Title
Revised Compliance Framework for Philippine Banks
Law
Bsp Circular No. 747
Decision Date
Feb 6, 2012
The BSP Circular No. 972-17 strengthens compliance frameworks in BSP Supervised Financial Institutions by emphasizing the responsibility of all personnel, officers, and the board of directors in managing compliance risks and ensuring adherence to laws, rules, and standards applicable to financial institutions.
enhanced guidelines
strengthening compliance frameworks
compliance risks

Policy and intended compliance environment

  • The Bangko Sentral ng Pilipinas (BSP) promotes the safety and soundness of the Philippine banking system through an enabling policy and oversight environment.
  • The environment is governed by high standards and accepted practices of good corporate governance as collectively defined by the BSP and its supervised institutions.
  • Banks must put in place a robust, dynamically-responsive and distinctly-appropriate Compliance System as an integral component of internal controls.
  • A full-time Chief Compliance Officer (CCO) must be appointed to oversee the design of the Compliance System and promote its effective implementation, subject to the rules in Section A X180.4.

Business risk definition and scope

  • A bank’s Compliance System must be designed to identify and mitigate business risks that may erode the bank’s franchise value.
  • Business risk refers to conditions detrimental to a bank’s business model and its ability to generate returns from operations, which in turn erodes franchise value.
  • Combining business risk with financial risks arising from borrowed funds generates the bank’s total corporate risk.
  • Business risks include, among others, the following:
    • Risks to reputation arising from internal decisions that may damage a bank’s market standing.
    • Risks to reputation arising from internal decisions and practices that ultimately impair the public’s trust of a bank.
    • Risks from a bank’s actions contrary to existing regulations and identified best practices, reflecting weaknesses in implementing codes of conduct and standards of good practice.
    • Legal risks to the extent that changes in the interpretation or provisions of regulations directly affect the bank’s business model.

Compliance System requirements

  • The Compliance System must include basic elements consisting of requirements under Section A X180.3.
  • The Compliance System must maintain a formal written document called a Compliance manual that reflects the compliance program approved by the Board of Directors.
  • The compliance program must be distinguished from:
    • The risk program, which covers financial risks arising from balance sheet exposures.
    • The internal audit program, which reviews on an ex-post basis whether prescribed guidelines were followed in administering transactions, handling procedures, making decisions, and undertaking related activities.
  • The compliance program must take into account the size and complexity of bank operations and must:
    • Clearly identify avenues through which business risks may occur.
    • Institutionalize compliance measures effectively suited to the bank’s operations to mitigate those business risks.
  • The compliance function must have an appropriate organizational structure and must be executed through full-time officers/staff either:
    • embedded in operating departments, or
    • in a department operating on its own.
  • Coordination with department heads is the responsibility of the CCO.
  • The duties and responsibilities of the CCO and other compliance personnel must be defined explicitly.
  • A compliance system that does not consistently ensure the integrity and accuracy of documentary submissions is a basis to assess a bank as involved in unsafe and unsound practices.

Compliance manual approvals and updates

  • The President and the CCO must execute an affidavit under oath that:
    • the Compliance System has been approved by the Board of Directors; and
    • the Compliance manual reflects the approved system.
  • The compliance program must be updated at least annually to incorporate changing responses to evolving internal and external conditions.

Interaction, training, and internal communications

  • Banks must maintain a constructive working relationship with the BSP.
  • Through the CCO and/or other authorized compliance officers, banks may consult the BSP for clarifications on specific provisions of related laws and regulations.
  • The BSP may initiate dialogue with a bank to discuss the bank’s compliance program and its record of implementation.
  • Banks must discuss clarifications of pertinent laws and regulations with other appropriate agencies that issue market regulations and/or tax guidelines.
  • Banks must establish clear and open communication lines to educate and address compliance matters.
  • Officers and staff must be trained in the normal course of bank operations with respect to the bank’s compliance program and identified business risks.
  • The Compliance manual must include processes for imparting to bank personnel and its affiliated parties the necessary appreciation of the bank’s compliance culture.

