French regulator AMF criticizes internal control outsourcing processes among asset managers

Trading platform providers, technology vendors, market integration companies and liquidity providers are under the microscope as French regulatory authority AMF looks at outsourcing in capital markets

As part of its SPOT thematic inspections, the AMF examined how seven asset management companies (“AMCs”) outsourced internal control to three firms. The inspections were aimed at encouraging good practice in the selection and monitoring of service providers, and in the periodic review of the quality of their work.

the AMF says that outsourcing of internal control is a model that is particularly widespread in France among small AMCs. Internal control plays a key role in management, which is why the AMF has made this issue one of its supervision priorities for 2020. It therefore examined the practices of seven separate entities. The practices that it observed have been published in a review today.

The verifications mainly covered the period 2017-2020 and examined the internal control organisation of the AMCs(selection of the service provider, resources allocated, scope of outsourcing, governance, etc.), the procedures and methodology for conducting controls and the control plan;
practical implementation of the control process, reporting to senior management and the AMF, the system for evaluation and monitoring of the service provider by the AMC.

The outsourcing of internal control encompasses different scopes from one AMC to another. In all but two cases, the allocation of human resources corresponds to or exceeds what is provided for in the programme of operations. However, the AMF noted that the distinction between permanent control (second-level control of the correct performance of first-level controls by operational teams) and periodic control (audit or third-level control) is clear neither for the entities in the sample nor for service providers.

In most cases, periodic control does not concern the control work carried out in the framework of second-level controls and is reduced to no more than occasional permanent control. For example, the AMF highlighted the poor practice of not allocating strictly separate human resources to permanent control and periodic control in a given firm in charge of outsourcing.

With regard to the conduct of controls, the AMF noted that five entities did not have sufficiently precise and operational procedures. Although they all had compliance and annual internal control plans drawn up by or with the assistance of the service provider on the basis of reporting data or internal control plan for financial year n-1, only two of them had formalised priorities based on their assessment of the non-compliance risk assessment, which is good practice.

In order to assess concretely the implementation of these internal control outsourcing systems, the AMF conducted its inspections of each AMC in three of the four issues below: investment and valuation processes, the anti-money laundering and combating the financing of terrorist, compliance with the Markets in Financial Instruments Directive framework (MiFID II) for discretionary management activities, and cybersecurity.

The inspections showed that the procedures related to these themes are not always sufficiently precise or operational, sometimes omitting the necessary due diligence or the updating of regulatory references. Overall, the AMF observed that major check points were not implemented.

The structure of reporting to senior management varies from one AMC to another. In three cases, the reports appeared to be incomplete. Some of the good practices observed were the inclusion in the internal control reports to senior management of a summary table of the risks identified during the controls performed over the period and a section dedicated to the follow-up of recommendations. Conversely, for the entire sample, the AMF highlighted the failure to mention the anomalies identified by the internal control function in the annual fact sheets and annual inspection reports sent to the AMF.

Lastly, the AMF noted that in three cases the service provider was not monitored and in the other cases, the due diligence carried out was not always sufficient. In this respect, filling out an annual form on an ongoing basis in order to formalise the monitoring of the internal control service provider was one of the good practices observed.

Overall, this series of inspections revealed an excessively disparate level of effectiveness of the internal control systems that use the services of service providers. In some cases, these systems are insufficient, both in terms of the depth of the analyses and the traceability of the due diligence performed. All AMCs that wish to outsource their internal control must pay special attention to the choice and monitoring of the service provider. To improve practices, the AMF will therefore clarify its policy.

Read this next

Digital Assets

Voyager subpoenas FTX’s inner circle over Alameda loan

Bankrupt crypto broker Voyager Digital, represented by law firm Kirkland & Ellis, is seeking court approval to subpoena Sam Bankman-Fried’s inner circle, as well as Alameda Research’s former executives.

Retail FX

AvaTrade seals sponsorship deal with F1’s Aston Martin team

Dublin-based forex broker AvaTrade today announced that it has concluded a sponsorship deal with Formula One’s Aston Martin Cognizant team that entails sponsorship rights and other marketing benefits.

Executive Moves

M4Markets onboards Invaxa CEO Marios Antoniou as COO

Seychelles-regulated brokerage firm M4Markets has appointed Marios Antoniou, who has a colorful career within the foreign exchange industry, in the capacity of its Chief Operations Officer.

Digital Assets

GK8 now allows clients to control their digital assets as they would their fiat

“As the institutional market is increasingly turning to self custody, our policy engine empowers them to automate transactions, approvals, and even crucial workflows, while providing the highest degree of security, consistency, governance and control.”

Digital Assets

Retail CBDCs in the UK: “Welcomed” by CryptoUK and R3, but “Dystopian” for ETC Group

“At this stage, we judge it likely that the digital pound will be needed in the future. It is too early to decide whether to introduce the digital pound, but we are convinced preparatory work is justified”, said the BoE and HM Treasury.

Institutional FX

Centroid taps Iress API to provide retail brokers with real-time market data

“It has always been a challenge to have an efficient, elegant solution for market data and order execution for retail brokers, but with Iress we have found absolutely the right partner to add to our client offering.”

Digital Assets

Ramp launches FCA-approved off-ramp product, onboards Brave, Trust Wallet, Ledger

“To obtain and maintain our FCA registration, we must meet and operate within their strict anti-money laundering and counter-terrorist financing standards. This is a huge achievement for us, as compliance is a cornerstone of our business and what we stand for.”

Institutional FX

State Street launches FIX API for Fund Connect ETF platform

“Expanding from proprietary APIs to the FIX industry standard will bring us closer to our goal of 100% digital interactions. This is another example of innovations we’ve brought to our operating model as we celebrate 30 years of servicing ETFs since the launch of SPY.”

Industry News

HollyWally opens office in Portugal to bring B2B2C wallet-as-a-service platform to Europe

“We looked at a number of centers for startups throughout Europe and were attracted straight away to Lisbon. There is great Government support and enthusiasm for startups, it’s well positioned between our Asian and US offices, it’s a cost-effective city in which to base a fintech and it’s a beautiful place.”