PILLAR III Disclosure

1. Purpose

Firms are required under the Senior Management Arrangements, Systems and Controls (SYSC) manual of the Financial Conduct Authority Handbook to have in place robust governance arrangements and effective procedures which allow it to identify, manage, monitor and report the risks it is or might be exposed to.

Wren Investment Office Limited is authorised and regulated by the Financial Conduct Authority and this document sets out how the Firm complies with its obligations to identify, manage and mitigate risks.

2. Review of Pillar III

This document will be reviewed regularly, at least once a year, and amended as considered necessary by the Firm’s Management Body in the event of changing circumstances or regulations.

3. Responsibilities

3.1 Management Body Responsibilities

The Management Body of the Firm are responsible for the Firm’s risk management governance structure and how the Firm’s risk exposure must be managed in line with the Firm’s overall business objectives and within its stated risk appetite. This includes the governance of the process for identifying, evaluating, managing and reporting the significant risks faced by the Firm.

The Management Body are ultimately responsible for ensuring that the Firm maintains sufficient capital and liquidity resources to meet its regulatory capital and liquidity requirements and to support its growth and strategic objectives. Risk management is embedded throughout the business, with the overall risk appetite and risk management strategy approved by the Management Body propagated down throughout the business as appropriate.

The Non-Executive Directors have broad business and commercial experience with independent and objective judgement and they can provide independent challenge to the Management Body. They are able to allocate sufficient time to meet the expectations of their role with the Firm.

The Governance Arrangements of the Management Body is illustrated below:

Management body governance arrangements

The Firm has reviewed the number of directorships held by members of the Management Body and are satisfied that the arrangements are such that the management body is able to commit sufficient time and resources to perform their obligations in the Firm. The number of directorships held is monitored on an ongoing basis.

4. Pillar III Disclosure

The Capital Requirements Directive (‘CRD’) of the European Union created a regulatory capital framework across Europe governing how much capital financial services firms must retain. The rules are set out in the CRD under three pillars: Pillar 1 sets out the minimum capital resource requirement firms are required to maintain to meet credit, market and operational risks Pillar 2 requires firms to assess firm-specific risks not covered by Pillar 1 and, where necessary, maintain additional capital Pillar 3 requires firms to disclose information regarding their risk assessment process and capital resources with the aim to encourage market discipline by allowing market participants to assess key information on risk exposure and the risk assessment process. The rules in the FCA Prudential Sourcebook for BIPRU sets out the requirements for a Pillar 3 disclosure. The document is designed to meet the Firm’s Pillar 3 Disclosure obligations.

4.1 Business Model

The Firm’s activities primarily involve providing wealth management services to UHNWI and family members. This involves offering both advisory and discretionary investment advice to a number of very wealthy families and endowments. The Firm’s customers are categorised as Retail Clients and Professional Clients. The Firm is classified as a BIPRU Firm as it carries out the activity of portfolio management and investment advice but does not provide safekeeping and administration of financial instruments.

4.2 Capital Adequacy and ICAAP

The Firm’s overall approach to assessing the adequacy of its internal capital is documented in the Internal Capital Adequacy Assessment Process (“ICAAP”). The ICAAP process includes an assessment of all material risks faced by the Firm and the controls in place to identify, manage and mitigate these risks. The risks identified are stress-tested against various scenarios to determine the level of capital that needs to be held. Where risks can be mitigated by capital, the Firm has adopted the CRD requirements for Pillar 1. Where the Management Body considers that the Pillar 1 calculations do not adequately reflect the risk, additional capital is added on in Pillar 2. Whilst the ICAAP is formally reviewed by the Management Body once a year, Senior Management review risks and the required capital more frequently and will particularly do so when there is a planned change impacting risks and capital or when changes are expected in the business environment potentially impacting the ability to generate income.