Chief Compliance Officer and appointment rules

  • The CCO is the lead senior officer for administering the compliance program and interacting with the BSP on compliance-related issues.
  • The CCO’s principal function is to oversee the design of an appropriate compliance system, promote its effective implementation, and address breaches that may arise.
  • The CCO must ensure the integrity and accuracy of all documentary submissions to the BSP.
  • Banks must appoint a full-time CCO to manage the compliance program.
  • The CCO is a senior officer functionally reporting to the Board of Directors.
  • CCO appointment/designation requires prior approval of the Monetary Board.
  • The CCO’s qualifications must comply with the qualifications for bank officers under Section X142.2 of the MORB, including fit and proper criteria such as integrity/probity, competence, education, diligence, and experience/training.
  • Banks with wholly-owned subsidiary banks may appoint a CCO for the banking group if the parent bank shows BSP that the compliance function is conducted on a group-wide basis.
  • Subject to prior Monetary Board approval, banks operating on a business model deemed “simple” by the BSP may designate a non-executive director as CCO in a concurrent capacity.
  • A bank’s business model is deemed simple if the bank is primarily engaged in deposit-taking and lending.
  • A universal or commercial bank is deemed complex, while a thrift, rural or cooperative bank is deemed simple.
  • A universal or commercial bank may apply with the BSP for reclassification as a simple bank.
  • The BSP may also declare a thrift, rural or cooperative bank as complex.
  • A non-executive director is a member of the Board of Directors who is not part of the executive committee or day-to-day management of banking operations.

Board responsibilities and compliance governance

  • The Board must ensure that a compliance program is defined for the bank and that compliance issues are resolved expeditiously.
  • A board-level Committee chaired by a non-executive Director must oversee the compliance program.
  • Senior Management is collectively responsible for ensuring adherence by bank personnel and affiliated parties to the bank’s pre-defined compliance standards.
  • The CCO is the lead operating officer on compliance within Senior Management.
  • Senior Management, through the CCO, must periodically report to the Board of Directors or its designated Committee matters affecting the design and implementation of the compliance program.
  • Any changes, updates, and amendments to the compliance program must be approved by the Board of Directors.
  • Any material breaches of the compliance program must be reported to and promptly addressed by the CCO within the mechanisms defined by the Compliance manual.
  • A compliance system found to be materially inadequate is construed as an unsafe and unsound banking practice.

Status of compliance function and investigation access

  • The compliance function must have a formal status within the organization established by a charter or other formal document approved by the Board of Directors.
  • The charter or formal document must define the compliance function’s standing, authority, and independence and must address:
    • measures ensuring independence of the compliance function from the bank’s business activities;
    • the organizational structure and responsibilities of the unit or department administering the compliance program;
    • the relationship of the compliance unit/department with other functions/units, including delineation of responsibilities and lines of cooperation;
    • the right to obtain access to information necessary to carry out responsibilities;
    • the right to conduct investigations of possible breaches of the compliance policy;
    • formal reporting relationships to senior management, the Board, and the appropriate board-level Committee;
    • the right of direct access to the Board of Directors and to the appropriate board-level Committee.
  • The charter or formal document defining the status of the compliance function must be communicated throughout the organization.

Outsourcing compliance risk assessment and testing

  • Review, assessment, and testing of the compliance program may be outsourced to qualified third parties.
  • Outsourcing arrangements for compliance risk assessment and testing must be governed by Section X162 of the MORB.

Renumbering and implementation timeline

  • Section A X180.5 is the renumbered version of the former Section A X180.4 responsibilities on Board and Senior Management on compliance.
  • Section A X180.7 (new numbering) covers outsourcing of compliance risk assessment and testing.
  • Section A X180.6 is the renumbered version of the former Section A X180.8 cross-border compliance issues.
  • Section A X180.7 (2008 a X170.7) on role and responsibilities of the compliance function is deleted.
  • All provisions of BSP Circular No. 747 must be complied with on or before 01 July 2012.

Analyze Cases Smarter, Faster
Jur helps you analyze cases smarter to comprehend faster, building context before diving into full texts. AI-powered analysis, always verify critical details.

About Privacy Terms