SEBI has revised the guidelines for risk management framework for mutual funds. The new regulations come in place of the previous guidelines issued in 2002.
The regulator said the review was taken up keeping in mind the developments in the industry over the years.
"There have been significant developments in the mutual fund industry and in the financial markets as a whole, including in the area of product innovation, investment in newer asset classes, distribution landscape, technological evolution, investor penetration and awareness, increase in risk elements, etc. Accordingly, it has been decided to review the extant Risk Management Framework for Mutual Funds," SEBI said in a circular.
The new rules will come into effect from January 2022.
SEBE said that fund houses have to establish a risk management framework (RMF) that can identify potential risks and implement control measures.
Let us look at key highlights of the revised RMF.
Governance and organisation
- Risk management will be an independent function of AMCs. For each risk area like investment, compliance, operations and cyber security, the AMC will have to appoint a dedicated CXO-level risk officer, i.e. a Chief Risk Officer (CRO), who will be responsible for the overall risk management
- It is mandatory for AMCs and trustees to have a Risk Management Committee (RMC). The committee will recommend long term solutions regarding risk management
Responsibilities of board, trustees and officials:
Board of AMC and trustees
- Review and approve RMF policy and the risk appetite framework of the AMC and each of its schemes
- Define specific responsibility of the management including CEO
- Reporting of material risk related observations to SEBI on periodic basis
Management
- Oversee risk management process and keep the board and trustees informed about new and emerging risks
- Prepare a quarterly report on risks and share it with the board and trustees
- Take into account risk management performance of CEO and senior officials during performance appraisal
CEO
- CEO will be responsible for all risks at both AMC and scheme level
- He/she will have to review risk management functions every month
- Define risk appetite and the responsibilities of CIO and CXO
- Report to the board and trustees in case of any risk issue and approve the corrective action
CRO
- Implement the risk management framework
- Review specific responsibility of management, including CEO, CIO, CXOs, and fund managers
- Put in place mechanism for risk reporting at least on a quarterly basis
- Independent assessment of reporting of risk to various committees and CEO
CIO and fund managers
- Daily management of risk and reporting important aspects on market risk, liquidity risk, credit risk etc.
- Define responsibilities of fund managers and adhere to SEBI guidelines with respect to RMF
- Calculate overall risk by taking into account the risk-o-meter and events of default
CXOs
- Ensure adherence to risk management rules in respective risk type
- Take immediate corrective action after approval from CEO
Identification of risks
SEBI has released a set of questions, which AMCs can use to identify risks. They include:
- What are the different types of risks faced by the mutual fund?
- What is the probability of the happening of each of the identified risks?
- What is the likely impact of key risk events, in terms of financial loss, reputation loss, impact on investors/ unit holders and regulatory action?
- What are the emerging or new risks?
Reporting of risks and related information
- A structured bottom-up reporting process for facilitating a meaningful and independent analysis by the risk management function
- Management to be informed about the findings of the risk management function at least once every month
- Risk management function to promptly report to the management/risk management team/AMC board where any significantly emerging risk issues are not adequately addressed
Managing key risks
Investment risk
- Have investment policy for each asset class
- Pre-defined policies for Inter-Scheme Transfers (ISTs), investment valuation and broker empanelment policy, stock or sectoral exposure
- Review and take corrective actions in case of passive breaches
- Analyse trends like redemption, investor concentration and distributor concentration
Credit risk
- Introduce credit risk management policy, evaluate ratings receive from multiple rating agencies and carry out internal risk assessment
- Generate early warning signals of issuers’ credit profile
- Carry out stress testing by applying shocks based on downgrade, negative outlook and so on
Liquidity risk
- Introduce separate framework at scheme level. For debt and money market, liquidity has be tested based on maturity of papers like 0-30 days, 30-60 days and so on
- Carry out back testing and stress testing to check redemption pressure
- Manage mismatch in asset and liability of underlying securities
Governance risk
- Introduce an approved policy for managing governance risk
- Assess track record and history of issuers
- Monitor conflict of interest of board and key personnel
Operational risk
- Implement operational risk policy to check governance structure and introduce new product approval process
- Introduce dealing room policy
- Define roles and responsibilities for time stamping, KYC review, credit identification, tracking high value transactions, etc.
- Identify frauds and put in place monitoring mechanism to address such scenarios
Compliance risk
- Put in place a system where compliance officer directly receive complaints. The officer will have to review complaints with an objective to catch early warning signs for fraud
- Among other key requirement of AMCs to reduce compliance risk are timely filing of regulatory reports, review of marketing material, ensuring that investment declaration is in line with disclosure, introducing mechanism to check possible insider trading, prevent and detect trading violation and so on
Technology, information security and cyber risk
- Integrate reputation management in business planning
- Establish a crisis management policy to minimize risk of negative publicity in an event of any incident or conduct of an employee
- Monitor social media grievances
- Establish code of ethics and business conduct
- Consumer behaviour must be considered to design a product
Outsourcing risk
- AMCs have to appoint a dedicated person to oversee outsourcing activities
- Introduce outsourcing policy, which will have description of activities that can be and cannot be outsourced
- Monitor and control outsourcing activities
- Ensure that all outsourcing activities are accurate and timely
Financial risk
- Introduce accounting policies for finance and mutual fund accounting
- Regular testing of internal controls over financial reporting of mutual fund schemes
Legal and tax risk
- Introduce documented process with defined responsibilities for calculation and deposit of taxes applicable to mutual funds
- Appoint a person for execution and registration of legal agreement and documents
Talent risk
- Introduce succession plan for identified key positions
- AMCs cannot be deprived of the services of any key managerial person
- Screen employees including background checks
