SECTION 3U.K.Internal control mechanisms
Article 9U.K.Control by senior management and supervisory function
1.Member States shall require management companies, when allocating functions internally, to ensure that senior management and, where appropriate, the supervisory function, are responsible for the management company’s compliance with its obligations under Directive 2009/65/EC.
2.The management company shall ensure that its senior management:
(a)is responsible for the implementation of the general investment policy for each managed UCITS, as defined, where relevant, in the prospectus, the fund rules or the instruments of incorporation of the investment company;
(b)oversees the approval of investment strategies for each managed UCITS;
(c)is responsible for ensuring that the management company has a permanent and effective compliance function, as referred to in Article 10, even if this function is performed by a third party;
(d)ensures and verifies on a periodic basis that the general investment policy, the investment strategies and the risk limits of each managed UCITS are properly and effectively implemented and complied with, even if the risk management function is performed by third parties;
(e)approves and reviews on a periodic basis the adequacy of the internal procedures for undertaking investment decisions for each managed UCITS, so as to ensure that such decisions are consistent with the approved investment strategies;
(f)approves and reviews on a periodic basis the risk management policy and arrangements, processes and techniques for implementing that policy, as referred to in Article 38, including the risk limit system for each managed UCITS.
3.The management company shall also ensure that its senior management and, where appropriate, its supervisory function shall:
(a)assess and periodically review the effectiveness of the policies, arrangements and procedures put in place to comply with the obligations in Directive 2009/65/EC;
(b)take appropriate measures to address any deficiencies.
4.Member States shall require management companies to ensure that their senior management receives on a frequent basis, and at least annually, written reports on matters of compliance, internal audit and risk management indicating in particular whether appropriate remedial measures have been taken in the event of any deficiencies.
5.Member States shall require management companies to ensure that their senior management receives on a regular basis reports on the implementation of investment strategies and of the internal procedures for taking investment decisions referred to in points (b) to (e) of the paragraph 2.
6.Member States shall require management companies to ensure that the supervisory function, if any, receives on a regular basis written reports on the matters referred to in paragraph 4.
Article 10U.K.Permanent compliance function
1.Member States shall ensure that management companies establish, implement and maintain adequate policies and procedures designed to detect any risk of failure by the management company to comply with its obligations under Directive 2009/65/EC, as well as the associated risks, and put in place adequate measures and procedures designed to minimise such risk and to enable the competent authorities to exercise their powers effectively under that Directive.
Member States shall ensure that management companies take into account the nature, scale and complexity of the business of the company, and the nature and range of services and activities undertaken in the course of that business.
2.Member States shall require management companies to establish and maintain a permanent and effective compliance function which operates independently and which has the following responsibilities:
(a)to monitor and, on a regular basis, to assess the adequacy and effectiveness of the measures, policies and procedures put in place in accordance with paragraph 1, and the actions taken to address any deficiencies in the management company’s compliance with its obligations;
(b)to advise and assist the relevant persons responsible for carrying out services and activities to comply with the management company’s obligations under Directive 2009/65/EC.
3.In order to enable the compliance function referred to in paragraph 2 to discharge its responsibilities properly and independently, management companies shall ensure that the following conditions are satisfied:
(a)the compliance function must have the necessary authority, resources, expertise and access to all relevant information;
(b)a compliance officer must be appointed and must be responsible for the compliance function and for any reporting on a frequent basis, and at least annually, to the senior management on matters of compliance, indicating in particular whether the appropriate remedial measures have been taken in the event of any deficiencies;
(c)the relevant persons involved in the compliance function must not be involved in the performance of services or activities they monitor;
(d)the method of determining the remuneration of the relevant persons involved in the compliance function must not compromise their objectivity and must not be likely to do so.
However, a management company shall not be required to comply with point (c) or point (d) of the first subparagraph where it is able to demonstrate that in view of the nature, scale and complexity of its business, and the nature and range of its services and activities, that requirement is not proportionate and that its compliance function continues to be effective.
Article 11U.K.Permanent internal audit function
1.Member States shall require management companies, where appropriate and proportionate in view of the nature, scale and complexity of their business and the nature and range of collective portfolio management activities undertaken in the course of that business, to establish and maintain an internal audit function which is separate and independent from the other functions and activities of the management company.
