Compliance Report – What to report on!

As part of its responsibility to ensure that the Company complies with its obligations under MiFID II, the senior management must ensure that the compliance function fulfils the requirements set out in Article 22 of the MiFID Delegated Regulation. We have analysed the Guidelines on Certain Aspects of the MiFID II Compliance Function Requirements issued by ESMA (“CFR”) in relation to the reporting obligations and have listed them hereto in order to facilitate your assessment of the comprehensiveness of your Compliance Report.

In addition to specific matters, which are proper to the individual situation of a particular license holder, like the transactions carried out during the reporting period by an investment firm, or the NAV valuation errors, the investment activities undertaken, the subscription for or redemption of units in a collective investment scheme, pursuant to the CFR the Compliance Report should present an overview of at least the following matters:

Reporting Period – The Compliance Report shall clearly identify the period subject to reporting. Such period can vary based on the frequency that the Compliance Report is drafted as necessary.

Business Units – The Compliance Report shall cover all business units involved in the provision of investment services, activities and ancillary services provided by the company. Otherwise, it should clearly state the reasons why it does not cover certain activities or services.

Policies and Procedures – The Compliance Report shall include information on the adequacy and effectiveness of the policies and procedures designed to ensure that the company and its staff comply with the obligations under MiFID II. It should also summarise the major findings of the review of the policies and procedure, including risks identified in the scope of the compliance function’s monitoring activities and any action taken to address any significant risk of failure by the company or its staff. The Compliance Report shall specify whether the assessments carried out were performed as on-site inspections or desk-based reviews.

Product Governance Policies and Procedures – In particular, the Compliance Report shall elaborate on the role of the compliance function in the monitoring and reviewing of the product governance policies and procedures of the license holder. It should include information about the financial instruments manufactured or distributed by the company, their respective target markets and other information from the respective product approval process (for example, complexity of the product, product related conflicts of interests, particularly relevant data from the scenario analysis, the cost-return ratio), with a specific focus on new types of products manufactured or distributed during the reporting period as well as the ones whose features have been significantly amended during that period.

Changes and Developments – The Compliance Officer shall also report on the relevant changes and developments in the applicable requirements over the period covered by the Compliance Report. The Compliance Report should contain information on possible risks of failure identified. It shall lay out the measures taken, or to be taken, in order to ensure compliance with changed applicable requirements. It should also elaborate on how the compliance function intends to monitor the developments and review the obligations deriving from these changes and developments.

Complaints Handling – The Compliance Report shall include information on the number of complaints received in the period under review. When applicable, the Compliance Report shall elaborate on the reaction to complaints received and indicate whether any pay-out was performed based on the complaint. If the Company’s compliance function and the complaints management function are not separated (and therefore complaints are also handled by the compliance function), the Compliance Report shall address any issue arising out of the implementation of the arrangements that the company has in place in order to assess, minimise and manage any failure identified as regards the company’s compliance with its complaints handling obligations.

Official Correspondence – The Compliance Report shall include an overview of material correspondence exchanged with competent authorities during the reporting period. The Compliance Officer shall note at least the correspondence held with the Malta Financial Services Authority (“MFSA”), the Malta Business Registry (“MBR”) and the Malta Financial Intelligence and Analysis Unit (“FIAU”). The Compliance Officer shall present a summery of the matters considered, their outcome and, where applicable, any outstanding issue.

Reporting to Competent Authorities – The Compliance Officer shall be informed of the reporting to the competent authorities that took place during the reporting period and shall note them in the Compliance Report. The Compliance Report may also provide an update on the required regulatory submissions relevant to the upcoming month or period.

Updates from the Competent Authorities – We consider good practice to include in the Compliance Report monthly updates issued by the MFSA, MBR and FIAU, evidencing their highlights and explaining their relevance and application to the particular license holder. The purpose is to update the board of directors and provide the relevant staff with a clear understanding of the steps that need to be taken in order to ensure compliance with the newly issued rules, regulations, circulares, noted or guidelines, as case may be.

Breaches – The Compliance Report shall present an overview of the breaches and deficiencies in the organisation and compliance processes of the company as identified in the Register of Breaches. Where no breaches are registered, the Compliance Officer shall make a note in the Compliance Report.

Description of the Compliance Structure – The Compliance Report shall contain a summary of the structure of the compliance function, including the overall personnel employed, their qualifications and reporting lines and any change thereto. It should also elaborate on any deviation by senior management from important recommendations or assessments issued by the compliance function and include information in relation to any deviation from the principle that other business units must not issue instructions or otherwise influence compliance staff and their activities.

Conflict of Interest – In the case where the company makes use of the exemption to avoid appointing a compliance function whose sole responsibility within the Company is the compliance function, the Compliance Report shall include an assessment of the continuing appropriateness of the arrangements in place to minimise and manage conflicts of interest.

Training – The Compliance Report shall note the findings of the Compliance Officer regarding the monitoring of provision of frequent in-house or external training sessions to the staff on the internal rules, procedures, and manuals of the company.

Other Compliance Matters – The Compliance Report shall include information on any other significant compliance issues that have occurred since the last report period.

Recommendations – The Compliance Report shall incorporate a section which provides a summary of the planned monitoring activities for the next period as well as provide recommendations based on the findings and the results of the assessments carried out during the reporting period.

Feel free to contact us should you require any further assistance or information on the Compliance Report.


The information contained in this write up is provided for general informational purposes only. It does not, and is not intended to, constitute legal advice on any subject matter. You should not act or refrain from acting on the basis of any content included in this write up without seeking legal or other professional advice for your individual situation.