Fund managers need to beef up the controls and governance of their internal audit functions, a compliance review by European regulators found.
In a new report, the European Securities and Markets Authority (ESMA) detailed the results of a coordinated review of fund managers’ internal audit procedures by the region’s various national regulators — which found that most firms are complying with the key requirements of the rules governing investment funds.
However, the review also uncovered certain governance weaknesses, “particularly in the independence of control functions, the quality and implementation of internal policies, and the way senior management and boards exercise oversight,” it noted.
Additionally, ESMA said that while most fund managers have policies and procedures in place to govern their internal audit functions, the regulators found “significant differences in their quality and practical implementation.”
As a result, ESMA called on the national regulators to follow up on the breaches and vulnerabilities that were uncovered in the review, “to better understand their root causes and to ensure that effective remedial actions are implemented in a timely manner.”
Among other things, it called for regulators to ensure that “comprehensive internal control mechanisms are in place, including clear reporting lines, compulsory training programs, regularly updated risk assessments, comprehensive compliance monitoring plans, regular compliance controls and monitoring of remedial actions.”
It also stressed the importance of ensuring that fund managers are adequately resourcing their internal compliance and audit functions, that those functions are independent and avoid compensation-related conflicts of interest, and that they have mechanisms to facilitate management oversight.
Finally, the regulator said that fund managers that are bank subsidiaries “should be aware that the risk assessment methodologies and tools provided by the parent company can potentially lead to underestimating relevant/local risks,” adding that fund managers should do their own risk assessments.
ESMA also said that it will continue to push for increased supervisory convergence across the fund sector.