Steven Verschoot

/home

/Blog

/My publications

> Posts > New FSMA outsourcing guidelines for AIFMs, UCITS and asset managers/investment advisors - 10 key take-aways and 2 bis rounds

New FSMA outsourcing guidelines for AIFMs, UCITS and asset managers/investment advisors - 10 key take-aways and 2 bis rounds

AIFMs, UCITS managers and asset managers/investment advisors are allowed to delegate certain functions under the AIFMD and its implementing laws.*1 The Belgian regulator FSMA has recently issued detailed guidelines on outsourcing, aimed specifically at AIFMs, UCITS and asset managers/investment advisors (hereafter referred to as ‘Companies’*2) - amidst a more general increased scrutiny vis-à-vis outsourcing arrangements by regulated entities.

Although not revolutionary, the guidelines provide significant extra body to applicable outsourcing requirements. They a.o. give further detail on the application of the proportionality principle to outsourcing and some general outsourcing principles (a.o. with regard to intra-group outsourcing). They also provide extensive guidance on the principles of sound management that must be taken into account when outsourcing. Consequently, existing outsourcing procedures and policies of (especially) licensed AIFMs, UCITs and asset managers/investment advisors might need a read-through.

Companies only have until 30 June 2024 to implement the practice guide and its (sound management) principles.

Background #

Up to now, no recent official guidelines were available to AIFMs/UCITs/asset managers/investment advisors on how the Belgian regulator (or ESMA) scrutinizes such delegation arrangements. The 2019 EBA guidelines on outsourcing strictly speaking do not apply to these entities (although they do constitute a reference document on outsourcing) and the previous circular PPB 2004/5 of the CBFA (which is replaced by the new guidelines) was seriously outdated (dating before the AIFMD) and rather succinct on many points. Specific requirements applicable to cloud service providers continue to exist on top of the new guidelines.

10 key take-aways #

1. Proportionality principle #

The guidelines confirm application of the proportionality principle. The organisation of outsourcing should be proportional to the size, nature, scale and complexity of activities (including the outsourced functions), as well as the risk arising from the outsourcing arrangement and the criticality or importance of the outsourced function.

This does not mean that the proportionality principle can be applied to claim an exemption of certain requirements. It only means that the way in which the requirements are met should be appropriate (with eg. simpler or more complex policies, procedures or internal control mechanisms). Companies are expected to document proportionality analysis in writing (on the basis of a comply or explain principle), especially if they opt to adopt a ‘light’ approach.

2. Exclusions from the scope #

Outsourcing is defined as ‘relying on a third party for the exercise of procedure, services or activities that are specific to it’. This is a wide scope, and it is easy to fall within such a definition. Explicitly excluded from the scope of the defiition are:

  • services required to be performed by a third party (eg. Audit),
  • market information services (eg. Bloomberg terminals), -correspondent banks, and
  • services which otherwise would not be executed by the management company (eg. legal advice, cleaning, facility services).

3. Critical or important functions #

A function is critical or important if termination or inadequate or deficient performance would result in material detriment to (i) ongoing compliance with conditions and obligations under its license or applicable law, (ii) its financial results or (iii) soundness or continuity of its services and activities. Collective management functions are in any case critical or important, as are independent control functions.

This is relevant, because more stringent requirements apply to outsourcing of critical or important functions. Companies must apply the principles of the guideleins in full when outsourcing critical or important functions. They can apply those principles proportionately when they entrust other functions to third parties (comply or explain, see above).

When critical or important functions are outsourced, the FSMA might also need to be informed in advance of the application of the principles. Management companies must regularly reassess the qualification of outsourced functions.

4. Application to intra-group outsourcing #

FSMA stresses that intra-group outsourcing is subject to the same regulatory framework and conditions as outsourcing outside the group. Outsourcing entities must pay particular attention to fair compensation and proper conflict of interest management. They must develop and apply specific monitoring procedures.

5. Take-aways from the principles of sound management #

The FSMA provides more color and depth to the “principles of sound management” that should be adhered to when outsourcing. This is the beefiest and core part of the guidelines. It provides significantly more detail than PPB 2004/5 did, but in doing so also in fact increases requirements.

Key take-aways are:

  • Companies must have a holistic framework for risk management, taking into account operations, outsourcing, etc. For larger companies, this might require a separate outsourcing risk assessment.
  • Companies must have a written outsourcing policy, describing their outsourcing strategy and objectives. The guidelines provide an elaborate list of elements that must be assessed in such a policy (which is more detailed than was the case up to now).
  • Companies must keep a register of outsourced functions, that must be kept up-to-date with regular risk assessments. The guidelines provide more detail on what should be included in such a register with respect to each outsourced function (including eg. which outsourcing concerns critical or important functions). This comes in addition to the reports on cooperation with critical service providers to be made under FSMA circular 2019_19 on the report of effective management on internal control.
  • Companies must have appropriate business continuity plans taking into account the outsourced functions. For outsourcing of critical or important functions, companies must have a documented exit strategy. The guidelines contain a list of characteristics of such business continuity plans and exit strategies.
  • Companies must follow (and document) a specific process when deciding to outsource, including assessment of risk and adequate due diligence. These requirements are described more extensively as compared to the previous circular. Companies are a.o. responsible to assess whether the service provider has the required licenses (with additional requirements if the service provide is established in a third country), sufficient reliability, skills and expertise. Especially in an intra-group context this might feel overkill, but is therefore not less relevant from a regulatory point of view (see above).
  • Although in principle no prior approval of the FSMA is required for outsourcing, if critical or important functions are outsourced, companies must notify the FSMA on the manner in which they will apply the principles set out in the guidelines. Such notification must occur before entering into the outsourcing agreement.

First bis-round: Sub-threshold AIFMs #

The guidelines do not specifically indicate whether or not they apply to sub-threshold AIFMs.*3 The legal provisions on which the guidelines are based in principle do not apply to sub-threshold AIFMs. The guidelines themselves also explicitly refer to ‘licensing conditions’, whereas sub-threshold AIFMs are technically not licensed entities.

However, the guidelines do not explicitly limit their scope to licensed AIF managers. It can hence not be excluded that the FSMA would also use these guidelines (taking into account the proportionality principle) to assess sub-threshold managers.

Second bis-round: Timing and implementation #

Management companies only have until 30 June 2024 to implement the practice guide and its (sound management) principles, so should act quickly.

Generally speaking it should be expected that most full-scale AIFMs would in fact already apply many of the principles set forth in the new guidelines. However, a gap analysis would generally be recommended in light of the extensiveness of the new guidelines. A number of policies and procedures will most likely need an update to comply with the new guidelines.

Feel free to reach out should you wish to discuss such implementation or any of the above!

– Note: This post is a personal opinion/analysis and cannot be considered legal advice. Feel free to reach out if you wish to discuss further or require advice for your specific situation! –

Footnotes #

[*1] See art. 26 of the Belgian AIFM Law, art. 2O and further of the AIFM Directive. Under the latest proposals for AIFMD II, the outsourcing regime is one of the items most up for debate and possible updates.

[*2] This post mainly focuses on AIFMs, but I am definitely available if you wish to discuss application of these principles to asset managers/investment advisors.

[*3] Sub-threshold AIFMs are AIFMs that manage portfolios of AIFs whose assets under management fall below certain thresholds, and are on this basis essentially carved out of the AIFMD (see art. 3, 2° AIFMD). Their regulation and supervision is largely left to national legislation and authorities.

Sub-threshold AIFs: marketing and pre-marketing
How this website was built
back to top