RBI: Role of Chief Compliance Officer (COO)–Discussion on compliance function in banks
Reserve Bank of India vides its communication dated September 11, 2020, informed that in order to have an effective compliance culture, independent corporate compliance function, and a strong compliance risk management program at the bank and group level, an independent compliance function is required to be headed by a designated Chief Compliance Officer (CCO) selected through a suitable process with an appropriate ‘fit and proper’ evaluation/selection criteria to manage compliance risk effectively.
The details of various functions of eligibility, age, qualification or the functioning of the compliance officer have been given in the following web:
https://taxguru.in/rbi/compliance-functions-banks-role-chief-compliance-officer-cco.html
The basic intention of this article will obviously convey the various information given by RBI about a chief compliance officer, a new senior-level appointment of complicated nature with enormous responsibility in the quicksands of banking frauds, increasing NPAs, and lack of talents at various levels of Indian banks at transformational levels, as the experts call them.
Let me give basic details of the chief compliance officer and will have a complete discussion on compliance function in banks which is absent in Indian banks today.
Eligibility criteria:
What about reporting requirements? Will he/she be allowed to function independently, the purpose for which the recruitment is being done?
I am not surprised that prior intimation will be sent to RBI about this recruitment. However, how is the reporting line up for this senior-level officer?
Reporting Line – The CCO shall have direct reporting lines to the MD & CEO and/or Board/Board Committee (ACB) of the bank. In case the CCO reports to the MD & CEO, the Audit Committee of the Board shall meet the CCO quarterly on a one-to-one basis, without the presence of the senior management including MD & CEO.
The CCO shall not have any reporting relationship with the business verticals of the bank and shall not be given any business targets. Further, the performance appraisal of the CCO shall be reviewed by the Board/ACB.
As per normal management policies, compliance function shall have the authority to communicate with any staff member and have access to all records or files that are necessary to enable him/her to carry out entrusted responsibilities in respect of compliance issues. This authority should flow from the compliance policy of the bank. This policy ensures that the officer will have free rein in discharging his function.
I do not meddle with the duties and responsibilities of the above officer than reproducing the same from the said communication.
The duties and responsibilities of the compliance function – These shall include at least the following activities:
i. To appraise the Board and senior management on regulations, rules, and standards, and any further developments.
ii. To provide clarification on any compliance-related issues.
iii. To conduct an assessment of the compliance risk (at least once a year) and to develop a risk-oriented activity plan for compliance assessment. The activity plan should be submitted to the ACB for approval and be made available to the internal audit.
iv. To report promptly to the Board / ACB / MD & CEO about any major changes/observations relating to the compliance risk.
v. To periodically report on compliance failures/breaches to the Board/ACB and circulating to the concerned functional heads.
vi. To monitor and periodically test compliance by performing sufficient and representative compliance testing. The results of the compliance testing should be placed to Board/ACB/MD & CEO.
vii. To examine the sustenance of compliance as an integral part of compliance testing and annual compliance assessment exercise.
viii. To ensure compliance of Supervisory observations made by RBI and/or any other directions in both letter and spirit in a time-bound and sustainable manner.
Let me add some more information before we indulge in serious discussions about the appointment of this senior officer and what has been the experience of the banking industry in the compliance function.
Internal Audit – The compliance function shall be subject to internal audit;
Dual Hatting – There shall not be any ‘dual hatting’ i.e. the CCO shall not be given any responsibility which brings elements of conflict of interest, especially the role relating to business. Roles which do not attract direct conflict of interest like the role of anti-money laundering officer etc. can be performed by the CCO in those banks where the principle of proportionality in terms of bank’s size, complexity, risk management strategy, and structures justify that;
The CCO shall not be a member of any committee which brings his/her role in the conflict with responsibility as a member of the committee, including any committee dealing with purchases/sanctions. In case the CCO is a member of a committee, he/she may have an only advisory role;
Typical core elements of the mandate of CCO must include the design and maintenance of compliance framework, training on the regulatory and conduct risks, and effective communication of compliance expectations, etc.;
The bank’s Board of Directors shall be overall responsible for overseeing the effective management of the bank’s compliance function and compliance risk. The MD & CEO shall ensure the presence of independent compliance function and adherence to the compliance policy of the bank.
Discussion on compliance in banks
RBI vide its communication dated April 20, 2007, introduced the concept of compliance function as part of the internal governance of a bank.
The Compliance Function has to ensure strict observance of all statutory provisions contained in various legislations such as the Banking Regulation Act, Reserve Bank of India Act, Foreign Exchange Management Act, Prevention of Money Laundering Act, etc. as well as to ensure observance of other regulatory guidelines issued from time to time; standards and codes prescribed by BCSBI, IBA, FEDAI, FIMMDA, etc.; and also each bank’s internal policies and fair practices code.
Compliance laws, rules, and standards generally cover matters such as observing proper standards of market conduct, managing conflicts of interest, treating customers fairly, and ensuring the suitability of customer advice.
They also include specific areas like the prevention of money laundering and terrorist financing and may extend to tax laws that are applicable to banking products or customer advice.
Is there a compliance risk also?
This has been defined by RBI in its communication issued in April 2005.
RBI defines Compliance risk as “the risk of legal or regulatory sanctions, material financial loss, or loss to reputation a bank may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organization standards, and codes of conduct applicable to its banking activities” (together, “compliance laws, rules, and standards”).
With the creation of a bigger bank as a panacea to all banking issues in India, the compliance function for the whole organization may require a relook. It is obvious that many banks before amalgamation failed to observe the general compliance function and failed to generate the required profits for the banks concerned.
Let us look at its practical utility and submission of reports to all its stakeholders.
Let me raise certain questions which will explain any one’s apprehension.
Conclusion
The following guidelines issued by RBI in 2007 never had any effect on big banks and huge frauds continue to pour in. However, let the individual banks evolve their own compliance risk, develop plans to mitigate them through their CCO or his/her department to be managed by professionals.
“The Chief Compliance Officer should be the nodal point of contact between the bank and the regulator. Regardless of how the compliance function is organized within a bank, it should be independent and sufficiently resourced, its responsibilities should be clearly specified and its activities should be subject to periodic and independent review.
Apart from the basic qualifications, the compliance staff should preferably have a fair knowledge of the law, accountancy, and information technology and also adequate practical experience in various business lines and audit/inspection functions to enable them to carry out their duties effectively. In order to keep the compliance staff up-to-date with developments in the areas of banking laws, rules and standards, regular and systematic education and training in new products and services introduced in the banking industry as well as in the areas of corporate governance, risk management, supervisory practices, etc. may be considered.”
Let RBI being the harbinger of good corporate governance policies, do supervise the introduction of these policies and emphatically inform us when these banks fail to follow these principles and details of action initiated against the top management or the Board?
Disclaimer: The views in this article belong to my vision of banks and neither do they represent taxguru.in nor RBI. Anyone can refer to the RBI web site for clear instructions on banking.