To have enhanced compliances towards regulatory frameworks, the Reserve Bank of India (RBI) mandated Banks to adopt and follow certain guidelines for performing and keeping track of such compliance functions in banks and thereby, directing the appointment of Chief Compliance Officer (CCO) to ensure uniformity in compliance and risk management culture throughout the bank.
The guidelines supporting the compliance framework in banks and the role of CCO were issued on September 11, 2020 (2020 Guideline), supplementing their earlier guidelines on Compliance function in banks issued in 2007 and 2015. While the earlier guidelines specified the functions that are to be performed by CCOs, they lacked clarity regarding the manner of appointment of CCOs, which led the banks to have their own defined standards for appointment. However, through the 2020 Guideline, the RBI aimed to bring uniformity in the appointment of CCOs. Now let us look into the precepts to understand the conditions and the procedure to be adopted in appointing a CCO.
BACKGROUND:
The system of “Compliance Officer” in banks was first introduced by RBI in August 1992, by the recommendations of the Ghosh Committee on Frauds and Malpractices in Banks. After almost 15 years, RBI introduced elaborate guidelines on compliance function and compliance officer in the form of the 2007 circular which was in line with the BCBS report.
CCO’S IN BANKING SECTOR:
The CCO heads the Compliance Department, executing required compliances and mitigating risks within the bank’s operations. They serve as the central point of contact between the bank and regulatory bodies, ensuring the bank adheres to all applicable laws and regulations. Their role goes beyond leading the compliance functions, actively overseeing the bank’s entire compliance risk landscape.
Before the current guidelines, an executive or senior staff member, typically at the Deputy General Manager (DGM) level or higher, headed the compliance department. This individual was responsible for identifying and managing the bank’s compliance risks, supervising other compliance functions, and reporting to senior management. They could also report directly to the Board of Directors, the Audit Committee of the Board (ACB), or the relevant committee of the Board. Previously, individual bank policies determined the appointment of CCOs. However, the RBI has mandated a systematic policy and standardized appointment process to promote a stronger compliance culture within banks.
COMPLIANCY POLICY:
1. The banks shall have a policy that highlights the compliance philosophy and expectations for compliance culture, covering:
• tone from the top,
• Accountability,
• Incentive structure and
• Effective communication.
2. The structure and role of the compliance function and the role of the CCO must be laid down in the policy.
3. The policy should lay down the methods or processes for identifying, assessing, monitoring, managing, and reporting on compliance risk throughout the bank.
4. The policy should reflect the bank’s size, complexity, and compliance risk profile. It should include expectations for compliance with all applicable statutory provisions, rules, and regulations, as well as voluntary codes of conduct and internal rules, policies, and procedures. It should also create a disincentive structure for compliance breaches.
5. The bank must establish and manage a quality assurance and improvement program for the entire compliance function.
The policy should focus mainly on:
• building up a compliance culture;
• Vetting of the quality of supervisory and regulatory compliance reports to RBI by the top executives, non-executive chairman, and ACB of the bank, as the case may be.
Periodical Review of Policy
• The policy should be reviewed at least once a year.
APPOINTMENT
Fitness:
• The bank appoints the CCO as a Senior Executive, holding the rank of general manager or an equivalent position (at least two levels below the CEO). Recruitment can also occur from the external market.
• The CCO must possess a strong understanding of the industry, risk management practices, relevant regulations, legal frameworks, and sensitivity to regulators’ expectations.
• The CCO must be under 55 years old. However, if someone exceeding 55 years has continuous experience in compliance functions (as a CCO or other relevant role), they are still eligible for appointment.
• The CCO must have at least 15 years of overall experience in banking or financial services, with a minimum of 5 years in audit, finance, compliance, legal, or risk management functions.
• There must be no pending vigilance cases or adverse observations from RBI against the individual chosen for the CCO position.
Tenure for appointment of CCO
• The minimum term for the CCO position is three years.
• The Audit Committee Board, Managing Director, and Chief Executive Officer should specifically consider this minimum term requirement when selecting a CCO.
Selection Process
The CCO selection process will be rigorous and well-defined. A senior executive-level selection committee, established by the Board specifically for this purpose, will oversee the process. This committee will evaluate candidates and recommend individuals most suitable for the CCO role, ranking them in order of merit. Ultimately, the Board will make the final decision on the CCO appointment.
Transfer / Removal of CCO –
The Board strictly limits the transfer or dismissal of the CCO before the end of their term to highly exceptional circumstances. Such actions require the Board’s explicit prior approval and must adhere to a clearly defined and transparent internal administrative process.
DUTIES AND RESPONSIBILITIES OF THE COMPLIANCE FUNCTION
• To Ensure the Board and executive team are up-to-date on regulatory changes, rules, standards, and emerging trends.
• To provide clarification on any compliance related issues.
• To Conduct yearly compliance risk assessments and subsequently create a risk-oriented plan for compliance evaluation. This plan will be submitted to the ACB for approval and accessible to internal audit
• To report promptly to the Board / ACB / MD & CEO about any major changes / observations relating to the compliance risk.
• To periodically report on compliance failures/breaches to the Board/ACB and circulating to the concerned functional heads.
• To monitor and periodically test compliance by performing sufficient and representative compliance testing. The results of the compliance testing should be placed to Board/ACB/MD & CEO.
• To examine sustenance of compliance as an integral part of compliance testing and annual compliance assessment exercise.
• To ensure compliance of Supervisory observations made by RBI and/or any other directions in both letter and spirit in a time bound and sustainable manner.
CONCLUSION –
In conclusion, the Reserve Bank of India delegates banks under Circular 2020 to implement advanced protocols for evaluating, overseeing, auditing, and disclosing compliance risk. Furthermore, it dispelled ambiguities concerning the qualification criteria for Chief Compliance Officer appointment. Consequently, this initiative aims to enhance and modernize the compliance framework within banks in alignment with the evolving regulatory landscape.
