The compliance officer

The compliance officer

Compliance officers are responsible for the implementation of the compliance strategies, policies, procedures, processes, and the related reporting.

They ensure compliance with all applicable laws and regulations.

They also ensure that all employees are informed of their obligations, they are motivated to comply, and that controls are established and maintained.

According to the Basel framework, the core tasks of the compliance function defined in laws, regulations, or binding guidance in respondent jurisdictions, are monitoring and testing compliance, and reporting on a regular basis to senior management.

Many jurisdictions explicitly prohibit remuneration of the compliance function staff to be based on the financial performance of the business lines for which they exercise compliance responsibilities.

The Basel Committee has disclosed that authorities underlined two major issues they had to face when implementing a compliance framework.

One of these issues, which relates to small and medium-sized institutions in particular, was how banks should organise their compliance function.

This includes, for instance, the determination of what are appropriate resources for the compliance function in relation to the size, complexity, and nature of the business; the relationship between internal audit and compliance; the independence of the compliance function.

Another issue frequently mentioned by authorities was the scope of compliance risks (eg whether the definition covered non-financial rules and regulations).

The most frequent areas involved in compliance incidents are market conduct (including conflicts of interests, treating customers fairly and ensuring the suitability of customer advice), as well as prudential laws and regulations.

The prevention of money laundering and terrorist financing was also frequently mentioned. Compliance incidents related to accounting and auditing were noted by jurisdictions.

Case study - Basel III, the Compliance Function

The bank’s board of directors is responsible for overseeing the management of the bank’s compliance risk.

The board should approve the bank’s compliance approach and policies, including the establishment of a permanent compliance function.

An independent compliance function is a key component of the bank’s second line of defence.

This function is responsible, among other things, for promoting and monitoring that the bank operates with integrity and in compliance with applicable, laws, regulations, and internal policies.

Compliance starts at the top. It will be most effective in a corporate culture that emphasises standards of honesty and integrity and in which the board of directors and senior management lead by example.

It concerns everyone within the bank and should be viewed as an integral part of the bank’s business activities.

A bank should hold itself to high standards when carrying out its business, and should at all times strive to observe the spirit, as well as the letter of the law.

Failure to consider the impact of its actions on its shareholders, customers, employees, and the markets, may result in significant adverse publicity and reputational damage, even if no law has been broken.

The bank’s senior management is responsible for establishing a written compliance approach and policies, that contain the basic principles to be followed, and explain the main processes by which compliance risks are to be identified and managed through all levels of the organisation.

Clarity and transparency may be promoted by making a distinction between general standards for all staff members, and rules that only apply to specific groups of staff.

While the board and management are accountable for the bank’s compliance, the compliance function has an important role in supporting corporate values, policies, and processes, that help ensure that the bank acts responsibly and observes all obligations applicable to it.

The compliance function should advise the board and senior management on compliance laws, rules, and standards, including keeping them informed of developments in the area.

It should also help educate staff about compliance issues, act as a contact point within the bank for compliance queries from staff members, and provide guidance to staff on the appropriate implementation of compliance laws, rules, and standards in the form of policies and procedures and other documents such as compliance manuals, internal codes of conduct and practice guidelines.

The compliance function is independent from management, and provides separate reporting to the board on the bank’s efforts in the above areas and on how the bank is managing its compliance risk.

To be effective, the compliance function must have sufficient authority, stature, independence, resources, and access to the board. Management should respect the independent duties of the compliance function, and not interfere with them.

The areas of special focus by the compliance function include those that could create reputational risk for the bank, including bribery, money laundering, country sanctions, fair treatment of the consumer and practices raising ethical issues.

Responsibilities of the compliance officer (example, job description)


- Support the Global Chief Compliance Officer (CCO) on compliance strategic initiatives and all compliance matters related to the firms affiliates and advisors, to ensure that the firm is in compliance with all laws and regulations, and all compliance matters are adequately escalated and resolved.

- Develop and execute a compliance program with appropriate controls, to ensure effective compliance oversight of activities.

- Develop compliance/risk manual and other required procedures with suitable application of rules and regulations.

- Implement monitoring controls and processes to oversee application of rules and procedures.

- Ensure compliance as related to insurance company investment programs including intercompany transaction controls and investment procedures.

- Responsible for monitoring compliance with all laws and regulations for designated area of direct responsibility, including business line monitoring and due diligence.

- Monitor and understand calculations and assumptions as required.

- Generate ideas to enhance the compliance program enterprise-wide, focus on risk-based approach to compliance monitoring, eliminate duplications and inefficiencies, increase effectiveness to ensure that highest risks are properly identified and mitigated.

- Drafting and updating compliance policies and testing procedures, liaising with business partners as well as legal and outside consultants to identify and mitigate compliance risks, and analyzing the effect of new business initiatives and products on the compliance program.

- Prepare regulatory filings as needed.

Other responsibilities will include:

- Assisting in preparing for and responding to inquiries and audits from regulatory authorities, and assisting in the development of regulatory reporting and regulatory filings.

- Develop and execute compliance program around privacy and data protection, as legislation and regulation are adopted that affect firm in coordination with global compliance mandate.

- Work in coordination with Chief Information Officer and Chief Information Security Officer to mature firms practices around privacy and security and appropriate policies and response plans.

- Monitor industry-wide compliance initiatives, as well as important federal, state, and non-U.S. regulatory developments and conduct analyses as to how such developments impact our activities.

Membership and certification

Become a standard, premium or lifetime member. Get certified.


In the Reading Room (RR) of the association you can find our weekly newsletter - "Top risk and compliance management news stories and world events, that (for better or for worse) shaped the week's agenda, and what is next". Our Reading Room

contact us

Lyn Spooner


George Lekatis

President of the International Association of Risk and Compliance Professionals (IARCP)

1200 G Street NW Suite 800, Washington DC 20005, USA - Tel: (202) 449-9750


Privacy, legal, impressum