Question & AnswerQ&A (BSP CIRCULAR NO. 747)
The main policy objective is to promote the safety and soundness of the Philippine banking system through a robust and appropriate Compliance System that is an integral component of internal controls, governed by high standards of good corporate governance.
Banks must appoint a full-time Chief Compliance Officer (CCO) to oversee the design and effective implementation of the compliance system. The appointment requires prior approval of the Monetary Board.
Business risk refers to conditions detrimental to a bank’s business model and its ability to generate returns from operations, thus eroding its franchise value. It includes risks to reputation, legal risks, and risks arising from violations of regulations and codes of conduct.
The compliance function should have formal status established by a charter approved by the Board of Directors. It must ensure independence from business activities, have defined organizational responsibility, rights of access to necessary information, rights to conduct investigations, and formal reporting relationships to senior management and the Board.
The compliance system must include a formal compliance manual approved by the Board, organizational structure for the compliance function, clearly defined duties and responsibilities, effective internal communication and training mechanisms, and must ensure the integrity and accuracy of documentary submissions.
The CCO is the lead senior officer responsible for administering the compliance program, interacting with the BSP, ensuring integrity and accuracy of documentary submissions, overseeing system design, promoting implementation, and addressing compliance breaches.
A non-executive director may serve as CCO for banks with a 'simple' business model, meaning primarily engaged in deposit-taking and lending, such as thrift, rural, or cooperative banks. This requires prior Monetary Board approval.
The Board must ensure a compliance program is defined, approve any changes, oversee it through a board-level Committee chaired by a non-executive director, and ensure expeditious resolution of compliance issues. The Board must also receive periodic reports from senior management and the CCO.
A materially inadequate compliance system shall be construed as unsafe and unsound banking practice, which is subject to regulatory action by the BSP.
Yes, banks may outsource the review, assessment, and testing of their compliance program to qualified third parties. The outsourcing must comply with Section X162 of the MORB and provisions of the Circular.