International Association of Risk and Compliance Professionals (IARCP)
Compliance officers are responsible for the implementation of the compliance strategies, policies, procedures, processes and related reporting.
They ensure compliance with all applicable laws and regulations.
They also ensure that all employees are informed of their obligations and are motivated to comply, and that controls are established and maintained.
Compliance officers are also responsible for identifying major risk factors (product, compliance and operational) for the firm and developing and coordinating the implementation of strategies to reduce regulatory risk.
According to the Basel framework, the core tasks of the compliance function defined in laws, regulations or binding guidance in respondent jurisdictions are "monitoring and testing compliance" as well as "reporting on a regular basis to senior management".
The tools most frequently used to promote a strong compliance culture are training and a written policy established by senior management.
Jurisdictions rarely foster the independence of the compliance function by explicitly prohibiting remuneration of compliance function staff based on the financial performance of the business lines for which they exercise compliance responsibilities, although in a limited number of jurisdictions such a prohibition is recommended or implicit.
As regards cross-border issues, restrictions still seem to exist to information sharing within groups for compliance purposes: for instance, in some cases, the customer’s consent is required.
The Basel Committee discloses that authorities underlined two major issues they had to face when implementing a compliance framework.
One of these issues, which relates to small and medium-sized institutions in particular, was how banks should organise their compliance function.
This includes, for instance, the determination of what are appropriate resources for the compliance function in relation to the size, complexity and nature of the business; the relationship between internal audit and compliance; the independence of the compliance function.
Another issue frequently mentioned by authorities was the scope of compliance risks (eg whether the definition covered non-financial rules and regulations).
The most frequent areas involved in compliance incidents are market conduct (including conflicts of interests, treating customers fairly and ensuring the suitability of customer advice) as well as prudential laws and regulations.
The prevention of money laundering and terrorist financing was also frequently mentioned. Compliance incidents related to accounting and auditing were noted by jurisdictions.
The factors most significantly contributing to these compliance incidents were the failure to introduce, maintain or enforce compliance policies and procedures on a consistent basis throughout the firm; insufficient compliance culture, awareness or training; and a failure to identify or address emerging firm-wide compliance risks.
Basel III - The Compliance Function
The bank’s board of directors is responsible for overseeing the management of the bank’s compliance risk.
The board should approve the bank’s compliance approach and policies, including the establishment of a permanent compliance function.
An independent compliance function is a key component of the bank’s second line of defence. This function is responsible, among other things, for promoting and monitoring that the bank operates with integrity and in compliance with applicable, laws, regulations and internal policies.
Compliance starts at the top. It will be most effective in a corporate culture that emphasises standards of honesty and integrity and in which the board of directors and senior management lead by example.
It concerns everyone within the bank and should be viewed as an integral part of the bank’s business activities.
A bank should hold itself to high standards when carrying out its business and should at all times strive to observe the spirit as well as the letter of the law.
Failure to consider the impact of its actions on its shareholders, customers, employees and the markets may result in significant adverse publicity and reputational damage, even if no law has been broken.
The bank’s senior management is responsible for establishing a written compliance approach and policies that contain the basic principles to be followed by the board, management and staff, and explains the main processes by which compliance risks are to be identified and managed through all levels of the organisation.
Clarity and transparency may be promoted by making a distinction between general standards for all staff members and rules that only apply to specific groups of staff.
While the board and management are accountable for the bank’s compliance, the compliance function has an important role in supporting corporate values, policies and processes that help ensure that the bank acts responsibly and observes all obligations applicable to it.
The compliance function should advise the board and senior management on compliance laws, rules and standards, including keeping them informed of developments in the area.
It should also help educate staff about compliance issues, act as a contact point within the bank for compliance queries from staff members, and provide guidance to staff on the appropriate implementation of compliance laws, rules and standards in the form of policies and procedures and other documents such as compliance manuals, internal codes of conduct and practice guidelines.
The compliance function is independent from management and provides separate reporting to the board on the bank’s efforts in the above areas and on how the bank is managing its compliance risk.
To be effective, the compliance function must have sufficient authority, stature, independence, resources and access to the board. Management should respect the independent duties of the compliance function and not interfere with them.
The areas of special focus by the compliance function include those that could create reputational risk for the bank, including bribery, money laundering, country sanctions, fair treatment of the consumer and practices raising ethical issues.
Top 10 risk and compliance management related news stories and world events
Do you want to receive every Monday the Top 10 risk and compliance management related news stories and world events that (for better or for worse) shaped the week's agenda, and what is next?
You may submit the form that follows. We meet strict national and international privacy standards. You can unsubscribe at any time.
We will discuss about:
Certified Risk and Compliance Management Professional (CRCMP)
Distance Learning and Online Certification Program
Certified Information Systems Risk and Compliance Professional (CISRCP)
Distance Learning and Online Certification Program