Guide on Areas of Compliance and Internal Controls for Management Companies and Trustees

GUIDE ON AREAS OF COMPLIANCE AND INTERNAL CONTROLS FOR MANAGEMENT COMPANIES AND TRUSTEES

2 GUIDE ON AREAS OF COMPLIANCE AND INTERNAL CONTROLS FOR MANAGEMENT COMPANIES AND TRUSTEES This list is to be used as a guide to identify areas of compliance and internal controls which a management company and a trustee should focus its attention on as well as in preparing the compliance manual. Notwithstanding, this guide does not represent an exhaustive list and it is the responsibility of the management company and the trustee to ensure that all potential areas of risks are properly identified and addressed. The management company and the trustee should constantly review their compliance and internal controls structure to assess their effectiveness and adequacy, and update the framework (where necessary) to reflect any changes accordingly. 1 Separation of Functions 1.01 The underlying principle for separation of functions within a group of companies is to limit and/or avoid any potential conflicts of interests or breach of Chinese walls between the different companies within that group. 1.02 The group of companies to which the management company/trustee is part of should be structured in a manner which adequately provides for the separation of functions between the unit trust activities and the non￾fund management activities of the group. 1.03 There should be proper management and supervision structure in place as well as the appropriate delegation of authority to ensure lines of responsibility and accountability are well defined. 1.04 Management companies/trustees that utilise certain services, expertise and assets available within the group of companies should ensure that there are controls in place to ensure that confidentiality of information is maintained and protected at all times. There should also be controls in place to ensure that the decision to use a related-party service provider in relation to the unit trust business is in the best interest of the unit holders. 2 Segregation of Duties 2.01 Segregation of duties within the management company/trustee is essential to ensure effective supervision and accountability in critical functions in the operations and administration of the fund. The absence of proper segregation of duties within the management company/trustee could result, amongst other things, an inability to verify or monitor executed tasks and/or detect errors and give rise to fraudulent activities.

3 2.02 Accordingly, the organisation structure of the management company/trustee should be structured with due consideration for, amongst others, the establishment of: (1) A clear line of reporting for every function, department and division; and (2) A clear authorisation for each function. 3 Delegation of Function 3.01 The management company and trustee should have controls and procedures in place for the following: (1) Proper selection of delegates; (2) Contents of agreement with delegates and that it is properly executed; (3) Adequate reporting arrangement by the delegate to the management company/trustee; (4) Evaluating the performance of the delegate; and (5) Monitoring the conduct and activities of the delegate to ensure the continued eligibility of the delegate to discharge its functions and responsibilities. 4 Audit and Compliance Committee 4.01 The board of directors of the management company is encouraged to establish an audit and compliance committee wherein the majority of the members of such a committee should comprise independent members of the board of directors of the management company. 5 Compliance Function 5.01 The management company should maintain a compliance manual and a code of conduct for officers of the management company. The compliance manual should, amongst others, include the following: (1) Describe the policies, processes, procedures and measures required to ensure compliance with: (a) The relevant laws, guidelines and rules relating to the conduct of unit trust business, as well as terms and

4 conditions of approval obtained from the relevant authorities; (b) Disclosures stated in the prospectus of the fund; (c) The requirements stated in the constituting documents for each of the unit trust funds established, administered and managed by the management company; (d) Any other internal measures/standards of controls as may be implemented by the management company from time to time; and (e) The internal operational processes, procedures and mechanisms of internal controls of the relevant functional areas. (2) Identify the risks of non-compliance; and (3) Establish measures designed to mitigate the identified risks. 5.02 The compliance manual should be prepared by the Compliance Unit or Internal Audit Unit jointly with the relevant Heads of Departments/Divisions, having regard to the areas mentioned above. 5.03 The compliance manual should be endorsed by the Board of Directors (including the Audit Compliance Committee, if any) of the management company. It may be changed, modified, amended or added from time to time, as and when required with the approval of the Board of Directors (including the Audit Compliance Committee, if any). 6 Internal Audit Function 6.01 The purpose, authority and responsibility of the internal audit function at the management company and the trustee should be identified and properly set out, taking into account amongst others, the following: (1) The position of the internal audit in the organisation; (2) Defining the scope of internal audit activities; (3) Establishment of policies and procedures to guide the internal audit function; (4) Adequate resources for the functions; and (5) Authorising of access to records and resources relevant to the discharge of functions.

