Board Oversight of FSB/CIF Regulated Entities
Sitting on the board of a Fund Services Business (“FSB”) or a certified Collective Investment Fund (“CIF”) regulated entity, as a director who is independent of the promoters, investment advisers or administrators, presents certain challenges around the level of reliance that can be placed on these parties. The recently published summary findings of the Jersey Financial Services Commission (“JFSC”) from their 2014 on-site examination visits to FSB and CIF administrators has highlighted a number of areas where work has to be carried out by the directors themselves. These are discussed below and focus on regulatory and compliance matters where the JFSC view the board of directors as being directly accountable for them.
The key messages emanating from the JFSC under this heading relate to the effectiveness of boards. The matters boards should ensure are addressed can be summarised below:
- All directors should maintain a good attendance record – a minimum of 75% of all meetings would be a sensible target;
- Minutes should record deliberations of the board, not just their decisions;
- Action points should be properly recorded and followed up in a timely manner. This necessitates the circulation after meetings of draft minutes and action points clearly defining responsibility, without undue delay;
- Any board committees should be established with formal documented Terms of Reference against which their performance can be and is assessed;
- A conflicts of interest register should be maintained that captures both internal responsibilities and external roles that hold potential for conflicts to arise, underpinned by a policy and procedure detailing how they would be managed if they did;
- Appropriate procedure should be put in place to control personal account dealing by those who may become privy to price sensitive information and to formally control the dissemination of that information, incorporating the establishment of closed periods where relevant.
There are different schools of thought about how much detail of the discussions that take place during board meetings should be captured in the minutes, however the JFSC are clear about their expectation in respect of regulated entities. They are looking for the minutes to evidence the oversight that the regulations demand from directors.
Compliance function - resourcing, reporting and monitoring
It is the board’s responsibility under the Codes to establish an effective compliance function. That means ensuring it is appropriately resourced to perform its statutory role as set out in the Codes, including devising and implementing a suitable monitoring programme and producing reports on its work to the board with sufficient detail and reasoned recommendations for the board to consider.
Directors must first determine who they appoint as their Key Person to perform the Compliance Officer, Money Laundering Compliance Officer and Money Laundering Reporting Officer roles. Often the candidate will be an individual put forward by the administrator but it is the board that appoints them and therefore it is the responsibility of the board to ensure they have the necessary experience and qualifications and are fit and proper to hold the roles in question. To do so directors should review the CVs of candidates and may choose to meet or even interview them prior to appointment. Once satisfied, the board should refer to the assessment work they undertook when minuting the appointment of the candidate.
Boards need to engage with the work of the compliance function by determining the nature and frequency of the matters on which they wish to see reports. A core element has to be the findings of the Compliance Monitoring Programme, the design of which must be influenced by the board based on their view of the risks faced by the business. Directors need to understand the underlying testing being carried out and be comfortable with the methodology. They must analyse the results to identify areas where performance improvements are required and take action accordingly. Outstanding testing, superficial reporting and the absence of proactive advice and guidance on topical regulatory issues are all signs boards should look out for that indicate that they may not have the appropriate resources in place. Remedial action is then urgently required. Minutes should evidence discussions by directors with the Compliance Officer, not just the tabling and noting of their reports.
Outsourcing and delegation
Boards must ensure that they follow the JFSC’s Outsourcing and Delegation Policy, by examining the requisite written service level agreement mapped against it. They must conduct and record appropriate due diligence on the delegate and instigate an annual review of their work, assessing the findings based on agreed KPIs.
Policies and procedures
Independent directors will rarely become involved with the detailed operational procedures but should focus on the policies that are being adopted and test the administrator to satisfy themselves that their manuals are complete, accurate and up to date with both internal and external developments. The existence of a robust procedural change approval and version control process will provide considerable comfort.
The board need to own the Business Risk Assessment and whilst the administrator will often provide a documentary template directors need to ensure it covers all the commercial, operational and regulatory risks faced by the business. A one-size-fits-all approach simply does not work and the base template will need to be tailored to reflect the activities of each company and the differing perceptions and judgements of individual boards. Whilst it is important for an independent director to maintain consistency in their views across the boards they sit on, the collective judgement will inevitably alter according to the prevailing circumstances of each company.
Whilst AML/CFT responsibilities should be integrated into the governance process and be taken into account under each of the above headings, the JFSC summary threw a spotlight on this area and it would be prudent for directors to also give it specific consideration. It is natural for boards to focus on financial controls and reporting as key indicators of the health of the company but, as recent regulatory sanctions imposed by the US on international banks has shown, equal attention must be given to the controls and reporting in place to fulfil AML/CFT obligations in order to evidence them being discharged.
At the core is proper consideration of AML/CFT issues within the Business Risk Assessment that accounts for jurisdictional risk and how it may change over time depending on the location or source of new clients or investors. The nature of clients or investors and the degree to which reliance is placed on others to verify their identity and assess the legitimacy of their funds must also be a factor. Boards need to understand the risk assessment methodology being used, be aware of the make-up of the client or investor base according to their AML/CFT risk categorisation and question the level of clients with outstanding CDD, being prepared to reject the business of recidivists. They also need to understand the transaction monitoring taking place, the instances where this has raised queries and the number of SARs that have been made. All this can only be evidenced through relevant reporting and discussions thereof being recorded in board meeting minutes.
Reading the comments of the JFSC makes it abundantly clear that the Regulator expects directors to do more than simply rely on their administrators to operate in a compliant manner. Rather, they are looking for a demonstrable level of interaction by boards, showing their appreciation of regulatory requirements and evidencing the application of the collective grey matter of the directors in determining how they are dealt with and overseeing the implementation of their decisions by the appointed administrators.