4.2.1 Capital Resources

A BIPRU Firm must maintain at all times capital resources equal to or in excess of the base requirement (€50,000). The Pillar 1 capital requirement for a BIPRU Firm is the higher of: Base Capital Requirement OR Credit Risk plus Market Risk plus Counterparty Risk Capital Requirements OR Fixed Overhead Requirement The Firm has no innovative Tier 1 capital instruments or deductions. The Firm must maintain at all times capital resources equal to or in excess of the Pillar 1 requirement. During the 12-month accounting period to 31 December 2018, the Company complied fully with all capital requirements and operated well within regulatory requirements. At the accounting reference date, the Firm held the following capital position:

Description Amount
Ordinary share capital £1,144,896
Share Premium £0
Other Reserves £0
Retained Earnings £-910,140
Regulatory Adjustments £0
Core Tier 1 Capital £1,144,896
Tier 2 Capital £0
Total Capital Resources £234,756
Credit Risk Capital Requirement @ 8% £22,055
Market Risk Capital Requirement @8% £0
Fixed Overhead Requirement £229,351
Total Pillar 1 Requirement £22,055
Total Pillar 2 Requirement £0
Base Capital Requirement (exchange rate as of 31/12/2018)) £44,532
Total Capital Requirement £229,351
Surplus capital over minimum requirement £5,405

 

The Management Body are therefore comfortable that the Firm is, and has been throughout the financial year, adequately capitalised for Pillar 1 purposes. The Firm holds approximately £80,546 in cash and cash equivalents as at year end. The Management Body are comfortable that this will ensure prudent capitalisation and cover for market downturns and other risks that may materialise in the short to medium term. The Management Body constantly monitors the performance of the Firm and capital adequacy is regularly assessed by them. The Firm will also monitor risks throughout the year and decide if additional capital should be held against them. Additional risks that supplement the Pillar 1 requirements are detailed below and, where necessary, additional capital will be provided.

4.2.2 Credit and Market Risk

The Firm uses the standardised approach for computing Credit and Market Risk. Consequently, the capital requirement is computed as 8% of the total risk weighted exposure amounts. The Firm has no market risk exposures as of 31 December 2018. Credit risk exposures are as summarised in the table below:

All figures in £’s Exposure Value Risk weight Risk weighted exposure Amount Capital requirement (@ 8%)
Cash at Bank 80,546 20% 16,109 1,289
Debtors 259,584 100% 259,584 20,766
TOTAL 22,055

 

5.Management of Risk Framework

5.1 Risk Profile

The Firm has identified the following core risk categories: investment, reputational, liquidity, operational, legal, compliance & AML, business – strategic and fraud & security.

The Firm’s profile of these risks is continually evolving and is generally driven by:

Changes to the market in which it operates; The Firm’s strategies and business objectives and; The Firm’s business/operating models The Firm will seek to generate positive returns through carefully considered risk taking and robust risk management. As such the effective management and control of both the upside of risk taking and its potential downside is a fundamental core competency of the Firm.

5.2 Risk Appetite

The Management Body are responsible for setting the Firm’s risk appetite, defining the type and level of risk that the Firm is willing to accept in pursuit of its business objectives.

5.3 Three Lines of Defence

The Firm’s governance structure is designed such that the business is the first line of defence, the compliance function is the second line of defence with the Management Body representing the third line of defence.

First line of Defence
Business
Strategies and goals Firm Values Risk Appetites
Identification, control and management of risks. Operating requirements: roles and responsibilities, supervision, procedures, systems and controls
Identifying Risks Faced Identifying Risks Taken
Control and Management of Risks
Second line of Defence
Compliance and independent oversight of business
Risk Management Framework
Policies and Procedures, Guidance and Training
Monitoring
Third Line of Defence

Senior Management/Board

Governance
Full accountability for the management of risks

 

5.4 Risk Assessment Framework

The Management Body are responsible for approving the Risk Assessment Framework, which is used to ensure that the Firm has a comprehensive understanding of its risk profile, including both existing and emerging risks facing the Firm, and to enable it to assess the adequacy of its risk management in the context of the Firm’s risk appetite.

Principal Risks Appetite Mitigation
Reputational Risk
The risk of loss resulting from damages to a Firm’s reputation, in lost revenue; increased operation, capital or regulatory costs; or destruction of shareholder value, consequent to an adverse or potentially criminal event even if the company is not found guilty. Adverse events typically associated with reputational risk include ethics, safety, security, sustainability, quality and innovation. The Firm will have systems and controls in place to prevent such risks occurring. Steps will be taken to prevent such risks from increasing the Firm’s costs. The biggest threat to reputation is seen to be a failure to comply with regulatory or legal obligations and failure to deliver minimum standards of service and product quality to customers. When assessing reputational risk the Firm considers issues such as:

  • How poor performance can affect its ability to generate profits;
  • Exposure of unethical practices;
  • How a decrease and market volatility will affect the Firm;
  • The effect on its financial position should one or more of its key members of staff leave that Firm;
  • The effect on its financial position should it lose some of its largest customers;
  • Non-compliance with regulations and legal requirements;
  • Failure to deliver minimum standards of service and product quality to customers; and
  • How poor customer services can affect its financial position; for example, a partner Firm which uses the Firm approach may give substandard customer service and the client may leave that advisor.

