Bangko Sentral ng Pilipinas (BSP) Revised Compliance Framework for Banks

BANGKO SENTRAL NG PILIPINAS
OFFICE OF THE GOVERNOR
CIRCULAR NO. 747
Series of 2012

Subject: Revised Compliance Framework for Banks

The Monetary Board, in its Resolution No. 116 dated 20 January 2012, approved the revisions to the compliance framework for banks, amending the entirety of Section X180 ((2008 - X170) Compliance System; Compliance Officer) of the Manual of Regulations for Banks (MORB). 1.    Section X180 of the MORB is amended to include a statement of policy that shall read as follows:

The Bangko Sentral ng Pilipinas (BSP) actively promotes the safety and soundness of the Philippine banking system through an enabling policy and oversight environment. Such an environment is governed by the high standards and accepted practices of good corporate governance as collectively defined by the BSP and its supervised institutions. Towards this end, a robust, dynamically-responsive and distinctly-appropriate Compliance System shall be put in place as an integral component of an institution's internal controls.

Subject to the provisions of Section § X180.4, a full-time Chief Compliance Officer (CCO) shall be appointed to oversee the design of its Compliance System and promote its effective implementation.

2.    Section § X180.1 of the MORB (2008 - X170.1) Compliance System shall focus on the mitigation of Business Risk and is amended to read as follows:

Section § X180.1 Definition of Business Risk. A Compliance System shall be designed to specifically identify and mitigate business risks which may erode the franchise value of the bank. Business risk refers to conditions which may be detrimental to a bank's business model and its ability to generate returns from operations, which in turn erodes its franchise value. Combining business risk with the financial risks arising from the use of borrowed funds generates total corporate risk of the bank. Business risks shall include, but not be limited to, the following:

1. Risks to reputation that arise from internal decisions that may damage a bank's market standing;
2. Risks to reputation that arise from internal decisions and practices that ultimately impinge on the public's trust of a bank;
3. Risks from the actions of a bank that are contrary to existing regulations and identified best practices and reflect weaknesses in the implementation of codes of conduct and standards of good practice;
4. Legal risks to the extent that changes in the interpretation or provisions of regulations directly affect a bank's business model.
   

3.    Section § X180.5 of the MORB (2008 - X170.5) Status is renumbered as the new Section § X180.2 and amended to read as follows:

Section § X180.2 (2008 - X170.5) Status of the Compliance Function. The compliance function shall have a formal status within the organization. It shall be established by a charter or other formal document approved by the Board of Directors that defines the compliance function's standing, authority and independence, and addresses the following issues:

1. measures to ensure the independence of the compliance function from the business activities of the bank;
2.  the organizational structure and responsibilities of the unit or department administering the compliance program;
3. the relationship of the compliance unit/department with other functions or units of the organization, including the delineation of responsibilities and lines of cooperation;
4. its right to obtain access to information necessary to carry out its responsibilities;
5. its right to conduct investigations of possible breaches of the compliance policy;
6. its formal reporting relationships to senior management, the Board of Directors, and the appropriate board-level Committee; and
7. its right of direct access to the Board of Directors and to the appropriate board-level Committee.
   

The charter or other formal document defining the status of the compliance function shall be communicated throughout the organization.

4.    Section § X180.1 of the MORB (2008 - X170.1) Compliance System is renumbered as the new Section § X180.3 and amended to read as follows:

Section § X180.3 (2008 - X170.1) Compliance System. The compliance system shall have the following basic elements:

a.  A formal written document (i.e., Compliance Manual) that reflects the compliance program approved by the board of directors:

(1)    The compliance program shall be distinguished from the risk program and the internal audit program. While compliance mitigates business risks as defined in Section § X180.1, the risk program covers financial risks that arise from the balance sheet exposures of the institution. The internal audit program, on the other hand, shall review on an ex-post basis whether prescribed guidelines of the bank were followed in administering transactions, handling procedures, making decisions, and undertaking related activities.

(2)    The compliance program shall take into account the size and complexity of operations of the banks. It must clearly identify the avenues through which business risks may occur for the bank. Correspondingly, compliance measures effectively suited to the operations of the bank in order to mitigate said business risks shall be institutionalized in the bank through the compliance program.

(3)    An appropriate organizational structure must be in place to manage the compliance function and execute the approved compliance program. The compliance function shall be manned by full-time officers/ staff either embedded in operating departments, or in a department operating on its own. Coordination with the respective department heads shall be the responsibility of the CCO.

(4)    In addition to the organizational structure, the duties and responsibilities of the CCO and other personnel involved in the compliance function must be defined explicitly.

(5)    A compliance system which does not consistently ensure the integrity and the accuracy of documentary submissions shall be deemed as a basis to assess a bank as involved in unsafe and unsound practices.

The President and the CCO shall execute an affidavit, under oath, that the compliance system has been approved by the Board of Directors and that the Compliance Manual reflects said approved system.

