Compliance Officers

Contents
Preview
About this topic
Topic objectives
Compliance Officer
Background
Functions
Role of the Compliance Officer in Relation to the Rules an Regulations of the Regulators
Role of the Compliance Officer in Relation to Money Laundering & Terrorism Financing
Complaints from Clients
Compliance Independence
The Compliance Officer’s Relationship with the Firm and Regulators
Compliance reporting
Answers to Self-assessment
Exercises

Preview
About this topic
In this topic, we consider the functions of Compliance Officers within a firm. We first discuss the responsibilities of the Compliance Officer in relation to providing compliance advice, monitoring compliance and compliance training. We then discuss the role of the Compliance Officer in relation to complying with rules and regulations of the regulators, their role in relation to Anti-Money Laundering & Terrorism Financing and dealing with complaints from clients. We will also look into the need
for Compliance Officers to be an independent function within the firm and the Compliance Officer’s relationship with the firm and regulators. We conclude with a brief discussion of the reporting requirements to be complied by Compliance Officers.

Topic Objectives
At the end of this topic, you should be able to:
(a) to explain the responsibilities of the Compliance Officer in relation to providing compliance advice, monitoring compliance and compliance training
(b) to describe the role of a Compliance Officer in relation to the rules and regulations of the regulators, Anti-Money Laundering & Terrorism Financing and the Compliance Officer’s role in dealing with complaints from clients
(c) to explain the importance of an independent compliance function within a firm
(d) describe the relationship between Compliance Officers and the key
stakeholders i.e. the firm and regulators
(e) explain the requirements in relation to compliance reporting by Compliance Officers

Compliance Officer
Background
In order to build and maintain an effective compliance programme and a strong compliance culture, firms appoint individuals who provide compliance services. These individuals are called “Compliance Officers”.
In the Malaysian capital market, the appointment of Compliance Officers by firms is mandated via various rules and regulations of the Securities Commission Malaysia and/or exchanges which are intended to ensure investor protection and market integrity. Failure to appoint a Compliance Officer is a breach of the rules and regulations. See Rules of Bursa Malaysia Securities Berhad, Rules of Bursa Malaysia Derivatives Berhad and the Securities Commission Malaysia’s (SC) Guidelines on Compliance Function for Fund Management Companies on the requirement to appoint Head of Compliance/Compliance Officers.
The basic responsibility of Compliance Officers is to secure effective controls and an active segregation of duties between trading and operational functions within the firm.
Since the need to appoint a Compliance Officer is a regulatory requirement, the SC has imposed qualifications for a person to be registered as a Compliance Officer. The regulators set minimum standards in terms of academic qualifications, work experience and examination requirements.
Refer to the SC’s Licensing Handbook for the minimum qualification, work experience and examination requirements imposed by the SC before a person can be eligible to be registered as a Head of Compliance/Compliance Officer.
Other than the prescribed qualifications set out by the SC, a person must have the relevant knowledge in order to understand the business areas that will be monitored;
must be professionally competent in assessing industry rules that apply to the firm’s business and be able to interpret them in a practical way; must have good interpersonal and communication skills so as to be able to work closely with colleagues within the organisation and with the regulators; must be able to apply knowledge and experience in the industry so as to maintain credibility with management; and must maintain independence.
The Compliance Officer can be seen as a “conduit” through which a firm achieves the objectives of compliance while providing an independent check and balance on the firm’s trading activities and acting as a deterrent against any wrongdoing by market participants. Therefore the Compliance Officer must be independent of both back and front office areas of a firm to avoid any conflict of interest, and must not have any sales or operational function. The Compliance Officer’s role must relate solely to compliance work.
It is important too, that the Compliance Officer has an appropriate budget within which to work to first build a proper compliance programme, and then to ensure its on-going operation. While the costs of compliance have a tendency to increase, it is usually the case that the cost of non-compliance increases at a faster rate!
Compliance costs can be regarded as an insurance premium. The cost of not complying could extend to closure of the business by the SC or result in litigation or threatened litigation by clients. In addition, non-compliance can include financial penalties and imprisonment for those involved.
It is also important that the Compliance Officer has unlimited access to all information and records which relate to the firm’s business activities. This would include exception reports and customer complaints which can provide warning signals of possible questionable conduct. It is also important that the Compliance Officer has the authorisation to speak to any staff of the firm about any conduct, business practice, ethical matter or other issue relevant to discharging his/her duties.


