TMI BlogRisk Management Framework (RMF) for Mutual FundsX X X X Extracts X X X X X X X X Extracts X X X X ..... product innovation, investment in newer asset classes, distribution landscape, technological evolution, investor penetration and awareness, increase in risk elements, etc. Accordingly, it has been decided to review the extant Risk Management Framework for Mutual Funds. The matter was deliberated in the Mutual Funds Advisory Committee (MFAC) based on the inputs received from the mutual fund industry. The recommendations of MFAC have been suitably incorporated in the Risk Management Framework for mutual funds. 3. With the overall objective of management of key risks involved in mutual fund operation, the revised Risk Management Framework (RMF) shall provide a set of principles or standards, which inter alia comprise the policies, procedures, risk management functions and roles responsibilities of the management, the Board of AMC and the Board of Trustees. 4. The detailed RMF for mutual funds are placed at Annexure-A. 5. The elements of RMF, wherever applicable, have been segregated into mandatory elements' which should be implemented by the AMCs and recommendatory elements' which address other leading industry practices that can be considered for implementation ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... icate and consult with stakeholders throughout. f. Protect reputation. ii. The objectives of RMF should assist the management and the Board of Directors of both AMC and Trustees in: a. Demonstrating high standards of due diligence in daily management. b. Promoting proactive management and early identification of risk. c. Assigning and increasing accountability and responsibility in the organization. d. Managing risk within the tolerance limits defined in the RMF. iii. The RMF of mutual funds shall comprise the following components: a. Governance and Organization. b. Identification of Risks. c. Measurement and Management of Risks. d. Reporting of Risks and related Information. 1.1 Governance and Organization i. Risk Management shall be an independent and specific function of the AMC. ii. There should be at least one CXO level officer identified to be responsible for the risk management of specific functions of the AMC/Mutual Fund. For instance, there should be dedicated risk officers for various key risks such as Investment Risk (by Chief Investment Officer), Compliance Risk (by Chief Compliance Officer), Operational Risk (by Chief Operati ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... 1.1.1 Risk Management Policy The risk management policy can be a macro level description of risk management governance (including roles and responsibilities of the Board of AMC and the three lines of defense Management, Risk Management Team and Internal Auditor), the organization's risk appetite and key elements of its risk management process. The policy on the RMF shall be approved by the board of AMC and trustees. The mandatory and recommendatory elements for inclusion in the risk management policy, approved by the board of AMC and trustees, are outlined below: 1.1.1.1 Mandatory Elements i. There shall be an approved policy on the RMF both at AMC and scheme level. ii. A risk appetite framework should be in place at both AMC and scheme level. Quantification of the framework in the form of a metric for key risks shall include but not limiting to credit risk, market risk and liquidity risk, etc. and targeted path of improvement. The metric, wherever applicable, should incorporate an appropriate benchmark vis- -vis which the measurements of risk and targeted risk levels may be made. iii. There should be a Delegation of Power (DoP) framework covering daily risk ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... for risk based KRAs and KRAs at level of CEO and up to one level below CEO. Suggest modifications in KRA outcomes and link compensation to those KRAs. vii. Review of actions taken by Board of AMC and management in respect of risk management. viii. Reporting of material risk related observations to SEBI on periodic basis. ix. Setting up of the risk management function and developing appropriate structures and procedures to ensure that it can function independently. x. Approving a methodology for Board Evaluation of the RMF (either through outsourced or self-assessment) on an annual basis. xi. Annual review of effectiveness of the AMC and/or management s risk management function and policies including risk metrics to address the risk outcomes. xii. Trustee may recommend reduction/ change in the risk level of the schemes within the Potential Risk Class (PRC). xiii. For assessing the effectiveness of the RMF, a. The board of AMC should seek an annual report through an internal management assessment process or from a third party covering all key risks and key risk metrics both at the AMC and scheme level. b. The RMCs of both AMCs and Trustees shall meet at lea ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ing (both periodic and escalation of material incident) and corrective actions taken, if any. f. The CEO shall approve the corrective action on various findings and report to the board of AMC and trustee regarding the same and also escalate to board of AMCs and trustees, if required, any major findings being reported. 