Compliance functions in Banks and Role of Chief Compliance Officer (CCO)
RBI signifying Role of Chief Compliance Officer (CCO) and Compliance functions in Banks vide. a Circular dated 11th September, 2020.
This is in continuation with “Guidelines on Compliance functions” vide our Circulars DBS.CO.PP.BC.6/11.01.005/2006-07 dated April 20, 2007 and DBS.CO.PPD.10946/11.01.005/2014-15 dated March 04, 2015 :
Key Highlights are :
1. Banks should have an Independent Compliance Culture so as to be effective. Thus, a strong Compliance Risk Management Programme should be built at the Bank and Group level.
2. An Independent Compliance function is required to be headed by a designated Chief Compliance Officer (CCO) selected through a suitable process with ‘fit and proper’ evaluation, so that he/she can manage compliance risk effectively.
3. “Banks follow diverse practices” and following Guidelines shall bring uniformity in approach followed by all the Banks at the same level and align supervisory expectations on CCOs :
4. Policy – Board approved Compliance Policy clearly spelling out its compliance philosophy, expectations on compliance culture covering tone from the Top, Accountability, Incentive Structure and Effective Communication and Challenges, Structure and Role of the compliance function, role of CCO, processes for identifying, assessing, monitoring, managing and reporting on Compliance Risk throughout Bank.
This shall reflect size, complexity and compliance risk profile of the Bank, expectations on ensuring compliance to all applicable statutory provisions, rules and regulations, various codes of conduct (including the voluntary ones) and Bank’s own internal rules, policies and procedures, and creating a disincentive structure for compliance breaches. Bank shall also develop and maintain a quality assurance and improvement program covering all aspects of the compliance function. The quality assurance and improvement program shall be subject to Independent external review periodically (at least once in three years). The policy should lay special thrust on building up compliance culture; vetting of the quality of supervisory/ regulatory compliance reports to RBI by the top executives, non-executive Chairman/ Chairman and ACB of Bank, as the case may be. The policy shall be reviewed at least once a year;
5. Tenor for appointment of CCO – shall be for a minimum 3 years fixed. The Audit Committee of the Board, Managing Director & CEO should factor this requirement while appointing CCO;
6. Transfer/ Removal of CCO – CCO may be transferred OR removed before completion of the tenure only in exceptional circumstances, with the explicit prior approval of the Board after following a well-defined and transparent internal administrative procedure;
7. Eligibility Criteria for appointment as CCO –
8.Rank – CCO shall be a senior executive of the bank, preferably a General Manager or an equivalent position (not below two levels from the CEO). The CCO could also be recruited from market;
9. Age – Not more than 55 years;
10.Experience – Atleast 15 years in the banking or financial services, out of which minimum 5 years shall be in Audit/ Finance/ Compliance/ Legal/ Risk Management functions;
11. Skills – CCO shall have good understanding of industry, risk management, legal regulations & framework and sensitivity to supervisors’ expectations;
12. Stature – CCO shall have the ability to independently exercise judgement, have the freedom and sufficient authority to interact with regulators or supervisors directly and ensure compliance;
13. Others – No vigilance case or adverse observation from RBI, shall be pending against the candidate identified for appointment as CCO.
14. Selection Process – Selection of the candidate, shall be done on the basis of well-defined selection process and recommendations made by the senior executive level selection committee, constituted by the Board for the purpose. The selection committee shall recommend the names of candidates suitable for the post of the CCO as per the rank in order of merit and Board shall take final decision in the appointment of CCO;
15. Reporting Requirements – A prior intimation to the Department of Supervision, Reserve Bank of India, Central Office, Mumbai, shall be provided before appointment, premature transfer/removal of the CCO. Such information should be supported by a detailed profile of the candidate along with the fit and proper certification by the MD & CEO of the bank, confirming that the person meets the above supervisory requirements, and detailed rationale for changes, if any;
16. Reporting Line – The CCO shall have direct reporting lines to the MD & CEO and/or Board/Board Committee (ACB) of the Bank. In case, CCO reports to the MD & CEO, the Audit Committee of the Board shall meet the CCO quarterly on one-to-one basis, without the presence of the senior management including MD & CEO. The CCO shall not have any reporting relationship with the business verticals of the bank and shall not be given any business targets. Further, the performance appraisal of the CCO shall be reviewed by the Board/ACB;
17. Authority – The CCO and compliance function shall have the authority to communicate with any staff member and have access to all records or files that are necessary to enable him/her to carry out entrusted responsibilities in respect of compliance issues. This authority should flow from the compliance policy of the Bank;
18. Duties and responsibilities of the compliance function – These shall include at least the following activities:
- To apprise the Board and senior management on regulations, rules and standards and any further developments.
- To provide clarification on any compliance related issues.
- To conduct assessment of the compliance risk (at least once a year) and to develop a risk-oriented activity plan for compliance assessment. The activity plan should be submitted to the ACB for approval and be made available to the internal audit.
- To report promptly to the Board/ ACB/ MD & CEO about any major changes / observations relating to the compliance risk.
- To periodically report on compliance failures/ breaches to the Board/ACB and circulating to the concerned functional heads.
- To monitor and periodically test compliance by performing sufficient and representative compliance testing. The results of the compliance testing should be placed to Board/ACB/MD & CEO.
- To examine sustenance of compliance as an integral part of compliance testing and annual compliance assessment exercise.
- To ensure compliance of Supervisory Observations made by RBI and/or any other directions in both letter and spirit in a time bound and sustainable manner.
19. Internal Audit – The compliance function shall be subject to Internal Audit;
20. Dual Hatting – There shall not be any ‘dual hatting’ i.e. the CCO shall not be given any responsibility which brings elements of conflict of interest, especially the role relating to business. Roles which do not attract direct conflict of interest like role of anti-money laundering officer, etc. can be performed by the CCO in those banks where principle of proportionality in terms of bank’s size, complexity, risk management strategy and structures justify that;
21. The CCO shall not be member of any Committee which brings his/ her role in conflict with responsibility as member of the committee, including any committee dealing with purchases / sanctions. In case the CCO is member of a Committee, he/she may have only advisory role;
22. Typical core elements of the mandate of CCO must include the design and maintenance of compliance framework, training on the regulatory and conduct risks, and effective communication of compliance expectations, etc.;
23. The Bank’s Board of Directors shall be overall responsible for overseeing the effective management of the bank’s compliance function and compliance risk. The MD & CEO shall ensure the presence of independent compliance function and adherence to the compliance policy of the bank.
24. The instructions contained in the circular would come into effect immediately from the date of this circular and any new appointment shall be governed by the instructions contained herein. In respect of banks already having a CCO, they may follow the indicated processes for selection of CCO within a period of six months and are free to reappoint the current incumbent as the CCO if she/he meets all the requirements.
25. This Circular supplements the guidelines issued by Reserve Bank of India on April 20, 2007 and March 04, 2015 and for any common areas of guidance, the prescription of this circular shall be followed.