New Delegation Rules under FinSA/FinIA as well as CISA: Impact on supervised and non-supervised entities
The purpose of this article is to provide a first analysis of the key features and challenges, which will result from the shift from the current delegation rules under CISA to the new regulations on “delegation” pursuant to FinSA, FinIA and CISA. The new regulatory framework concerning the transfer of tasks to third parties covers a variety of factual and operational circumstances and set-ups. One of the main particularities of the new framework is that it is untested for the newly prudentially supervised entities under FinIA (i.e. trustees and asset managers) and that it will, at least in part, wherever financial services are provided, also impact non-supervised entities. The new rules may have consequences for both Swiss institutions delegating financial services and other tasks and international service providers with whom Swiss financial institutions will conclude delegation schemes.
By François Rayroux (Reference: CapLaw-2019-40)
1) Introduction
a) Importance and plurality of delegation schemes in practice
In practice, delegation schemes are characterised by a multitude of configurations and structures. In particular, they have rapidly evolve to become a common set up in financial groups since the financial crisis. Delegation arrangements, however, are also increasingly concluded with third parties. From an operational perspective, the reason for a delegation is, in most cases, the will to reduce costs and inefficiencies in the context of the value chain of the asset management industry taken as a whole.
On the other hand, supervisory authorities, both in the European Union and in Switzerland, have since the financial crisis increasingly focused on delegation arrangements. In many cases, regulations are driven not only by investor’s protection concerns, but also by the stated objective of regulators that companies keep at least a minimal substance in the home jurisdictions. In this context, an obvious example is the concept of the “letter box entity” rules, which have been developed after the financial crisis in the European Union (see e.g. Commission Delegated Regulation 231/2013, article 82, implementing AIFMD) and have impacted the rules of the CISA on delegation, in particular since the revision of the CISA which came into effect on 1 March 2013. In that regard, FINMA has repeatedly focused its supervisory and audit activities on delegation schemes (see FINMA Annual Report 2014, p. 70). FINMA has notably noted an increasing use of (the) delegation to third parties, including regarding key functions of the asset management business, such as risk management or other material tasks (see FINMA Annual Report 2016, p. 66). The Swiss supervisory authority also noted a growing trend towards delegation to non-supervised institutions (see FINMA Annual Report 2017, p. 74).
It is therefore a natural evolution that, in the context of the implementation of FinSA, FinIA and the revised CISA, the new rules applying to the recourse to third parties, in particular the delegation of tasks, would confirm or adjust the evolutions initiated after the financial crisis. A detailed analysis of the new legal framework shows, however, that the impact of the new delegation rules may be material and raise new questions, depending on whether “financial services” are provided and on the level of supervision of the financial institutions.
b) Legal framework
i. Current legal framework
The former FINMA Circular 2008/37 on the “Delegation by Management Companies/SICAVs” provided for a detailed set of rules as well as a list of tasks which could be delegated in full, or only subject to certain conditions, as opposed to the key tasks which fund management companies (Fondsleitungen/directions de fonds) within the meaning of articles 28 et seq. CISA (“Management Companies”) or SICAVs were not allowed to delegate. These principles were incorporated into the rules currently in force, which derive from articles 18(b) and (31) CISA as well as article 66 CISO-FINMA. The current framework however takes a principle based approach, without the detailed regulations and the catalogue of tasks which could be delegated contained in the former FINMA Circular 2008/37. The legislator had indeed realised that a detailed catalogue may also raise difficulties and therefore chose to opt for a principle based delegation regulation (see FINMA Explanatory Report to the Revision of the CISO-FINMA of 3 April 2014, p. 41-42). Simultaneously, the scope of the rules on delegation derived from article 66 CISO-FINMA were expanded to also apply to asset managers of collective investment schemes, as well as to representatives of foreign funds.
The current framework based on article (66) CISO-FINMA, while principle based, has raised several questions in practice. In particular, the general reference to “material tasks”, to which the delegation rules are to apply pursuant to article 66(1) CISO-FINMA, which is not further defined or explained, has led to discussions among market participants, legal practitioners and auditors as to the scope of application of the new delegation rules. Furthermore, the potential sub-delegation of tasks involving asset management decisions to which article 3 (1) CISA refers was restricted by FINMA practice, causing an increasing number of practical issues in the context of the sub-delegation of asset management functions to foreign asset managers (see FINMA Communication 39 (2012), 24 July, 2012, p. 5-6). Finally, the obligations imposed on supervised entities in the case of a delegation abroad pursuant to article 66 (5) CISO-FINMA to provide evidence that the entity itself, the audit firm and FINMA may
perform their inspection rights is more cumbersome compared to the rules applicable to outsourcing arrangements pursuant to the FINMA Outsourcing Circular 2018/3.
