the results of its control system and have an alert systems to control its delegates.
As with the initial due diligence, the ongoing monitoring should be made available to the CSSF upon request.
Most likely your current delegation (control) procedures are not compliant with the level the CSSF requests. And – to put it mildly – that raises a significant challenge to overcome. But we can help you to meet the most stringent of regulatory demands – just get in touch! Our solution makes delegation monitoring seriously easy.
ComplianceWise’s CW360 can help you easily take control of your AML and compliance obligations, from KYC to transaction monitoring and cashflow management. Not only do we help to reduce the risk of non-compliance costs, but our solution also offers an opportunity to gain valuable business insights that can be used to inform management decisions and support strategic planning.