The Independence of the Compliance Function

Independence is one of the fundamental principles of compliance and any regulated entity shall strive to establish and implement measures and controls in order to ensure that the duties performed, and the decisions taken, by the Compliance Function are carried out on an independently not only from the senior management, but even from all units within the regulated entity.

Independence may be achieved in different ways and each and every measure and control adopted by the regulated entity shall contribute towards the same end result: independence from influence or control. In this write up we would like to touch upon some relevant aspects of how to enhance compliance with the requirement of having an independent Compliance Function.

formal status – The role of the Compliance Function within the regulated entity shall be established and properly documented in the Compliance Policy and communicated to all the staff members of the entity. The senior management should set the example and play an important role in recognising appropriate standing and authority to the Compliance Function. The Compliance Function itself ensure that it demonstrates and manifests about its status and authority within the regulated entity.

overall responsibility – The Compliance Function should be attributed an overall responsibility to identify and mitigate the compliance risks which might emerge from all areas of the services and activities provided by the regulated entity and should not be entrusted with the supervision of a direct line of business, other than supervision of the compliance staff allocated. The regulated entity shall also ensure that the relevant persons involved in the Compliance Function are not involved in the performance of services or activities they monitor.

perform only compliance tasks – When appropriate, based on the nature, scale and complexity of the business, and on the nature and range of the investment services, activities and ancillary services offered, the Compliance Function shall perform only compliance related responsibilities. The actual or perceived conflicts of interest between compliance and other tasks may jeopardise the independence and the effectiveness of the Compliance Function.

direct reporting line – The Compliance function shall be granted direct access and direct reporting line to the management board of the regulated entity. The regulated entity shall have in place at all times clear escalation policies and procedures which provide guidance in relation to the reporting processes to be implemented. The Compliance Function, on the other hand, should document any action taken and any deviation by senior management from important recommendations or assessments issued by the Compliance Function.

access to relevant and pertinent information – The independence of the Compliance Function hinges on the extent of information and access granted to it in relation to the services, activities, and transactions undertaken by the regulated entity. In order to perform its duties and take its decisions independently, the Compliance Function shall be granted unfettered access to all the relevant and pertinent information necessary.

remuneration – The regulated entity shall establish and implement measures that ensure that the method of determining the remuneration of the Compliance Function and the relevant compliance staff does not compromise their objectivity or is not likely to do so.

relation with other business units – Since compliance with the applicable laws and regulations is a matter that concerns everyone, within in the regulated entity, and since the Compliance Function is often engaged in providing advisory services and assistance to other business units within the regulated entity, it is important that the Compliance Function is not influenced in its decision process by the other units within the regulated entity.

With the above being said, the Compliance Function should not disregard the experience and the expertise of the senior staff involved in the regulated entity. The Compliance Function should perform its role independently without seeking advice as much as possible, limiting the involvement of others to providing guidance and advice only upon request and when necessary and in relation to the following:

  1. Advice on the interpretation of applicable rules from a legal perspective;
  2. Advice on practical implementation of regulations drawing other’s experience in the industry;
  3. Knowledge sharing of applicable rules and regulations;
  4. Providing internal training sessions on topics related to the Compliance Function to ensure the ongoing professional development of the Compliance Function.

However, it is important to note that the role of the experienced senior staff shall not be extended to guide or lead to the Compliance Function in decision-making, guidance on the actions which the Compliance Function should take in carrying out its function and in reviewing the work conducted by the Compliance Function, since the Compliance Function shall carry out its function in its own capacity and independently.

 

The information contained in this write up is provided for general informational purposes only. It does not, and is not intended to, constitute legal advice on any subject matter. You should not act or refrain from acting on the basis of any content included in this write up without seeking legal or other professional advice for your individual situation.