Implementing a robust Compliance Monitoring Program (CMP)
about the author
- Member of the Global Institute of Internal Auditors (IIA)
- Member of the Cyprus Investment Funds Association (CIFA)
- Certified Actuarial Analyst (CAA)
- CySEC Advanced Certified Person
- CySEC certified Anti-Money Laundering Compliance Officer (AMLCO)
To achieve regulatory compliance with the national and
European supervisory authorities, all investment firms must incorporate an
effective Compliance Monitoring Program (CMP). A CMP is responsible for
monitoring the firm’s operations and a well-established Compliance Risk
Assessment (CRA) is also essential for the monitoring program to be appropriate.
With this blog post, Evdokia Pitsillidou, an instructor at the institute, wishes
to address important information about the Compliance Function organisational
requirements as outlined in CySEC Circular C553, the CMP key features along
with the common inspection areas, findings and recommendations. Further, a
complete online course is offered through the IforPE platform, titled Compliance
Monitoring Program (CMP) & Assessment in 2024.
Towards the end of this blog post, you will find
detailed information about the valuable skills and competencies acquired upon
course completion and how they contribute to ensuring the successful
implementation of a CMP.
What does the
Compliance Function do?
From a corporate perspective, the Compliance Function is the ultimate business gatekeeper as it shall be involved in the following areas:
- Policies and procedures; be involved in the development of the firm’s policies and procedures for the investment and ancillary services provision,
- Expertise and advice; provide compliance expertise and advice about strategic decisions, new business models and new advertising strategies,
- Organisation modification; be active in the decision-making process of the approval of new business lines or financial products, and the definition of staff remuneration policies,
- Participation; be present in the product approval process of manufacturers and distributors,
- Correspondence; be involved in all material and non-material correspondence with CySEC and other competent authorities.
In addition, the Compliance Function, according to the Guidelines set out in Circular C553, shall be established and operate in accordance within the context of the following key organisational requirements:
- Guideline 5: Effectiveness of the compliance function,
- Guideline 6: Skills, knowledge, expertise and authority of the compliance function,
- Guideline 7: Permanence of the compliance function,
- Guideline 8: Independence of the compliance function,
- Guideline 9: Proportionality with regard to the effectiveness of the compliance function,
- Guideline 10: Combining the compliance function with other internal control functions,
- Guideline 11: Outsourcing of the compliance function.
The implementation of a risk-based CMP is required for the regular assessment that needs to be established and conducted by the Compliance Function. While every function of the supervised entity is subject to inspection, significant focus of the CMP is usually targeted towards,, but not limited to the organisational structure:
- The electronic record or the CySEC portal is up to date,
- Any personnel changes such as appointments or replacements are notified to CySEC,
- The organisational structure itself is functional,
- Adequate personnel training and training policy implementation such as AML/CFT targeted training program,
- The Senior Management and Board of Directors (BoD) perform their duties effectively,
- Implementation and effectiveness of CRA,
- Conflicts of interest monitoring,
- Client complaints reporting,
- Internal structure of Risk Management’s and Internal Audit’s Function is communicated to CySEC, along with the details of any tied agents or any intention to provide cross-border services,
- Efficacy of the compliance function practices.
Findings and Recommendations
The findings of an effective Compliance Monitoring
Program are critical for the monitoring and management of the compliance risk
stemming from each firm’s operations. Therefore, stakeholders should
familiarise themselves with the firm’s regulatory obligations and promptly
establish or enhance the required policies and procedures based on the relevant
recommendations discussed.
The Compliance Monitoring Program & Assessment in 2024 course is designed by SALVUS Funds and delivered by their Risk & Compliance Director, Evdokia Pitsillidou. This course is developed for professionals holding key compliance and managerial positions in Cyprus Investment Firms, enabling them to implement a robust Compliance Monitoring Program.
Professionals undertaking this course will acquire the skills and competencies necessary for enhancing their firm's CMP and Compliance Function requirements. After this course, they can ultimately ensure comprehension of key information regarding the organisational structure requirements and key inspection areas of the organization.
The syllabus of the Compliance Monitoring Program
& Assessment in 2024 course includes:
- Compliance Risk
Assessment (CRA)
- Purpose & Objectives of the Compliance Risk Assessment (CRA)
- How the Compliance Risk Assessment (CRA) affects the Compliance Monitoring Program (CMP)? - Compliance Function
- Responsibilities
- Effectiveness, permanence & independence
- Organisational requirements
- Monitoring obligations
- Compliance Function – Q&As
- Compliance Monitoring Program features
- Compliance Monitoring Program
- Aim & Characteristics
- Type and frequency of monitoring activities
- Tools and methodologies
- Compliance reports
- CySEC Circular C553 – Guidelines on certain aspects of the compliance function requirements
- CySEC Circular C553
A. Compliance Function Responsibilities
- Guideline 1: Compliance Risk Assessment
- Guideline 2: Monitoring obligations of the compliance function (CMP)
- Guideline 3: Reporting obligations of the compliance function
- Guideline 4: Advisory and assistance obligations of the compliance function
B. Compliance Function organisational requirements
- Guideline 5: Effectiveness of the compliance function
- Guideline 6: Skills, knowledge, expertise and authority of the compliance function.
- Guideline 7: Permanence of the compliance function
- Guideline 8: Independence of the compliance function
- Guideline 9: Proportionality with regard to the effectiveness of the compliance function
- Guideline 10: Combining the compliance function with other internal control functions
- Guideline 11: Outsourcing of the compliance function
C. Competent authority review of the compliance function
- Guideline 12: Review of the compliance function by the competent authorities.
- Inspection areas & Compliance tips
- Policies & Procedures
- Organisational requirements – Inspection areas & Methodology
- Operating conditions – Inspection areas & Methodology
- Client accounts: opening & closing
- Departmental inspection areas & Compliance tips
- Back Office Department
- AML Department
- Accounting & Finance
- Provision of Services
- Business Development & Marketing
- Customer Support- Information Technology
- CySEC Desk-based Reviews – Circular C441
- Common deficiencies
- Good practices
The material of the CMP & Assessment course is provided both in PDF slides and online video recordings, suitable for self-paced learning. Learners enrolled in the course have the flexibility to learn wherever and whenever.
Upon
completion of the course, learners have the opportunity to evaluate their
comprehension of the covered material by answering a series of questions
reflecting the gained knowledge.
The
completion of this course counts towards the Continuous Professional
Development (CPD) annual requirements for professionals, and holders of the
CySEC Advanced and Basic certifications.
If you have any questions about Evdokia's course or any other questions related to your training requirements, please contact us; we would love to help.
Ancora Imparo
navigate
The Institute for Professional Excellence is protected under a registered European trade mark. The figurative trade mark registration number is 018854840. This trade mark is protected under the European Union's legislation.