Functions
It is the Compliance Officer’s responsibility to understand and to keep abreast of changes to the regulations; to oversee the implementation of the compliance programme throughout the firm; to monitor the extent to which regulations and required procedures are being adhered to and are working; to keep management informed of the level of compliance being achieved within the business and to act as a point of contact for and to report issues to the Board of Directors and the regulator.
The Compliance Officer has the responsibility to review and propose appropriate action to secure the firm’s compliance with statutory regulations, internal policies,
guidelines and rules of the exchange. The Compliance Officer must have authority tocarry out supervisory responsibilities, as well as be senior enough to act independently to effect decisions. Coordination with the Internal Audit department of the firm is recommended. The Compliance Officer must report all matters relating to non–compliance to the Board of Directors. The role of a Compliance Officer needs to be both interactive and proactive.
It is the duty of the Compliance Officer to highlight matters, breaches and recommended actions to the Board of Directors. Failure to act upon the report of the Compliance Officer shall be deemed a failure to act on the part of the Board of Directors. Where a firm is a Participating Organisation or Trading Participant of the exchange, a copy of the report submitted to the Board of Directors must also be submitted to the relevant exchanges and where relevant, the SC. Fund management companies on the other hand must report any breaches of Securities Laws to the SC.
Failure to report to the Board of Directors, the relevant exchanges and/or the SC shall be deemed as the Compliance Officer’s failure to perform his/her duties.
It is also the duty of the Compliance Officer to highlight compliance matters and breaches and recommended actions to the relevant management/heads of department so that appropriate and timely actions could be taken.
The functions of the Compliance Officer are as follows:
Providing Compliance Advice

Providing compliance advice is perhaps the most critical role of the Compliance Officer.
When a firm has access to good compliance advice it would be able to avoid
regulatory problems. These regulatory problems could cost the firm millions of Ringgit in terms of fines imposed by regulators as well as possible loss of reputation. As the popular saying goes “Prevention is better than cure”.
To get the best in compliance advice, measures that may be practised by the firm include:
(a) Appointing a sufficiently senior person as the Compliance Officer of the firm. The Compliance Officer must be independent and have access to the highest level of management.
(b) Having written procedures in place and approved by the Board of
Directors where for certain critical and or sensitive transactions or business, advice from the Compliance Officer is mandatory to be obtained by the firm before such transactions or business can be carried out. Examples of areas which the Compliance Officer should be consulted on are opening of accounts by high risk clients, new business opportunities which the firm intends to explore or any unusual transactions or business structures.
(a) Fostering a compliance culture where its employees, especially the management, on their own volition, approach the Compliance Officer when in doubt on the compliance aspect of a transaction or business. The best way to foster such a culture is leadership by example where top level management of the firm should be the ones most frequently seeking compliance advice.
On the part of the Compliance Officer, in order to give effective compliance advice, he/she should have:
A good understanding of the rules and regulations that apply to the firm’s business.
A good understanding of the business activities of the firm.
Effective interpersonal and communication skills. The Compliance Officer must be able to communicate, explain and educate the firm, including the
management, on the development of the industry; its products; laws; rules and regulations.
A good sense of ethics, i.e. knowing what is “right” and “wrong”.
Note that these qualities take time to fully develop. Therefore, a junior Compliance Officer should be pro-active in developing these qualities by attending on-the-job training, formal training courses as well as self-learning.
In providing compliance advice, a Compliance Officer must not be afraid to say “No” to the firm if the situation warrants it. However, when saying “No”, a Compliance Officer will always provide alternatives which are in line with regulations and which are ethically right.
As a good practice, a Compliance Officer should maintain a record of compliance advice given to the firm appropriately filed or archived. Nowadays, these records tend to be kept in the form of emails by the Compliance Officer. Even if a compliance advice is given verbally, it is highly advisable that an email reconfirmation is sent out by the compliance Officer. Record keeping of compliance advice is important to
demonstrate that the Compliance Officer has discharged his/her function effectively.

