Dear CEO: compliance monitoring
The JFSC considers compliance monitoring to be an important part of a registered person’s risk management framework in relation to compliance risk. When done effectively and in conjunction with other activities, it enables the JFSC to have some comfort that compliance risk is being proactively and appropriately managed within registered persons, and that issues requiring notification are being made to the JFSC in a timely manner.
That being said, during the past 18 months, the JFSC has observed that the quality of compliance monitoring varies significantly between registered persons and frequently appears as a finding within examination reports.
For these reasons, and to assist registered persons, the JFSC has published a guidance note on compliance monitoring which outlines an approach to Compliance Monitoring and provides examples of observed good and poor practice.
Given that senior management, including the board, are responsible for the effective management of risk within a registered person, the JFSC expects senior management to be actively engaged in the compliance monitoring process. This should include the approval of a compliance monitoring plan and ensuring the timely completion of any resulting remedial action.
It is therefore imperative that senior management read and understand the guidance note and are able to demonstrate that they have considered the content against their own arrangements and taken action where necessary.
Effective compliance monitoring should be invaluable to senior management and provide a view of the business’ compliance with legislative and regulatory requirements and the effectiveness of its internal controls. It should also give confidence that where there is non adherence, issues are proactively identified and appropriately escalated and managed.
Should you have any queries regarding this letter, please feel free to contact your supervision manager at the JFSC.
Compliance Risk (as defined by the Basel committee on banking supervision): the risk of legal or regulatory sanctions, material financial loss, or loss to reputation a [registered person] may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organisation standards and codes of conduct application to its regulated activities.