There are different guidelines on some aspects of the requirements of the compliance control function. In this article, we’ll try to explain some of them so that you can understand this concept thoroughly and implement this function in your business strongly with the expertise of Compliance Outsourcing Companies.
Guideline no. 1: compliance risk assessment
The compliance control function is required to conduct a risk assessment to ensure exhaustive monitoring of compliance risks, based on which it must then develop a detection and control program “to determine its priorities and the focus of monitoring, consultancy and assistance activities”. For this, you should turn to Compliance Outsourcing Companies.
It is also required that in conducting the risk assessment, the compliance function considers all areas of activity and investment services (including ancillary ones), as well as the type of financial instruments produced and distributed, customer categories, channels distribution and the results of the verification activities carried out by other corporate control functions.
The identified risks should be reviewed periodically and, where necessary, also ad hoc to ensure that new types of risk are considered.
1.2. Guideline no. 2: monitoring obligations
The risk-based monitoring program should be aimed at assessing whether the company’s activities are carried out under the reference regulatory framework, as well as whether internal policies and procedures, organization, and control measures are effective and appropriate to ensure exhaustive monitoring of compliance risks.
To this end, it is specified that the compliance function carries out monitoring activities through on-site inspections, aggregate risk measurement, periodic reports, targeted surveillance of operations, interviews with employees, and a representative sample of customers.
The monitoring activities should also take into consideration the first level controls carried out by the operating units, the complaints received from customers and the results of the verification activities carried out by the other corporate control functions (risk management, internal audit, etc.).
1.3. Guideline no. 3: disclosure obligations
Compliance reporting reports, to be brought to the attention of management, should cover all business units dedicated to the provision and exercise of investment activities and services.
The compliance reports should contain, inter alia:
- General information on the adequacy and effectiveness of the policies and procedures designed to ensure compliance of the company and its staff with regulatory obligations as well as a summary of the structure of the function of compliance;
- Information on how to monitor and review the obligations imposed by regulatory authorities, a summary of on-site inspection, and a summary of the monitoring activities planned for the next review;
- A summary of the main findings resulting from the review of policies and procedures, violations and deficiencies in the organization and the compliance process of the company, and the number of complaints received from customers;
- A summary of the measures adopted to address any significant risks of non-compliance with the regulatory precepts, the measures adopted and in the process of being adopted to ensure compliance with the amended applicable requirements as well as the responses to complaints received and any payments made based on complaints.
The function compliance should also look at what just about every aspect concerning monitoring of the governance of the products and, systematically, information on financial instruments produced or distributed, including those on the distribution strategy to assess whether the devices the governance of the products work properly.
You may find all this exhausting, but it is important to implement compliance functions in your company correctly, to do this, it is best to contact Compliance Outsourcing Companies.