Compliance Monitoring
The second key role of the Compliance Officer is to monitor the firm’s activities to ensure that these activities are in line with applicable rules and regulations. The monitoring activity is perhaps the most popular conception of what a Compliance Officer does in his/her daily activities. However, monitoring is only one of the roles of the Compliance Officer, albeit, a vital one which a Compliance Officer must perform.

On-going monitoring is important for a firm as:
(a) It provides continuous assessment of the efficacy of the compliance programme and a check that the compliance programme has been implemented and is being adhered to.
(b) It provides early detection of potential breaches of rules and regulations. Note that there is a tendency for a breach to become worse the longer it remains un-remedied. A default of a few hundred Ringgit in one day could potentially become millions in a few months’ time. Early detection by the Compliance Officer could save the firm from incurring further and potentially much larger losses. Imagine if the breaches committed by rogue trader Nick Leeson were detected early, Barings might not have collapsed then!
(b) In case of a regulatory breach, there is a regulatory requirement to self-report breaches to the regulators. Monitoring, therefore, provides detection of such breaches which will lead to self-reporting.
(c) It acts as a deterrent against non-compliant behaviour. A potential offender will only be deterred from committing an offence if he/she knows that there is a risk that he/she would be found out. Effective monitoring by a Compliance Officer serves this “deterrent role”.
(d) It ensures that the compliance programme evolves with changes in the
regulatory environment.
As an example, monitoring of activities can be carried out periodically, varying from daily to monthly, depending on the nature of the activity to be monitored in each of the departments. Trading activities may need daily monitoring to detect unusual activities or market manipulation. Financial statements may require daily, weekly or monthly monitoring to ensure that there is adequate capital to support the risk exposure of the firm. Perpetual review of the CMSRL holder and the activities in the trading room or on the trading floor are also necessary to avoid dealings by unlicensed persons or by representatives with expired CMSRL.

Compliance Monitoring Programme
It may not be possible for a Compliance Officer to monitor all of the firm’s activities at the same time. A Compliance Officer should therefore formulate compliance monitoring programme so as to enable him/her to undertake the monitoring role in the most effective manner.
The following are the recommended steps for the introduction of a compliance monitoring programme:

(a) Identify the main compliance risk areas that would require monitoring. In considering the main risk areas, the Compliance Officer should be well versed in the business activities of the firm. The Compliance Officer should also take into account future business trends and current regulatory issues. Note that some regulators, in particular the exchanges, have made it mandatory that certain areas must be regularly monitored. These mandatory items can be found in the business rules of the relevant exchanges.
(b) Determine the objective of the monitoring programme; for example, the
objective of a monitoring programme may be to detect possible front running activities or to ensure that all employees conducting a particular regulated activity are appropriately licensed.
(c) Formulate the appropriate monitoring method to achieve the objective of the monitoring programme. In determining the appropriate method, questions that Compliance Officers may address include: What are the relevant documents? How can/does the Compliance Officer obtain these documents? How many samples are adequate?
(d) Determine the monitoring cycle, e.g. monthly, quarterly, annually.
(e) Consider the availability of resources (manpower, time, etc.) when determining the appropriate monitoring method and monitoring cycle.
(f) Put the monitoring programme in writing.
(g) Discuss the monitoring programme with the head of the business department affected by the monitoring programme. Consider the head of the business department’s feedback, and if necessary, amend the monitoring programme.
(h) Table the compliance monitoring programme to the management and/or Board of Directors for approval.
(i) Implement the compliance monitoring programme.
(j) Regularly review the compliance monitoring programme to ensure relevance and effectiveness — at least once a year. If necessary, introduce new monitoring programmes and remove some of the older programmes which are no longer relevant and applicable. Mandatory monitoring areas determined by the regulators, however, should not be removed.
Any adverse findings found during compliance monitoring should be escalated to the relevant supervisor and management of the firm. Where the finding involves a breach of regulations, reporting to the Board of Directors and regulators is also necessary.
During the next monitoring cycle, the Compliance Officer should review whether remedial actions taken (if any) have been adequate.
Similar to the case of compliance advice, the Compliance Officer should maintain proper records of monitoring activities that were conducted and ensure that these are appropriately filed or archived. Records on the monitoring activities should include the following:
(a) Samples taken;
(b) Monitoring findings; and
(c) Action taken, if any.
Firms may also implement an automated monitoring system as part of the compliance monitoring programme to assist the Compliance Officer in conducting the monitoring work. Monitoring of areas such as dealing in securities or derivatives may be more effective if conducted using an automated monitoring system. A computer system could obtain and analyse a much larger sample. The automated monitoring system will issue alerts to the Compliance Officer, who would thereafter review the alerts generated and decide whether the issue should be closed or requires further investigation. The Compliance Officer should maintain proper records of any closure of an alert or investigation carried out arising from an alert.

