Chapter 2 - Compliance Function

Question 1

What are the 2 core responsibilities of a Compliance Function?

Answer 1

1. to regularly assess and monitor the adequacy and effectiveness of the measures and procedures put
   in place and the actions taken to address any deficiencies in the firm’s compliance with its obligations
2. to advise and assist the relevant persons responsible for carrying out regulated activities to comply with the firm’s obligations under the regulatory system.

Question 2

What are the Responsibilities of the Board for Compliance?

Answer 2

The board of directors is responsible for overseeing the management of the firm’s compliance risk. The board should approve the firm’s compliance policy,
including a formal document establishing a permanent and effective compliance function. At least once
a year, the board or a committee of the board should assess the extent to which the firm is managing its
compliance risk effectively.

Question 3

What are the Responsibilities of Senior Management for Compliance?

Answer 3

• the effective management of compliance risk
• establishing and communicating a compliance policy, for ensuring that it is observed, and for
reporting to the board of directors on the management of the firm’s compliance risk at least once a year

Question 4

What is BIS Principle 6?

Answer 4

‘The bank’s compliance function should have the resources to carry out its responsibilities effectively.’

Question 5

What is the purpose of the Compliance Manual?

Answer 5

To formally document the standards to be followed by all employees in their personal conduct and in conducting business with customers and counterparties. It should be remembered that this manual is not a procedures manual but rather provides policy and guidance.

Question 6

What must a Compliance Manual contain in regards to the Compliance Function?

Answer 6

• its role and responsibilities
• measures to ensure its independence
• its relationship with other risk management functions
• in cases where compliance responsibilities are carried out by staff in different departments, how
these responsibilities are to be allocated among the departments
• its right to obtain access to information necessary to carry out its responsibilities
• its right to conduct investigations of possible breaches of the compliance policy
• its right to be able to freely express and disclose its findings to senior management, and if necessary,
the board of directors or a committee of the board
• its formal reporting obligations to senior management
• its right of direct access to the board of directors or a committee of the board.

Question 7

Which committees should a Compliance Function be present at?

Answer 7

A new products committee, operations

committee or risk management committee

Question 8

What are two ways a Compliance Function can perform its Risk Stewardship duties?

Answer 8

• Proactively identifies, documents and assesses the compliance risks associated with the firm’s business activities
• The compliance function needs to monitor and test compliance by performing sufficient and
  representative compliance testing.

Question 9

What is the purpose of the Compliance Monitoring Programme?

Answer 9

To provide an independent review of the operational work performed by the firm, with a focus on two elements:

1. to confirm whether operational tasks are being performed in line with operational procedures, and
2. to confirm whether operational procedures continue to reflect current regulatory requirements.

Question 10

What are the 3 stages to establishing a Compliance Programme?

Answer 10

Stage 1: Information Gathering on potential adverse events

Stage 2: Scoring each for Financial Impact, exposure and probability

Stage 3: Weighting - Other factors at the Compliance Officer’s discretion

Question 11

What is the difference between Regulations, internal policies and procedures

Answer 11

Regulations are provided by governments and regulatory bodies to give clear minimum rules by which businesses can operate.

Internal policies and procedures reflect the firm’s interpretation of the regulations. Policies go further than regulations and, for example, set internal codes of conduct

Procedures provide the detailed guidance on the actions to be taken by management and staff.

Question 12

Where a firm outsources a regulated activity, who is responsible for the compliance of those outsourced tasks?

Answer 12

The original firm

Question 13

What requirements would a regulator typically have for an outsourced activity?

Answer 13

a regulator will expect the firm:

• to undertake appropriate due diligence of the service provider
• to retain sufficient expertise to undertake oversight of the outsource service provider,

• to have a written contract with the service provider together with a clear service level agreement
and establish key performance indicators

• to have agreed with the service provider plans for business continuity and disaster recovery,

Question 14

What are the two ways regulators impose Capital Requirements?

Answer 14

The first is for the setting of a standard formula for calculating the minimum capital requirements.

The second approach is to permit firms to produce internal models based on detailed risk
management systems which meet appropriate tests and standards.

Question 15

What is BiS Principle 5?

Answer 15

The compliance function should be independent

Question 16

What does it mean for a Compliance Function to be independant?

Answer 16

• compliance should have a formal status within the firm
• there should be a group compliance officer or head of compliance
• their responsibilities within the firm should not lead to conflicts of interest
• they should have access to information and personnel.

Question 17

What is the role of Compliance in training?

Answer 17

1. Educating staff on compliance issues.
2. Acting as a contact point for compliance queries from staff members.
3. Providing written guidance to staff.

Question 18

What are some methods of monioring individual’s compliance with regs, policies and procedures?

