The Dear CEO letter sent out last week to alternative asset managers shows that the sector is now in the FCA’s crosshairs. If you manage hedge funds, private equity or venture capital or you manage portfolios that contain these asset classes, you need to make sure you are ready to respond any requests for information from the FCA or a supervisory visit. The FCA has upped the ante by making a clear threat of enforcement in the Dear CEO letter, so the warning should not be taken lightly.
The Dear CEO letter, ‘Our Alternatives Supervision Strategy’, presents what the FCA sees as the ‘key risks of harm’ from the sector. The FCA supervision team highlight their priorities: inappropriate products, client money, market abuse, market integrity, AML and EU withdrawal. For each of these areas there are specific actions you can take to make sure your house is in order.
Investor exposure to inappropriate products or levels of investment risk
In the FCA’s view, all alternative investments carry ‘significant’ levels of risk. Whether we agree on this or not, the expectation is that firms will consider appropriateness or suitability for investors. Since MiFID II, all firms should be following the Product Governance Rules, which apply whether you are the product manufacturer or the distributor. Manufacturers include all fund managers, EIS managers and operators. Distributors include placement agents, wealth managers, financial advisors and platform operators.
A particular concern of the FCA is where investors have been opted up to ‘professional’ status. It is a common misconception that the suitability rules and the appropriateness rules do not apply to professional clients: in large part they do, and firms will need to be able to provide evidence that they have complied.
What should firms do to get ready?
- Review target market assessments to make sure they show the appropriate level of rigour. The FCA will take a dim view of TMAs that have been cut and pasted from previous fund offerings.
- Speak to your fund distributors or placement agents – you need to be confident they understand the applicable marketing restrictions. Keep a record of these discussions and report any concerns to your board.
- If investors have been opted up, review your records to make sure there are clear and reliable details on the investor’s knowledge and experience.
Client money and custody assets controls
When the regulator identifies CASS failings, it can penalise firms hard – we have seen this frequently across other sectors. The FCA plans to test whether firms with client money permissions have ‘robust control frameworks’ to ensure CASS oversight. Best practice – indeed good practice – goes well beyond the rules and guidance in the FCA Handbook.
Effort spent now to make sure your controls are robust could save you money and hassle in the long run. What would we recommend?
- Consider your CASS governance arrangements. The FCA is keen on robust CASS MI packs. Get an expert view to make sure they’re consistent with the regulator’s expectations and market practice.
- Does your board really understand the risks in relation to client money and client assets? If not, they will need training. And quickly.
- Look at your latest your CASS audit. Unless your auditor has particular CASS expertise – and many don’t – there is a high chance that the CASS audit will not provide the level of assurance that you need. Who actually performed the CASS audit? Was it an experienced individual or a trainee audit junior?
- Have you classified your records correctly? Many firms rely on APIs from their banks as their records but consider these to be internal records: they are not. You may need to have an external reconciliation to remedy this.
- Familiarise yourself with the FRC CASS audit standards. We realise you may feel you have better things to do, but the FCA has been testing firm’s familiarity with the standards.
Three years after the Market Abuse Regulation came into effect, the regulator has finally decided to check that you’ve implemented it correctly. MAR applies to all firms, not just to banks and brokers. The Dear CEO letter states that ‘marketing abuse controls across the sector have significant scope for improvement’. You have been warned!
- Is your MAR risk assessment robust? The FCA expects the risk assessment to inform your entire MAR control framework.
- If you have market abuse software generating alerts, have you recalibrated its alert parameters since implementation? Can you demonstrate that the parameters address the risks that your business faces?
- When was the last time your investment managers or your board received market abuse training? The board is ultimately responsible, so will need to have a degree of expertise.
Market integrity and disruption
The FCA’s initial work has identified inadequate risk management frameworks. Ominously, the Dear CEO letter indicates that they are planning to carry out “in-depth assessments of firms’ controls and may involve your firm”. This is another stark warning and there are some obvious steps firms can take to protect themselves:
- Review your risk management framework. Does it identify and control all applicable risks in your asset class, strategy, markets, counterparties, credit arrangements etcetera?
- If you are subject to AIFMD, review your risk management controls and in particular your MI. Does it reflect the investment risks that have been highlighted in well-publicised recent fund failings?
- If you have to perform an ICAAP, you should make sure the risks that it considers reflect those in your risk register and accurately reflect those risks that the firm faces.
Although all the usual financial crime areas are mentioned in the Dear CEO letter, it focuses on AML and terrorist financing. Financial crime control failings have been a focus of the regulators for some time now and the largest fines are usually imposed in this area. As a result, all firms will be familiar with the concepts, if not the regulators’ expectations, particularly in relation to the latest Money Laundering Directive, which took effect in January 2020. We encourage all firms to consider the following:
- Update your sanctions checks on all investors, counterparties and key suppliers. This should be the first control in every anti-terrorist financing framework.
- Review your financial crime risk assessment. The FCA expects this to be done at least once a year.
- Make sure you have implemented the fifth Money Laundering Directive properly, updating procedures and training relevant staff.
The FCA expects all firms to consider the implications of EU withdrawal. Given that this has been a top priority since 2016 of every firm affected, there is probably not much for the FCA to get excited about here. Unfortunately, in some areas the effects of Brexit will depend very much on the specific EU country in which you do business or in which your investors are based. So our advice is to seek expert advice in the country – Bovill can usually make introductions.