2.The internal audit function referred to in paragraph 1 shall have the following responsibilities:
(a)to establish, implement and maintain an audit plan to examine and evaluate the adequacy and effectiveness of the management company’s systems, internal control mechanisms and arrangements;
(b)to issue recommendations based on the result of work carried out in accordance with point (a);
(c)to verify compliance with the recommendations referred to in point (b);
(d)to report in relation to internal audit matters in accordance with Article 9(4).
Article 12U.K.Permanent risk management function
1.Member States shall require management companies to establish and maintain a permanent risk management function.
2.The permanent risk management function referred to in paragraph 1 shall be hierarchically and functionally independent from operating units.
However, Member States may allow management companies to derogate from that obligation where the derogation is appropriate and proportionate in view of the nature, scale and complexity of the management company’s business and of the UCITS it manages.
A management company shall be able to demonstrate that appropriate safeguards against conflicts of interest have been adopted so as to allow an independent performance of risk management activities and that its risk management process satisfies the requirements of Article 51 of Directive 2009/65/EC.
3.The permanent risk management function shall:
(a)implement the risk management policy and procedures;
(b)ensure compliance with the UCITS risk limit system, including statutory limits concerning global exposure and counterparty risk in accordance with Articles 41, 42 and 43;
(c)provide advice to the board of directors as regards the identification of the risk profile of each managed UCITS;
(d)provide regular reports to the board of directors and, where it exists, the supervisory function, on:
the consistency between the current levels of risk incurred by each managed UCITS and the risk profile agreed for that UCITS;
the compliance of each managed UCITS with relevant risk limit systems;
the adequacy and effectiveness of the risk management process, indicating in particular whether appropriate remedial measures have been taken in the event of any deficiencies;
(e)provide regular reports to the senior management outlining the current level of risk incurred by each managed UCITS and any actual or foreseeable breaches to their limits, so as to ensure that prompt and appropriate action can be taken;
(f)review and support, where appropriate, the arrangements and procedures for the valuation of OTC derivatives as referred to in Article 44.
4.The permanent risk management function shall have the necessary authority and access to all relevant information necessary to fulfil the tasks set out in paragraph 3.
Article 13U.K.Personal transactions
1.Member States shall require management companies to establish, implement and maintain adequate arrangements aimed at preventing the following activities in the case of any relevant person who is involved in activities that may give rise to a conflict of interest, or who has access to inside information within the meaning of Article 1(1) of Directive 2003/6/EC or to other confidential information relating to UCITS or transactions with or for UCITS by virtue of an activity carried out by him on behalf of the management company:
(a)entering into a personal transaction which fulfils at least one of the following criteria:
that person is prohibited from entering into that personal transaction within the meaning of Directive 2003/6/EC;
it involves the misuse or improper disclosure of confidential information;
it conflicts or is likely to conflict with an obligation of the management company under Directive 2009/65/EC or under Directive 2004/39/EC;
(b)advising or procuring, other than in the proper course of his employment or contract for services, any other person to enter into a transaction in financial instruments which, if a personal transaction of the relevant person, would be covered by point (a) of this paragraph or by points (a) or (b) of Article 25(2) of Directive 2006/73/EC, or would otherwise constitute a misuse of information relating to pending orders;
(c)disclosing, other than in the normal course of his employment or contract for services and without prejudice to Article 3(a) of Directive 2003/6/EC, any information or opinion to any other person if the relevant person knows, or reasonably ought to know, that as a result of that disclosure that other person will or would be likely to take either of the following steps:
to enter into a transaction in financial instruments which, where a personal transaction of the relevant person would be covered by point (a) of this paragraph or by points (a) or (b) of Article 25(2) of Directive 2006/73/EC, or would otherwise constitute a misuse of information relating to pending orders;
to advise or procure another person to enter into such a transaction.
2.The arrangements required under paragraph 1 shall in particular be designed to ensure that:
(a)each relevant person covered by paragraph 1 is aware of the restrictions on personal transactions, and of the measures established by the management company in connection with personal transactions and disclosure, in accordance with paragraph 1;
(b)the management company is informed promptly of any personal transaction entered into by a relevant person, either by notification of that transaction or by other procedures enabling the management company to identify such transactions;
(c)a record is kept of the personal transaction notified to the management company or identified by it, including any authorisation or prohibition in connection with such a transaction.
