A Company must have an effective compliance function in order to fulfil its legal and regulatory obligations and to promote and sustain a compliance culture. The compliance function must establish and maintain appropriate mechanisms and activities to identify, assess, report on and address key legal and regulatory obligations, conduct training on key legal and regulatory obligations, facilitate confidential reporting and conduct assessments on matters related to compliance.
2.
The Board is ultimately responsible for creating a corporate culture that is based on honesty, integrity and a commitment to comply with all relevant legislation, regulations and Internal Controls. Such commitment must be reflected in the code of conduct of the Company.
3.
A Company must have a Board-approved compliance policy that is communicated to all members of Staff specifying the purpose, standing, and authority of the compliance function within the Company, and if applicable the Group.
4.
The compliance function must have access to and provide written reports to the Board and Senior Management on matters related to compliance risks, including but not limited to:
a.
Assessment of the key compliance risks the Company faces and the steps being taken to ddress them;
b.
Assessment of how the various parts of the Company such as divisions, major business units, and products are performing against compliance standards and goals;
c.
Any compliance issues involving management or persons in positions of major responsibility within the Company, and the status of any associated investigations or other actions being taken; and
d.
Material compliance violations or concerns involving any other person or unit of the Company and the status of any associated investigations or other actions being taken.
5.
The Head of the compliance function must have primary reporting obligations to the Chief Executive Officer and must have direct access to the Board and/or Board audit and/or risk committee. The head of the compliance function must have access to the Chair of the Board to report any delay on rectifying any material noncompliance issues.
6.
The Staff within the compliance function must be adequate, competent and collectively have the appropriate experience to ensure that compliance risk within the Company is managed effectively.
7.
Outsourced activities must remain fully in scope of the Company's compliance responsibilities.
8.
The compliance function must prepare and regularly update a compliance risk programme that sets out its planned activities. The activities of the compliance function must be subject to periodic and independent review by the internal audit function.