(a) Professionalization of the second line of defense 

A differentiated supervisory regime for Swiss portfolio managers, managers of collective assets, fund management companies and securities firms was introduced in Switzerland as of January 2020 with the Financial Institutions Act (FinIA) and  Financial Services Act (FinSA). 

FinIA defines license requirements for asset and fund managers encompassing the compliance and the risk management functions. This article is considering implementation of the risk management function. 

By formulating the obligation of risk management for asset managers, FinIA implicitly introduces the notion of a second line of defense. In this context, the first line of defense is assumed by the manager, who takes investment decisions within the limits specified by the mandate and by the company. The second line of defense, will independently verify compliance with such limits. 

All companies, irrespective of their size, must implement the risk management function. However, smaller companies with a business model that does not present high risks will not be constrained to separate this function from revenue-generating activities. 

Before defining an organization that is both cost-effective and meets regulatory requirements, the scope of the tasks under this new function must be properly understood. 

(b) Definition of risk management tasks 

The content of the control and risk management function is not precisely defined by the law; we will therefore rely on the following two elements to define the scope of the controls: 

• The FinIA requires financial institutions to identify, measure, manage and monitor their risks. We consider this to be the starting point and a minimum requirement.
• In its Ordinance, Finma defines in detail the risk management principles for managers of collective asset. These principles can be considered as a maximum requirement standard to be applied to larger independent asset managers. 

It is therefore necessary to position oneself between these two extremes, taking into account the size of the company, its assets under management and the complexity of the business model. 

However, the specification should cover the following elements:  

• Controls related to the company’s risks (Capital, liquidity, insurance, operational risk and Business continuity planning) 
• Portfolio Risk Controls (Asset allocation, Market risks, Credit risks and Liquidity risks) 
• Review of atypical transactions and performances 
• Organization and coordination (updating and maintenance of risk policy, limits and authorized products and reporting) 
• Report on the compliance of activities with legal requirements – for years in which no periodic audit takes place

c) Our view of the challenges and befits

In order to optimize the tasks described, special attention must be paid to procedures and systems. Clearly established and documented procedures will help to define precisely what and when needs to be done. Computer systems will provide the required information quickly and with little human intervention. It is likely that the computer systems will require some improvements to integrate limit controls and adequate reporting.   

In smaller management structures, the same person may be designated to be responsible for business and risk management. The law provides for the possibility of outsourcing these two functions, but with an obligation on the manager to instruct and monitor the external service provider. 

Even if risk management function is independent of the revenue-generating activity, it should remain close to business management and offer better visibility of the risks incurred and compliance with limits, for the benefit of managers, their clients and auditors.

d) How LINDEMANNLAW and Key-Focus can assist you

• Initial assessment of your risk management
• Review, adapt and document your risk policy as well as limits and authorized products 
• Assist you in the implementation of enterprise risk and portfolio reports 
• Support you, whether in outsourcing or in the form of one-off services, in the accomplishment of your risk control and management tasks. 
• Coaching and training in the field of risk management 
• Serves on the Management Committee with responsibility for risk management 

Please feel free to contact us for more information, we are happy to help

Download as PDF