To achieve regulatory compliance with the national and
European supervisory authorities, all investment firms must incorporate an
effective Compliance Monitoring Program (CMP). A CMP is responsible for
monitoring the firm’s operations and a well-established Compliance Risk
Assessment (CRA) is also essential for the monitoring program to be appropriate.
With this blog post, Evdokia Pitsillidou, an instructor at the institute, wishes
to address important information about the Compliance Function organisational
requirements as outlined in CySEC Circular C553, the CMP key features along
with the common inspection areas, findings and recommendations. Further, a
complete online course is offered through the IforPE platform, titled Compliance
Monitoring Program (CMP) & Assessment in 2024.
Towards the end of this blog post, you will find
detailed information about the valuable skills and competencies acquired upon
course completion and how they contribute to ensuring the successful
implementation of a CMP.
What does the
Compliance Function do?
From a corporate
perspective, the Compliance Function is the ultimate business gatekeeper as it
shall be involved in the following areas:
- Policies
and procedures; be involved in the development of the firm’s policies and
procedures for the investment and ancillary services provision,
- Expertise
and advice; provide compliance expertise and advice about strategic decisions,
new business models and new advertising strategies,
- Organisation
modification; be active in the decision-making process of the approval of new
business lines or financial products, and the definition of staff remuneration
policies,
- Participation;
be present in the product approval process of manufacturers and distributors,
- Correspondence;
be involved in all material and non-material correspondence with CySEC and
other competent authorities.
In addition, the
Compliance Function, according to the Guidelines set out in Circular C553, shall
be established and operate in accordance within the context of the following
key organisational requirements:
- Guideline
5: Effectiveness of the
compliance function,
- Guideline
6: Skills, knowledge,
expertise and authority of the compliance function,
- Guideline
7: Permanence of the
compliance function,
- Guideline
8: Independence of the
compliance function,
- Guideline
9: Proportionality with
regard to the effectiveness of the compliance function,
- Guideline
10: Combining the compliance
function with other internal control functions,
- Guideline
11: Outsourcing of the
compliance function.
Common Inspection Areas
The implementation of
a risk-based CMP is required for the regular assessment that needs to be
established and conducted by the Compliance Function. While every function of the supervised entity is subject to inspection, significant focus of the CMP is usually targeted towards,, but not limited to the organisational structure:
- The electronic record or the CySEC
portal is up to date,
- Any personnel changes such as
appointments or replacements are notified to CySEC,
- The organisational structure itself
is functional,
- Adequate personnel training and
training policy implementation such as AML/CFT targeted training program,
- The Senior Management and Board of
Directors (BoD) perform their duties effectively,
- Implementation and effectiveness of
CRA,
- Conflicts of interest monitoring,
- Client complaints reporting,
- Internal structure of Risk
Management’s and Internal Audit’s Function is communicated to CySEC, along with
the details of any tied agents or any intention to provide cross-border
services,
- Efficacy of the compliance function
practices.
Findings and Recommendations
The findings of an effective Compliance Monitoring
Program are critical for the monitoring and management of the compliance risk
stemming from each firm’s operations. Therefore, stakeholders should
familiarise themselves with the firm’s regulatory obligations and promptly
establish or enhance the required policies and procedures based on the relevant
recommendations discussed.
What is the Compliance Monitoring Program & Assessment course and what does it include?
The Compliance
Monitoring Program & Assessment in 2024 course is designed
by SALVUS Funds and delivered by their Risk & Compliance Director, Evdokia
Pitsillidou. This course is developed for professionals holding key compliance
and managerial positions in Cyprus Investment Firms, enabling them to implement
a robust Compliance Monitoring Program.
Professionals undertaking this course will acquire the
skills and competencies necessary for enhancing their firm's CMP and Compliance
Function requirements. After this course, they can ultimately ensure
comprehension of key information regarding the organisational structure
requirements and key inspection areas of the organization.
The syllabus of the Compliance Monitoring Program
& Assessment in 2024 course includes:
- Compliance Risk
Assessment (CRA)
- Purpose & Objectives of the Compliance Risk Assessment (CRA)
- How the Compliance Risk Assessment (CRA) affects the Compliance Monitoring
Program (CMP)?
- Compliance Function
- Responsibilities
- Effectiveness, permanence & independence
- Organisational requirements
- Monitoring obligations
- Compliance Function – Q&As
- Compliance Monitoring
Program features
- Compliance Monitoring Program
- Aim & Characteristics
- Type and frequency of monitoring activities
- Tools and methodologies
- Compliance reports
- CySEC Circular C553 – Guidelines on certain aspects of the
compliance function requirements
- CySEC Circular C553
A. Compliance Function
Responsibilities
- Guideline 1: Compliance Risk Assessment
- Guideline 2: Monitoring obligations of the compliance
function (CMP)
- Guideline 3: Reporting obligations of the compliance function
- Guideline 4: Advisory and assistance obligations of the
compliance function
B. Compliance Function organisational
requirements
- Guideline 5: Effectiveness of the compliance function
- Guideline 6: Skills, knowledge, expertise and authority of
the compliance function.
- Guideline 7: Permanence of the compliance function
- Guideline 8: Independence of the compliance function
- Guideline 9: Proportionality with regard to the effectiveness
of the compliance function
- Guideline 10: Combining the compliance function with other
internal control functions
- Guideline 11: Outsourcing of the compliance function
C. Competent authority review of the
compliance function
- Guideline 12: Review of the compliance function by the
competent authorities.
- Inspection areas
& Compliance tips
- Policies & Procedures
- Organisational requirements – Inspection areas &
Methodology
- Operating conditions – Inspection areas & Methodology
- Client accounts: opening & closing
- Departmental inspection
areas & Compliance tips
- Back Office Department
- AML Department
- Accounting & Finance
- Provision of Services
- Business Development & Marketing
- Customer Support- Information Technology
- CySEC Desk-based
Reviews – Circular C441
- Common deficiencies
- Good practices
The
material of the CMP & Assessment course is provided both in PDF slides and
online video recordings, suitable for self-paced learning. Learners enrolled in
the course have the flexibility to learn wherever and whenever.
Upon
completion of the course, learners have the opportunity to evaluate their
comprehension of the covered material by answering a series of questions
reflecting the gained knowledge.
The
completion of this course counts towards the Continuous Professional
Development (CPD) annual requirements for professionals, and holders of the
CySEC Advanced and Basic certifications.