The Firm addresses these risks by:

  • Ensuring the clients understand the methodology of the Firm’s process and have a clear long-term plan
  • External perception of the Firm is regularly measured (among customers, media, pressure groups, etc.)
  • Employees are trained to identify and manage reputational risks
  • Ensuring effective co-ordination between different functions
  • Reinvesting in the business and building cash reserves to cope with a reduction in revenue
  • Adopting a long-term expansion plan to diversify revenue streams
  • Carefully screening the Firm’s advisors to ensure the quality of analysis and customer service is in line with its offering

Reputational risk can also be affected by Business Risk which is the exposure of the Firm’s business caused by uncertainty in the macroeconomic environment with specific consideration of earnings volatility and cost overruns in severely adverse conditions (see section 6.10 below).

Investment Risk
The risk that arises from poor performance on the portfolios managed by the Firm and the investment advice given. The Firm has no appetite for poor performance and advice Poor investment performance on the portfolios the Firm manages and advises on could result in a reduction in the fees that the Firm earns. This is a fundamental risk to the Firm’s business which is actively managed by:

  • Establishment of a robust investment advisory process
  • Continuous research and analysis on the areas the Firm covers under its range of investment related services
  • Understanding in detail the financial requirements, investment needs and aptitude to risk of its customers
  • Recruitment and retention of highly talented investment specialists who embrace its investment approach
  • Investments and stock markets are monitored on an ongoing basis and client portfolios are rebalanced in line with agreed asset allocations.
  • Client portfolios will be well diversified to reduce the impact from the failure of one investment manager
  • The Firm will perform due diligence on illiquid investments. Funds will only be committed to such investments for clients who are comfortable with their illiquid nature and have access to other funds. Client preferences will be documented in their investment policy statement
  • Investment transactions require dual authorisation. The trade decision maker must hold the CF30 controlled function
  • Trades are monitored closely by the Operations Team to ensure timely settlement. Late settlements will be flagged to custodians/brokers. Regular service reviews are held with custodians/brokers
  • The Firm’s compliance manual contains a Best Execution Policy which has been read by all employees. Checks are performed post-trade to ensure that prices achieved are in-line with the market

As an investment manager and advisory firm, The Firm also suffers from the risk of failing to comply fully with the terms of its mandates. In the event of such a failure, a firm can be exposed to substantial losses resulting from customer’s claims and legal actions. The Firm takes this risk very seriously and constructs the mandates in such a way that it is clear what constitutes risk beyond the control of the Firm

Business – Strategic Risk
Risk that a change in laws and regulations will materially impact a security, business, sector or market. A change in laws or regulations made by the government or a regulatory body can increase the costs of operating a business, reduce the attractiveness of investment and/or change the competitive landscape. Regulatory risks can also arise from breaches of regulations caused by operational or financial risks. The Firm will remain competitive by identifying opportunities and assessing the risks, rewards and costs associated with them before proceeding Business Risk is the exposure of the Firm’s business to risk caused by uncertainty in the macroeconomic environment, with specific consideration of earning volatility and cost overruns in severely adverse conditions, particularly in the start-up phase. Business Risk is managed with a mid-term focus and is assisted by careful development of business plans, appropriate management oversight and an embedded corporate governance framework. Strategic Risk can be a manifestation of business risk as it is any diversion away from the business plan/risk appetite statement due to changes in the environment or because management is unable to deliver the strategy as intended.

The risk also incorporates the business risk that the Firm faces. Business risk for the Firm is represented by the risk that the financial projections might not be fully representative of the actual business attained once FCA authorisation has been granted and therefore, it has been considered as part of start-up risk.

In a serious downturn the Firm could be at risk of posting an annual loss arising largely from a reduction of revenue/commission income. This risk cannot be further mitigated by holding additional capital, since the problem would arise in the Profit & Loss account, rather than the balance sheet. The directors of the Firm have undertaken to:

Identify early warning indicators that would allow the Board to withdraw from riskier markets well ahead of a downturn, before the level of business already written became a serious problem.

