Speaker 1: The prime responsibility to ensure that a business complies with regulations rests with the Board of Directors, or with the owners, or the most senior executive management group in the case there is no Board. The Board, owners or senior management will usually delegate compliance activities, but their personal responsibilities cannot be delegated away. Given that laws and regulations pervade most financial institution activities at all levels, the Board should ensure that all personnel is responsible for compliance with all regulations relevant to their jobs. Furthermore, compliance officers should perform quality control of each designated function at the operational level. In this module, we will further examine the compliance function for financial institutions as part of their responsibility to ensure that the financial institution complies with its obligations under the law. Officials who effectively direct the firm must ensure that the compliance function fulfils its requirements, always taking into account the nature, scale and complexity of the business and the nature and range of services and activities undertaken. Financial institutions should employ a number of staff to cover the compliance function's tasks. These compliance officers should perform their tasks on an ongoing and independent basis. Financial institutions should not combine the compliance function with the internal

Speaker 2: audit function. These are the main responsibilities attributed to a financial institution's compliance

Speaker 1: function. Organisational requirements of the compliance function. Permanence of the compliance function. Independence of the compliance function. And compliance support offered to business units, ensuring that staff is adequately trained. Operational requirements of the compliance function. Effectiveness of the compliance function. When ensuring that appropriate human and other resources are allocated to the compliance function, financial institutions should take into account the scale and types of financial investment and ancillary services and activities undertaken by the firm. The number of staff required to cover the compliance function's tasks depends on the nature of the services, activities and other business provided and or performed by the financial institution. In addition to human resources, sufficient IT resources should be allocated to the compliance function. When establishing budgets for specific functions or units, the compliance function should be allocated a budget that is consistent with the level of compliance risk the firm is exposed to. In ensuring that compliance staff members have full-time access to relevant information required to carry out their tasks, financial institutions should provide them with access to all relevant databases. To ensure that compliance staff members have the necessary authority to complete their duties, the individuals who effectively direct the firm should support them in the exercise of their duties. Authority implies possessing adequate expertise and relevant personal skills and may be enhanced by the financial institution's compliance policy, explicitly acknowledging the compliance staff's specific authority. All compliance staff should have knowledge of the law and the respective legislation governing the financial institution's operations, as far as these are relevant to the performance of their tasks. Compliance staff should be regularly trained in order to maintain and update their knowledge. A higher level of expertise is necessary for the designated compliance officer. The compliance officer should demonstrate sufficient professional experience, and it is necessary that he or she can assess the compliance risks and conflicts of interest inherent in the financial institution's business activities. The compliance officer should have specific knowledge of the different business activities carried out by the financial institution. The relevant expertise required may differ from one financial institution to another, as the nature of the main compliance risks firms face may differ. Permanence of the compliance function The law requires financial institutions to ensure that the compliance function performs its tasks and responsibilities on a permanent basis. The financial institution should ensure via, say, internal procedures and standing arrangements, that the compliance function's responsibilities will be adequately fulfilled during the compliance officer's absence. Likewise, adequate arrangements must be in place to ensure that the compliance function's main responsibilities are performed on an ongoing basis.

Speaker 2: These arrangements should be put in writing.

Speaker 1: The responsibilities and competences, as well as the compliance staff's authority, should be set out in a compliance policy, or other general policies or internal rules that it takes into account the scope and nature of the firm's services and activities. The compliance function should perform its activities on a permanent basis, and not only in specific circumstances. This requires monitoring on the basis of a regular monitoring schedule. Monitoring activities should regularly cover all key areas of services and activities, paying close consideration to the compliance risk associated with the various business

Speaker 2: areas. Independence of the compliance function

Speaker 1: Financial institutions should ensure that the compliance function holds a position within the organisational structure that allows the compliance officer and other compliance staff to act independently when performing their tasks. The compliance officer should be appointed and replaced by the firm's Board of Directors. While the individuals who effectively direct the firm are responsible for establishing an appropriate compliance organisation and monitoring the effectiveness of said organisation, the tasks performed by the compliance function should be carried out independently from senior management and other of the firm's units. When senior management deviates from important recommendations or assessments issued by the compliance function, the compliance officer should document this deviation accordingly and present it in the compliance reports. Combining the compliance function with other internal control functions Generally speaking, a financial institution should not combine its compliance and internal audit functions. Combining the compliance function with other control functions may be acceptable if it does not compromise the compliance function's effectiveness and independence. Generally, compliance staff should not be involved in the activities they monitor. However, combining the compliance function with other control units at a similar level, say money laundering prevention, may work if it does not generate conflicts of interest or compromise the compliance function's effectiveness. Combining the compliance function with the internal audit function should be avoided. This is likely to undermine the compliance function's independence, since the internal audit function is responsible for overseeing the compliance function. Whether staff members from other functions also perform compliance tasks should also be considered when determining the number of employees needed for the compliance function. Whether or not the compliance function is combined with other control functions, the compliance function should coordinate its activities with the second-level control activities performed by other units. Session Summary As part of their responsibility to ensure that a financial institution complies with its obligations under the law, individuals who effectively direct the firm must make sure that the compliance function fulfils its requirements, always taking into account the nature, scale and complexity of their business, and the nature and range of services and activities undertaken. Depending on the nature of the services, activities another business provided and or performed by the financial institution, companies should employ a number of staff to carry out its compliance function's tasks. Moreover, the compliance officers should perform their tasks on an ongoing and independent basis. The financial institution should not combine the compliance function with the internal audit function. However, the combination of the compliance function with other control functions may be acceptable if this does not compromise the compliance function's effectiveness and independence. Five Key Points Management should make sure that all personnel are responsible for compliance with all the regulations relevant to their jobs. Financial institutions should consider the scale and types of financial investment, ancillary services and activities to ensure that appropriate human and other resources are allocated to the compliance function. Financial institutions should establish adequate arrangements to ensure that the compliance officer's responsibilities are fulfilled on a permanent basis. The compliance officer and other compliance staff should act independently when performing their tasks. The compliance officer should be appointed and replaced by the firm's Board of Directors. Combining the compliance function with other control functions may be acceptable if it does not compromise the compliance function's effectiveness and independence. Generally speaking, a financial institution should not combine its compliance and internal audit functions.