SECTION 1U.K.Risk management policy and risk measurement
Article 38U.K.Risk management policy
1.Member States shall require management companies to establish, implement and maintain an adequate and documented risk management policy which identifies the risks the UCITS they manage are or might be exposed to.
The risk management policy shall comprise such procedures as are necessary to enable the management company to assess for each UCITS it manages the exposure of that UCITS to market, liquidity and counterparty risks, and the exposure of the UCITS to all other risks, including operational risks, which may be material for each UCITS it manages.
Member States shall require management companies to address at least the following elements in the risk management policy:
(a)the techniques, tools and arrangements that enable them to comply with the obligations set out in Articles 40 and 41;
(b)the allocation of responsibilities within the management company pertaining to risk management.
2.Member States shall require management companies to ensure that the risk management policy referred to in paragraph 1 states the terms, contents and frequency of reporting of the risk management function referred to in Article 12 to the board of directors and to senior management and, where appropriate, to the supervisory function.
3.For the purposes of paragraphs 1 and 2, Member States shall ensure that management companies take into account the nature, scale and complexity of their business and of the UCITS they manage.
Article 39U.K.Assessment, monitoring and review of risk management policy
1.Member States shall require management companies to assess, monitor and periodically review:
(a)the adequacy and effectiveness of the risk management policy and of the arrangements, processes and techniques referred to in Articles 40 and 41;
(b)the level of compliance by the management company with the risk management policy and with arrangements, processes and techniques referred to in Articles 40 and 41;
(c)the adequacy and effectiveness of measures taken to address any deficiencies in the performance of the risk management process.
2.Member States shall require management companies to notify to competent authorities of their home Member State any material changes to the risk management process.
3.Members States shall ensure that requirements laid down in paragraph 1 are subject to review by the competent authorities of the management company’s home Member State on an on-going basis and accordingly when granting authorisation.