Response to consultation on draft Guidelines on internal governance arrangements for issuers of ARTs under MiCAR
Go back
The presence of independent members at BoD level is key to ensure that internal control functions can effectively play their role.
The lack of a requirement for independent members at BoD level is difficult to understand considering that it is not required to have a risk management function and internal audit function. It would be the bare minimum to require that the board member in charge of risk management and internal audit - when no CRO and CIA are appointed - is independent.
Against this backdrop it is recommended that for significant issuers it is made mandatory to establish a fully fledged risk management function. Moreover, it appears appropriate that the establishment of the internal audit function is set as mandatory when certain conditions - to be explicitly defined - are met.
For issuers that do not establish a risk management (and internal audit function) it should be set in the related GL on suitability assessment that more stringent criteria have to be applied when it comes to the experience on financial risks and auditing directors must have. If this were not the case, it could likely happen that the internal control system is not as effective as it should.
Question 4: Are the provisions in Title II regarding the management body appropriate and sufficiently clear?
It is unclear why it is not established that, especially at large issuers, at least a few members of the management board are independent.The presence of independent members at BoD level is key to ensure that internal control functions can effectively play their role.
The lack of a requirement for independent members at BoD level is difficult to understand considering that it is not required to have a risk management function and internal audit function. It would be the bare minimum to require that the board member in charge of risk management and internal audit - when no CRO and CIA are appointed - is independent.
Question 7 Are the provisions in Title V – Internal control framework and mechanisms appropriate and sufficiently clear?
The draft RTS fails to ensure consistency with the principle of proportionality because it does not establish more stringent requirements for significant issuers when it comes to the internal control sysm. In fact, it is not established that significant issuers have to put in place a risk management function and an internal audit function. It is difficult to understand why in a business that faces primarily financial risks it is mandatory to have a compliance function but not a fully fledged risk management function. While for a small issuer it could be acceptable to leave discretionality as to whether or not a risk management function is established, a significant issuer - i.e. with reserve assets larger than 5 billion EUR - cannot be given with such a room for maneuvering.Against this backdrop it is recommended that for significant issuers it is made mandatory to establish a fully fledged risk management function. Moreover, it appears appropriate that the establishment of the internal audit function is set as mandatory when certain conditions - to be explicitly defined - are met.
For issuers that do not establish a risk management (and internal audit function) it should be set in the related GL on suitability assessment that more stringent criteria have to be applied when it comes to the experience on financial risks and auditing directors must have. If this were not the case, it could likely happen that the internal control system is not as effective as it should.