The Reserve Bank of India (RBI) on Friday issued revised rules for the appointment and function of Chief Compliance Officer at banks. In a release, the central bank said, banks are required to have an effective compliance culture, independent corporate compliance function and a strong compliance risk management programme at bank and group level.

As part of robust compliance system, banks are required, inter-alia, to have an effective compliance culture, independent corporate compliance function and a strong compliance risk management programme at bank and group level. Such an independent compliance function is required to be headed by a designated Chief Compliance Officer (CCO) selected through a suitable process with an appropriate ‘fit and proper’ evaluation/selection criteria to manage compliance risk effectively.

Some of the important points spelled out on the circular are:

2.1 Policy – A bank shall lay down a Board-approved compliance policy clearly spelling out its compliance philosophy, expectations on compliance culture covering Tone from the Top, Accountability, Incentive Structure and Effective Communication & Challenges thereof, structure and role of the compliance function, role of CCO, processes for identifying, assessing, monitoring, managing and reporting on compliance risk throughout the bank. This shall, inter-alia, adequately reflect the size, complexity and compliance risk profile of the bank, expectations on ensuring compliance to all applicable statutory provisions, rules and regulations, various codes of conducts (including the voluntary ones) and the bank’s own internal rules, policies and procedures, and creating a disincentive structure for compliance breaches.

2.2 Tenor for appointment of CCO – The CCO shall be appointed for a minimum fixed tenure of not less than 3 years. The Audit Committee of the Board (ACB) / Managing Director (MD) & CEO should factor this requirement while appointing CCO;

2.3 Transfer / Removal of CCO – The CCO may be transferred / removed before completion of the tenure only in exceptional circumstances with the explicit prior approval of the Board after following a well-defined and transparent internal administrative procedure;

2.4 Eligibility Criteria for appointment as CCO – Rank – The CCO shall be a senior executive of the bank, preferably in the rank of a General Manager or an equivalent position (not below two levels from the CEO). The CCO could also be recruited from market; Age – Not more than 55 years;

  • Experience – The CCO shall have an overall experience of at least 15 years in the banking or financial services, out of which minimum 5 years shall be in the Audit / Finance / Compliance / Legal / Risk Management functions;
  • Skills – The CCO shall have good understanding of industry and risk management, knowledge of regulations, legal framework and sensitivity to supervisors’ expectations;
  • Stature – The CCO shall have the ability to independently exercise judgement. He should have the freedom and sufficient authority to interact with regulators/supervisors directly and ensure compliance;
  • Others – No vigilance case or adverse observation from RBI, shall be pending against the candidate identified for appointment as the CCO.

2.5 Selection Process – Selection of the candidate for the post of the CCO shall be done on the basis of a well-defined selection process and recommendations made by the senior executive level selection committee constituted by the Board for the purpose. The selection committee shall recommend the names of candidates suitable for the post of the CCO as per the rank in order of merit and Board shall take final decision in the appointment of CCO;

2.6 Reporting Requirements – A prior intimation to the Department of Supervision, Reserve Bank of India, Central Office, Mumbai, shall be provided before appointment, premature transfer/removal of the CCO. Such information should be supported by a detailed profile of the candidate along with the fit and proper certification by the MD & CEO of the bank, confirming that the person meets the above supervisory requirements, and detailed rationale for changes, if any;

2.7 Reporting Line – The CCO shall have direct reporting lines to the MD & CEO and/or Board/Board Committee (ACB) of the bank. In case the CCO reports to the MD & CEO, the Audit Committee of the Board shall meet the CCO quarterly on one-to-one basis, without the presence of the senior management including MD & CEO. The CCO shall not have any reporting relationship with the business verticals of the bank and shall not be given any business targets. Further, the performance appraisal of the CCO shall be reviewed by the Board/ACB;

2.8 Authority – The CCO and compliance function shall have the authority to communicate with any staff member and have access to all records or files that are necessary to enable him/her to carry out entrusted responsibilities in respect of compliance issues. This authority should flow from the compliance policy of the bank;

2.9 The duties and responsibilities of the compliance function – These shall include at least the following activities: To apprise the Board and senior management on regulations, rules and standards and any further developments. To provide clarification on any compliance related issues.

  • To conduct assessment of the compliance risk (at least once a year) and to develop a risk-oriented activity plan for compliance assessment. The activity plan should be submitted to the ACB for approval and be made available to the internal audit.
  • To report promptly to the Board / ACB / MD & CEO about any major changes / observations relating to the compliance risk.
  • To periodically report on compliance failures/breaches to the Board/ACB and circulating to the concerned functional heads.
  • To monitor and periodically test compliance by performing sufficient and representative compliance testing. The results of the compliance testing should be placed to Board/ACB/MD & CEO.
  • To examine sustenance of compliance as an integral part of compliance testing and annual compliance assessment exercise.
  • To ensure compliance of Supervisory observations made by RBI and/or any other directions in both letter and spirit in a time bound and sustainable manner.

2.11 Dual Hatting – There shall not be any ‘dual hatting’ i.e. the CCO shall not be given any responsibility which brings elements of conflict of interest, especially the role relating to business. Roles which do not attract direct conflict of interest like role of anti-money laundering officer, etc. can be performed by the CCO in those banks where principle of proportionality in terms of bank’s size, complexity, risk management strategy and structures justify that;

2.12 The CCO shall not be member of any committee which brings his/her role in conflict with responsibility as member of the committee, including any committee dealing with purchases / sanctions. In case the CCO is member of a committee, he/she may have only advisory role;

2.13 Typical core elements of the mandate of CCO must include the design and maintenance of compliance framework, training on the regulatory and conduct risks, and effective communication of compliance expectations, etc.;

Follow on Google News