Back Custom print Link Text Only Rich Text Print

  • Compliance Function

    • HC 6.4.14

      Conventional bank licensees must organise their compliance function and set priorities for the management of their compliance risk in a way that is consistent with their own risk management strategy and structures.

      Added: January 2019

    • HC-6.4.15

      The compliance function must be independent and effective. It must be headed by an executive or senior staff member with overall responsibility for co-ordinating the identification and management of the bank's compliance risk and for supervising the activities of other compliance function staff

      Added: January 2019

    • HC-6.4.16

      The Head of Compliance, with the assistance of senior management must:

      (a) report to the board of directors or the designated committee of the board on a quarterly basis, even if there are no issues to highlight,
      (b) report to the board or the designated committee of the board on the bank's management of its compliance risk, in such a manner as to assist board members to make an informed judgment on whether the bank is managing its compliance risk effectively;
      (c) report promptly to the board or the designated committee of the board on any material compliance failures as they arise (e.g. failures that may attract a significant risk of legal or regulatory sanctions, material financial loss, or loss to reputation); and
      (d) ensure that senior management develop remedial action plans to address compliance breaches.
      Added: January 2019

    • HC-6.4.17

      The role of head of compliance may be combined with those of the head of risk if the size and nature of the bank justifies a single function for both roles. Banks which carry out limited operations or are small branches of foreign banks would qualify for such a practice.

      Added: January 2019

    • HC-6.4.18

      The compliance function should assist senior management, the board and the designated committee of the board in their compliance obligations and help promote the right culture within the bank. While the board and management are accountable for the bank's compliance, the compliance function has an important role in supporting corporate values, policies and processes that help ensure that the bank acts responsibly and fulfils all applicable obligations.

      Added: January 2019

    • HC-6.4.19

      The independence and effectiveness of the function must be based on the following related elements:

      (a) The compliance function must have a formal status with sufficient authority within the bank;
      (b) There must be a group compliance officer or head of compliance with overall responsibility for co-ordinating the management of the bank's compliance risk;
      (c) Compliance function staff, and in particular, the head of compliance, must not be placed in a position where there is a possible conflict of interest between their compliance responsibilities and any other responsibilities they have;
      (d) Compliance function staff must have access to the information and personnel necessary to carry out their responsibilities; and
      (e) The compliance function must directly report to the board or a designated board committee in the case of Bahraini conventional bank licensees) and administratively to the CEO; and
      (f) In the case of branches of foreign bank licensees, the reporting must be to the Group Compliance Officer or Regional Compliance Officer and may report administratively to the CEO/GM of the branch.
      Added: January 2019

    • HC-6.4.20

      The concept of independence does not mean that the compliance function cannot work closely with management and staff in the various business units. Indeed, a co-operative working relationship between compliance function and business units should help to identify and manage compliance risks at an early stage. Rather, the various elements described above should be viewed as safeguards to help ensure the effectiveness of the compliance function, notwithstanding the close working relationship between the compliance function and the business units. The way in which the safeguards are implemented will depend to some extent on the specific responsibilities of individual compliance function staff.

      Added: January 2019

    • HC-6.4.21

      The compliance function should be free to highlight to senior management on any irregularities or possible breaches disclosed by its investigations, without fear of retaliation or disfavour from management or other staff members.

      Added: January 2019

    • HC-6.4.22

      Appointment, dismissal and other changes to the head of compliance must be approved by the board or the designated board committee. Appointments of head of compliance must be approved by the CBB in accordance with paragraph LR-IA.1.17. If the head of compliance is removed from his or her position for any reason, this must be notified to the CBB, describing fully the reasons as required under paragraph LR-1A.1.22.

      Added: January 2019

    • HC-6.4.23

      Conventional bank licensees must ensure that the compliance risk management framework is subject to an independent review by a third party consultant, other than the external auditor, every three years and when there are material changes to the business. The results of the independent review and action must be provided to the CBB by 30th September of the relevant year.

      Added: January 2019

    • HC-6.4.24

      The responsibilities of the compliance function must be carried out under a compliance programme that sets out its planned activities, such as the implementation and review of specific policies and procedures, compliance risk assessment, compliance testing, and educating staff on compliance matters. The compliance programme must be risk based and subject to oversight by the head of compliance to ensure appropriate coverage across businesses and co-ordination among risk management functions.

      Added: January 2019

    • HC-6.4.25

      The Compliance function must on a pro-active basis, identify, measure, document and assess the compliance risks associated with the bank's business activities including the development of new products and business practices; the proposed establishment of new types of business or customer relationships, or material changes in the nature of such relationships. If the bank has a new products committee, the compliance function staff should be represented on the committee.

      Added: January 2019

    • HC-6.4.26

      While the Compliance function is responsible for oversight and compliance checks across the full spectrum of compliance risk areas, it is recognised that many areas of compliance require specialist skills which can be found in different parts of the organisation, example, the skill sets for compliance with ICAAP can be found either with financial control or with risk management, for compliance with labour laws, the specialist skills are with human resources departments etc. In such cases, the compliance function ensures that the right levels of checks and balances and compliance reporting are available to get comfort that the licensee has adhered to the relevant requirements. In certain instances, it may use external experts with the approval of the relevant authority within the bank.

      Added: January 2019

    • HC-6.4.27

      The compliance function should consider ways to measure compliance risk (e.g. by using performance indicators) and use such measurements to enhance compliance risk assessment.

      Added: January 2019

    • HC-6.4.28

      In case of new regulations, the compliance function must assess the appropriateness of the bank's compliance procedures and guidelines, promptly follow up any identified deficiencies, and, where necessary, formulate proposals for amendments.

      Added: January 2019