Compliance Training
Compliance requires continuous training and development relating to the authority and responsibilities of an individual in relation to the firm and in relation to the development of the capital market including products, rules and regulations. The purpose of compliance training is to educate staff of the firm on their regulatory obligations so they can discharge their duties in a regulatory-compliant manner. There is a common misperception that staff training, including compliance training, is purely a human resource function. Compliance training is too important to be conducted and managed by the Human Resources department alone. Compliance training supports an effective compliance programme and helps shape a strong compliance culture in the firm. The Compliance Officer, therefore, should assist in the formulation and delivery of compliance training in the firm and not leave the responsibility to conduct such training purely to other departments such as Human Resources.
Nevertheless, it has to be remembered that the role of the Compliance Officer and his/her staff is to organise and assist others in ensuring compliance occurs, not to comply for the firm!

Compliance training can be divided into two types:
Compliance training for new staff
This is an introductory training which should be made mandatory for all new staff of the firm. The training should cover critical compliance areas like licensing obligations, money laundering and duties of confidentiality. The staff should be briefed on the firm’s and their own compliance obligations. Ideally, this training should be conducted face-to-face by the Compliance Officer to enable the new staff to get to know the Compliance Officer. Early compliance training helps create an impression on the new staff that the firm is serious about compliance and supports the sustainment of a compliance culture.
Continuing compliance training for existing staff Compliance training programmes should be conducted on a regular basis, e.g. once a year, in order to ensure that staff are kept up to date with the latest
developments and are reminded of their responsibilities. Continuing training could cover specific new topics of interest on compliance.
For example, if there is a new or amended legislation affecting the securities, derivatives or fund management industry, the Compliance Officer should organise a training session to brief the staff on the impact of the new or amended legislation to the firm.On the other hand, the training could also be refresher courses on high-risk compliance areas such as anti-money laundering.
Continuing compliance training can also focus on certain segments of staff, e.g. management, licensed representatives, back-office staff, etc.

