International Conference Regulatory Compliance and Training: emerging challenges for European Financial System Hellenic Bank Association European Bank Training Network Risk-based Supervision and Compliance Function: New Challenges for Credit and Financial Institutions 5th May 2006 P. Kyriakopoulos, Director Department for the Supervision of Credit & Financial Institutions
Main points International developments that increased the importance of monitoring compliance risk Basel II and compliance risk Greek banks are adapting to best practices related to compliance s approach Conclusions 1
International developments that increased the importance of monitoring compliance risk It is apparent that the content of the definition of compliance risk, as: the risk of legal or regulatory sanctions, material financial loss or a loss to reputation a bank may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organization standards, and codes of conduct applicable to its banking activities (BCBS - April 2005)... is extended beyond reporting and corporate governance. 2
International developments that increased the importance of monitoring compliance risk New challenges have emerged and need to be addressed by both banks and supervisors: Significant changes in the banking environment: increase in the level and complexity of risks; complexity of products and services, resulting from technological innovation; low interest rates and fierce competition; ongoing cross-sectoral consolidation and hybrid products; cross-border consolidation and divergent implementation at national level. 3
International developments that increased the importance of monitoring compliance risk Supervisory authorities cannot ignore the risks, resulting from: Corporate governance issues, including the conflict of interest when banks act also as providers of investment services or in the case of transactions with closely related persons. Money laundering and terrorism financing. Transparency and customer protection. The potential negative impact on the bank s reputation from policies mainly targeted on shortterm profits. 4
Basel II and compliance risk Basel II Accord does not assign capital requirements to compliance risk. On the other hand, it requires banks to address even those risks that cannot be measured or quantified precisely, such as reputational or compliance risk. Why? Material events related to compliance could cause negative publicity damaging their reputation and public confidence to banks and their management. 5
Greek banks are adapting to best practices related to compliance Significant changes in the banking environment: Cross-border expansion, especially in the area of the SE Europe. Banks, representing 96% of the total banking system assets, have established a Compliance Unit, but many banks recently expanded the range of compliance traditional responsibilities (such as preventing Money Laundering or handling customers complaints) to a broader range of responsibilities. 6
The s s approach The new Basel Accord shifts emphasis to a more proactive and risk-sensitive approach, obliging supervisors to focus on all areas that may directly or indirectly have an impact on the risk-taking capacity of a bank. The new Governor s Act focuses on Internal Control Systems, also covering the compliance function, as presented in the BIS standards. 7
The s s approach The most important methodological issues that had to be addressed: a) Whether only large international banks should establish a Compliance Function. b) Compliance Function should be proportionate to the level and complexity of the underlying risks. c) High level principles vs prescription. d) Responsibility on a group basis. 8
The s s approach Specific minimum requirements and criteria: The bank s Board of Directors shall approve a compliance policy and assess on an annual basis the extent to which the bank is managing its compliance risk efficiently. The compliance tasks are assigned to an independent function/unit, having all the appropriate resources in technical means and staff. The function/unit shall have unhindered access to all data and information and shall report to the Senior Management and to the Board of Directors. The performance of compliance function/unit shall be monitored by the Internal Audit Unit. 9
The s s approach The Compliance Function/Unit shall, inter alia: have in charge a person experienced in banking and investment whose replacement can be requested by the BoG under certain conditions; give instructions on the adjustment of the internal procedures and the internal regulatory framework, if the current regulatory framework is amended; coordinate the work of the compliance officers of the bank s foreign branches and domestic and foreign subsidiaries; ensure that the bank complies with the regulatory framework on the prevention of ML/FT; evaluate the outsourcing arrangements. 10
The s s approach It is important for both supervised institutions and supervisory authorities to ensure that employees are continuously trained on the developments in the regulatory framework by setting up appropriate procedures and programmes. 11
Conclusions The Greek regulatory framework on internal control systems was recently amended, adopting the best international practices and equivalent provisions for the compliance, risk management and internal audit functions. Banks have to ensure the involvement of both the Board of Directors and senior management in the compliance function. 12
Conclusions Supervisory authorities should monitor the implementation of the rules and make the appropriate adjustments, benefiting from their experience. In addition, the implementation of MiFid will require an increased coordination between the HCMC and the. 13
I want to thank you for your attention and wish you a successful conference 14