5 7 Risk Management 7.01 The management company and trustee should identify and evaluate potential exposures to risk (e.g. inherent business risk, operational risk, product risk etc) and identify ways to manage and address the risk. 8 Policy on Employee Dealings 8.01 The management company and trustee should have in place a policy on investment dealings conducted by its employees. The employees should be made aware of the policy on personal account dealings and the consequences of any breach of the policy. Procedures should be drawn up to monitor (e.g. reporting or disclosures) any personal dealings by the employees. 8.02 There should be policies and procedures in place to ensure that dealings by employees do not disadvantage the fund in any way. Such polices and procedures should include disclosures on any personal investments/dealings to the board of directors or any other appropriate level on a periodic basis, or as and when it is deemed necessary in order to reduce the risks of “front-running” the fund and insider trading. 9 Conflict of Interest 9.01 The management company and trustee should have in place measures to ensure proper identification and disclosure of as well as deal with situations/potential situations of conflict of interest. 10 Dealings Between Management Company and Trustee 10.01 The management company and trustee should have procedures and controls in place to ensure proper authorisation, accountabilities and responsibilities as well as lines of reporting between them. 10.02 Reconciliation of fund’s records maintained by the management company and trustee should be conducted regularly and any errors/omission should be amended/addressed on a timely basis.

6 11 Board of Directors, Audit and Compliance Committee, Investment Committee, Syariah Committee, Syariah Advisers and Panel of Advisers 11.01 Qualification and Eligibility (1) The management company should have measures in place to ensure that the relevant persons/parties mentioned above: (a) Are appropriately skilled and selected in accordance with the requirements of the Guidelines on Unit Trust Funds (Guidelines); and (b) Are able to fulfil and carry out their responsibilities and functions effectively and are kept apprised of regulatory and industry developments. 11.02 Meetings of Board of Directors and Other Committees (1) Meetings should be held regularly (preferably once a month) and in accordance with the requirements of the Guidelines, deed and other applicable requirements. (2) Proper and accurate minutes should be maintained for every meeting. The minutes should reflect the dissenting votes (if any) whenever a decision is made. (3) At least one independent member who is entitled to vote must be present at a meeting in order to form a quorum. 12 Safekeeping of Assets of the Fund 12.01 The management company and trustee should have controls in place to ensure that assets of the fund are identified appropriately and kept/protected accordingly, taking into account amongst others, the following: (1) Money Placements (a) The policy and procedure of money placements should be in place to ensure that proper documentation between the banks and the brokers/asset management companies/managers have been made with regard to instructions for placement/withdrawals. Proper reconciliation should be conducted regularly and any discrepancies should be addressed on a timely basis.

7 (2) Securities Transactions (a) Adequate controls and procedures should be in place to ensure that sales/purchases are correctly accounted for and that securities transactions do not result in a breach of investment limits set out for the fund. (3) Creation and Cancellation of Units (a) There should be in place procedures and controls for proper and timely execution of creation and cancellation of units. (4) Valuation and Pricing (a) Adequate policies and procedures should be in place to check and verify valuation and pricing basis. (5) Distributions (a) There should be measures in place to ensure that distributions to unit holders are calculated correctly and made in a timely manner, in line with the objective of the fund and does not contravene any relevant regulatory requirements. (6) Corporate Actions (a) Adequate procedures should be in place for action to address corporate announcements (e.g. announcements of rights issue, bonus issue, declaration of dividend, AGM/EGM, etc.). 13 Transactions 13.01 The management company and trustee should ensure that records of transactions relating to the fund are properly maintained and updated regularly. 13.02 Sales (1) The management company should have controls and procedures in place to ensure that: (a) Sales are processed in a timely manner; (b) Monies collected from sales are protected before it is deposited into the fund’s account;

8 (c) Sales are allocated to the correct fund for the correct unit holder at the correct price; (d) Service charge levied (if any) are in accordance with the amount or percentage disclosed in the prospectus; and (e) There are proper arrangements for remittance of monies between the management company and its agents. 13.03 Redemptions (1) The management company should have controls and procedures in place to ensure that: (a) Redemptions are processed in a timely manner; (b) Redemption prices are set at the correct price; and (c) Redemption charges levied (if any) are in accordance with the amount or percentage disclosed in the prospectus. 13.04 Creation and Cancellation (1) The management company and trustee should have controls and procedures in place to ensure proper and timely creation and cancellation of units, including payment/settlement of creation and cancellation monies. 14 Fees and Charges 14.01 The management company should have controls and procedures in place to ensure that: (1) Only authorised fees and charges are charged to the fund and that these fees and charges are calculated and deducted correctly as stipulated in the prospectus; (2) The fees and charges are reasonable and commensurate with the services provided; and (3) The relevant fees and charges are properly and adequately disclosed to the public in accordance with the requirements of the Guidelines.