The program shall be updated at least annually to incorporate changing responses to evolving internal and external conditions.

b.    A constructive working relationship between the bank and BSP.

The bank, through its CCO and/or other authorized compliance officers, may consult the BSP for -clarifications on specific provisions of related laws and regulations. Similarly, BSP may initiate a dialogue with a bank to discuss the compliance program of a bank and its record of implementation of the same.

The bank is enjoined to discuss clarifications of pertinent laws and regulations with other appropriate agencies that issue market regulations and/or tax guidelines.

c.    Clear and open communication lines within the bank to educate and address compliance matters
Officers and staff shall be trained in the normal course of bank operation with respect to the compliance program of the bank and the identified business risks. The processes for imparting to bank personnel and its affiliated parties the necessary appreciation of the bank's compliance culture shall form part of the Compliance Manual.

5. Section § X180.2 of the MORB (2008 - X170.2) Compliance Officer is renumbered as the new Section § X180.4 and amended to read as follows:

Section § X180.4 (2008 - X170.2) Chief Compliance Officer

a.  The CCO is the lead senior officer for purposes of administering the compliance program and interacting with the BSP on compliance-related issues. The principal function of the CCO is to oversee the design of an appropriate compliance system, promote its effective implementation and address breaches that may arise. The CCO shall also be responsible for ensuring the integrity and accuracy of all documentary submissions to the BSP.

b.  Banks shall appoint a full-time CCO to manage the compliance program. Given the importance of the compliance function, the CCO is a senior officer functionally reporting to the bank's Board of Directors. Such appointment/designation shall require prior approval of the Monetary Board. The CCO's qualifications shall be subject to the provisions of Section X142.2 of the MORB enumerating the qualifications of bank officers, particularly considering fit and proper criteria such as integrity/probity, competence, education, diligence and experience /training.

c. The CCO shall have commensurate skills and expertise to provide appropriate guidance and direction to the bank on the development, implementation and maintenance of the compliance program.

d. Banks with wholly-owned subsidiary banks may appoint a CCO for the banking group; Provided, that the parent bank can show to the BSP that the compliance function is conducted on a group-wide basis.

e. Subject to prior Monetary Board approval, banks operating on a business model deemed "simple" by the BSP by virtue of its scale and complexity of activities may designate a non-executive director to serve as the CCO in a concurrent capacity. A non-executive director is a member of the Board of Directors who is not part of the Executive Committee or day-to-day management of banking operations.

For this purpose, a bank's business model is deemed simple if a bank is primarily engaged in the business of deposit-taking and lending; Provided that a universal or commercial bank shall be deemed a complex bank while a thrift, rural or cooperative bank shall be deemed a simple bank. Nonetheless, a universal or commercial bank may apply with the BSP for a reclassification as a simple bank. The BSP may likewise declare a thrift, rural or cooperative bank as complex.

6. Section § X180.4 of the MORB (2008 - X170.4) Responsibilities of the Board of Directors and Senior Management on Compliance is renumbered as the new Section § X180.5 and amended to read as follows:

Section § X180.5 (2008 - X170.4) Responsibilities of the Board of Directors and Senior Management on Compliance. Aside from the duties and responsibilities of the Board of Directors mentioned under Subsection X141.3, the Board shall ensure that a compliance program is defined for the bank and that compliance issues are resolved expeditiously. For this purpose, a board-level Committee, chaired by a non-executive Director, shall oversee the compliance program.

Ensuring that bank personnel and affiliated parties adhere to the pre-defined compliance standards of the banks rests collectively with Senior Management, of which the CCO is the lead operating officer on compliance. Senior Management, through the CCO, should periodically report to the Board of Directors or its designated Committee matters that affect the design and implementation of the compliance program. Any changes, updates and amendments to the compliance program must be approved by the Board of Directors. However, any material breaches of the compliance program shall be reported to and promptly addressed by the CCO within the mechanisms defined by the Compliance Manual.

A compliance system found to be materially inadequate shall be construed as unsafe and unsound banking practice.

7.    Section § X180.7 (2008 - X170.7) Role and responsibilities of the compliance function shall be deleted.

8.    Section § X180.8 (2008 - X170.8) Cross-border compliance issues shall be re-numbered as the new Section § X180.6.

9.    Section § X180.9 (2008 - X170.9) Outsourcing of compliance risk assessment and testing shall be renumbered as the new Section § X180.7 and shall be amended as follows:

Section § X180.7 (2008 - X170.9) Outsourcing of compliance risk assessment and testing. The review, assessment and testing of the compliance program may be outsourced to qualified P parties. The handling and management of this outsourcing arrangement shall be governed by Section X162 of the MORB.

10.    All provisions of this Circular shall be complied with on or before 01 July 2012.


- https://www.affordablecebu.com/