Article 38
Risk management policy
1.
Member States shall require management companies to establish, implement and maintain an adequate and documented risk management policy which identifies the risks the UCITS they manage are or might be exposed to.
The risk management policy shall comprise such procedures as are necessary to enable the management company to assess for each UCITS it manages the exposure of that UCITS to market, liquidity, sustainability and counterparty risks, and the exposure of the UCITS to all other risks, including operational risks, which may be material for each UCITS it manages.
Member States shall require management companies to address at least the following elements in the risk management policy:
(a)
the techniques, tools and arrangements that enable them to comply with the obligations set out in Articles 40 and 41;
(b)
the allocation of responsibilities within the management company pertaining to risk management.
2.
Member States shall require management companies to ensure that the risk management policy referred to in paragraph 1 states the terms, contents and frequency of reporting of the risk management function referred to in Article 12 to the board of directors and to senior management and, where appropriate, to the supervisory function.
3.
For the purposes of paragraphs 1 and 2, Member States shall ensure that management companies take into account the nature, scale and complexity of their business and of the UCITS they manage.