1.1.2.2.2 Risk Management - Role of Chief Risk Officer (CRO) i. The CRO shall be responsible for ensuring that there is an effective governance framework and reporting framework of risk management in line with the regulatory requirements. ii. The risk management roles of the CRO are as under: a. Implementation of Risk management framework across the organization. b. Review specific responsibility of management, including CEO, CIO, CXOs, and Fund Managers. c. Put in place mechanism for risk reporting at least on a quarterly basis to the board of AMC, trustees and RMCs, covering all risks including risk metrics, escalation of material risk related incidents, timely and corrective actions taken, if any. d. Independent assessment of reporting of risk to various committees and CEO, etc. e. Put in place mechanism for reporting to CEO - Including ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... sonnel reporting to them. c. Maintaining risk level as per the risk metric. iii. The CXOs shall take immediate corrective action for non-compliance or major finding post approval from CEO as per DoP and shall report to CRO regarding the risk reports. iv. The CXO shall escalate to CEO and the CRO any major findings reported by respective risk management function. 1.1.2.2.5 Risk Management - Role of Fund Manager (FM) i. The FM shall be responsible for daily management of investment risk of managed scheme(s) such as market Risk, liquidity Risk, credit risk and other scheme specific risks and appropriate risk reporting of any risk related event to CIO. ii. In respect of schemes managed by them, FMs should ensure: a. Adherence to relevant SEBI guidelines in respect of RMF and relevant principles thereunder including risk identification, risk management, reporting and corrective actions etc. b. Adherence to risk appetite framework to maintain appropriate risk level for schemes. c. If there is any need of change in the risk appetite of the scheme within the PRC of that particular scheme, the same is to be with the approval of the CIO. iii. The FM shall take ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... on wide risk like operational risk, technology risk, legal risk, talent risk, outsourcing risk, etc. 1.3.3 Having identified and documented the applicable risks, the risk management function should develop process/tools to measure and manage those risks. For this purpose, the following needs to be considered for each risk category: i. Ascertaining the measurement criteria for each risk category (qualitative and quantitative criteria). ii. Documentation of measurement tool(s) for each risk category, i.e. Risk and Control Self-Assessment (RCSA), stress testing, scenario analysis, etc. iii. Determination of required frequency of monitoring. iv. Developing a process for escalation. v. Determination and documentation of remedial or mitigating actions. Wherever appropriate, it is recommended that AMCs consider documenting risk limits based on their risk appetite. 1.3.4 The mandatory and recommendatory elements for measurement and management of risks, are outlined below: 1.3.4.1 Mandatory Elements i. The AMCs shall have established structure and responsibility across the three lines of defense: a. Business Operations. b. Oversight functions like Risk ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... up-to-date responding to new strategic priorities and risks and the monitoring mechanisms are working to ensure compliance with the updated policies. vi. Mechanisms are established for management to make use of early warning indicators to identify, evaluate, and respond to changes quickly. vii. Periodic stress tests are performed on critical risks and the impact of risks are assessed based on acceptable tolerances. viii. Based on the management of the risk level as defined by respective risk metric of CXOs, necessary corrective actions must be taken to address any short comings. The output of the risk level shall be an indicator of the performance of the respective CXOs and shall form one of the inputs for their performance review. 1.3.4.2 Recommendatory Elements i. There should be independent testing and verification of efficacy of corporate governance standards and business line compliances, validation of the RMF and assurance over the risk management processes by external agency. 