Diligend partners with eVestment to to digitize and streamline operational and investment manager due diligence services
CSSF Circular 18/698 and Delegate Oversight
The CSSF in Luxembourg produced Circular 18/698 in 2018 to provide guidance to investment management firms that were delegating investment activities to third parties. The Circular outlines the expectations around the due diligence and monitoring of the third party delegates by ManCos. Diligend digital due diligence software can help ManCos meet the requirements around initial and ongoing due diligence and risk management of third party delegates.
The Commission de Surveillance du Sector Financier CSSF in Luxembourg released Circular 18/698 in 2018 to address the ongoing fight against money laundering and terrorist financing. The circular applies to investment fund managers and entities carrying out the activity of the registrar agent.
The purpose of the circular is to provide additional clarifications on certain conditions for authorisation, more particularly the shareholding structure, the minimum own funds requirements, the administrative bodies, the arrangements concerning the central administration and governance and the rules governing the delegation framework.
In the Circular, “delegation” refers to any of the following activities:
- Functions included in the activity of collective portfolio management
- Risk management
- Complaints handling
- Discretionary management and non-core services
- Internal audit
- Operation of the IT systems
The Circular outlines the expectations around initial due diligence and ongoing monitoring of delegates as written due diligence prior to delegation, followed by ongoing monitoring and control at any time through the delegated task.
The procedure should be documented and implemented as follows:
- Describe the process of selection and change of a delegate
- Ensure delegated activities are carried out in compliance with legal and regulatory requirements
- Implementation of initial and ongoing periodic due diligence carried out by the ManCo on all it’s delegates and sub-delegates
- The ManCo should describe the measures taken to ensure that delegates are effectively monitored as thoroughly as if they were internal.
- The process should focus on the nature, scope and frequency of the periodic due diligence, taking into account a risk-based approach.
What should the initial due diligence consist of?
The ManCo must assess all risks arising from the delegation, including operational, financial, legal and reputational risks.
The initial due diligence must show that the delegate is qualified and capable of performing the functions and that the delegate can provide the necessary ongoing information required for effective monitoring.
The ManCo must also analyze the organizational structure of the delegate, to ensure there are no conflicts of interest, that conduct rules are being adhered to and that the delegate has adequate staff and resources to perform the functions.
Delegation Risk Checklist
- Which jurisdiction is the delegate located?
- Which regulation and/or supervision by a supervisory authority is the delegate under?
- What authorisations does the delegate have/need?
- What sanctions are imposed by a supervisory authority?
- What is the delegates reputation?
- What is the delegate’s shareholding structure?
- What is the delegate’s governance structure?
- What is the delegate’s organisational structure?
- How are the control functions organized within the delegate (compliance, internal audit, risk control)?
- What skills and abilities does the delegate have?
- What is the financial situation of the delegate? Review the annual accounts and the opinion issued by the réviseur d'entreprises (statutory auditor) or an equivalent
- Ensure there is no suspicion of money laundering and terrorist financing
- What is the quality of the delegate’s IT systems?
- What does the business continuity plan and the disaster recovery plan (BCP/DRP) of the delegate look like?
- What measures does the delegate have in place to ensure data protection, in particular when the delegate is located outside Luxembourg?
- What is the risk of conflicts of interest between the ManCo and its delegate and the management of these risks?
- How does the delegate review claims and complaints received
- How does the delegate manage sub-delegation and ongoing monitoring measures with respect to its own delegates?
- Can the delegate provide sufficient and relevant reports and key performance indicators for the ongoing monitoring by the ManCo?
All initial due diligence must be formalized in a written report which includes the description of the due diligence measures taken, a critical analysis of the observations made, the results and the measures taken.
What should the ongoing monitoring consist of?
Ongoing monitoring must allow the ManCo to ensure continuous compliance of the delegate with the legal and regulatory requirements and that the organizational structure and procedures in place at the delegate are sufficient and adequate.
Periodic due diligence and ongoing monitored are required to achieve this.
Periodic due diligence should include:
- Monitoring of observations made in previous due diligence exercises. Are action plans and timetables followed?
- What are the conclusions reached? The ManCo must validate, date and sign the conclusions and outline the frequency of periodic due diligence to be carried out.
Ongoing monitoring should:
- Ensure the ManCo and delegate have procedures in place to allow ongoing monitoring
- Allow access by the ManCo to the relevant data at the delegate, relating to the delegated activities
- Provide regular, detailed reports of the control arrangements that are in place
- Ensure the ManCo has the right processes in place to analyze the results of the control arrangements with warning systems in place
How can Diligend help ManCos meet their regulatory requirements when delegating investment activities?
Diligend’s digital due diligence platform allows ManCos to perform initial due diligence on delegates with ease, regardless of the scale of operations. The fully customizable platform allows the ManCo to create any set of questions, to collect any data points required, adding alerts and flags to ensure risk warnings are clear and visible.
Advanced analytics mean it has never been easier to make sense of due diligence data, using custom dashboards that can be easily exported to any format.
Reporting is flexible and comprehensive, allowing own branding and personalization. Plus, Diligend provides a full audit trail which meets even the most stringent compliance and regulatory requirements.
Get in touch to discuss further