The compliance function must have access across the entire organisation to carry out its responsibilities on its own initiative where compliance risk exists. It must, additionally, have the right to communicate with any staff member and to obtain access to any records or files necessary to conduct its responsibilities and to conduct investigations of possible breaches of the compliance policy and to request assistance from specialists within the bank (e.g. legal or internal audit) or engage outside specialists subject to appropriate internal approval to perform this task if appropriate.