1.4 Reporting of Risks and Related Information 1.4.1 Adequate risk reporting is an integral part of the risk management framework and it is important that those responsible for ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ligence, etc. that are to be adhered to by the mutual funds. The following sections incorporate comprehensive guidelines for management of various key risks by the AMCs, elements of which may overlap with the above mentioned norms and in such cases, the detailed norms specified in the relevant circular must be strictly followed. b. These key risks may be divided in to two broad categories. i. Scheme specific risks ii. AMC specific risks c. The scheme specific risks are the risks majorly associated with the core activities of investment and portfolio management. The AMC specific risks are the risks associated with the functioning of the mutual fund business by the AMC. d. The scheme specific risks may be divided in to the following categories. i. Investment risk ii. Credit risk iii. Liquidity risk and iv. Governance risk The AMC specific risks may be divided in to the following categories. i. Operational Risk ii. Technology, Information Security and Cyber Risk iii. Reputation and Conduct Risks iv. Outsourcing Risk v. Sales and Distribution Risk vi. Financial Reporting Risk vii. Legal Tax Risks and viii. Talent Risk The compl ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... be clearly defined. b. An investment policy for investment in various asset classes/ securities as permitted by SEBI from time to time and policy on hedging of interest rate risk, foreign exchange risk, price risk, etc. c. Policy on participation in IPOs/FPOs including policy on participation in IPOs/FPOs of associate/ group company(ies). d. Trade execution policy. e. Policy on trade allocation and Inter-Scheme Transfers (ISTs). f. Investment valuation policy. g. Broker empanelment policy. h. Trustee should review the portfolio at frequency as required by SEBI Regulations. ii. The AMC must ensure that investment risk is adequately factored in by: a. Setting up an Investment committee which has close coordination with related departments, and monitors market risk. b. Setting limits for issuer/ sector exposure vis-a-vis benchmark (in line with MF Regulations and internal limits). c. Setting limits for investment in debt and money market instruments of various credit qualities. d. Having all relevant documents and disclosures (that are required for listing) with regard to the debt and money market instruments before finalizing the deal for investme ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... s complete, accurate, timely and meets the needs of various stakeholders. f. Adequate documentation of calculations, analyses and decisions is maintained. g. Performance and positions with regard to objectives of schemes are reviewed. h. Performance vis- -vis scheme benchmarks and performance of peer group(s) is reviewed. i. Exceptions are defined and their monitoring is conducted. j. Exceptions in style drift and portfolio concentration are reviewed. k. In cases of inter scheme transfer, the scheme (s) buying the securities must conduct an enhanced level of due diligence. 2.1.5.2 Recommendatory Elements The AMCs may consider the following practices: a. Regular analysis on bulk trades and block deals of large values. b. Formulating a plan for assessing and monitoring risks of investing in multiple markets. c. Setting limits for minimum number of stocks/securities, cash (net of derivatives), stocks/securities vis-a-vis benchmark and Beta range. 2.2 Credit Risk 2.2.1 The credit risk relevant to mutual funds is the issuer credit risk attributable to individual securities and the negative outlook on specific sectors or industries and its conse ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... continuous liquidity requirements like close ended and interval schemes) and should display alerts pertaining to asset liability mis-match on monthly basis and in line with any other relevant guidelines as specified by SEBI in this regard from time to time. The aforesaid model, should be based on the following key principles: a. The secondary market liquidity of assets of the scheme, shall be incorporated into the liquidity risk management model. b. For debt and money market instruments, the total asset value shall be classified in various maturity buckets for e.g. assets maturing in days 0-30, 30-60, 60-90 and so on. Debt and money market instruments that have a demonstrable secondary market liquidity shall be classified into a lesser maturity bucket depending upon the reasonable time in which particular value of the said instrument can be expected to be offloaded. In the absence of demonstrable secondary market liquidity, the instruments shall be strictly classified based only on the maturity dates. c. Liabilities of scheme shall be modelled in similar buckets based on back testing of historical data for subscription and redemption amounts in the respective schemes. The ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ng liquidity risk - cash flow approaches, ratios/tools for monitoring market liquidity (including equity market), etc. b. Measures for managing intra-day liquidity and controls around the same. c. Stress testing policy to align the stress testing requirements mandated by SEBI for mutual funds in India specifically incorporating: 1. Risk parameters used and methodology adopted to conduct the stress tests. 