In this respect, there is in practice also a lack of clear delimitation between a “delegation” pursuant to articles 18(b) and (31) CISA as well as article (66) CISO-FINMA and an “outsourcing” according to the FINMA Outsourcing Circular 2018/3, with a number of practical instances where both concepts overlap. One of the key distinctions between both sets of rules is that, whereas certain material tasks cannot be delegated under the CISA delegation rules, there is no similar restriction in the FINMA outsourcing Circular (See for the delimitation Fabio Pelli, Die Delegation von Aufgaben bei offenen kollektiven Kapitalanlagen nach KAG, Diss. St. Gallen, 2010, p. 21-27). It is finally to be noted that article 11 FMIA, as specified by article 11 FMIO, contains similar rules for financial markets infrastructures, but dealing, as a matter of terminology, more generally with “externalisations” (Auslagerung/externalisation).
2) Overview of the new delegation legal framework pursuant to FinSA, FinIA and CISA
There is a need to clarify the concept and the terminology of the delegation rules under FinSA and FinIA. From the outset, it must however be noted that different rules on “delegation” apply at different levels of the new legislation depending on the nature of the tasks delegated and the supervisory status of the delegating entity. It is therefore important to provide for a first overview of these different sources for the new “delegation” rules, which, in essence, all aim at avoiding “letter box entities”:
– For both supervised and non-supervised financial services providers: specific rules apply in the context of financial services, as defined under article 3 let. c cipher 1-5 FinSA. On one side, article 23 FinSA imposes specific obligations in case of recourse to third parties. On the other hand, specific obligations are imposed on members of a chain of financial service providers pursuant to article 24 FinSA. Article 23 and article 24 FinSA are part of the third Chapter of FinSA relating to organizational rules. They apply both to FINMA supervised entities, as well as to non-supervised providers of financial services in Switzerland. Article 23 FinSA and article 24 FinSA are not further defined in the Draft-FinSO.
– In the case of a delegation for the preparation of the base information sheet: specific rules apply to the delegation to third parties in the context of the “offer” of financial instruments to private investors. In these particular instances, article (58) (3) FinSA imposes enhanced delegation rules when the duty to prepare the base information sheet is delegated. Indeed, this delegation can only be implemented if this task is entrusted to qualified third parties, which are persons or entities which, in the opinion of the issuer of the base information sheet, have the necessary qualifications (article 84 Draft-FinSO).
– In the context of prudentially supervised institutions across the “authorization cascade”: In the case of financial institutions which are supervised under the FinIA, prudential rules apply to the delegation of tasks, whether the delegated task relates to financial services or not, which vary depending on the nature of the supervision (see articles 14, 27, 35 FinIA as well as articles (9), (17), (32) and (48) Draft-FinIO). It is important to note that, in our view, the rules of the FinIA on Securities Houses (Wertpapierhäuser/Maisons d’émission) pursuant to article (41) et seq. FinIA must be clearly distinguished from those applying to asset managers, trustees, managers of collective assets and Management Companies pursuant to articles (14), (27) and (35) FinIA. Indeed, even though article 9 Draft-FinIO generally refers to Securities Houses when laying down the principles of a delegation for FinIA supervised entities, we expect that Securities Houses will be subject to the specific delegation rules which, as of now, are applied under the SESTA and closely follow the rules on outsourcing which apply to banks subject to the Swiss Banking Act under the FINMA Circular 2018/3 on Outsourcing.
