Chapter 2 - Compliance Function Flashcards
What are the 2 core responsibilities of a Compliance Function?
- to regularly assess and monitor the adequacy and effectiveness of the measures and procedures put
in place and the actions taken to address any deficiencies in the firm’s compliance with its obligations - to advise and assist the relevant persons responsible for carrying out regulated activities to comply with the firm’s obligations under the regulatory system.
What are the Responsibilities of the Board for Compliance?
The board of directors is responsible for overseeing the management of the firm’s compliance risk. The board should approve the firm’s compliance policy,
including a formal document establishing a permanent and effective compliance function. At least once
a year, the board or a committee of the board should assess the extent to which the firm is managing its
compliance risk effectively.
What are the Responsibilities of Senior Management for Compliance?
• the effective management of compliance risk
• establishing and communicating a compliance policy, for ensuring that it is observed, and for
reporting to the board of directors on the management of the firm’s compliance risk at least once a year
What is BIS Principle 6?
‘The bank’s compliance function should have the resources to carry out its responsibilities effectively.’
What is the purpose of the Compliance Manual?
To formally document the standards to be followed by all employees in their personal conduct and in conducting business with customers and counterparties. It should be remembered that this manual is not a procedures manual but rather provides policy and guidance.
What must a Compliance Manual contain in regards to the Compliance Function?
• its role and responsibilities
• measures to ensure its independence
• its relationship with other risk management functions
• in cases where compliance responsibilities are carried out by staff in different departments, how
these responsibilities are to be allocated among the departments
• its right to obtain access to information necessary to carry out its responsibilities
• its right to conduct investigations of possible breaches of the compliance policy
• its right to be able to freely express and disclose its findings to senior management, and if necessary,
the board of directors or a committee of the board
• its formal reporting obligations to senior management
• its right of direct access to the board of directors or a committee of the board.
Which committees should a Compliance Function be present at?
A new products committee, operations
committee or risk management committee
What are two ways a Compliance Function can perform its Risk Stewardship duties?
- Proactively identifies, documents and assesses the compliance risks associated with the firm’s business activities
- The compliance function needs to monitor and test compliance by performing sufficient and
representative compliance testing.
What is the purpose of the Compliance Monitoring Programme?
To provide an independent review of the operational work performed by the firm, with a focus on two elements:
- to confirm whether operational tasks are being performed in line with operational procedures, and
- to confirm whether operational procedures continue to reflect current regulatory requirements.
What are the 3 stages to establishing a Compliance Programme?
Stage 1: Information Gathering on potential adverse events
Stage 2: Scoring each for Financial Impact, exposure and probability
Stage 3: Weighting - Other factors at the Compliance Officer’s discretion
What is the difference between Regulations, internal policies and procedures
Regulations are provided by governments and regulatory bodies to give clear minimum rules by which businesses can operate.
Internal policies and procedures reflect the firm’s interpretation of the regulations. Policies go further than regulations and, for example, set internal codes of conduct
Procedures provide the detailed guidance on the actions to be taken by management and staff.
Where a firm outsources a regulated activity, who is responsible for the compliance of those outsourced tasks?
The original firm
What requirements would a regulator typically have for an outsourced activity?
a regulator will expect the firm:
- to undertake appropriate due diligence of the service provider
- to retain sufficient expertise to undertake oversight of the outsource service provider,
• to have a written contract with the service provider together with a clear service level agreement
and establish key performance indicators
• to have agreed with the service provider plans for business continuity and disaster recovery,
What are the two ways regulators impose Capital Requirements?
The first is for the setting of a standard formula for calculating the minimum capital requirements.
The second approach is to permit firms to produce internal models based on detailed risk
management systems which meet appropriate tests and standards.
What is BiS Principle 5?
The compliance function should be independent
What does it mean for a Compliance Function to be independant?
- compliance should have a formal status within the firm
- there should be a group compliance officer or head of compliance
- their responsibilities within the firm should not lead to conflicts of interest
- they should have access to information and personnel.
What is the role of Compliance in training?
- Educating staff on compliance issues.
- Acting as a contact point for compliance queries from staff members.
- Providing written guidance to staff.
What are some methods of monioring individual’s compliance with regs, policies and procedures?
- Regular appraisal of performance by senior staff
- Quality checking and assurance processes
- Exception and error reports
- Testing on a periodic basis
- Self-certification by the individual
- Audit trails
What is the role of Compliance in business development?
- due diligence
- risk assessment
- scope of regulation
- highlighting material changes in the nature of existing relationships
- assessing and reporting potential reputational risks.
How should a firm deal with its regulator?
A firm must deal with its regulator in an open and cooperative way and must appropriately disclose to the regulator anything of which it would reasonably expect notice.
What is one of the key benefits of a strong relationship with Regulators?
One of the valuable aspects of a good relationship is the ability of the firm’s compliance function to seek
an opinion on issues that arise and discuss resolution or perhaps seek an opinion on a planned business
development
What would you expect to see on a Warrant for a dawn raid?
- the date on which it was issued
- the legal authority by which the warrant was issued
- the regulatory authority to whom the warrant was granted
- each set of premises to be searched
- the type of articles, materials, or persons sought.
What should teh firm first do when subject to a dawn raid?
The firm should check that the warrant is in order and ensure that the search team does not exceed the authority granted by the warrant.
Do Investigators need to wait for legal representatives?
Investigators may be willing to wait for legal representatives to arrive before they commence their
search but they are not obliged to do so.
