“At All Times…”
A comparison between the UCITS legislation and the AIFMD legislation relating to the timeliness or otherwise of the risk management function.
There is some discussion on the timeliness of the risk monitoring that is necessary to be compliant with AIFMD. This is in part motivated by a need to determine if the UCITS approach to risk management, effectively to determine risk figures for board oversight on a quarterly basis, is appropriate for AIFM’s .
This determination is best done by comparing and contrasting the different sets of legislation. There is no doubt that much of the language regarding risk management is similar between the two directives, however it is in studying the differences that insight may be obtained.
Within the UCITS Directive 2010/43/EU (p2) it is stated that the risk management process must satisfy Article 51 of Directive 2009/65/EC. This is the primary directive on Risk Management for UCITS funds. This states in the first paragraph.
- A management or investment company shall employ a risk-management process which enables it to monitor and measure at any time the risk of the positions and their contribution to the overall risk profile of the portfolio.
The equivalent piece of legislation in the AIFMD Directive 2011/61/EU is Article 15. Paragraph 2 states:
- AIFMs shall implement adequate risk management systems in order to identify, measure, manage and monitor appropriately all risks relevant to each AIF investment strategy and to which each AIF is or may be exposed.
The key difference between the two texts is that UCITS requires a “risk management process” that “enables it to monitor, measure at any time” whereas the AIFMD legislation require “risk management systems” that will be used “in order to identify, measure, manage and monitor all risks … to which each AIF is or may be exposed”. There is a clear difference here in terms of the level of commitment – process versus systems and their intent. In a UCITS framework it is clear that one needs to have, at some point in time, an ability to determine risk at any time, however no guidance is given as to how often this need be carried out. This is some contrast to the AIFMD which require systems that measure manage and monitor those risks to which the AIF “is” exposed. The use of the present tense here is important because it implies that the risk management systems must operate in the present as opposed to some ex-ante reporting system.
Article 39, paragraph 1a of the delegated acts, level 2 of the AIFMD states
(a) implement effective risk management policies and procedures in order to identify, measure, manage and monitor on an ongoing basis all risks relevant to each AIF’s investment strategy to which each AIF is or may be exposed;
There is no real corresponding passage in the UCITS directive and Article 39 is mainly concerned with the establishment of a permanent risk management function. However in contrast to the concept of risk management “on an on-going basis”, Article 38, paragraph 2 of 2010/43/EU states:
- Member States shall require management companies to ensure that the risk management policy referred to in paragraph 1 states the terms, contents and frequency of reporting of the risk management function referred to in Article 12 to the board of directors and to senior management and, where appropriate, to the supervisory function.
In other words, within a UCITS fund it is necessary to be able to determine risk, but the frequency with which this is carried out is at the discretion of the board. This is in contrast to the AIFMD legislation where the permanent risk management function shall, Article 39, paragraph 1b:
(b) ensure that the risk profile of the AIF disclosed to investors in accordance with point (c) of Article 23(4) of Directive 2011/61/EU is consistent with the risk limits that have been set in accordance with Article 44 of this Regulation;
The net effect of paragraphs 1a and 1b are that the permanent risk management function must ensure that on an ongoing basis, the risk profile is consistent with the risk limits. This is effectively risk management at all times. It should be stressed that this language in not in UCITS legislation. Furthermore AIFMD Article 39, paragraph 1c requires that the permanent risk management function:
(c) monitor compliance with the risk limits set in accordance with Article 44 and notify the AIFM’s governing body and, where it exists, the AIFM’s supervisory function in a timely manner when it considers the AIF’s risk profile inconsistent with these limits or sees a material risk that the risk profile will become inconsistent with these limits;
There is no corresponding language in the UCITS legislation requiring the risk management to act “in a timely fashion”. The ability to inform a governing body in a timely fashion is predicated on having the information in a timely fashion. This is not consistent with a periodic assessment of the risk of a fund.
In terms of consistency between the two approaches, it would appear at first glance that UCITS Article 40 and AIFMD Article 45 have the greatest similarity. Apart from the fact that AIFMD requires backtesting, stress testing and scenario analysis whereas UCITS only require them “where appropriate”, the language is effectively identical. There is however a slight difference between UCITS, Article 40, paragraph 2e:
(e) ensure that the current level of risk complies with the risk limit system as set out in point (d) for each UCITS;
and AIFMD Article 45, paragraph 3d:
(d) ensure that the current level of risk complies with the risk limits set in accordance with Article 44;
Firstly, AIFMD requires that the current risk, which it should be assumed is measured currently, is consistent with the limits, in accordance with Article 44. Article 44 says that an AIFM must implement limits which at a minimum cover market risk, credit risk, counterparty risk and liquidity risk. In contrast the UCITS legislation require compliance with a “risk limits system” which is described as :
(d) establish, implement and maintain a documented system of internal limits concerning the measures used to manage and control the relevant risks for each UCITS taking into account all risks which may be material to the UCITS as referred to in Article 38 and ensuring consistency with the UCITS risk-profile;
The clarity with respect to reporting is further diminished by UCITS Article 38, paragraph 2 which states
- Member States shall require management companies to ensure that the risk management policy referred to in paragraph 1 states the terms, contents and frequency of reporting of the risk management function referred to in Article 12 to the board of directors and to senior management and, where appropriate, to the supervisory function.
or in other words the frequency of reporting of risk is at the discretion of the board. No such discretion is mentioned in the AIFMD legislation.
In conclusion, it is clear that whilst there are a number of similarities in the language used to describe the actions of the risk management function between UCITS and AIFMD, there has been a significant addition to the burden of monitoring, managing etc the risk profile of an AIFM vis-a-vis a UCITS and a significant diminution of the flexibility that a UCITS had to interpret the required risk management oversight.
As such it is clear that a UCITS type approach to risk monitoring, managing and reporting is wholly inconsistent with AIFMD, and that it effectively requires that the hierarchically and functionally separate risk management function that is necessary under AIFMD must be monitoring and managing the risk profile of the fund at all times.