ESMA’S New Compliance & Internal Audit Review
What Fund Managers Need to Know
The European Securities and Markets Authority (ESMA) has announced a Common Supervisory Action (CSA) with National Competent Authorities (NCAs) to assess the compliance and internal audit functions of Fund Managers across the European Union (EU). With a final report expected in 2026, this initiative will run throughout 2025, evaluating whether firms have the necessary resources, expertise, and controls to effectively manage compliance risks.
Key Takeaways for Fund Managers
This regulatory initiative underscores the importance of strong internal governance in investment management. Fund managers should review their compliance and internal audit functions to ensure they:
- Have sufficient resources and expertise to oversee regulatory obligations.
- Maintain excellent internal controls to identify and mitigate compliance risks.
- Align with the AIFM and UCITS Directives to prevent investor harm and ensure financial stability.
With NCAs expected to take a consistent and coordinated approach across the EU, firms should be prepared for increased engagement with regulators and possible refinements to their compliance frameworks. The results of this supervisory action may also shape future regulatory expectations and best practices.
Navigating UCITS & AIFMD Compliance in the EU
Regulatory compliance in the EU is crucial for asset managers operating under UCITS (Undertakings for Collective Investment in Transferable Securities) and AIFMD (Alternative Investment Fund Managers Directive). These frameworks ensure investor protection, financial stability, and market integrity. Here’s a simplified breakdown:
UCITS Compliance Overview
1. Authorization & Supervision
- UCITS funds must be authorized by national regulators.
- Asset managers must comply with UCITS IV and, if applicable, AIFMD.
2. Investment & Risk Management
- Eligible Assets: Only transferable securities, money market instruments, deposits, and derivatives.
- Risk Diversification: Limits on exposure to single issuers (5-10%).
- Liquidity: Investors must be able to redeem at least twice a month.
- Leverage: Derivative use must be controlled and disclosed.
3. Compliance & Governance
- Risk Management: Independent function monitoring financial risks.
- Compliance Oversight: Dedicated compliance officer to prevent breaches.
- Conflicts of Interest: Policies to ensure fair treatment of investors.
4. Depositary & Investor Protection
- Independent depositaries safeguard assets and monitor cash flows.
- Key Investor Information Document (KIID): Clear disclosure of risks, fees, and performance.
5. Cross-Border Passporting & Reporting
- Once authorized, UCITS funds can be marketed across the EU.
- Compliance with AML, Market Abuse, and regulatory reporting rules.
AIFMD Compliance Overview
1. Authorization & Capital Requirements
- AIFMs need regulatory approval with a clear business plan and governance framework.
- Minimum capital: €125,000 (third-party AIFMs) or €300,000 (self-managed AIFs), plus 0.02% of AUM exceeding €250 million.
2. Risk & Liquidity Management
- Independent risk management from portfolio management.
- Liquidity stress testing and redemption policies for open-ended funds.
- Leverage reporting and disclosure to regulators.
3. Compliance & Internal Controls
- Independent Compliance Function: Monitors adherence to regulations.
- Conflicts of Interest: Policies to ensure fairness.
- Remuneration Policies: Structures to prevent excessive risk-taking.
4. Depositary & Transparency Requirements
- Mandatory independent depositary to safeguard investor assets.
- Regular investor disclosures on fund strategy, risk, liquidity, and fees.
- Annex IV Reporting: Detailed reports on fund risks and systemic impact.
5. Marketing & Cross-Border Distribution
- AIFMD passport allows fund marketing across the EU.
- Non-EU AIFMs must comply with local private placement regimes.
6. AML, Market Abuse & ESG Compliance
- Strict KYC and transaction monitoring under AMLD6.
- Adherence to Market Abuse Regulation (MAR).
- ESG funds must comply with Sustainable Finance Disclosure Regulation (SFDR).
Why Compliance Matters
Regulators are increasing scrutiny, making strong compliance essential. Leveraging RegTech solutions like StarCompliance (Star)can help automate reporting, track risks, and ensure adherence to UCITS and AIFMD efficiently. Compliance isn’t just about following rules—it builds trust, transparency, and investor confidence. A strong compliance framework ensures long-term success in the evolving regulatory landscape.
How Star Can Help
As regulatory expectations evolve, firms need scalable solutions to strengthen oversight, enhance transparency, and streamline compliance workflows. Star provides:
- Centralized Compliance Monitoring – Visibility across key compliance areas, ensuring adherence to evolving regulations
- Best in Class Audit & Reporting Tools – Automated documentation and reporting to demonstrate compliance readiness
- Regulatory Intelligence & Risk Management – Proactive tracking of regulatory changes to help firms adapt to shifting requirements
By leveraging technology-driven compliance solutions like Star, firms can ensure their internal frameworks remain resilient and adaptable in an increasingly regulated environment. To learn more about Star and its suite of products and solutions, schedule a personalized demo here.
