Skip to main content
Custom print
Download Original PDF

Principle (5) Independence

No: 42005223 Date(g): 15/9/2020 | Date(h): 28/1/1442 Status: In-Force

Effective from 2020-09-15 - Sep 14 2020
To view other versions open the versions tab on the right

44-The compliance unit in the bank must be independent.
 		 
Concept of Independence for the Compliance Unit
 
45-The concept of independence in this principle refers to "the independence of the compliance unit from external interference by other operational units in performing its compliance duties or influencing them." This does not mean that the compliance unit should not work closely with other business units to facilitate compliance; rather, the working relationship should be cooperative between the compliance unit and other units, supporting the early identification and management of compliance risks. The various elements outlined below should serve as preventive measures to help ensure the effectiveness of the compliance unit. Regardless of the close working relationship between the compliance unit and other units, the method of implementing preventive measures depends to some extent on the specific responsibilities of each compliance unit employee.
 		 
Elements of the Concept of Independence
 
‎46-

The concept of independence includes four interrelated elements that must be applied as follows:

  1. The Compliance Unit Must Have an Official Status in the Bank: The compliance unit should have formal recognition within the bank.

    Leadership of the Compliance Unit: In local banks, the compliance unit should be headed by an executive at the first management level. In branches of foreign banks, the unit should be led by a senior executive at the first management level who reports directly to the head of the branch. This position should include the overall responsibility for coordinating the management of compliance risks within the bank.
     
  2. Avoiding Conflicts of Interest: The personnel of the compliance unit, particularly the head of compliance, should not be placed in a position that could lead to potential conflicts of interest between their compliance responsibilities and any other responsibilities associated with their role.
     
  3. Access and Authority: All personnel within the compliance unit should have the right and authority to access and review all relevant information, records, and files, and communicate with bank employees as necessary to perform their duties.
     
 
The Official Organizational Status of the Compliance Unit
 
47-The Compliance Unit must have an official status within the bank that grants it appropriate recognition, authority, and independence. This should be outlined in the bank's compliance policy or in an official document related to the policy. All bank employees should be informed of the document specifying this status.
 		 
Key Items of the Compliance Unit's Organizational Document
 
‎48-

The organizational document for the Compliance Unit, related to the compliance policy, must include at a minimum the following requirements:

  1. ‎ The role and responsibilities of the Compliance Unit.
  2. Procedures necessary to ensure the independence of the Compliance Unit.
     
  3. The relationship of the Compliance Unit with other risk units within the bank, and its relationship with the internal audit unit.
     
  4. The method for distributing compliance responsibilities in exceptional cases where, due to technical or specialized reasons, or where there is not a significant relationship with non-compliance risks, some compliance responsibilities may be assigned to employees in other operational units such as human resources, administrative affairs, branches, etc., and must be according to specific procedures outlining the role and authority of those units and designated officials.
     
  5. The Compliance Unit's right to access the necessary information, records, and data to perform its responsibilities, and the requirement for bank employees to cooperate in providing this information.
     
  6. The Compliance Unit's right to conduct necessary investigations by itself or through delegated external experts for potential policy violations or shortcomings in compliance policy implementation, and its authority to appoint or request external experts if needed.
     
  7. The Compliance Unit's right to freely report investigation results to senior management and, when necessary, to the board or its authorized committee.
     
  8. The official obligations of the Compliance Unit regarding reporting to senior management.
     
  9. The Compliance Unit's right to direct access to the board or its authorized committee.
 
Compliance Officer

Job Level
49-Every local bank must appoint a Chief Compliance Officer, and every branch of a foreign bank must appoint a high-ranking officer at the first managerial level who reports directly to the branch’s chief officer. This role includes the overall responsibility of coordinating the identification of non-compliance risks at the bank, advising on their management, and supervising the activities of compliance officers and staff within the compliance unit.
 		 
Job Reporting
 
‎50-The Chief Compliance Officer must be at the first managerial level within the bank and report directly to only the highest-ranking officer in the senior management of local banks (Managing Director/CEO/General Manager) or to the chief officer of the branch in the case of foreign bank branches (according to the highest job title in the branch). The Chief Compliance Officer should not hold any direct or indirect responsibilities related to banking activities. They must have the authority to report and notify the board or its delegated committee of any significant weaknesses, deficiencies, or violations without fear of negative repercussions from management, other business units, or bank employees. No actions should be taken against them when reporting.
 		 
