BOARDROOM BEST PRACTICES

Irish Fund Management, Boards Prepare for CP86 deadline

After three years in consultation, 1 July 2018 is the deadline for Irish Fund Management companies to comply with the guidance issued by the Central Bank of Ireland (CBI) in Consultation Paper 86 (“CP86”). This guidance represents a resetting of the governance framework for Irish Fund Management Boards. It aims to implement a set of rules “designed to underpin the achievement of substantive control” by Boards of fund management companies. The CBI is clear that companies must not only comply, but must also be able to demonstrate robust, timely evidence via Board meeting minutes and other critical documentation that they are acting in accordance with the requirements.

The guidance affects all Irish authorised fund management committees, including UCITS management companies, AIFMs, self-managed UCITS and internally managed AIFs.

The six key areas covered by the guidance address issues such as: ensuring sufficient board oversight of delegated duties; closer monitoring of organisational effectiveness at Board level; clear expectations of directors’ time commitment; the designation of managerial functions; and procedures for engaging with the CBI. A significant operational aspect that places new obligations on the Board is a requirement “to keep all of their records in a way that makes them immediately retrievable in or from Ireland.” So, what is the rationale behind this requirement, and what does it mean for Board documentation and communications?

The CBI’s supervisory role depends on swift data retrieval

The CBI’s guidance sets out expectations regarding the retention, maintenance, security, privacy, preservation and accessibility of all relevant company documentation. It goes so far as to specify the time period within which it expects to be provided with any documents that it requests from the company – by the end of the working day for requests made before 1:00pm and by noon of the next working day for any requests made after that. In order to expedite responses to requests for information made by the CBI, fund management companies are required to set up a dedicated email address that the CBI can use for this purpose. Any delay in providing requested documents will be viewed as a non-compliance issue.

The reason for the heavy emphasis placed on access to relevant documentation is the structure of the CBI’s supervisory engagement with fund management companies, which relies on “unfettered access” to fund management records. The CBI uses evidence such as board meeting minutes, policies, procedures and reports to establish the effectiveness of governance, risk management and compliance by the Board of directors. Fundamentally, the CBI wants to know that, in the event of a crisis, the fund management company will be able to engage with it in an efficient and timely manner. With the scale, speed and impact of financial crises over the past decade, it’s not surprising that the CBI has acted to tighten regulations and to make this a compliance issue.

Discover how Diligent’s Governance Cloud provides instant access, secure enterprise governance management for Boards

The guidance makes Boards explicitly responsible for:

  • Defining, enforcing and auditing document management policies, including retention, maintenance, security, privacy, preservation and accessibility
  • Ensuring an audit trail of relevant documentation that includes proof that reasonable processes are in place to prevent and/or record unauthorised manipulation of documentation
  • Full provision of the documents when requested by the regulatory authority in the specific time frame
  • Ensuring that directors are able to access relevant documentation in the event of meetings taking place at the company’s registered offices
  • Ensuring that, at all times, directors have immediate and unfettered access to all relevant documents

In setting these expectations, the CBI makes clear that responsibility for defining appropriate document management policies is a matter of governance for Board directors.

An opportunity for improvement

To meet this requirement, Boards need to review their governance, risk and compliance activities and evaluate the way they are recorded, communicated and stored. This is a great opportunity to evaluate systems for enterprise governance management to bring all board activities under a single umbrella, rather than having them sit piecemeal in disparate software systems and storage facilities. Ideally, the outcome will be a more holistic and integrated structure for managing Board activities and documentation that not only meets the requirements of the guidance, but also promotes good governance.

Guaranteeing Accessibility

Although the guidance ostensibly leaves the decision to opt for hard copy or electronic systems to the fund management company, the accessibility requirements of the guidance effectively mean that a technological solution is the only real answer. Directors and company officers need a platform that allows instant, secure access for authorised personnel at any time, from anywhere. Board portal software can deliver this functionality by unifying all of the board’s activities into a single platform. A central, secure repository for agendas, board meeting minutes, committee activities and entity management ensures that, when the request for information is made, the required data is immediately available and can be provided to the regulator well within the necessary time frame.

Want to improve your board performance? Learn what the 7 most exceptional board practices are with this whitepaper.

Assuring Security

Security is a critical aspect. The guidance requires that companies prevent unauthorised access to or modification of critical documents, and that there is an audit trail recording file alterations. A secure sign-on portal with access permissions fine-tuned to user and document level means companies can limit access to privileged information to those with the approved credentials. This, in tandem with best practice encryption and safeguards against unauthorised sharing, offers an advanced level of security appropriate to the sensitivity of the data. Portal providers should be able to show compliance with industry standard security ratings such as ISO 27001, and also demonstrate how they go beyond this by subjecting their security to rigorous third-party testing.

Supplying Board directors with secure, dedicated directors’ software to support all of their Board duties means the wider risk of interception and unauthorised retrieval is reduced, while the system is always online and up-to-date if information is needed at short notice.

Enhancing Governance

In addition to accessibility and security, advanced Board portal solutions deliver improvements in governance and transparency. For example, the evolution of a discussion that takes place through the portal can be tracked automatically via software so that it becomes clear how a decision has been reached.

A dedicated directors’ messaging system also enhances security by keeping Board communications inside the corporate network, providing directors with an alternative to using personal email addresses when conducting board business.

Incorporating an entity management system gives Boards an automated way to monitor compliance issues, with real-time updates that mean they are always aware of the latest position. Integrating this system within the Board portal means that directors have just one location in which they can find everything they need to carry out their oversight role. This simplification is a core principle behind Diligent’s Governance Cloud, which brings together all of the functions of the Board into one integrated, secure enterprise governance management solution. It gives Board directors the tools they need to make governance transparent, accountable and efficient.

The implementation of CP86 on 1 July 2018 will herald a new governance era for Irish fund management companies. It also represents a great opportunity to review the way the Board is supported in discharging its duties. The requirement for accessibility and retrieval of critical company data can be resolved through the deployment of secure Board portal software, but by taking the opportunity to go beyond this and to unify enterprise governance management, companies can improve board effectiveness and communications and simplify oversight of governance, risk and compliance.

Featured Blog