Maco presentation demystifying compliance and survey results

Demystifying Regulatory ComplianceDavid Galea SouchetVice president MACO

Summary Report Survey: The Role and the Challenges of the Compliance – Sample Size 32

Area of Employment

Other: 9.38%

Insurance: 25.00%

Other Financial Services: 18.75%

Banking: 12.50%

Insurance 25.00% 8

Investments 34.38% 11

Banking 12.50% 4

Other Financial Services 18.75% 6

Other (Please Specify) 9.38% 3

Total Responses 32

Skipped 0

Investments: 34.38%

Summary Report Survey: The Role and the Challenges of the Compliance

The Compliance Officer must define and understand the DNA of the company.

Summary Report Survey: The Role and the Challenges of the ComplianceCompliance, is the combination of all processes which enable a company to ensure respect for the values and ethics as installed by management.


The Compliance function is a key function that should identify all areas ofbusiness activity of the licenced entity that are susceptible to compliance riskand implement the necessary controls to ensure that the undertaking complieswith the applicable laws and regulatory requirements.

Strongly Agree

78.12% 25

Agree 21.88% 7

Disagree 0.00% 0

StronglyDisagree

0.00% 0

TotalResponses

32

Skipped 0


The Compliance function is a key function that should identify all areas ofbusiness activity of the licenced entity that are susceptible to compliance riskand implement the necessary controls to ensure that the undertaking complieswith the applicable laws and regulatory requirements.

Strongly Agree

78.12% 25

Agree 21.88% 7

Disagree 0.00% 0

StronglyDisagree

0.00% 0

TotalResponses

32

Skipped 0


Scale the importance of the following for the compliance function: 1lowest10 highest proper

monitoring of alldistributionchannels andthird partyservice providersused by theundertaking

reporting andpublic disclosurerequirements

compliance withgeneral goodprovisionsimposed by hostjurisdictionswhen anpassporting.


Compliance should develop a compliance plan that details the work to be undertaken during the forthcoming business year and ensuring that all areas of business activity that are susceptible to compliance risk are addressed.


Scale the importance of the following for the compliance function: 1lowest10 highest

Procedures Cont. Training Must be reported up services and Markets In plans and Regulations


Compliance should be a profession based on objective criteria not just a function authorised by the MFSA through the company one works in.

StronglyAgree

56.25% 18

Agree 34.38% 11

Disagree 9.38% 3

StronglyDisagree

0.00% 0

TotalResponses

32

Skipped 0


The authorisation should be based on more Objective criteria such as:• A list of Approved Qualifications (which should not be exhaustive)• Fixed years of Experience (eg. 2 – Years – Junior, 4 Years Senior)

Agree 46.88%

Strongly Agree 31.25% 10

Agree 46.88% 15

Disagree 9.38% 3

Strongly Disagree 0.00% 0

Other (Please Specify) 12.50% 4

TotalResponses

32

Skipped 0

Comments

• It is important to develop an open dialogue with financial supervisors, above all when difficulties in implementation arise.

• processing time on applications could be better• More training courses relating to compliance to enhance our day to day knowledge and

awareness• Compliance should not be seen as a simple tick box function to satisfy regulatory requirements,

but an important function which its main aim is to preserve• the company's reputation.• Attendance to board meetings needed• Good communication skills.• It is becoming increasingly difficult for new individuals to become eligible to act as Compliance

Officers. Hence, objective criteria would provide more clarity for new licence holders to find a suitable compliance officer and for existing licence holders to replace a departing compliance officer.

• The MFSA should perform a face to face interview with any prospective compliance officer especially given the fact that licensed institutions are being so much relied up on these days.

• Compliance should form part of the executive management team as it plays an important role in the whole set up of the business. It should not be considered only as a source of approval for business initiatives but more ingrained in the setting up of such initiatives from inception.

Comments

• Education should not only be the prerequisite but experience should be considered more important and business focussed.

• The scope of compliance should not be limited only to the regulatory requirements but should encompass other aspects that could be not captured via regulations.