– In the field of CISA institutions: specific rules apply, as under the current CISA, in case of a delegation between a Management Company and the Custodian (see article 33 (3) and article (35) FinIA). Additional specific rules also apply, in the limited context of the CISA, to delegation schemes implemented by SICAVs or representatives of foreign funds (see article 14(1) CISA and article 12(b) DRAFT-CISO). By contrast, it is important to note that, under the CISA, no additional delegation rules based on article 20 CISA will apply. Article 20 CISA imposed until now funds specific rules of conduct, in particular in the context of the “delegation” of the distribution of investment funds. As a matter of principle, the delegation rules derived from the current article 20 CISA will be replaced by the rules of conduct and organization introduced by FinSA. Finally, the stricter liability of Management Companies in case of a delegation is limited to tasks linked to its “ManCo function”, at the exclusion of any other tasks (article 68(3) FinIA; article 48 Draft-FinIO). Incidentally, we note that additional and more stringent delegation rules will apply to CISA institutions with the proposed amendments to the CISA resulting from the implementation of the so-called Limited Qualified Investors Funds (See Explanatory Report of the Federal Finance Department to the Consultation Procedure for the Amendment of the CISA, dated 26 June 2019, p. 13).
3) “Delegation” pursuant to FinSA in the field of financial services
The “recourse to third parties” pursuant to article 23 FinSA imposes specific obligations as to the selection, instruction and supervision of said third parties. This provision aims at imposing a uniform standard of care, as applicable to the supervision of employees (see Dispatch of the Federal Council p. 8963-8964). This will imply the obligation to lay down organizational rules and processes for the verification of their capacities, knowledge and experience for the specifically delegated tasks. More precisely, the existence of the authorized entity requires that regulatory authorizations, whether in Switzerland or abroad, as well as the necessary registrations, for instance in the client advisors register pursuant to article (28) FinSA, will have to be verified at the occasion of the conclusion of the delegation arrangements. The supervisory obligations will then extend not only to the third party financial provider itself, but also to the latters employees (see Dispatch of the Federal Council, p. 8963). These obligations will be imposed irrespectively of whether the delegated task is a financial service pursuant to article (3) let. c cipher 1-5 FinSA or not. Furthermore, the nature of the contractual relationship, namely whether the delegation is based on a mandate or not, will not be relevant. The broad scope of application of article (23) FinSA shall ensure that it also covers any cooperation with intermediaries or distributors. These obligations pursuant to article (23) FinSA are expressly meant to be additional to the specific delegation rules which are imposed to financial services provider, e.g. as a result of the Swiss Banking Act, the FinIA or CISA (see Dispatch of the Federal Council p. 8964).
In addition, wherever a chain of financial service providers exists, article 24 FinSA will impose specific obligations on the delegating financial services provider, which will have to make sure that the information required in the context of financial services is complete and correct, in line with the new obligations imposed by FinSA. The delegating financial service provider will be responsible for the compliance with the obligation pursuant to articles 8-16 FinSA (see article 24(1) FinSA). On the other hand, the party to which the performance of financial services has been delegated has the obligation to “supervise” the delegating financial service provider, as a specific obligation is imposed on him to cease to perform the delegated financial services in case of clear evidences that there is a violation of the information obligation pursuant to articles 8-16 FinSA.
In other words, the implementation of article 24 FinSA will, in practice, impose a supervisory mechanism in the context of so-called “chains of financial service providers”, the modalities of which are at this stage difficult to define. This will in particular apply wherever a financial service pursuant to article 3 let. (c) cipher 1 and 2 FinSA is delegated, such as, as the case may be, asset management or “distribution” activities. In many cases, the requirements of articles (23) and (24) FinSA will apply cumulatively and in addition to the specific prudential delegation rules already imposed to supervised entities under the Swiss Banking Act, FinIA or CISA. The combination of the “delegation rules” contained in articles (23) and (24) FinSA, which will apply to financial service providers (but, in respect of article 23 FinSA, also for tasks which do not constitute “financial services”) in conjunction with the prudential delegation rules is expected to trigger complexities for the internal organisation.
4) Delegation rules in the context of supervised entities under
the FinIA
a) Concept of the new delegation rules
The new delegation rules are principle based and cover any transfer of performance of all or part of a material task to a third party on an independent and durable basis (article 9(1) Draft-FinIO). They are governed by the fundamental aim to prevent letter box entities. Where an assessment must be made as to the existence or absence of an “empty shell” or “letter box entity”, all the circumstances must be considered. In case of financial groups, this includes the analysis of the substance not only on the level of the Swiss delegating entity, but also on the level of its affiliates, branches or representative offices in Switzerland or abroad (see Explanatory Report of the FDF, p. 85).
