If the compliance function is combined with other control functions or if the former is also responsible for other tasks (for example, anti-money laundering activities), the entity should provide an adequate endowment of financial and technical resources.
Many companies turn to compliance outsourcing companies and there is no doubt that this turns out to be a beneficial step. However, companies that intend to outsource the compliance function in whole or in part remain fully responsible for the outsourced tasks.
This implies that the company that makes use of outsourcing “must always maintain the ability to control the outsourced tasks and manage” the related risks.
It reaffirms the obligation for companies to ensure that the compliance outsourcing company:
- Has the authority, resources, skills, and the possibility of access to all relevant information to be able to perform the outsourced tasks in the best possible way;
- Can perform the outsourced function on an ongoing basis.
Firms should also monitor whether the outsourcer is adequately fulfilling their duties. The responsibility for the supervision and monitoring of the outsourced activities is attributed to the top management, which should have adequate resources and skills.
In any case, the outsourcing of the compliance function should not:
- Jeopardize the quality and independence of the function itself;
- Generate additional operational risks;
- Compromise internal control activities; or the ability of the entity and the competent authority to monitor compliance with regulatory requirements.
It is also envisaged that the outsourcing, total or partial, of the tasks of the compliance function, is subjected to particularly careful monitoring and, in the event of termination of the agreement, the company should guarantee the continuity of the compliance function.
The compliance outsourcing companies:
- Adopt the controls and safeguards imposed by the law, verifying their timely compliance.
- Monitor that internal company procedures are respected, which is why it plays a central role in the internal control system.
- Contribute to the strengthening of company controls, placing itself on a complementary level concerning those already existing (risk management, internal audit).
- Implement supervision with additional protocols.
- Carry out consultancy activities at the request of the business, as a subject matter specialist.
- Carry out a verification activity in risk management, to prevent the violation of laws, regulations, codes of conduct, and ethics.
Working with an experienced and well-known compliance outsourcing company like CAC will make you free of these obligations as the team of CAC is familiar with all the important aspects of the compliance function.