2. Procedure to deal with stress events and early warning signals. d. Overview of funding plans/strategy during normal and stressed events, including contingency funding plan. v. Systematic classification and evaluation of liquidity risks should be initiated by performing following activities: a. Evaluation and disclosure of liquidity risk associated with schemes/products in the SID. b. Controls around preparation and accuracy of cash flows. c. Management of collateral and margins for execution and settlement of derivatives, securities and money-market instruments. 2.3.2.2 Recommendatory Elements i. AMCs may consider introducing the following measures: a. Judicious use of intraday / overnight borrowing lines to address liquidity / settlement ri ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... anization or at a third party service provider, it is important to have adequate monitoring and tracking of all elements that can go wrong. This includes fails, reconciliation differences, customer complaints, guideline breaches, systems issues, process gaps, system bugs, etc. It is equally important to have an escalation process as any undue delay in reporting could magnify the loss or turn a gain into a loss. 2.5.3 The key for effective operational risk management should be to create a process that tracks the various elements of operational risk over time, to identify trends that could be an early warning signal, and to implement an exception/escalation process that ensures the problems which are significant, large, aged or growing dealt with at increasingly higher levels of management. 2.5.4 SEBI vide circular SEBI/HO/IMD/DF2/CIR/P/2019/57, dated April 11, 2019 has provided indicative guidelines encompassing system audit framework. The systems and processes as elaborated in the aforementioned circulars must be in place and any future guidelines issued by SEBI in this regard may be suitably followed. 2.5.5 The mandatory elements for managing operational risk, are outline ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... between the different businesses earned out by the Asset Management Company (such as PMS, AIF, Overseas Investments, Advisory, Mutual Funds, etc.) 9. Documented process to review human errors in transaction processing to identify training needs and corrective actions to prevent the errors in the future. d. There is an adequate RCSA process for operational risks on a periodic basis with a structured reporting methodology. e. The AMC should perform the following: 1. Analyze and classify frauds into internal (within the organization) and external (by persons outside the organization) frauds, identify root causes and incorporate monitoring mechanisms to address fraud scenarios. 2. Reporting of frauds and near miss incidents to the Board of AMC and Trustees on quarterly basis. f. Insurance cover shall be obtained for first and third party losses: 1. The mutual fund must have insurance cover against third party losses arising from errors and omissions: (a) Third party liabilities refer to liabilities arising out of financial loss to investors or any other third party, incurred due to errors and omissions of directors, officers, employees, trustees, R T agents, cu ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... i. The AMC may implement the following depending upon the scale and complexity of business: a. Documenting a Fraud Response Plan and reporting of near miss incidents. b. Developing Fraud Risk scenarios and updating with changing business dynamics, documentation thereof being maintained in appropriately designed and updated Fraud Risk Registers (capturing details such as past fraud incidents). c. Using data analytics as a key tool for identifying fraud patterns and indicators. d. Conducting a fraud control and reporting' training program. 2.6 Compliance Risk 2.6.1 Failure by the AMC to meet its regulatory obligations or manage changes in legal statutory and regulatory requirements may result in investigations, fines, financial forfeiture, or regulatory sanctions and material loss to investors and the organization. 2.6.2 The mandatory and recommendatory elements for managing compliance risk, are outlined below: 2.6.2.1 Mandatory Elements i. The AMC shall establish and maintain policies as required by applicable statutes and regulations, including policies to address the following: a. Know Your Client (KYC), Anti-Money Laundering (AML) and Comba ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... lities. b. Transaction Monitoring is done to identify Suspicious Activities. c. Suspicious Transactions Reporting is done to the relevant authorities. d. Adequate training programs to ensure employees are constantly aware of money laundering/financing of terrorism risks and measures (focus on their roles and responsibilities). iv. AMCs should have systems in place to detect and prevent securities market violations including securities market frauds and malpractices at their end: a. A report containing details of the alerts generated and the subsequent actions taken in this regard should be submitted to trustees on a quarterly basis. b. Trustees may forward the results along with their comments and steps taken, if any, to SEBI in the half-yearly trustee reports. 