It is possible that such an approach may cause the Firm’s strategy to become uncompetitive: if so, the business strategy will be reviewed rather than the risk appetite increased.

Liquidity Risk
The risk that the Firm does not have sufficient liquid resources or is unable to deploy such resources to meet its actual or potential obligations in a timely manner as they fall due The Firm will have sufficient and accessible financial resources as to meet any financial obligations as they fall due Even though the Firm considers Liquidity Risk is highly unlikely to affect its business, the risk can be managed by:

  • Holding money in money market bank accounts that earn interest
  • Holding money in a deposit account that it has access to as required
  • Monitoring its bank balance on a regular basis

The risk is managed principally by holding cash and other easily realisable liquid assets. Backwards cash flow is monitored via the accounting software used (Xero). The CEO monitors forward looking cash flow. The management team review financials monthly and assess variances to the budget. As a result of the simple business model, the Firm takes very little risk from a capital adequacy perspective and do not hold any exposure to the underlying market in any way. Liquidity Risk could however arise where the income and revenue streams are either lost completely or are severely reduced. Revenue could be reduced or stopped for a number of reasons. These include but are not limited to, a marked downturn in the market for a prolonged period or a continued period of recession. Exposure to Liquidity Risk is increased where a reduction, or erosion of revenue is experienced by the Firm, the Firm would still be required to service their fixed overheads. This would take the form of the rent for the premises and directors’ and employees’ salaries. With regards to salaries, the directors will not increase their revenue in circumstances that would mean the Firm is exposed to financial difficulties. In extreme circumstances the directors may defer the payment of any income to themselves.

Operational Risk
The risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events The Firm will actively identify and manage the risk of its people, processes or systems failing. Operational risk is inherent in any business, however, the Firm will take steps to prevent such risks from increasing operating costs Operational risk is defined as the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems, or from external parties. Specifically, this includes: employees (e.g. fraud or key man dependencies), third-party intermediaries, information technology (systems), and processes including failure to meet regulatory/legislative requirements or internal procedures. The Firm’s approach to mitigating operational risk is as follows:

  • The Firm has adequate working capital to cover expenses and cash is held with highly rated banks
  • The risk that key members of staff leave the Firm and it may be difficult to obtain effective replacements in acceptable time periods and at acceptable cost is mitigated by the fact that key staff are also the directors of the Firm
  • The recruitment, retention and motivation of high-quality professionals. All new employees will be subject to a rigorous assessment process prior to any employment offer being made.
  • Employee competency will be assessed on an ongoing basis and reviewed annually and ongoing. Training plans will be put in place if required.
  • A risk-based monitoring plan, the outcomes of which will be monitored by the directors
  • Robust policies and procedures in respect of regulatory compliance, anti-money laundering and finance
  • Regular maintenance and update of IT systems
  • Continual reviewing and upgrading of internal controls and procedures
  • Outsourced providers will only be appointed after a due diligence process. All members of the management team are involved in key decisions. Regular service reviews will be held with suppliers and partners

This risk is continuously monitored by the directors and Management Team to ensure adequate systems and controls are in place.

Business Continuity Risk
The risk that the business will not be able to operate should the Firm encounter a disaster. The Firm will ensure mitigation measures are in place to reduce this risk. The Firm has a business continuity plan that will be tested annually. The directors are satisfied that the plan will allow the Firm to continue to function under a wide-range of disaster scenarios. The business model can continue to operate from any location, provided there is secure internet access.
Interest Rate Risk
The risk that interest rates and/or their implied volatility will change. The Firm will continue to ensure it generates the majority of income from advisory services, therefore reducing the risks associated with changes in interest rates. Interest rate risks may arise from a number of sources, including the possibility that rate changes will affect future profitability or the fair value of financial instruments. Based on its activities, the Firm is not exposed to interest rate risk in real terms as it is not carrying any significant assets or liabilities. Changes to any assets and liabilities held would not impact the Firm’s financial position. Keeping this in view, no additional capital allocation has been made by the directors to cover a major change in interest rates.
Concentration Risk
The risk which can arise from uneven distribution of exposures to particular sectors, regions, industries or products. Due to the nature of the business, the Firm has a small number of clients, therefore concentration risk is inevitable, however funding is in place to mitigate this risk. The Firm’s main concentration risk is the fact that it depends on revenue from a small number of clients, which could impact the business if clients terminate their agreements leading to a loss of profitability and possible requirement to cut costs.

