Compliance Function

From Open Risk Manual

Definition

The Compliance Function describes staff (employees) of an organization that are carrying out Regulatory Compliance.

Structure

The particular organisational structure and naming conventions may vary[1]

  • In larger banks, compliance staff may be located within operating business lines
  • Internationally active banks may also have group and local compliance officers
  • In smaller banks, compliance function staff may be located in one unit.
  • Separate units have been established in some banks for specialist areas such as Data Protection and the prevention of Money Laundering and terrorist financing
  • Some banks may wish to organise their compliance function within their Operational Risk function, as there is a close relationship between compliance risk and certain aspects of operational risk

Summary Requirements

The Compliance Principles (5, 6, 7) articulate a set of regulatory requirements around the compliance function (in banks):

The bank’s compliance function should be independent. The concept of independence involves four related elements

  • the compliance function should have a formal status
  • there should be a group compliance officer or head of compliance with overall responsibility for co-ordinating the management of the bank’s compliance risk
  • compliance function staff, and in particular, the head of compliance, should not be placed in a position where there is a possible conflict of interest between their compliance responsibilities and any other responsibilities they may have
  • compliance function staff should have access to the information and personnel necessary to carry out their

responsibilities

Responsibilities

The responsibilities of the bank’s compliance function should be to assist senior management in managing effectively the compliance risks faced by the bank.

  • The compliance function should advise senior management on compliance laws, rules and standards, including keeping them informed on developments in the area
  • Educating staff on compliance issues, and acting as a contact point within the bank for compliance queries from staff members
  • Establish written guidance to staff on the appropriate implementation of compliance laws, rules and standards through policies and procedures and other documents such as compliance manuals, internal codes of conduct and practice guidelines
  • On a pro-active basis, identify, document and assess the compliance risks associated with the bank’s business activities, including the development of new products and business practices, the proposed establishment of new types of business or customer relationships, or material changes in the nature of such relationships. If the bank has a new products committee, compliance function staff should be represented on the committee.
  • Consider ways to measure compliance risk (e.g. by using performance indicators) and use such measurements to enhance compliance risk assessment. Technology can be used as a tool in developing performance indicators by aggregating or filtering data that may be indicative of potential compliance problems (e.g. an increasing number of customer complaints, irregular trading or payments activity, etc).
  • Assess the appropriateness of the bank’s compliance procedures and guidelines, promptly follow up any identified deficiencies, and, where necessary, formulate proposals for amendments.
  • Monitor and test compliance by performing sufficient and representative compliance testing. The results of the compliance testing should be reported up through the compliance function reporting line in accordance with the bank’s internal risk management procedures.
  • The head of compliance should report on a regular basis to senior management on compliance matters. The reports should refer to the compliance risk assessment that has taken place during the reporting period, including any changes in the compliance risk profile based on relevant measurements such as performance indicators, summarise any identified breaches and/or deficiencies and the corrective measures recommended to address them, and report on corrective measures already taken. The reporting format should be commensurate with the bank’s compliance risk profile and activities.
  • Have specific statutory responsibilities (e.g. fulfilling the role of anti-money laundering officer). It may also liaise with relevant external bodies, including regulators, standard setters and external experts

See Also

References

  1. BCBS 113>
Retrieved from "https://www.openriskmanual.org/wiki/index.php?title=Compliance_Function&oldid=26267"
  • Creative Commons Attribution-NonCommercial-ShareAlike
  • Powered by MediaWiki
  • Powered by Semantic MediaWiki