Compliance functions in banks and Role of Chief Compliance Officer

Ashish M. Shaji

10 Sep, 2022

Recently the Reserve bank of India released a notice on Compliance functions in Banks and the role of Chief Compliance Officer (CCO).

 As per the compliance system, banks should have an effective compliance culture, independent corporate compliance function, and a strong compliance risk management program at the bank and group level. Such an independent compliance function must be headed by a designated CCO.

Why did the Reserve Bank come out with new norms for Chief compliance officer?

The Reserve Bank, in a bid to crackdown on the rising number of scams and frauds in the banking sector, has set new norms for the appointment of CCO. The guidelines have been issued with a view to bring uniformity in the approach followed by banks as also to align supervisory expectation on CCOs with best practices.

These guidelines cover policy (which has to be reviewed at least once a year), tenor, and appointment of CCO, reporting requirements, duties, and responsibilities of the compliance function, among others.

What are the compliance function and compliance risk?

The compliance function is to help bank in managing its compliance risk. Compliance risk can be defined as the risk of legal or regulatory sanctions, financial loss, or loss to prominence a bank may suffer on account of its failure to fulfill all applicable laws, regulations, code of conduct, and standards of good practice.

Compliance risk is sometimes introduced to as integrity risk as the prominence of a bank is connected with its adherence to principles of integrity and fair dealing. The supervisors of banks should be satisfied that effective compliance policies and procedures are followed, and that management takes appropriate corrective action in case where the breach of law, rules, and standards are identified.

What are the duties and responsibilities of the compliance function?

These will include at least the following activities:

• To apprise the board as well as senior management on regulations, rules and standards, and any other further developments.
• To provide clarification on any compliance issues.
• To conduct the assessment of the compliance risk, which should be at least once a year, and develop a risk-oriented activity plan for compliance assessment. The activity plan has to be submitted to the Audit Committee of the Board for approval, and it should be made available to the internal audit.
• To report promptly to the Board / Audit Committee of the Board/ Managing Director and CEO about any major changes or observations related to the compliance risk.
• To report periodically on the compliance failures or breaches to the board/ Audit Committee of the Board and circulating to the concerned functional heads.
• To monitor and periodically test compliance by conducting sufficient and representative compliance testing. The results of the compliance testing must be placed on the Board/ Audit Committee of the Board/ Managing Director and CEO.
• To examine the sustenance of the compliance as an integral part of the compliance testing and annual compliance assessment exercise.
• To ensure the compliance of supervisory observations made by RBI and or any other directions in both letter and spirit in a time-bound manner and sustainable manner.

Who is a Chief Compliance Officer (CCO)?

A CCO is a corporate official who is in-charge of overseeing and managing compliance issues within the bank, like if a bank is complying with the regulatory requirements and that the company and its employees are complying with the internal policies and procedures.

What is the need for Chief Compliance Officer?

Banks must have an effective compliance culture, independent corporate compliance function, and an effective compliance risk management programme at the bank and group level. For this, an independent compliance function should be headed by a designated CCO selected through a suitable process.

What is the role of a Chief Compliance Officer (CCO)?

The role of the CCO includes the following:

• The bank compliance officers are accountable for conducting audits and inspections to ensure that a bank follows the set internal and external laws.
• These officers are responsible for entails monitoring and analyzing areas of risk in the operation of the bank to ensure observance of the state and federal laws.
• The bank compliance officers assess policies or procedures and make sure that they are in line with all regulations on mortgage and customer deposits.
• They research established banking laws to make sure the non-violation of federal laws.
• They also implement and adjust to the new regulations passed by the state or by the federal government bodies.
• As part of their work description, CCO gives compliance advice to the risk management unit of an organization.
• They co-operate with the chief operating officer of the bank to ensure proper implementation of the compliance policies.
• They also carry out research in order to stay updated on public interest and consumer protection laws.
• The role of these officers in banks involves taking care of the training of newly recruited personnel and bank staff.
• They do audits to identify areas of non-compliance and initiate solutions to address identified risks.
• They plan and execute compliance programs to educate the staff of bank on new regulations.

 What are the eligibility criteria for the appointment as Chief Compliance Officer?

The following criteria should be fulfilled for appointment as a CCO:

• The CCO will be a senior executive of the bank, preferably in the rank of a general manager or an equivalent position and the CCO should be recruited from the market;
• The candidate identified for appointment as the CCO should not be more than 55 years of age;
• The CCO is required to have an overall experience of minimum 15 years in banking or financial services, and of which minimum 5 years will be in the Audit/Finance/ Compliance/ Legal/ Risk Management functions;
• The CCO is required to have a good understanding of industry and risk management, knowledge of regulations, legal framework, and sensitivity to expectations of supervisors; and
• There should not be any vigilance case or adverse observation from the Reserve Bank of India^[1] pending against the candidate identified for the appointment as CCO.

What is the tenor of appointment of Chief Compliance Officer, and when they can be transferred or removed?

The CCO is appointed for a minimum fixed tenor of not less than three years. The Audit Committee of the Board/ Managing Director and CEO are required to factor this requirement while appointing a CCO.

It may be noted that the Chief Compliance Officer may be transferred or removed before completion of the tenure only in exceptional circumstance with the explicit prior approval from the board after following a well defined and transparent internal administrative procedure.

What does the Reserve Bank state regarding “Dual Hatting”?

The RBI has notified that there should not be any dual hatting that means the CCO shall not be given a responsibility, which brings in elements of conflict of interest, especially the role relating to business. Roles that don’t attract direct conflict of interest, such as the role of anti-money laundering officer, etc. can be performed by the CCO in those banks where the principle of proportionality in terms of bank size, complexity, risk management strategy, and structures justify that.

Conclusion