HC-7.1.8
The compliance function must:
(a) Have a formal status with sufficient authority within the licensee ;
(b) Carry out its responsibilities under a risk-based compliance programme that sets out its planned activities, such as the implementation and review of specific policies and procedures, compliance risk assessment and compliance testing;
(c) Assess in cooperation with the relevant functions, in case of new regulations, the appropriateness of the licensee’s relevant policies as well as the compliance policy and related procedures and processes. It must promptly follow up regarding any identified deficiencies, and, where necessary, formulate proposals for amendments in cooperation with the relevant functions;
(d) On a proactive basis, identify, measure, document and assess the compliance risks associated with the licensee’s business activities including the development of new products and business practices, proposed establishment of new types of business or customer relationships, or material changes in the nature of such relationships. If the licensee has a new products and services committee, the compliance function staff must be represented on the committee;
(e) Monitor and test compliance by performing sufficient and representative compliance testing. The results of such testing must be reported to the Audit Committee ;
(f) Advise the audit committee and senior management on all relevant laws, regulations and standards in all jurisdictions in which the licensee conducts its business and inform them on developments on the subject;
(g) Must provide to the CBB a compliance assessment report on every application/request for approval to the CBB confirming that all related legal and regulatory requirements pertaining to the request have been thoroughly checked, including the impact of such request on the licensee’s financial position and compliance status, and a reference must be made to any previously approved arrangements by the CBB. In cases where the requests have a potential financial impact on the licensee , a report from the financial control function in consultation with external auditors must also be submitted as part of the compliance assessment report, whereas in case of any legal implication of such a request a legal opinion on the matter must be submitted;
(h) Act as a contact point within the licensee for compliance queries from staff members; and
(i) Have sufficient and appropriate resources to carry out its functions effectively, commensurate with the size and complexity of the licensee .
Added: July 2023