Notification of Appointment and Changes to the Board
 
51-For local banks, the board members must be notified when there is an appointment or change (resignation, transfer to another role, retirement, termination of service, etc.) of the Chief Compliance Officer, including documentation and reasons for the change.
 		 
Central Bank's Non-Objection to Appointments and Changes
 
52-The bank must obtain a no-objection letter from the Central Bank for the appointment of the Chief Compliance Officer, in accordance with the requirements for leadership positions. The Central Bank's non-objection is also required if the Chief Compliance Officer leaves the position (resignation, transfer to another role, termination of service, etc.), with documentation and reasons for the change.
 		 
Notification to Host Country Regulatory Authorities
 
53-For banks licensed to conduct international banking activities with compliance officers from those countries, the regulatory authority in the host countries must be notified of the Chief Compliance Officer's appointment or departure if such notification is required by the host country regulations.
 		 
Reporting Structure of Compliance Unit Staff
 
54-All staff in the compliance unit must report directly to the Chief Compliance Officer, ensuring that the unit can fulfill all responsibilities independently of other business units within the bank. Compliance officers assigned to compliance tasks in other business units should have a functional reporting relationship to those units but must also have a reporting line to the Chief Compliance Officer concerning their compliance responsibilities and reports. To avoid dual reporting lines, the compliance officers' reporting path to the Chief Compliance Officer regarding non-compliance risks should be the controlling and mandatory line.
 		 
Periodic Meetings
 
55-

The Chief Compliance Officer should have the authority to hold regular meetings with senior management and heads of different business units to discuss compliance with regulations and instructions relevant to the operations and activities of each group, department, or sector. These meetings should be officially documented. It is preferable that senior management and heads of business units attend these meetings personally rather than sending representatives, as their active participation demonstrates:

  • Leadership by example.
  • Understanding of their responsibilities regarding compliance.
  • Continuous reinforcement of compliance.
  • Support for the compliance process.
 
Delegation of Responsibilities by the Chief Compliance Officer
 
56-The Chief Compliance Officer may delegate some of their authority to certain employees within the bank for performing tasks related to compliance, such as those in the Treasury Unit or the bank's overseas branches and offices. Any employee delegated these tasks will act as an assistant to the Chief Compliance Officer and will be under their authority concerning compliance risks while maintaining full independence in other banking tasks. The size of the bank and its operational capacity should be considered. Any delegation by the Chief Compliance Officer does not exempt them from responsibility; they remain accountable for all compliance-related tasks to the relevant parties.
 		 
Conflict of Interest
 
57-To ensure the independence and professionalism of the Chief Compliance Officer and the Compliance Unit staff, they should only hold responsibilities related to the Compliance Unit. For compliance officers in other business units assigned compliance oversight tasks within those units—if present—they must avoid conflicts of interest and disclose any situations that may result in a conflict of interest.
 		 
58-To maintain the independence of the Chief Compliance Officer and the Compliance Unit staff, their financial compensation should not be tied to the financial performance of the activity for which they are responsible. However, compensation may be linked to the overall financial performance of the bank. In all cases, the final approval for the compensation of the Chief Compliance Officer and the Compliance Unit staff must come from the board or its delegated committee.
 		 
Direct Access to Information and Employees
 
59-

To effectively manage compliance responsibilities as outlined in the compliance documentation and at all administrative levels within the bank where compliance risks may exist, the Compliance Unit must have the following principal rights and capabilities, without waiting for orders or instructions:

  1. The right to communicate with any employee and access any necessary information, records, and files needed to fulfill its responsibilities.
  2. The ability to carry out its responsibilities independently across all business units where compliance risks are present, including the right to investigate any potential violations of compliance policies and to seek assistance from internal specialists (e.g., legal affairs or internal audit) or engage external experts if necessary.
  3. The freedom to report any potential violations or transgressions uncovered during its investigations to senior management, without fear of retaliation or dissatisfaction from business units or other employees.
  4. Although the Compliance Unit should report administratively to the CEO/Managing Director/General Manager, it must also have the right to communicate directly with the board or its delegated committee, bypassing usual administrative reporting lines if necessary.
  5. The Chief Compliance Officer should meet with the board or its delegated committee at least once a year to help assess the board's evaluation of the bank's ability to manage compliance risks effectively.
  6. The Chief Compliance Officer must promptly and directly notify the central bank/General Directorate of Bank Supervision upon identifying strong indicators of significant or serious compliance failures or violations that impact the reputation of the banking sector and must ensure the central bank is informed.