Menú

All

Compliance

2020: ESMA Changes to the Compliance function

ESMA has published in 2020 June its new guidelines on the compliance function as set out in MiFID II. These apply to investment firms, credit institutions, UCITS and FIAs. These institutions will be required to update the necessary compliance functions and protocols.

  • What is the Compliance function?
  • To whom does it apply?
  • What changes have been introduced in June 2020?

A) Concerning their tasks

    1. Risk assessment
    2. Supervision
    3. Mandatory reporting
    4. Corporate culture

B) Concerning the compliance body

    1. Adequacy of resources
    2. Technical competence
    3. Exclusively for MiFID II
    4. Outsourcing

C) Concerning the competent authorities

  • Are they already in place?
  • Conclusions
Contacto No te quedes con la duda, contacta con nosotros. Estaremos encantados de atenderte y ofrecerte soluciones.

What is the Compliance function?

The Compliance function is determined by Article 22 of Regulation 2017/565. This regulation is the delegated regulation of MiFID II directive. This obligation derives from Article 16 of MiFID II directive, 2014/65/EU. By which, investment firms must establish procedures to ensure compliance with their obligations. Thus, the regulatory development states that these procedures and policies should contain all possible risks of non-compliance. In fact, it is mandatory to have a permanent compliance function that checks the proper functioning and acts independently. Those in charge of this function must verify each and every one of the investment firms´ procedures and policies. As well as establishing measures to mitigate all possible risks that may arise. They also have direct contact with the management body as they must report on the risks detected, control, and mitigation. In addition, they must review any complaints made by clients.

This function must not only comply with the MiFID II Directive and its delegated regulations but also with ESMA’s guidelines. ESMA is the European securities and markets authority. Last month, in June 2020, ESMA published its latest guidelines on compliance. The previous ones dated from 2012 and dealt with MiFID I. That directive is Directive 2004/39/EC

To whom does it apply?

Although MiFID II and its delegated regulation talked about investment firms, they are applied to more subjects. This is due to the fact that they also carry out investment services. As ESMA’s own guidelines state, these changes apply to:

  1. Investment services firms
  2. Credit institutions
  3. UCITS investment funds
  4. Alternative investment funds (AIF)

As well as to the competent authorities in each country which supervise the implementation of these rules.

What changes have been introduced in June 2020?

As ESMA states in its final report on compliance, the changes have not been significant compared to the 2012 document. The basis remains the same and only nuances have been introduced. However, they have been introduced in practically all its guidelines, to make it easier they are grouped here in three.

A) Relating to their tasks

  1. Risk assessment

The compliance function should assess risks on a regular basis by establishing update programs. The risk table or map will be updated according to certain variables. These are mainly two, external and internal changes. Thus, they must be updated every time there is a new regulation on the subject. Also when there are changes in the organization, such as in the business areas.

Furthermore, it is established that not only the different services and investment activities should be assessed for this evaluation. The categories of financial products and customers with which they deal must also be assessed. As well as the distribution channels and the company’s own organization.

This risk map must also include all risks that emerge from both internal and external audits.

  1. Supervision

The most remarkable thing in this aspect is that it is recommended not to make an exclusively theoretical supervision. This is done by means of different technical tools such as risk indicators. The regulatory compliance function should involve practical tasks. Among these are inspections of other departments in the organization to verify that they are complying with policies. Also calls to clients to verify if the protocols were also complied with by them. Even by interviews with staff members.

In addition, it is claimed that for a group of companies to which MiFID II applies this function will be unpacked. This refers to groups of financial institutions like those of any large Spanish credit institution. Although the largest company in these groups is usually a credit institution, they have fund management companies or broker-dealers companies. Therefore, what is established with this guideline is that each one will have its own compliance department. The responsibility of each of these departments is independent.

  1. Mandatory reporting

One of the requirements of this function is that they make mandatory compliance reports for all business areas. These guidelines reaffirm that reporting should be proportionate. They must be appropriate to the complexity and risk level of the financial instruments issued or marketed by the company.

In addition, these reports must take into account the complementary tasks designated by MiFID II. These tasks to be carried out by the compliance function are three. One, analyze product governance risk. Two, manage complaints. Three, advise the board of directors on remuneration policy.

They are thus required to assess in their reports whether product governance policies are being complied with. Having to assess among others the number and nature of financial products both manufactured and marketed. The latter must also include a list of the marketers, with a careful analysis of new ones.

  1. Corporate culture

Apart from the tasks of training all the staff for the correct compliance, the company culture is also demanded. ESMA requires the development of a compliance culture that is supported by managers and the board of directors. Thus, it must be ensured that the compliance function is involved in the modification of all procedures. This also applies to changes in the company’s own organization. These changes include the creation of new areas or financial instruments.

B) Concerning the compliance body

  1. Adequacy of resources

They have to make sure that they have the appropriate resources of all kinds. Economic, technical (software and other IT) and personnel resources. They must ensure that there is proportionality and efficiency between the amount of resources and the various investment services.

The managers must ensure at least annually that the number of employees and their skills are adequate.

  1. Technical competence

The Chief Compliance Officer must ensure that he or she has the necessary technical competence. This competence includes knowledge of all European and national rules and guidelines applicable to his or her activity. He or she must also demonstrate that he or she has the necessary experience to take responsibility for the rest of the staff. ESMA says that this will be ensured in accordance with the requirements of each Member State. Therefore, some will require a certificate, others a number of years of experience in a similar position, etc.

  1. Exclusively for MiFID II

ESMA reaffirms in these guidelines that the compliance function should be independent of any other department. And that it should be permanent, not depending on whether or not the person responsible is in office. However, it presents an exception in the case of SMEs for independence.

The compliance officer may also perform other tasks within the company. But this is not a generic exception. It is established that it must be analyzed on a case-by-case basis depending on the investment service and the financial instruments.

This independence of functions also requires that compliance be separated from internal audit. It also requires a division of specific functions. This is the case when within the compliance functions other controls are carried out, such as anti-money laundering. In this way, there are personnel exclusively responsible for compliance with MiFID II regulations.

4. Outsourcing

In principle, the independence of the compliance function is referred to internally in the organization. However, it is not excluded that this function may be outsourced, though under certain conditions. The tasks may be outsourced but the responsibility remains with the company. Before hiring these third parties, due diligence must be carried out to acknowledge that they comply with the requirements of MiFID II. Among others, that of technical competence. In addition, ESMA requires that if such work is carried out outside the EU it must be closely monitored.

C) Concerning the competent authorities

In this case ESMA leaves more open the possibilities for each Member State to monitor the compliance function. It does not require how to do so but it does require that the compliance function be regularly monitored. Both before it is implemented in the company and afterwards by reviewing its performance and maintenance.

Are they already in place?

These guidelines will come into force two months after they are published in all official EU languages. It was published in English on June 5th 2020.  They have not yet been published in Spanish. Therefore, it has not yet been published in all official languages.  But it is very likely that it will not be long in coming. The entities mentioned above will have to be pending by the last quarter of the year.

Conclusions

In the financial regulatory sector it is essential to keep up to date with ESMA’s regulatory and guideline updates. In this case, all those responsible for the compliance function in the four obligated subjects must implement them. The good news is that since it has not yet come into force, they have time to make the necessary changes.

If you liked this article, you may also find the following interesting

What is a “professional” client for the purposes of MiFID and the Supreme Court?

Publicaciones relacionadas