The European Securities and Markets Authority’s (“ESMA”) Final Report (ref: ESMA/2012/388) includes the final guidelines in relation to certain aspects of the MiFID compliance function requirements.
Whilst these guidelines do not impose absolute obligations on firms, unlike the MiFID requirements, all firms will need to consider whether their compliance functions should be amended to reflect the recommendations in the Guidelines.
The GuidelinesSome significant points to note from the guidelines are as follows:
Monitoring obligations of the compliance function
Firms should introduce a monitoring programme that encapsulates all of the firm’s investment services, activities and any ancillary services. The aim of this monitoring programme should be to ensure that the compliance risk remains fully monitored at all times.
Where the investment firm in question is part of a group, it is responsible for its own compliance functions. The compliance function for each individual investment firm should remain tasked with the responsibility for monitoring the compliance risks. Various ‘tools and procedures’ for monitoring these risks are set out in the guidelines.
Action Point: Firms that use a ‘group compliance’ function should review their procedure to ensure that they have not outsourced their obligations to another group member.
Reporting obligations of the compliance function
Written compliance reports should be sent to the senior management of investment firms on a regular basis. These reports must be completed at least annually. If investment firms deem that more regular intervals are appropriate, then this is acceptable.
The report should deal with a description of the implementation of the compliance procedures and how effective they have been; if any risks have been identified, these should also be raised in the report, alongside the remedies undertaken or due to be undertaken. Should the report contain any significant findings, then these findings should be reported to senior management (by the compliance officer) as soon as possible.
Action Point: Review how much compliance information is submitted to the board and to ensure that the board is fully involved in compliance matters.
Advisory obligations of the compliance function
The compliance function should provide adequate training and day-to-day assistance for staff. This training should not be ad hoc but should be undertaken on a regular basis; however, needs-based training can be performed only when necessary.
Action Point: Review training programmes to ensure that the regular (and ad hoc training) is sufficient.
Effectiveness of the compliance function
Investment firms should consider the scale and the types of investment services offered when reviewing the level of human and other resources allocated to the compliance function. Firms should ensure that compliance staff with the necessary authority to exercise their duties effectively is provided; the compliance staff should be given access to the information relevant to the investment services and activities offered by the firm.
Action Point: Ensure that compliance is actively involved in all business of the firm and not simply informed about business when compliance issues arise.
Independence of the compliance function
Investment firms should ensure that the compliance officer and other compliance staff act independently. This means that the tasks undertaken by the compliance function should remain independent of senior management and other areas of the investment firm.
Where the compliance function has provided senior management with important recommendations or assessments, the compliance officer should document these and ensure that they are contained within the compliance reports.
Where an investment firm considers it disproportionate to comply with the requirement to have a compliance officer who carries out no other function, the firm should examine whether the compliance function in place will be compromised; this should continue to be reviewed by the investment firm on a regular basis.
Action Point: Ensure that compliance operates independently of senior management and the business. Where the compliance officer carries on activities other than compliance, the firm must review the procedures to ensure that compliance independence is not compromised. This should be documented.