1. Compliance must be part of the culture of the Bank, not just the responsibility of staff in the Bank’s compliance function.

2. A Bank’s Board-approved compliance policy must at a minimum address the following issues with respect to the compliance function:

1. a.The compliance function’s standing within the Bank, its authority, its responsibilities and its relations with other control functions;
2. b.The purpose and scope of the compliance function and a description of its reporting lines to the chief executive officer, the Board and the Board risk committee/Board audit committee;
3. c.Its right to obtain access to information necessary to carry out its responsibilities, and the corresponding duty of Bank staff to co-operate in supplying this information;
4. d.Its right to conduct investigations of possible breaches of the compliance policy and to appoint external experts to perform this task if appropriate;
5. e.Its right to influence, and when necessary, challenge Senior Management decisions if compliance risks are identified;
6. f.The measures to ensure its independence; and
7. g.The process for timely escalation of breaches of the policy.

3. The compliance function must, at a minimum, undertake the following responsibilities and tasks in relation to anti-money laundering and countering the financing of terrorism:

1. a.Detection of money laundering/terrorist financing operations/organizations;
2. b.Examination of suspicious transactions and identification of those to be reported to the Central Bank’s Financial Intelligence Department (FID);
3. c.Bi- annual assessment of the Banks’ anti-money laundering & countering the financing of terrorism compliance framework and transmission of the assessment report to FID. Copies of such reports, along with Senior Management comments and decisions, must be sent to FID bi-annually;
4. d.Implementation, in coordination with FID as needed, of an on-going training programme on money laundering and terrorist financing; and
5. e.Any other cooperation with FID upon its request.

4. Compliance function staff must have a sound understanding of laws, regulations, rules and standards relevant to the Bank’s business and keep abreast with their developments. The professional skills of compliance function staff must be maintained through regular and systematic education and training, including courses on real cases relating to money laundering and financing of terrorism.

5. The compliance function must have access to any member of staff and all records and data of the Bank, and if applicable the Bank’s Subsidiaries and Affiliates, which is required to fulfil the mandate established by the Bank’s compliance policy.

6. A consistent approach to compliance across the Group may be achieved through the establishment of a Group compliance function accountable to the Board of the Controlling Shareholder, or through compliance functions established in each entity (or branch) and accountable to those entities’ Boards and also reporting to the Group’s head of compliance.

7. In cases where compliance function staff are embedded in independent support or control units (e.g. legal, finance, financial crime or control, risk management), a separate reporting line from staff in these units to the head of compliance is necessary. These units must co-operate closely with the head of compliance to ensure that the head of compliance can perform his or her responsibilities effectively.

8. The head of compliance must not have direct business line responsibilities in the Bank. Compliance function staff must perform only compliance responsibilities. A close and co-operative working relationship between the compliance function and business units must be in place in order to identify and manage compliance risks at an early stage.

9. Banks must have processes for reporting, at least quarterly, on compliance risk to Senior Management and the Board. The compliance function’s reports must at a minimum:

1. a.address compliance risk assessments that have taken place during the reporting period, including any changes in the compliance risk profile based on relevant measurements such as performance indicators;
2. b.summarize any identified breaches and/or deficiencies and the corrective measures recommended to address them; and
3. c.report on corrective measures already taken.

10. The Board, the Board audit committee or the Board risk committee must assess, at least annually, the performance of the compliance function. This must include an independent external quality assurance review of the compliance function at least once every five years.

11. Banks must ensure that any outsourcing arrangements do not impede effective supervision by the Central Bank. Specific tasks of the compliance function may be outsourced, but they must remain subject to appropriate oversight by the head of compliance. Regardless of the extent to which specific tasks of the compliance function are outsourced, the Board and Senior Management remain responsible for compliance by the Bank with all applicable laws, regulations, standards and the instructions of the Central Bank.