• Many a times the work is carried out by a team and not one single individual. The MFSA should consider this and not ask about the time of an individual acting as the main compliance officer.

• having too rigid objective criteria might be counterproductive, and there should always be an element of flexibility depending on the size of the licensed entity, any other relevant experience by the proposed CO.

• Compliance are double-hating business operational roles which may be conflicting. This should be monitored and enforced by the Regulator to avoid possible conflicts.

What is Regulatory Compliance?

Compliance Department

Compliance Culture

Compliance Officer

Compliance Function

Compliance Risk

Definition of Compliance riskThe risk of legal or regulatory sanctions, material financial loss, or loss to reputation a bank may suffer as a result of its failure to comply with laws, regulation, rules, related self-regulatory organisation standards, and codes of conduct applicable to its banking activities*

*Basel Committee on Banking Supervision

Who is responsible for Compliance?

• Is the compliance officer/department responsible for compliance?

• Not exactly – but clearly the compliance function has a very important role to play

• Senior management is responsible for compliance• The overarching role of compliance is to identify,

manage and mitigate compliance risk

Responsible Senior Management or Compliance?

Compliance Officer

Detailed role in day to day compliance such as compliance monitoringLiaising with MFSA on an ongoing basisProviding regulatory advice and guidanceProviding trainingReporting to senior management and the Board on compliance matters

Senior Management

• Ensuring that the company has the right compliance culture which is embedded in its corporate infrastructure

• No or little hands on involvement in dealing with compliance matters

• Assessing the work of the compliance function

• Receiving reports from the compliance officer

How do we identify compliance risk?

• Understanding the business and mapping and documenting the compliance universe

• Understand how your firm is positioned, such as: Operating entities with the group; Business units within the firm; Stakeholders such as service providers; Regulatory environment –

regulators/legislation/regulations etc Products and services

Rules mappingDetermine and document: • the requirements your firm needs to comply with now

(to be included in compliance manual and policies and procedures)

• How planned changes in your firm’s activities will be affected by current regulations (for example a change in services/products)

• How planned changes in regulations will impact your firm

Typical role and responsibilities of a compliance officer

• Creating and maintaining a thorough understanding of the company

• Maintaining complete and up to date compliance files • Compliance and rules mapping• Creating and maintaining a compliance manual, regulatory

policies and procedures• Providing compliance advice and training• Identify and assess compliance risk throughout the firm –

Assess impact and probability• Carrying out monitoring of controls that are in place to mitigate

compliance risk• Preparing and implementing an annual compliance plan

Typical role and responsibilities of a compliance officer - continued

• Suggesting corrective actions to be taken in relation to weaknesses identified and following up on corrective action

• Dealing with rule breaches and complaints from clients and maintain up to date registers

• Reporting to senior management and the board of directors on compliance matters

• Approving marketing communications• Keeping an open communication with MFSA and drafting

letters and following up with the regulator• Participating in supervisory visits by the MFSA

Compliance operational arrangements

• Compliance must be independent from the other business units/teams especially those in core functions such as investment services

• Compliance function should be permanent• Appropriate staffing arrangements: adequate

capacity, qualifications and experience• Adequate resources including IT and space

What makes a good compliance officer?

• Confident – able to be firm and a person with authority

• Able to communicate effectively with the business at al levels

• Good knowledge of the business• Analytical• Eye for detail and be sceptical when required• Able to say No even when under pressure to

say Yes

What makes a good compliance officer? - continued

• Good reporting skills – compliance matters can be put forward in a way that is easy to understand

• Able to make a decision promptly/be responsive

• Up to date with rules and regulations• Gravitas and patience – compliance can take a

while to sink in

Benefits of good compliance

• Governance – enhanced internal control and process efficiency, better accountability, improved reporting

• Clients – customers get a fair deal. An improved client service through loyalty and trust means potentially increased business

• Financial – less likely to lose money through compensation to customers and less and lower fines

• Reputation – clients, regulator, media

Thank you!