Risk Management for Responsible Entities

521px250px News Article fox

Risk Management for Responsible Entities


ASIC is seeking to increase the effectiveness of risk management systems that responsible entities (RE) have in place. It has issued a consultation paper detailing the more targeted requirements of risk management to be issued by class order during the first quarter of 2014. Of the 500-plus RE that manage in excess of $500 billion in Australia, the smaller to mid-sized operators will need to consider changes in approach as well as formalising operational and financial risk management systems.


These smaller RE often rely on individuals and outsourced providers to establish and monitor risk management systems. The RE will still need to have a strong understanding of risks in the context of their business and have the skills to assess and monitor the performance of key people and outsource providers.


Summary of the proposed requirements:


Risk management systems

A responsible entity must:

  • ensure its risk management systems comprise processes to identify, assess and treat risks;

  • ensure these processes are suitable for its business’ objectives and operations;

  • review its risk management systems (including the policy or statement on its risk appetite) regularly, but no less than annually, for currency, appropriateness, effectiveness and relevance to the business;

  • set out in writing:;

− the context in which the risk management systems are developed;

− a policy or statement on its risk appetite;

− the risk tolerance for each material risk identified; and

− the structure for implementing its risk management systems, including the roles of particular staff responsible for implementation.


Identifying and assessing risks


A responsible entity must:

  • document the processes used to identify and assess risks; and

  • ensure that its risk management systems address all material risks, including (but not limited to) the following risks:

− strategic risk;

− governance risk;

− operational risk;

− investment risk; and

− liquidity risk.


Managing risks


A responsible entity must:

  • determine appropriate treatment for each identified risk;

  • document how each risk will be treated;

  • ensure that the board monitors residual risks to determine whether further treatment is required;

  • ensure that staff members follow the processes and controls put in place to manage risks;

  • monitor compliance with the risk management systems and document the processes used to do so; and

  • regularly review the risk management systems for currency, relevance, effectiveness and appropriateness and document the processes used to do so.


The proposed regulatory guide gives further detail on the expectations of compliance with the proposed class order. It also includes some good practice guidance to enable RE and their risk committees to assess their current level of compliance and determine what they may need to do to comply in the context of their business, likely risks faced and management procedures.


The following link will take you to the proposal as it stands: http://www.asic.gov.au/asic/pdflib.nsf/LookupByFileName/cp204-published-21-March-2013.pdf/$file/cp204-published-21-March-2013.pdf


To discuss your requirements please call your relevant ESV engagement partner on 9283 1666.


Article by Tim Valtwies