Funding has been committed for a two-year period which would help to mitigate this risk and, as the business grows, the directors will assess the impact of revenue concentration.

At this point, the directors have decided that it is not necessary to hold additional capital against this risk.

Legal, Compliance & AML Risk
The risk arising from defective transactions, failing to take appropriate measures to protect assets, changes in regulations and law and claims resulting in a liability or loss to the Firm. The Firm will appoint external legal and compliance advisors however the Firm does not intend to have any appetite for legal, compliance or AML breaches As an investment focussed business, the Firm is required to comply with different legislation, non-compliance of which may expose the Firm to redress in the form of fines, penalties or litigation. Management is fully aware of such risk and have set out documented controls and procedures in the form of a Compliance Manual, a Compliance Monitoring Programme, AML training (which will be refreshed annually) and the appointment of external compliance consultants to perform compliance reviews. All members of the management team are involved in client on-boarding to help to identify any potential issues. AML and KYC checks are carried out as part of the on-boarding process and regular client meetings are held to identify key changes over the client life cycle. The Firm have engaged Farrer & Co to provide legal advice. Legal contracts are reviewed by the senior management team and if deemed necessary will be sent to an external law firm for review and comment. The Firm maintains a log of contractual undertakings, NDAs and Third-Party Relationships. The Firm has Professional Indemnity Insurance and Directors & Officers Insurance in place. In the view of management, such procedures are adequate and accordingly no capital has been set aside for this risk component. However, as the business grows, management will continuously review this risk to assess the need for additional capital.
Fraud & Security Risk
The risk that the Firm fails to prevent its involvement in or use by other parties to commit fraud. The Firm has no appetite for any breaches or lapses occurring that result in fraud taking place Fraud involving the Firm’s clients could cause reputational damage and possible financial loss to the Firm and its clients. This is managed by ensuring a signed client instruction or authority is kept on file for all third-party payments. Payments to an account in the client’s own name is permitted, providing the client has confirmed their bank details in writing. Payments can be instructed over the phone, by fax, letter or email in line with written authorities provided by the client. If an unexpected request is received, the Firm will query the request with the client. Where necessary, signatures are checked back to the client agreements. Dual verification is required for any payments from a client account.

To manage the threat of fraud occurring within Wren, transfers out of the Firm’s bank account require dual authorisation in line with the limits set out in the Articles of Association and authorised signatory list. Cash flow reports are submitted to the Board on a monthly basis covering P&L and cash movements.

Office security is controlled by access cards and a PIN outside of normal office hours. During office hours, the reception is manned and access to the elevators and stairs is restricted to card holders. Cameras cover shared areas in the building. The Firm’s office door has its own lock which can only be opened with access cards. Client files are kept in a secure cabinet and a clear desk policy operates when the office is empty. PCs are set to auto-lock after 10 minutes of inactivity.

Company data is held in the Cloud so there are no physical servers on site. Office 365 logins are password protected and multi-factor authentication is active for full users. Confidential data is only available to authorised personnel. Internet security policies are in place to protect data. Mobile phones with access to company data are only accessed with a PIN or fingerprint scan.

The Firm has a Cyber Security Policy and a Security Protocols Policy, which must be read by all employees. If an employee believes their data has been compromised, they must change their passwords and inform the management team. Operating system updates are installed automatically, as are virus and malware updates. All PC’s are scanned daily.

 

6. Remuneration Policy

The Firm’s Remuneration Policy complies with the Remuneration Code in relation to its size, nature, scope and complexity of its activities. The Policy is aligned to the Firm’s business strategy, objectives, values and long-term interests in respect of performance and effective risk management in line with the Firm’s risk appetite. A copy of the Remuneration Policy is available via the Firm’s website and sets out how the Firm complies with the Remuneration Code. Total remuneration paid out to members of staff whose actions have a material impact on the risk profile of the Firm are as follows:

Categories Number of employees Basic Pay (£) Variable pay (£)
Code staff 6 606,996 0
All other staff 0 0 0
Total 6 606,996 0

 

7. Breaches of Pillar III

Any breaches of the BIPRU rules will be recorded on the Firm’s breach log in conjunction with its Regulatory Breach procedure.