March 04, 2015
The Chairman / CEO
All Scheduled Commercial Banks
Dear Sir / Madam,
Compliance function in banks
Please refer to our circular DBS.CO.PP.BC.6/11.01.005/2006-07 dated April 20, 2007 on compliance function in banks. It has been observed that certain supervisory concerns continue to recur, necessitating the need for tighter compliance regimes in banks in accordance with the above circular. Further, with the advent of Risk Based Supervision approach, some additional aspects are required to be overseen more incisively. Accordingly, while we re-iterate the contemporary relevance of our circular issued in 2007, the additional concerns and other aspects that would need review and testing from the compliance perspective, are summarized in the Annex.
This circular has also been placed on RBI™s website (https://rbi.org.in). In view of the increased focus on compliance review in our supervisory processes, a comprehensive compliance plan replete with compliance testing and review structures may be implemented in your bank.
Principal Chief General Manager
Encl: As above.
Areas that require greater oversight in banks from the perspective of compliance
1. Risk Based Supervision:
a. Certain very specific templates oriented towards compliance assessment have been introduced under the RBS framework. RBI expects Chief Compliance Officers to ensure total compliance with all specified guidelines enlisted in the said template. It may also be noted that regulatory guidelines forming part of such template are neither exhaustive nor static and are expected to be updated on an annual basis. Banks may, therefore, strive to put in an exhaustive compliance framework encompassing all guidelines emanating from RBI, identify potential breaches and remedy them up-front.
b. Examination of compliance rigor prevalent in banks will be suitably factored in the risk assessment process and would go further in evaluating risk scores of banks. As banks may be aware, a similar regime prevails under the CAMELS/CALCS approach as well.
2. Conflict of interest and independence of compliance functions:
Supervisory reviews have, at several times, pointed out significant and unwarranted forays of compliance functionaries on audit committees/Boards and vice versa. In order to ensure that there is no room for conflict of interest and the activities of the compliance function are subject to independent review, the compliance function and the audit function of the bank should necessarily be kept separate.
3. Reviews on compliance functions: Board/ACB/Board level committees/ Internal Audits should regularly review compliance functions in strict accordance with extant guidelines on the subject. Compliance failures may be reviewed by Boards/Management Committees and appropriate remedial measures may be taken.
4. Staffing of compliance Departments:
- Staffing of compliance departments may be accorded adequate priority in order to ensure that the compliance wings discharge their functions without human resource constraints.
- Appropriate succession planning may be resorted to, for ensuring that the post of compliance officers does not remain vacant.
- In certain cases, appointment of compliance officers was not notified to RBI. Such instances may be avoided.
- Compliance structure, set-up of compliance Department, appointment of compliance officers etc may strictly be done in accordance with Para 5 of the extant guidelines.
5. Compliance with Monitorable Action Plan/ Risk Mitigation Plan: RBI has been placing a lot of emphasis on banks™ adherence and compliance with MAP/RMP prescribed pursuant to the Annual Financial Inspection/Risk Based Supervision process. Compliance units may specifically devise a time-bound strategy to ensure that compliance on all specified points is achieved within the time frame. RBI will continue to expect an adept compliance scenario, where all MAP/RMP points are complied with well before the commencement of the subsequent supervisory cycle and/or within the periods prescribed for fulfilling the requirements of MAP/RMP. As banks may be aware, penal provisions can also be invoked for unsatisfactory compliance with MAP/RMP.
6. Compliance testing: Compliance units in banks may evaluate the compliance risk in each business line at periodical intervals and put up the results to the Board/Management Committee.
7. Submission of Compliance: It has been observed that few banks are submitting compliance to AFI/RBS inspection reports through their Inspection & Audit Department without bringing the same to the notice of the Chief Compliance Officer. Hence, in case compliance to RBI inspection reports is communicated through the Inspection & Audit department of banks to RBI, a copy of the same needs to be endorsed to the Chief Compliance Officer, for information.
8. Promoting a compliance culture: It is important that the need to comply with instructions meticulously is re-emphasized among all the staff in the bank through continuous and mandatory training to all staff on compliance aspects, appropriate disciplinary measures through staff accountability framework/ policies for non compliance etc. Compliance should not be seen as an activity of the compliance department alone but as a culture that should pervade across the banks.