Compliance Function and Role of Chief Compliance Officer (CCO)- Urban Co-operative Banks - ଆରବିଆଇ - Reserve Bank of India
Compliance Function and Role of Chief Compliance Officer (CCO)- Urban Co-operative Banks
RBI/2022-2023/118 September 19, 2022 The Chairman / Managing Director / Chief Executive Officer Madam / Dear Sir, Compliance Function and Role of Chief Compliance Officer (CCO)- As part of the overall structure for Corporate Governance, the Compliance Function serves a critical role. Therefore, it has been decided to introduce certain principles, standards and procedures for Compliance Function in UCBs, keeping in view the principles of proportionality. Accordingly, this Circular shall be applicable to all UCBs under Tier 3 and Tier 4 categories1 except UCBs under All Inclusive Directions (AID)2. UCBs under Tier 1 and Tier 2 categories shall continue to be governed under the existing guidelines3. 2. The UCBs under Tier 4 category shall put in place a Board-approved policy and a Compliance Function, including the appointment of a Chief Compliance Officer (CCO), based on the Framework given in the Annex, latest by April 1, 2023. The UCBs under Tier 3 category shall implement the same latest by October 1, 2023. 3. This Circular shall be placed in the immediate next meeting of the Board of Directors for information and devising an implementation strategy, under the Board’s supervision, in a time-bound manner. Yours faithfully, (Tarun Singh) Encl.: Annex Framework for Compliance Function and Role of Chief Compliance Officer in Primary (Urban) Co-operative Banks (UCBs) under Tier 3 and Tier 4 categories4 1. Introduction The Compliance Function is an integral part of effective governance, along with the internal control and risk management processes. The UCBs under Tier 3 and Tier 4 categories shall treat the guidelines in the Circular as a set of minimum guidelines only and accordingly frame their own guidelines taking into account their corporate governance framework, the scale of operations, risk profile, organisational structure and code of conduct, etc. 2. Compliance Risk Compliance risk is the risk of legal or regulatory sanctions, material financial loss or loss of reputation a UCB may suffer, as a result of its failure to comply with laws, regulations, rules, and codes of conduct, etc., applicable to its activities. 3. Scope and Coverage of Compliance Function Compliance Function shall ensure strict observance of all statutory and regulatory requirements for the UCB, including standards of conduct, managing conflict of interest, treating customers fairly and ensuring the suitability of customer service. 4. Responsibility of the Board and Senior Management 4.1 The Board / Board Committee5 shall ensure that an appropriate Compliance Policy is put in place and implemented. Further, the Board / Board Committee shall prescribe the periodicity for review of Compliance risk. 4.2 The Senior Management shall:
5. Responsibilities of Compliance Function 5.1 Compliance Function shall be responsible for undertaking the following activities at the minimum: i) Assist the Board and the Senior Management in overseeing the implementation of Compliance Policy including policies and procedures, prescriptions in Compliance Manuals, internal codes of conduct, etc. ii) Play the central role in identifying the level of Compliance risk in the organisation. The Compliance risks in existing / new products and processes shall be analysed and appropriate risk mitigants put in place. The Chief Compliance Officer (CCO) shall be a member of the 'new product' committee/s6. All new products shall be subjected to intensive monitoring at least for the first six months of introduction to ensure that the indicative parameters of Compliance risk are adequately monitored. iii) Compliance Function shall monitor and test Compliance by performing sufficient and representative Compliance testing, and the results of such Compliance testing shall be reported to the Senior Management. It shall periodically circulate the instances of Compliance failures among staff, along with the required preventive instructions. Staff accountability shall be examined for major Compliance failures. iv) Ensure compliance of regulatory / supervisory directions given by RBI in both letter and spirit in a time-bound and sustainable manner. RBI will continue to expect an effective Compliance Program where all Risk Mitigation Plan (RMP) / Monitorable Action Plan (MAP) points are complied with within the timelines prescribed. Unsatisfactory compliance with RMP/MAP may invite penal action from RBI. v) Attend to compliance with directions from other regulators in cases where the activities of the entity are not limited to the regulation / supervision of RBI. Further, discomfort conveyed to the UCB on any issue by other regulators, and action taken by any other authorities / law enforcement agencies, shall be brought to the notice of RBI. vi) The Compliance Department may also serve as a reference point for the staff from operational departments for seeking clarifications / interpretations of various regulatory and statutory guidelines. 5.2 The CCO shall be the nodal point of contact between the UCB and the regulators / supervisors and shall necessarily be a participant in the structured or other regular discussions held with RBI. Further, compliance to RBI inspection reports shall be communicated to RBI necessarily through the office of the Compliance Function. 