For the purposes of point (b) of the first subparagraph, where certain activities are performed by third parties, the management company shall ensure that the entity performing the activity maintains a record of personal transactions entered into by any relevant person and provides that information to the management company promptly on request.
3.Paragraphs 1 and 2 shall not apply to the following kinds of personal transactions:
(a)personal transactions effected under a discretionary portfolio management service where there is no prior communication in connection with the transaction between the portfolio manager and the relevant person or other person for whose account the transaction is executed;
(b)personal transactions in UCITS or units in collective undertakings that are subject to supervision under the law of a Member State which requires an equivalent level of risk spreading in their assets, where the relevant person and any other person for whose account the transactions are effected are not involved in the management of that undertaking.
4.For the purposes of paragraphs 1, 2 and 3 of this Article, ‘personal transaction’ shall have the same meaning as in Article 11 of Directive 2006/73/EC.
Article 14U.K.Recording of portfolio transactions
1.Member States shall require management companies to ensure, for each portfolio transaction relating to UCITS, that a record of information which is sufficient to reconstruct the details of the order and the executed transaction is produced without delay.
2.The record referred to in paragraph 1 shall include:
(a)the name or other designation of the UCITS and of the person acting on account of the UCITS;
(b)the details necessary to identify the instrument in question;
(c)the quantity;
(d)the type of the order or transaction;
(e)the price;
(f)for orders, the date and exact time of the transmission of the order and name or other designation of the person to whom the order was transmitted, or for transactions, the date and exact time of the decision to deal and execution of the transaction;
(g)the name of the person transmitting the order or executing the transaction;
(h)where applicable, the reasons for the revocation of an order;
(i)for executed transactions, the counterparty and execution venue identification.
For the purposes of point (i) of the first subparagraph, an ‘execution venue’ shall mean a regulated market as referred to under Article 4(1)(14) of Directive 2004/39/EC, a multilateral trading facility as referred to in Article 4(1)(15) of that Directive, a systematic internaliser as referred to in Article 4(1)(7) of that Directive, or a market maker or other liquidity provider or an entity that performs a similar function in a third country to the functions performed by any of the foregoing.
Article 15U.K.Recording of subscription and redemption orders
1.Member States shall require management companies to take all reasonable steps to ensure that the received UCITS subscription and redemption orders are centralised and recorded immediately after receipt of any such order.
2.That record shall include information on the following:
(a)the relevant UCITS;
(b)the person giving or transmitting the order;
(c)the person receiving the order;
(d)the date and time of the order;
(e)the terms and means of payment;
(f)the type of the order;
(g)the date of execution of the order;
(h)the number of units subscribed or redeemed;
(i)the subscription or redemption price for each unit;
(j)the total subscription or redemption value of the units;
(k)the gross value of the order including charges for subscription or net amount after charges for redemption.
Article 16U.K.Recordkeeping requirements
1.Member States shall require management companies to ensure the retention of the records referred to in Articles 14 and 15 for a period of at least 5 years.
However, competent authorities may, in exceptional circumstances, require management companies to retain any or all of those records for a longer period, determined by the nature of the instrument or portfolio transaction, where it is necessary to enable the authority to exercise its supervisory functions under Directive 2009/65/EC.
2.Following the termination of the authorisation of a management company, Member States or competent authorities may require the management company to retain records referred to in paragraph 1 for the outstanding term of the 5-year period.
Where the management company transfers its responsibilities in relation to the UCITS to another management company, Member States or competent authorities may require that arrangements are made that such records for the past 5 years are accessible to that company.
3.The records shall be retained in a medium that allows the storage of information in a way accessible for future reference by the competent authority, and in such a form and manner that the following conditions are met:
(a)the competent authority must be able to access them readily and to reconstitute each key stage of the processing of each portfolio transaction;
(b)it must be possible for any corrections or other amendments, and the contents of the records prior to such corrections or amendments, to be easily ascertained;
(c)it must not be possible for the records to be otherwise manipulated or altered.