HC-6.4.11
The compliance policy must be approved by the Board/the designated board committee and must address the following:
(a) The role and responsibilities of the compliance function;
(b) Measures to ensure its independence;
(c) Its relationship with other risk management functions within the bank and with the internal audit function;
(d) In cases where compliance responsibilities are carried out by staff in different departments, how these responsibilities are to be allocated among the departments;
(e) Its right to obtain access to information necessary to carry out its responsibilities, and the corresponding duty of bank staff to cooperate in supplying this information;
(f) Its right to conduct investigations of possible breaches of the relevant laws and regulations and the compliance policy and to appoint outside experts to perform this task if appropriate; and
(g) Its right to be able freely to express and disclose its findings to the board of directors or to the designated board committee, e.g. the audit committee or the governance committee of the board.
(h) The basic principles to be followed by management and staff describing the main processes by which compliance risks are to be identified and managed through all levels of the organization.
Added: January 2019