Answer 18

• Regular appraisal of performance by senior staff
• Quality checking and assurance processes
• Exception and error reports
• Testing on a periodic basis
• Self-certification by the individual
• Audit trails

Question 19

What is the role of Compliance in business development?

Answer 19

• due diligence
• risk assessment
• scope of regulation
• highlighting material changes in the nature of existing relationships
• assessing and reporting potential reputational risks.

Question 20

How should a firm deal with its regulator?

Answer 20

A firm must deal with its regulator in an open and cooperative way and must appropriately disclose to the regulator anything of which it would reasonably expect notice.

Question 21

What is one of the key benefits of a strong relationship with Regulators?

Answer 21

One of the valuable aspects of a good relationship is the ability of the firm’s compliance function to seek
an opinion on issues that arise and discuss resolution or perhaps seek an opinion on a planned business
development

Question 22

What would you expect to see on a Warrant for a dawn raid?

Answer 22

• the date on which it was issued
• the legal authority by which the warrant was issued
• the regulatory authority to whom the warrant was granted
• each set of premises to be searched
• the type of articles, materials, or persons sought.

Question 23

What should teh firm first do when subject to a dawn raid?

Answer 23

The firm should check that the warrant is in order and ensure that the search team does not exceed the authority granted by the warrant.

Question 24

Do Investigators need to wait for legal representatives?

Answer 24

Investigators may be willing to wait for legal representatives to arrive before they commence their
search but they are not obliged to do so.

Question 25

What documents can be withheld from a Dawn Raid?

Answer 25

Legally privileged documents and those that may lead to self-incrimination do not need to be provided.
Legal advice should be sought to ensure there are reasonable grounds to believe that privilege exists.

Question 26

What is a prudent way to store ifnromation in advance of Dawn Raids?

Answer 26

Consideration should also be given as to how information is stored and whether legal advice and
communications should be filed separately. This is advisable in any event and in the event of a raid it
will avoid the inadvertent disclosure of privileged information. In addition, firms are advised to consider
lodging copies of sensitive information with their lawyers. If asked for copies, the firm can advise the
investigators that they are in safekeeping and that the solicitors will undertake to hold them pursuant
to a court order.

Question 27

Can you inform other staff of a raid?

Answer 27

Do not tip off people who may not be present that there is a raid, particularly if you believe that they
may also be involved and advise other employees of the same risk. Ask investigators before you
notify other offices or directors.

Question 28

What to do for a minor breach?

Answer 28

Minor regulatory breaches need to be recorded in a breaches log and a record needs to be kept of
the resolution of the breach or other action taken. Any client impacted by the breach should be notified and provided with an explanation of any action taken.

Question 29

What to do with a notifiable breach?

Answer 29

If the breach is a notifiable breach, ie, of a type the regulations state is reportable to the regulator, then
a report should be made (normally within 24 hours of identification).

Question 30

What are the five key aspects of Compliance in new business?

Answer 30

Due Diligence
Risk Assessment
Scope of Regulation 
Highlight material changes in existing relationships
Assess and Report Reputational Risk

Question 31

For a Management Conpliance Report, what should be included in the “significant” section?

Answer 31

Subject Areas considered and reviewed

Executive Summary

Report Findings and Recomendations

Question 32

What can a regulator obtain in a dawn raid?

Answer 32

Copies of relevant information

With a Search & Seizure order, they can take hard drives and original documents also

Question 33

How should compliance reports be prepared?

Answer 33

No prescribed format

Question 34

When would a UK firm apply for “Variation of Permission”?

Answer 34

When planning on moving into a new area of business, or for a change in existing business

Question 35

What documents would a Compliance Officer expect to have access to?

Answer 35

Any and all documents without exception (including personal ones)

Question 36

What type of information can be withheld when providing information to a regulator?

Answer 36

Legally privileged documents and those that may lead to self-incrimination

Question 37

What are the 3 categories of information that a Compliance Officer should have access to?

Answer 37

Basic
Periodic
Non-Essential

Question 38

What are common methods used to monitor compliance?

Answer 38

• interviewing relevant staff, management and directors
• observing the processes in action and seeing evidence of the controls being operated
• testing statistically-based samples of transactions, either in situ or by desk-based review.
• reviews of previous reports, audit reports and other key management information such as key
performance indicators, breach and complaint trends
• reviewing specific system-produced transaction reports for the compliance function.

Question 39

What are the major fines given by the FCA for transaction reporting failures?

Answer 39

RBS was fined £5.6 million in 2013, and Deutsche Bank was fined £4.7 million the following year. In 2015,
Merrill Lynch was fined £13.3 million for transaction reporting failures over a seven-year period