article

Review of managed fund compliance plans: ‘Failing to plan is planning to fail’

Published

Key points

  • The adequacy of compliance plans is of fundamental importance to the regulatory framework governing registered managed investment schemes.
  • An ASIC review of the compliance plans developed for managed investment schemes has identified widespread poor practice.
  • Responsible entities of managed investment schemes must ensure their compliance plans are adequate and must comply with the controls set out in them.
  • ASIC has published long-standing guidance on how responsible entities should address their compliance plan obligations.
  • Inadequate compliance plans can be indicative of governance failings and risk exposing retail investors to harm.

ASIC has reviewed a cross-section of compliance plans used by responsible entities of registered managed investment schemes (funds). Our review focused on the adequacy of the treatment of regulatory obligations in compliance plans.

The results of the review indicate that the quality of many compliance plans is poor, requiring significant improvements across the sector. To improve practices, we encourage all responsible entities to review our findings, below. Our suggestions should be considered in conjunction with long-standing ASIC guidance on how responsible entities should meet their compliance plan obligations: see Regulatory Guide 132 Funds management: Compliance and oversight (RG 132).

Why effective compliance and control is important

Compliance plans are a fundamental documented reference of the measures that will be applied to meet the obligations under the Corporations Act 2001 (Corporations Act). Responsible entities must develop and maintain a compliance plan for each of their registered funds that protects both internal and external interests.

Planning for effective compliance by responsible entities is a requirement to assist:

  • fund investors
  • your company
  • your employees
  • your auditors, and
  • ASIC.

If a compliance plan is not adequate and implemented, fund investors are put at risk. To adequately protect fund investors under the Corporations Act, responsible entities must:

  • identify all of their compliance obligations
  • document the adequate control measures developed to address each obligation, and
  • diligently implement and monitor the implementation of those controls.

ASIC’s review

Our focus

To test the adequacy of compliance plans, we limited our review to the treatment of three sets of regulatory obligations (introduced or enhanced in October 2021):

  1. Reportable situations reporting – see Regulatory Guide 78 Breach Reporting by AFS licensees and credit licensees (RG 78)
  2. Product design and distribution obligations (DDO) – see Regulatory Guide 274 Product design and distribution obligations (RG 274)
  3. Internal dispute resolution processes and reporting (IDR) – see Regulatory Guide 271 Internal dispute resolution (RG 271).

Methodology

ASIC reviewed the compliance plans of 50 responsible entities. Their selection was based on factors including the value of assets under management, how recently their compliance plans had been updated, and their record in reporting breaches and complaints.

These responsible entities represent 14.5% of all responsible entities. Combined, they operate 45% of all registered funds and hold 47% of the value of all registered fund sector assets of approximately $2 trillion.

Figure 1: Snapshot of ASIC’s review of managed fund compliance plans

50 responsible entities. 14.5% of all responsible entities. 45% of all registered funds. 47% of all registered fund sector assets (Approx. $2 trillion).

The legislation permits the use of a ‘master compliance plan’ across multiple funds, provided the responsible entity operates all the funds. Where a responsible entity applied this method of meeting their obligation, ASIC reviewed its master compliance plan.

Using this approach means that the 50 compliance plans we reviewed apply to a total of 1,471 separate funds.

Findings

ASIC identified widespread poor practice in the preparation of the 50 compliance plans we reviewed. In summary:

  • Most plans failed to adequately address the most important requirements across all three sets of obligations considered in our review – reportable situations, DDO and IDR.
  • While practices varied across plans and across each plan’s treatment of the three sets of obligations, inadequate treatment of the obligations was widespread.
  • Some plans completely failed to address one or more of the obligations.
  • The treatment of responsible entities’ new DDO requirements was identified as the poorest of the three obligation sets, followed by the treatment of IDR requirements.
  • Some responsible entities had wrongly relied on parts of the master compliance plan of a fund operated by a different responsible entity. Consequently, these funds had no substantive compliance plan.

Key questions for responsible entities

ASIC is calling on responsible entities to consider the following questions and findings from our review when developing, reviewing and modifying fund compliance plans.

Considerations for compliance plan auditors

While compliance plan audits were not within the scope of this review, ASIC is concerned that none of the 23 auditors of the 50 compliance plans we reviewed issued qualified audit reports relating to the areas of concern, identified in our review, over the last three audit cycles. Auditors also failed to raise relevant concerns with ASIC during this period. All 23 auditors from our review belong to large, medium and small firms that are involved in compliance plan audits.

Auditors play a critical assurance role in the regulatory framework protecting fund investors, and auditor reporting obligations are a key aspect of their role.

ASIC relies on annual compliance plan audit reports, lodged with us by responsible entities, for regulatory purposes.

Auditors must notify us through the ASIC Regulatory Portal if they suspect a significant contravention of the Corporations Act, or a contravention that is not significant and the auditor believes will not be adequately dealt with by commenting in the audit report or bringing to the attention of the directors of the responsible entity. Guidance is available in Regulatory Guide 34 Auditor’s obligations: Reporting to ASIC (RG 34).

Where to from here?

Our review of compliance plans developed and maintained by responsible entities identified the need for improvement. We are considering a range of regulatory responses, including writing to responsible entities on our expectation for review and modification of their plans. ASIC is also investigating potential breaches of compliance plan obligations.

ASIC will continue to review compliance plans across the registered fund sector and will act where appropriate.

ASIC is Australia’s corporate, markets and financial services regulator.