ESMA
European Securities and Markets Authority
ESMA launches 2026-2027 Common Supervisory Action on UCITS and AIFM risk management functions
Published
Jul 3, 2026
Topics
Asset management, UCITS, AIFMD, Risk management, Supervisory convergence, Governance, Internal reporting
Executive Summary
ESMA has launched a Common Supervisory Action with national competent authorities on the risk management function of UCITS management companies and Alternative Investment Fund Managers across the EU. The CSA will run during 2026 and 2027 and will use an ESMA-developed common assessment framework. The announced focus is supervisory rather than legislative: ESMA is not creating a new rule or filing template, but NCAs will assess how firms comply with existing UCITS and AIFMD risk-related provisions. Business impact is therefore concentrated in supervisory readiness, governance evidence, risk-methodology documentation, and the quality of internal reporting to senior management and governing bodies. ESMA expects to publish a final report with the results in 2028.
What Changed
Previous
No ESMA-announced 2026-2027 CSA specifically targeting the effectiveness, independence and expertise of the risk management function was in place.
New
NCAs will assess firms under a common ESMA framework during 2026 and 2027.
Previous
Governance and organisational requirements existed under UCITS and AIFMD, but were not the subject of this announced CSA.
New
Governance and organisation of the risk management function is one of the three stated NCA focus areas for the CSA.
Previous
Risk identification, measurement and monitoring obligations already applied under UCITS and AIFMD frameworks.
New
These areas will be examined through the coordinated CSA assessment framework.
Previous
Internal senior-management and governing-body reporting was part of existing governance expectations, but was not subject to this announced coordinated CSA.
New
Reporting to senior management and governing bodies is a stated focus area of the CSA.
Previous
No final CSA results report existed for this 2026-2027 exercise.
New
ESMA plans to publish the CSA results in 2028.
Business Impact
Who is affected
UCITS management companies and Alternative Investment Fund Managers authorised or supervised in EU Member States, including compliance, risk, portfolio management, fund governance, legal, regulatory reporting and internal audit teams supporting those entities.
Jurisdictions
European Union
Business processes
Risk management function governance and operating model, Risk-management policy maintenance, Risk identification, measurement and monitoring, Market, credit, liquidity, counterparty and operational risk controls, Senior management and governing-body risk reporting, Supervisory examination and NCA request management, Evidence retention for risk management controls
Estimated effort
Medium
Compliance risk
Medium
Affected Reports
| Field | Validation rule |
|---|---|
| Governance and organisation of the risk management function | CSA assessment area identified by ESMA; firms should be able to evidence the structure, independence, effectiveness and expertise of the risk management function. |
| Identification, measurement and monitoring of risks | CSA assessment area identified by ESMA; firms should evidence how material risks, including market, credit, liquidity, counterparty and operational risks, are identified, measured, monitored and managed. |
| Reporting to senior management and governing bodies | CSA assessment area identified by ESMA; firms should evidence the content, frequency, escalation and governance use of risk reporting. |
Recommended Actions
- 1
Perform a gap assessment of the risk management function against UCITS and AIFMD requirements and the three CSA focus areas announced by ESMA: governance/organisation, risk identification/measurement/monitoring, and reporting to senior management and governing bodies.
- 2
Update the supervisory evidence inventory for risk governance, including risk-management policy, organisational charts, committee terms of reference, escalation procedures, independence arrangements, risk-team expertise and resourcing records.
- 3
Review risk methodologies and monitoring evidence for material risk categories referenced by ESMA: market, credit, liquidity, counterparty and operational risks.
- 4
Test whether senior management and governing-body reporting packs show clear risk metrics, limit breaches, escalations, decisions and follow-up actions.
- 5
Prepare a CSA response playbook for 2026-2027 covering NCA questionnaires, document production, interview owners, data-room controls, privilege review and management sign-off.
- 6
For funds with material liquidity risk, confirm that liquidity risk management and stress-testing documentation is consistent with applicable UCITS/AIFMD obligations and ESMA liquidity stress testing guidance.
- 7
Monitor communications from the home NCA during 2026 and 2027 and track ESMA’s final CSA report expected in 2028 for remediation themes and future supervisory expectations.
Timeline
publication
Invalid Date
ESMA announced the launch of a Common Supervisory Action with NCAs on the risk management function of UCITS management companies and AIFMs.
implementation
Invalid Date
NCAs will conduct the CSA using a common assessment framework developed by ESMA.
other
Jan 1, 2028
ESMA expects to publish a final report with the results of the CSA.
Sources
AI-generated analysis is based on the following primary sources. Always verify against the official publication.
- Official news releaseEuropean Securities and Markets AuthorityInvalid DateESMA launches Common Supervisory Action with NCAs on the risk management function ↗
https://www.esma.europa.eu/press-news/esma-news/esma-launches-common-supervisory-action-ncas-risk-management-function
- Primary legal textEuropean Union / EUR-LexJul 13, 2009Directive 2009/65/EC on the coordination of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities ↗
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32009L0065
- Primary legal textEuropean Union / EUR-LexJul 1, 2010Commission Directive 2010/43/EU implementing Directive 2009/65/EC as regards organisational requirements, conflicts of interest, conduct of business, risk management and content of the agreement between a depositary and a management company ↗
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32010L0043
- Primary legal textEuropean Union / EUR-LexJun 8, 2011Directive 2011/61/EU on Alternative Investment Fund Managers ↗
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32011L0061
- Primary legal textEuropean Union / EUR-LexDec 19, 2012Commission Delegated Regulation (EU) No 231/2013 supplementing Directive 2011/61/EU with regard to exemptions, general operating conditions, depositaries, leverage, transparency and supervision ↗
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32013R0231
- Official guidanceEuropean Securities and Markets AuthoritySep 2, 2019Guidelines on liquidity stress testing in UCITS and AIFs ↗
https://www.esma.europa.eu/sites/default/files/library/esma34-39-897_guidelines_on_liquidity_stress_testing_in_ucits_and_aifs_en.pdf
Related Evidence
Similar official source documents found with semantic search.
Receive updates like this by email
Get AI-generated analysis for the regulators and topics you care about.