The Board is responsible for ensuring that the Bank, and if applicable, Group, has an independent, permanent and effective compliance function to monitor and report on observance of all applicable laws, regulations and standards and on adherence by staff and members of the Board to legal requirements, proper codes of conduct and policy on conflicts of interest.
Banks must have a Board-approved compliance policy that is communicated to all members of staff specifying the purpose, standing and authority of the compliance function within the Bank, and if applicable Group.
The staff within the compliance function must be sufficient, competent and collectively have the appropriate experience within the Bank to ensure that compliance risk within the Bank is managed effectively.
The compliance function must have primary reporting obligations to the chief executive officer and a right of direct access to the Board or the Board audit committee and/or Board risk committee.
The compliance function must prepare and regularly update a risk-based compliance programme that sets out its planned activities, subject to oversight by the head of compliance. The activities of the compliance function must be subject to periodic and independent review by the internal audit function.
Banks, for which the Central Bank is the primary regulator, having significant Group relationships including Subsidiaries, Affiliates, or international branches must ensure a consistent compliance policy across the Group.