The new rules are essentially based on the current regulations of article 66 CISO-FINMA and are intended to apply at the delegation of material tasks only. However, the Explanatory Report of the FDF, when citing examples for tasks which are covered by the delegation rules, expressly refers to matters which, in practice, are in most cases not “material tasks”, such as financial analysis, tax reporting, accounting, investment advice (as opposed to investment management based on discretionary powers), elaboration of model portfolios, etc. (Explanatory Report of the FDF, p. 89). Yet, it appears that the explicit intent of the legislator was to aim only at important tasks, meaning those covered by the core business activities, as well as the key elements of the initial FINMA authorisation (see article 19, 26 and 34 FinIA and article 6 Draft-FinIO), such as tasks linked to asset management, risk management, internal controls and compliance, as well as data processing including client names. It would be essential to limit in the final text of the Draft-FinSO the tasks which may be defined as material or at least to provide an indicative guidance as to the meaning of what constitutes such “material tasks”.
General requirements are defined which apply to all supervised entities (article 9 Draft-FinIO), including to asset managers and trustees which is a novelty for those institutions. The general conditions that must be fulfilled by supervised institutions are based on article 66 CISO-FINMA as well as article 11 FMIO and relate to the organisation (article 9 FinIA and article 6 Draft-FinIO). These provide in essence that core competencies (such as the key elements for the risk management of asset managers) pursuant to both Swiss company law and supervisory regulations, as well as the place where management of supervised entities is located (article 10 FinIA), cannot be delegated. The delegation of tasks is subject to the same restrictions currently imposed under the CISA, including the obligation to verify the capacity, knowledge and experience, as well as to supervise and instruct the appointed service providers (article 14(1) FinIA; article 9(3) Draft-FinIO). This also includes the obligation to provide for an adequate organisational structure in terms of substance and process, including
human resources and know-how, for the performance of the instruction and control functions. The current obligation to enter into written delegation arrangements and to plan for adequate provisions and processes, including as to the protection of data and any permitted sub-delegation, in the organisational charts, is maintained. The new delegation rules are more flexible than the current ones provided for under article 66(5) CISO-FINMA as to evidence to be provided regarding the possibility of on-site access of FINMA or the auditors in case of a delegation to a foreign jurisdiction.
It is noteworthy to emphasise that the prudential responsibility always remains with the delegating entity and that the delegation of tasks always has to be implemented, bearing in mind the interests of the customers (article 9(2) Draft-FinIO). In other words, the legislator seems to consider that delegation arrangements cannot be contracted in the exclusive interest of the contracting parties, but must be structured in such a manner that the investors’ interests are adequately protected.
b) Specific rules depending on the type of FinIA supervised entities
In line with the concept of the “authoriszation cascade” introduced by the FinIA, increasing prudential obligations apply to a delegation depending on the regulatory status of the FinIA supervised entity in question. The paradigm-shift in the context of the delegation rules is the most flagrant one for asset managers and trustees, to the extent that they are under the current framework not subject to prudential restrictions as to the delegation of tasks. The applicable delegation rules are in practice those imposed by the self-regulation provisions of the SROs, but without any express legal basis in Swiss law and, in particular, no ultimate FINMA sanction pursuant to the FINMASA as a result of the new prudential supervision introduced by the FinIA.
The new rules are intended to keep allowing asset managers and trustee a significant freedom to define and implement delegation rules depending on their specific business model and appropriate to the risk model and size of their operations. Delegation arrangements, which relate to the typical tasks of an asset manager or trustee pursuant to article 19 FinIA, will be subject to the new rules provided as a matter of principle in article 14 FinIA and article 9 Draft-FinIO, which include the obligation to provide for the possibility that they can be verified by FINMA, their supervisory organisations or the auditors.