9 15 Investment Management 15.01 The management company should have in place policies and procedures in respect of the investment management function of the fund relating to (but not limited to) the following areas: (1) Dealing procedures; (2) Timely and fair allocation of trades when block trades are made; (3) Ensuring that the fund’s investments are in line with the objectives and strategy of the fund as disclosed/stated in the prospectus/deed; (4) Identifying and addressing investment risks; (5) Monitoring, review and reporting of investments limits and restrictions, including actions required to address/rectify any non￾compliance; (6) Cut-loss policies; (7) Dealings with brokers/dealers; (e.g. Addressing approved trading/placement limits, authorised personnel/executors, timely execution of trades, execution of transactions on terms which are the best available for the fund and which are no less favourable to the fund than arm's length transactions between independent parties, confirmation of transactions, etc) (8) Treatment of dormant/inactive trading accounts; (9) Procedures to detect and rectify dealing errors; (10) Treatment of diminution in value of investments; (11) Direct deals/off-market transactions; and (12) Treatment and disclosures of soft commissions and rebates. 16 Valuation 16.01 There should be in place controls and measures to ensure that: (1) The basis of valuation adopted by the fund is in line with the requirements of the Guidelines;

10 (2) The systems used for valuation, processing unit buying and selling activities are adequately operated; (3) Impact of corporate actions on valuation are highlighted on a timely basis so that changes in valuations, income accruals and positions can be evaluated and relevant actions initiated; and (4) Pricing errors are detected in a timely manner and properly dealt with. Areas of focus should include (but not limited to) the following: (a) Rectification methods; (b) Materiality level; and (c) Compensation to unit holders. 17 Record Keeping/Business Continuity 17.01 The management company and trustee should have in place adequate systems and record-keeping procedures to manage records on information pertaining to day-to-day operations, examples of which include trading transactions, correspondences, etc. There should be controls and procedures in place to ensure that: (1) There is a proper and adequate audit trail of all records pertaining to the company’s operation of the fund; (2) Information technology (IT) and accounting systems used by the management company/trustee are secure and meet the operational requirements of the fund; (3) The classifications of assets and income are in line with any specific principles set out for the fund; and (4) Confidentiality of records are maintained at all times. 17.02 The management company and trustee should have business continuity and disaster recovery plans in place for ensuring its ability to resume operations if a disaster occurs (e.g. a computer systems failure or natural disaster).

11 18 Disclosure and Reporting 18.01 Reporting Timeline (1) There should be in place procedures to ensure that all statutory timelines are met. 18.02 Advertising and Promotional Activities (1) The management company should have in place measures and procedures to ensure that notices are properly reviewed, authorised and in compliance with the requirements of the Securities Commission Act 1993 (Act) and the Guidelines. 18.03 Prospectus (1) The management company should have in place procedures and measures to ensure that the disclosures in and preparation of the prospectus are in line with the disclosure requirements of the Act and the Guidelines before submission to the SC. 18.04 Annual and Interim Report (1) The management company should have procedures and measures in place to ensure that the financial statements prepared in accordance with applicable approved accounting standards and in line with the Guidelines. 19 Identifying, Rectifying and Reporting of Breaches 19.01 Compliance reviews should be carried out on a regular basis by the management company and trustee in order to identify breaches and there should be procedures in place to ensure that all breaches are appropriately dealt with in a timely manner. 19.02 Controls should be in place to ensure that all breaches are reported to the appropriate level within the management company/trustee and/or the appropriate committee/adviser in a timely manner. 20 Distribution Channels 20.01 The management company should have controls and procedures in place to monitor the activities and conduct of its agents (Institutional Unit Trust Agents and Independent Tied Agents) to ensure that requirements of the relevant Guidelines are complied with.

12 21 Information Technology 21.01 IT policies and procedures should be drawn up by the management company and the trustee to address matters relating to security and access controls, system development, system and database administration and technical support. The IT policy must be conveyed to all relevant staff members and must be periodically reviewed by IT specialists to reflect changes in business and technology. 21.02 Adequate back-up and recovery procedures for its computer system and disaster recovery plan should be in place to ensure that its operations are not disrupted.