The Malta Financial Services Authority (MFSA) published a document on ‘Supervision Risks Identified, Weaknesses and Expected Controls’, which outlines the risks posed by authorized firms, certain weaknesses exhibited in their operation and the controls which are to be put in place to mitigate these risks. This series of three articles will provide an overview of the risks, weaknesses and controls in the areas of Credit and Financial Institutions, Securities and Markets, and Trustees and CSPs.
Investment Firms are exposed to several risks, depending on the type of MiFID services employed. Some of these risks include liquidity, market, counterparty and operational risks, and firms which fail to mitigate such risks may be further exposed to financial loss, jeopardizing investors and causing reputational harm. Forex firms are particularly predisposed to market and default risk due to the large volume of transactions. The platform employed by Investment Firms also increases the presence of certain types of risks. For example, the use of online IT systems is inherently high risk and the instruments which are typically traded on online platforms are more volatile.
Fund Administrators serve as a point of contact between Collective Investment Schemes (CISs) and investors, undertaking transfer agency tasks. This involves exposure to Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) risks. These risks are heightened when investors include Politically Exposed Persons (PEPs) and high net-worth individuals. Another risk associated with Fund Administrators is complex performances fees and commission structures.
Investment Managers are exposed to the risks experienced by Investment Firms as outlined above. Furthermore, they are exposed to valuation risk arising when underlying investments are incorrectly valuated. With regards to CISs, the risk appetite may be not be congruent with the scheme’s business strategy.
The MFSA has identified weaknesses in the Securities and Markets sector, most notably, nonadherence to the legislative requirements imposed by MiFID II, AIFM and UCITS Directives. MiFID firms, for instance, fail to properly classify financial instruments. Client onboarding is also unsatisfactory, with firms failing to implement proper procedures. The MFSA has also noted a weak risk management function, both when undertaken internally and when outsourced. Certain weaknesses were also identified specifically in relation to EMIR, specifically with regards to lack of written procedures, failure to implement risk mitigation and failure to retain documentation regarding delegation of duties.
Investment Firms must implement controls to ensure compliance with MiFID II. Thus, firms must identify risks and put adequate controls in place to mitigate them, such as implementation of rigorous due diligence processes. Clients’ assets must also be safeguarded through controls such as segregation and reconciliation processes. Firms must also frequently determine their exposure to financial and operational risks and the likelihood of the occurrence of these risks. With regards to forex firms, exposure to such risks must be monitored through a dealing desk.
Investment Managers must regularly identify potential risks and determine the probability of those risks occurring. A sound investment restriction check process must be implemented, and the CIS’s risk appetite must be constantly reviewed and monitored. Investment Managers and CISs must ensure that the proposed methodology for risk evaluation is disclosed to investors and the Board of Directors and ensure its effectiveness.
In order to mitigate the AML/CTF risks associated with transfer agency, Fund Administrators must implement adequate procedures including dual control on checks, training staff to carry out such checks and the use of adequate software tools for Customer Due Diligence (CDD). Systems must be in place to adequately target complex performance fees and commission structures, and staff must receive training accordingly.