As we get more detail around the proposed UCIT regulations, there are three areas of real concern that I feel. The thrust of the proposals as a whole is in line with expectations and should achieve the objective of improving the risk structure of impacted funds. My main areas of concern are around the treatment of a group acting as both depository and fund manager, the responsibilities of a depository for countries which fail a performance test and the liability of depositories for mandatory structures.
The European Securities and Markets Authority (ESMA) questionnaire on the UCIT proposals (but not the proposals themselves), as currently written, seems to require total segregation of the fund management and depository function. This would have a far-reaching effect, especially in continental Europe, where bank owned funds dominate the market. The move would be hugely disruptive. It also risks giving rise to “fund exchanges” whereby two or more parties merely agree to outsource to each other. In the latter case the guarantors to the fund holders are unchanged across the universe, but the fund holder has a third-party guarantee rather than that of its provider of choice. There is an obvious need for separation of the two functions but corporate firewalls should suffice. And I have seen no instance where a unified structure has disadvantaged investors. Madoff, and all other disputes I have been aware of, have occurred where an independent manager used a third party depository. One area to tighten up more than in the regulations is definitely in the audit area, for use of auditors without appropriate skill sets is a cause of concern, both from a financial and operational risk audit perspective. There is also an issue where the depository acts as prime broker, and this has been tackled in Alternative Investment Fund Managers Directive (AIFMD); indeed that provides a reasonable template for the UCIT and depository relationship.
The depository is also charged with identifying countries where the insolvency rules do not allow appropriate segregation and protection of assets. The wording in UCITS appears too broad, for it is not feasible for a depository to do more than seek appropriate legal advice and be guided by it. There is a real risk that countries which do not recognize beneficial ownership in law, although they do in market practice, will have to be barred from UCIT investment. And it is also unclear what response is needed and by whom if a depository decides they are uncomfortable with a country. The depository is not the investment manager; they must not make investment decisions. But extending the duty of the Depository from advising of problems in insolvency to enforcing disposal of assets or being a key part of the decision process would be wrong. Clarification on the roles of the two parties is needed, for we cannot forget that a successor is always needed before a depository resigns and ultimately that appears their only real sanction in the event of disagreement between them and the investment manager.
Under UCIT or AIFMD, there is an increased liability for depositories for the central securities depositories (CSDs) they use. There has been much debate about the different liability assumed for an investor or an issuer CSD (and the paradox is that most CSDs are hybrids by structure although issuer CSDs as measured by activity levels) but the question I would ask is where could liability arise?
I had thought, until recently, that I understood the likely difference between liabilities for assets held in an issuer versus an investor CSD. My view was quite simple. An investor CSD was a sub agent and thus a delegation by the depository or its agent. An issuer CSD undertook a notary function for the issuer in a direct relationship, and thus the ownership rights held in the CSD were not a delegation, although ancillary activities, such as asset servicing, would be. A synthetic security, such as a depository receipt or asset-backed security, was a hybrid using an investor CSD for the issuance of the receipt and acting as a delegated party for holding underlying assets.
One major area of ambiguity, in my opinion, rests in whether a CSD is mandatory or not. And I see three core types of CSD. There are those that are mandatory; there are those where there is choice within the country such as in India with two main CSDs; and there are those with alternative options but which, for operational efficiency, are de facto mandatory. In the latter case, where the usage of an alternative model, such as physical securities, creates sufficient risks and inefficiencies to make the non-mandatory CSD an obligatory provider, I would suggest it should be treated as a mandatory CSD. One complication in the process, as noted above, is the fact that many CSDs are issuer and investor CSDs at the same time and should be treated according to the function they operate for any specific security.
I had also a reasonably clear idea of some, if not all, of the issues we needed to consider before warning clients away from a country due to failings identified in our assessment of their CSD. But the list is growing, and, of course, the onus is on the depository to show that it has acted appropriately. I have seen CSDs where there is no, or minimal, liability assumed for employee fraud. There are CSDs which do not protect investors should a third party hack into their platform. There are CSDs, which operate settlement far from the true DvP model. There are CSDs whose boards are not balanced or dominated by one entity; and a check on the different proscribed persons list may be revealing in the odd case!
I know of no CSD that will share its platform security policy with third parties. And I know of few CSDs that give true insight into their business recovery procedures and structures. But, on the other hand, for safety reasons, banks often operate likewise.
So what policy should be adopted? In reality, hopefully the final regulations will follow three core rules:
• The segregation of depository and fund manager can be structural within a firm as long as independent management and decision making of the two business lines can be proven
• Investment decisions are made by the investment manager who may or may not accept the advice on insolvency of the depository, who is required to take independent legal advice on insolvency laws in all jurisdictions their investment managers cover
• CSD liability, where there is appropriate due diligence, is excluded for issuer CSDs unless there are practical alternatives for holding assets safely within a country or unless a material issue of risk has not been notified to the investment manager
This requires industry cooperation to ensure agreement on best practice templates for both organization structure within universal banks as well as country and CSD analysis by depositories and a dialogue with regulators to validate the results. This will not eliminate event risk or risk creep, for both are fixed features in our business, but it should contain them to manageable proportions.