Bernhard Bittner, Associate Partner EY Luxembourg

Bernhard Bittner, Associate Partner EY Luxembourg

“We spend so much time contacting innumerable third parties and collecting data from them that we are unable to perform a proper risk assessment of our delegates and define a remediation plan if needed” Luxembourg-based ManCo

In August 2018, the CSSF issued a new circular, Circular 18/698, governing the environment of Investment Fund Managers (IFMs). It is no longer time to contemplate how crucial and challenging it is, but to consider how Luxembourg firms can take advantage of the new requirements and implement excellence in their practices.

Diving further into the circular, the board of a Fund, the Management Company (ManCo) or the Alternative Investment Fund Manager (AIFM), remains responsible for all the activities delegated to third parties and needs to oversee their performance. This requires the ManCo to perform initial and ongoing due diligence on third parties and to document it accordingly.

The due diligence process needs to be performed by a dedicated team, with various expertise, roles and responsibilities. The team should prepare a detailed questionnaire, send it to all third parties, collect the information and perform a proper assessment. Data collection is a lengthy process that requires a disproportionate amount of time which should instead be invested into performing an oversight of risk for each of the third parties. Moreover, any breach of a due diligence can result in high operational and reputational risk, with potential financial sanctions.

To perform due diligence and demonstrate readiness, a ManCo should find a reliable partner who offers a digital solution, that supports not only in the data collection process, but also enables the ManCo to perform a thorough risk assessment. However, with the increasing number of market players offering such services and startups joining in, it is a challenge for ManCos to select judiciously a long-term partner; at some point, the tough and fierce competition in the market will result in some of them suddenly disappearing in coming years. Additionally, some market players are only focusing on distributors, and hence not able to support the due diligence process undertaken by a Third Party ManCo, which needs to cover a large number of Investment Managers, Fund Administrators, Transfer Agents, etc.

EY has selected and is using an international TPRM (Third Party Risk Management) platform to provide managed service to five large US banks. ManCos can select the service à la carte ranging from IT platform implementation to ongoing managed service with an option for additional specific risk assessments. An automated and efficiently managed end-to-end due diligence process reduces costs and enables ManCos to concentrate more on the required risk assessment.

Bernhard Bittner,

Associate Partner, EY Luxembourg

Articles Associés