5.3 In some UCBs, there may be separate departments / divisions looking after compliance with different statutory and other requirements. In such cases, the departments concerned shall hold the prime responsibility for their respective areas, which shall be clearly outlined. Adherence to applicable statutory provisions and regulations is the responsibility of each staff member. However, the Compliance Function would need to ensure overall oversight. 6. Broad Contours of Compliance Framework in UCBs A. Compliance Policy a. The UCB shall lay down a Board-approved Compliance Policy clearly spelling out its Compliance philosophy, expectations on Compliance culture, structure and role of the Compliance Function, the role of CCO, processes for identifying, assessing, monitoring, managing and reporting on Compliance risk. The Policy shall be reviewed at least once a year. b. Broadly, the Policy shall ensure coverage of the following aspects:
B. Compliance Structure The Compliance Department shall be headed by the Chief Compliance Officer, meeting the requirements prescribed in this Circular. UCBs are free to adopt their own organizational structure for the Compliance Function. However, the function shall be independent and sufficiently resourced, its responsibilities shall be clearly specified, and its activities shall be subject to periodic and independent review. C. Compliance Programme UCBs shall carry out an annual Compliance risk assessment in order to identify and assess major Compliance risks faced by them and prepare a plan to manage the risks. The annual review, to be carried out by the Senior Management, shall ensure coverage of at least the following aspects:
D. Authority The CCO and Compliance Function shall have the authority to communicate with any staff member and have access to all records or files that are necessary to enable her / him to carry out entrusted responsibilities in respect of Compliance issues. This authority shall flow from the Compliance Policy of the UCB. E. Dual Hatting i. There shall not be any 'dual hatting,' i.e., the CCO shall not be given any responsibility which brings elements of conflict of interest, especially any role relating to business. The CCO shall generally not be a member of any committee which conflicts her / his role as CCO with responsibility as a member of the committee, including any committee dealing with purchases / sanctions. In case the CCO is a member of any such committee, that would only be an advisory role. ii. The staff in the Compliance Department shall primarily focus on Compliance Function. However, the Compliance staff could be assigned some other duties while ensuring that there is no conflict of interest. F. Qualifications and Staffing of Compliance Function Apart from having staff with basic qualifications and practical experience in business lines / audit & inspection functions, Compliance Function shall have adequate staff members with knowledge of statutory / regulatory prescriptions, law, accountancy, risk management, information technology, etc. Appropriate succession planning shall be ensured to avoid any future skill gap. G. Internal Audit & Independent Review of Compliance Function Compliance risk shall be included in the risk assessment framework of the Internal Audit Function, and Compliance Function shall be subject to regular internal audit. The CCO shall be kept informed of audit findings related to Compliance, which shall serve as a feedback mechanism for assessing the areas of Compliance failures. H. Supervisory Focus Examination of Compliance rigor prevalent in the UCB shall be a part of Reserve Bank's supervisory risk assessment process. 7. Appointment and Tenure of CCO
1 Please refer to the Reserve Bank’s Press Release dated July 19, 2022 on Revised Regulatory Framework for Urban Co-operative Banks (UCBs) in terms of which UCBs have been categorised into following four tiers for regulatory purposes: Tier 1 - All unit UCBs and salary earner’s UCBs (irrespective of deposit size), and all other UCBs having deposits up to ₹100 crore; Tier 2 - UCBs with deposits more than ₹100 crore and up to ₹1000 crore; Tier 3 - UCBs with deposits more than ₹1000 crore and up to ₹10,000 crore; Tier 4 - UCBs with deposits more than ₹10,000 crore. 2 A transition time of six months will be provided for ensuring compliance with these guidelines, as and when such UCBs come out of AID. 3 Master Circular ref No. DCBR.BPD (PCB/RCB) Cir.No.2/14.01.062/2015-16 on Board of Directors-UCBs dated July 01, 2015 read with Circular ref No. UBD.No.BSD.I.PCB.11/12.05.01/2002-03 on Designating Compliance Officers in Urban Co-operative Banks dated August 16, 2002 issued by the Reserve Bank inter alia prescribe the role of Directors and the Audit Committee of Board with Compliance highlighted as one of the major responsibilities and for a senior official to be designated as ‘Compliance Officer’. 4 Except UCBs under All Inclusive Directions (AID). A transition time of six months will be provided for ensuring compliance with these guidelines, as and when such UCBs come out of AID. 5 ‘Board Committee’ means ‘Audit Committee of the Board’ 6 If there is no such committee in existence, then the CCO shall evaluate all new products before these are launched. |