Question & AnswerQ&A (BSP CIRCULAR NO. 429, S. 2004)
Compliance risk is the risk of legal or regulatory sanctions, financial loss, or loss to reputation a bank or non-bank financial institution may suffer as a result of its failure to comply with all applicable laws, regulations, codes of conduct and standards of good practice.
The board should oversee the implementation of the compliance policy and ensure that compliance issues are resolved expeditiously. They are also to receive reports from senior management regarding the ongoing compliance policy and its effectiveness.
Senior management is responsible for establishing a compliance policy, ensuring it is observed, reporting to the board on its implementation, assessing its effectiveness, and reporting any material breaches of laws promptly.
The compliance function should have a formal status established by a charter or formal document approved by the board of directors. This document defines the compliance function's authority, independence, role, responsibilities, relationships within the organization, rights to access information, investigation rights, reporting relationships, and direct access to the board.
The compliance function must be independent from business activities and able to act on its own initiative in all units with compliance risk. It must be free to report irregularities to senior management or the board without fear of retaliation and have access to all necessary operational areas and records.
The role and responsibilities should be clearly defined, with proper delineation if duties are divided among legal, compliance, internal audit, or risk management functions. Formal cooperation arrangements and information exchange mechanisms must be in place among these functions.
They must establish policies for managing risks associated with outsourcing activities, ensuring the outsourced activities comply with applicable laws and regulations, and that the board and senior management remain responsible for safe and sound conduct of these activities.
A copy of the outsourcing agreement, including the duties, responsibilities, rights, and obligations of the parties, approved by the board of directors, must be submitted to the Bangko Sentral's supervising and examining department at least 30 days prior to execution for compliance review.
The Circular took effect fifteen (15) days after its publication either in the Official Gazette or in a newspaper of general circulation.