2.6.2.2 Recommendatory Elements i. The following policies may be incorporated by the AMCs depending on complexity and scale of operations: a. Political Contributions. b. Outside business activity policy. ii. The AML/CFT program of the AMCs may include the following depending on the size and scale: a. investor awareness programs (literature or pamphlets or such) to educate clients about t ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... approve and monitor the effectiveness of implementation of an enforceable code of ethics and business conduct; in the event of a material breach in conduct or a significant reputation risk event, the Board of AMC should be informed. iii. The following practices must be adopted by the AMC: a. While designing or improving the products, the complexity of the product and consumer behaviors must be considered. b. Impact assessment should be undertaken for sales and promotion expenses (i.e. evaluation of value added v/s cost incurred) using appropriate techniques, e.g. analysis of complaints, compliance monitoring program, data analytics, mystery shopping, etc. c. Preventive measures and monitoring mechanism should be implemented to mitigate mis-selling risks. 2.8.3.2 Recommendatory Elements i. AMCs may consider adopting: a. Reputation risk policy. b. Media interaction policy and procedures c. Assessment and management of reputation via brand management tools, data analytics, business intelligence. d. Framework / Process to review and action any negative mention in traditional or social media. e. Procedures to monitor reputation risk on an ongoing basis ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... tion standards). e. Criteria for selection and minimum qualification. f. Minimum quality standards. g. Tenure of agreement. h. Responsibility for outsourced functions. i. Acceptable level of deviations. j. Periodic review of service levels and pricing. k. Restriction on sub-delegation or sub-contracting. l. Right for inspection and audit. m. Approval authorities. n. Service level agreement. o. Archival and retrieval of documents/data. p. Insurance requirements. q. Incident reporting and escalation matrix. iv. Before outsourcing any activity, the AMC should ensure the following is in place: a. Outsourcing agreements with service provider are legal and binding as per the law. b. Due diligence (including AML/CFT, if applicable) is conducted on the service provider, where the outsourced activity is material, which may include the following considerations: 1. Availability of qualified and experienced service providers to perform the service on an ongoing basis 2. Arrangements for structured review of the capability and experience of service providers 3. Evaluation of relevant personnel for critical functions, to evaluate their sp ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... including: 1. Detailed periodic fraud risk assessment program 2. Fraud response plan 3. Fraud risk register 4. Reporting to the AMC s Board b. Maintain an exit strategy including a pool of comparable service providers, in the event that a contracted service provider is unable to perform or in the event of a critical fraud. 2.10 Sales and Distribution Risk 2.10.1 As most AMCs outsource or use other channels for distributing products, such as banks, IAs, brokers, NBFCs, Distributors, etc., there is a need of monitoring risks associated with managing distribution channels and processes, commission pay-outs, brokerage disbursements, sales expenses, etc. 2.10.2 The mandatory and recommendatory elements for managing sales and distribution risk, are outlined below: 2.10.2.1 Mandatory Elements i. The KRA/performance appraisal at the relevant CXO level must capture the performance in managing the risk of mis-selling. The risk of mis-selling may incorporate the components like the number of mis-sellings, outcomes in the inspection report, analysis of the portfolio of investors, analysis based on assessment of appropriateness to the investors, etc. As an exam ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ion of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures are being made only in accordance with authorizations of the management and the Board iii. Failure to prevent or timely detect unauthorized acquisition, use, or disposition of assets that could have a material effect on the NAV and/or financial statements. 2.11.2 The mandatory elements for managing financial reporting risk, are outlined below: 2.11.2.1 Mandatory Elements i. The AMC should have detailed accounting policies and procedures for Mutual Fund accounting. ii. Adequate segregation of duties must be created within the Finance (or relevant) function for Mutual Fund accounting. iii. There should be documentation and regular testing of internal controls over financial reporting of Mutual Fund schemes. 2.12 Legal Tax Risks 2.12.1 Legal Tax risk is the risk of loss to an institution which is primarily caused by: i. A defective transaction. ii. A claim (including a defense to a claim or a counterclaim) being made or some other event occurring which results in a liability for the institution or other loss (for example, as ..... X X X X Extracts X X X X X X X X Extracts X X X X
|