The rules for the delegation by managers of collective assets (article 27 FinIA/Art. 32 Draft-FinIO) are in essence those already provided for in the CISA, in particular under article 66 FINMA-CISO. The delegation must be based on legitimate interests for the purposes of the performance of the asset management function (article 27(1) FinIA). The responsibility for the compliance with applicable investment restrictions for collective investment schemes or pension funds expressly remains with the delegating entity (article 27(2) FinIA). A delegation is only permitted to other asset managers, which are subject to “recognised supervision” (article 32(2) Draft-FinIO). There is however, at this stage no further explanation in the Draft-FinIO or in the explanatory report of the FDF as to what is covered under the concept of such a “recognised supervision” (article 24 FinIA). In our view, it should include Swiss de minimis asset managers who do not reach the threshold specified in article 24(2)(a) FinIA, but most likely not foreign asset managers which are not subject to a foreign asset manager license and are therefore not subject to a “recognised supervision”, as provided for in article 32(2) Draft-FinIO.
For Management Companies, the current restrictions provided for in the CISA are widely implemented in the FinIA (see in particular article 48 Draft-FinIO). This holds true for the delegation of investment decisions as well as other tasks, which must be justified by a legitimate interest (article 35(1) FinIA). A delegation of the asset management function to the custodian or its affiliates is not permitted in case an agreement exists for the “distribution” of the funds within the European Union (article 35(2) FinIA). The current separation rules between a custodian and a management company are integrated into the FinIA (article 33(3)/ article 35 FinIA). As is the case under the current rules (article 18b(4) and article 31(4) CISA), Management Companies and managers of collective asset may only delegate the asset management function to an entity located in a jurisdiction which provides for the obligation to conclude a cooperation agreement, if such a cooperation agreement between FINMA and the competent foreign supervisory authority exists. This provision was historically based in particular on the aim to force EU jurisdictions, which had previously introduced a similar requirement in AIFMD in 2013, to conclude such cooperation agreements with FINMA (failing which delegation by Swiss Management Companies to EU based asset managers would not have been possible). In this respect, article 14(2) FinIA only provides for FINMA’s right to request such cooperation agreements, as opposed to the current legal obligation stated under article 18b(4) and article 31(4) CISA. This seems to be an error, as the legislator’s intent does not seem to have been to include at this stage more flexible rules towards foreign jurisdictions given the absence of reciprocal arrangements, in particular with the EU. Therefore, article 48(3) Draft-FinIO expressly imposes the current stricter obligation, which is similar to the one of current article 18b(4) and article 31(4) CISA. As a matter of consequence and parallelism, an analogous restriction for managers of collective assets should be included in the final text of article 32 Draft-FinIO.
5) Conclusions
The new delegation rules contained in the FinSA, FinIA and CISA are in line with international trends, aiming in essence at avoiding “letter box entities”. On the other hand, they are clearly structured in such a manner as to contribute, in particular in the case of independent asset managers and trustees, to allow for a “risk based” application of these new delegation rules, and to adapt the new system to the business models of these independent asset managers and trustees. More flexibility is introduced in case of a delegation outside of Switzerland as well, to the extent that the current strict requirements laid out in article 66(5) CISO-FINMA regarding the possibility for FINMA and the auditors to inspect and audit the delegated tasks, will be eased. Indeed, the requirement of the proof that such an onsite audit is possible, as currently required by article 66(5) CISO-FINMA, will be waived.
In essence, the impact of the prudential delegation rules provided for in the Draft-FinIO will have no material consequences for managers of collective assets and Management Companies. By contrast, to the extent that independent asset managers and trustees are currently not supervised, these new rules, while they impose less stringent requirements as opposed to those applicable to managers of collective assets and Management Companies, will be a novelty for those institutions.
The practical difficulties will arise from the need to coordinate the multiplicity of “delegation rules” pursuant to FinSA, FinIA and, as far as applicable, CISA. In this context, the interpretation of the concept of financial service, pursuant to article 3(2)(c) cipher 1-5 FinSA, will be of essence, to the extent that the delimitation of its precise scope of application will also trigger the specific rules derived from the new obligations linked to the existence of a “chain of service providers” within the meaning of article 24 FinSA. In this context, it is noteworthy that the tax rules linked to delegation arrangements, and in particular possible exemptions in the field of VAT, will continue to follow separate conditions and criteria. This holds true in particular for the delegation of asset management and distribution tasks pursuant to article 21(2), cypher 19 of the Swiss Federal VAT Act, which is likely to increase the complexity of dealing with VAT arrangements in practice (see MWST-Branchen-Info 14(5)(2); “Decision of the Federal administrative Court A-5044/2017 of 23 November 2018”).
By François Rayroux (francois.rayroux@lenzstaehelin.com)