The purpose of this article is to provide an overview of ASIC’s new Regulatory Guide 259 (issued March 2017) (RG 259), and identify key action items for responsible entities with a view to addressing ASIC’s expectations.
By way of background, responsible entities have a statutory obligation to 'have adequate risk management systems'. ASIC’s detailed survey in 2015 of 118 responsible entities about their risk management systems has informed ASIC’s approach to administering this broad obligation. Further drivers for this new 'tailored guidance' include the increase in the amount of assets under management, the growth in the number of schemes, the diversification in size and complexity of schemes and the high number of collapses of responsible entities.
'Expectations' and 'good practice guidance'
ASIC’s regulatory guide is broadly divided into two parts.
First, ASIC sets out in detail its 'expectations' for responsible entities in relation to:
- overarching risk management systems required to be put in place
- processes for identifying and assessing risks
- processes for managing risks.
Secondly, the regulatory guide sets out what ASIC describes as additional 'good practice guidance'. ASIC provides that the guidance is 'not mandatory', and is intended to help improve risk management systems to operate at a level above the statutory threshold.