← Back to updates
ESMA

ESMA

European Securities and Markets Authority

Medium Impact

ESMA launches 2026-2027 Common Supervisory Action on UCITS and AIFM risk management functions

Published

Jul 3, 2026

Topics

Asset management, UCITS, AIFMD, Risk management, Supervisory convergence, Governance, Internal reporting

Executive Summary

ESMA has launched a Common Supervisory Action with national competent authorities on the risk management function of UCITS management companies and Alternative Investment Fund Managers across the EU. The CSA will run during 2026 and 2027 and will use an ESMA-developed common assessment framework. The announced focus is supervisory rather than legislative: ESMA is not creating a new rule or filing template, but NCAs will assess how firms comply with existing UCITS and AIFMD risk-related provisions. Business impact is therefore concentrated in supervisory readiness, governance evidence, risk-methodology documentation, and the quality of internal reporting to senior management and governing bodies. ESMA expects to publish a final report with the results in 2028.

What Changed

newEU-wide Common Supervisory Action on risk management function

Previous

No ESMA-announced 2026-2027 CSA specifically targeting the effectiveness, independence and expertise of the risk management function was in place.

New

NCAs will assess firms under a common ESMA framework during 2026 and 2027.

newSupervisory focus on governance and organisation

Previous

Governance and organisational requirements existed under UCITS and AIFMD, but were not the subject of this announced CSA.

New

Governance and organisation of the risk management function is one of the three stated NCA focus areas for the CSA.

newSupervisory focus on risk identification, measurement and monitoring

Previous

Risk identification, measurement and monitoring obligations already applied under UCITS and AIFMD frameworks.

New

These areas will be examined through the coordinated CSA assessment framework.

newSupervisory focus on reporting to senior management and governing bodies

Previous

Internal senior-management and governing-body reporting was part of existing governance expectations, but was not subject to this announced coordinated CSA.

New

Reporting to senior management and governing bodies is a stated focus area of the CSA.

newESMA final report expected in 2028

Previous

No final CSA results report existed for this 2026-2027 exercise.

New

ESMA plans to publish the CSA results in 2028.

Business Impact

Who is affected

UCITS management companies and Alternative Investment Fund Managers authorised or supervised in EU Member States, including compliance, risk, portfolio management, fund governance, legal, regulatory reporting and internal audit teams supporting those entities.

Jurisdictions

European Union

Business processes

Risk management function governance and operating model, Risk-management policy maintenance, Risk identification, measurement and monitoring, Market, credit, liquidity, counterparty and operational risk controls, Senior management and governing-body risk reporting, Supervisory examination and NCA request management, Evidence retention for risk management controls

Estimated effort

Medium

Compliance risk

Medium

Affected Reports

Internal risk reports to senior management and governing bodiesRisk management function governance and organisation evidence pack for NCA reviewRisk identification, measurement and monitoring records used to evidence UCITS/AIFMD compliance
FieldValidation rule
Governance and organisation of the risk management functionCSA assessment area identified by ESMA; firms should be able to evidence the structure, independence, effectiveness and expertise of the risk management function.
Identification, measurement and monitoring of risksCSA assessment area identified by ESMA; firms should evidence how material risks, including market, credit, liquidity, counterparty and operational risks, are identified, measured, monitored and managed.
Reporting to senior management and governing bodiesCSA assessment area identified by ESMA; firms should evidence the content, frequency, escalation and governance use of risk reporting.

Recommended Actions

  1. 1

    Perform a gap assessment of the risk management function against UCITS and AIFMD requirements and the three CSA focus areas announced by ESMA: governance/organisation, risk identification/measurement/monitoring, and reporting to senior management and governing bodies.

  2. 2

    Update the supervisory evidence inventory for risk governance, including risk-management policy, organisational charts, committee terms of reference, escalation procedures, independence arrangements, risk-team expertise and resourcing records.

  3. 3

    Review risk methodologies and monitoring evidence for material risk categories referenced by ESMA: market, credit, liquidity, counterparty and operational risks.

  4. 4

    Test whether senior management and governing-body reporting packs show clear risk metrics, limit breaches, escalations, decisions and follow-up actions.

  5. 5

    Prepare a CSA response playbook for 2026-2027 covering NCA questionnaires, document production, interview owners, data-room controls, privilege review and management sign-off.

  6. 6

    For funds with material liquidity risk, confirm that liquidity risk management and stress-testing documentation is consistent with applicable UCITS/AIFMD obligations and ESMA liquidity stress testing guidance.

  7. 7

    Monitor communications from the home NCA during 2026 and 2027 and track ESMA’s final CSA report expected in 2028 for remediation themes and future supervisory expectations.

Timeline

publication

Invalid Date

ESMA announced the launch of a Common Supervisory Action with NCAs on the risk management function of UCITS management companies and AIFMs.

implementation

Invalid Date

NCAs will conduct the CSA using a common assessment framework developed by ESMA.

other

Jan 1, 2028

ESMA expects to publish a final report with the results of the CSA.

Sources

AI-generated analysis is based on the following primary sources. Always verify against the official publication.

Related Evidence

Similar official source documents found with semantic search.

Receive updates like this by email

Get AI-generated analysis for the regulators and topics you care about.