To provide effective training, the Compliance Officer must research the topic of the training thoroughly. It would also be useful for the Compliance Officer to improve his presentation and public speaking skills in order to provide more effective training.
Whilst it is recommended for the Compliance Officer to personally conduct training, this may not be necessary for all trainings. Some training may be better conducted by the firm’s training unit or by external training providers or even by a personnel from the management of the firm. Some compliance training may also be computer-based as opposed to face-to-face. What is important is that the Compliance Officer is the person behind the provision of effective compliance training in the firm.
The Compliance Officer should maintain proper records of all compliance training conducted, including attendance list, and ensure that these are appropriately filed or archived.
Roles of the Compliance Officer in Relation to the Rules and Regulations of the Regulators Since appointing a Compliance Officer is a regulatory requirement, the regulators have also imposed specific duties on Compliance Officers. These duties can be found in various rules and regulations.
In general, the regulators require that the Compliance Officer:
(a) Performs a supervision role in certain areas such as new account opening, employee trading and complaints. The Compliance Officer should implement specific monitoring programmes in these areas.
(b) Reports the occurrence of certain events such as a breach of the law and capital requirements as well as regular reporting to the Board of Directors/regulators.
Failure to carry out these functions could be viewed as a breach of rules and regulations. A Compliance Officer is advised to be intimately familiar with the regulatory requirements concerning his functions.
Refer to the Rules of Bursa Malaysia Securities Berhad, Bursa Malaysia Securities Berhad’s Participating Organisations’ Directives and Guidance, Rules of Bursa Malaysia Derivatives Berhad and the SC’s Guidelines on Compliance Function for Fund Management Companies for the general responsibilities of Compliance Officers.
The Roles of Compliance Officer in Relation to Money Laundering & Terrorism Financing The Financial Action Task Force (FATF) was established in 1989 to examine and recommend measures to counter money laundering. In April 1990, the FATF had issued a report containing 40 Recommendations setting out the framework for anti-money laundering efforts which was designed for universal application. In October 2001, the FATF expanded its scope of work to cover matters relating to terrorist financing and issued the Eight Special Recommendations to address issues on terrorist financing. The FATF had conducted a thorough review of its standards and published a revised FATF Recommendations in February 2012. See www.fatf-qafi.orq for more information on money laundering.
In light of the work of the FATE and other international organisations, the International Organization of Securities Commissions (IOSCO) had in October 2002, established a task force to study existing securities regulatory regimes and develop principles relating to the identification of customers and beneficial owners.10SCO subsequently issued the paper, Principles on Client Identification and Beneficial Ownership for the Securities Industry as a guide for securities regulators and regulated firms in the capital market, in implementing requirements relating to customer due diligence in May 2004.
In Malaysia, those licensed under the Capital Markets & Services Act 2007 to carry out the regulated activity of dealing in securities, dealing in derivatives and fund management must comply with the SC’s Guidelines on Prevention of Money Laundering & Terrorism Financing for Capital Market Intermediaries (Guidelines). The Guidelines seek to provide guidance to firms and licensed persons to comply with the provisions of the Anti-Money Laundering and Anti-Terrorism Financing Act 2001 (Act).
In principal, money laundering is a process intended to conceal the benefits derived from unlawful activities which are related, directly or indirectly, to any serious offence so that they appear to have originated from a legitimate source. The Act defines money laundering as the act of a person who:
(a) engages, directly or indirectly, in a transaction that involves proceeds of an unlawful activity;
(b) acquires, receives, possesses, disguises, transfers, converts, exchanges, carries, disposes, uses, removes from or brings into Malaysia proceeds of any unlawful activity; or
(c) conceals, disguises or impedes the establishment of the true nature, origin, location, movement, disposition, title of, rights with respect to, or ownership of, proceeds of an unlawful activity;
where as may be inferred from objective factual circumstances, the person knows or has reason to believe, that the property is proceeds from any unlawful activity;

or in respect of the conduct of a natural person, the person without reasonable excuse fails to take reasonable steps to ascertain whether or not the property is proceeds from any unlawful activity.
Terrorism financing, on the other hand, generally refer to carrying out transactions involving funds that may or may not be owned by terrorists, or that have been, or are intended to be, used to assist the commission of terrorism. The Act defines terrorism financing offences as any offence under section 130N, 1300 or 130Q of the Penal Code. Financing of terrorism includes:

(a) roviding or collecting property for carrying out an act of terrorism;
(b) providing services for terrorism purposes;
(c ) arranging for retention or control of terrorist property; or
(d) dealing with terrorist property.
The process of money laundering comprises three stages:
(i) Placement: the physical disposal of benefits of unlawful activities by introducing illegal funds (generally in the form of cash) into the financial system;
(ii) Layering: the separation of benefits of unlawful activities from their source by creating layers of financial transactions designed to disguise the audit trail; and
(iii) Integration: the provision of apparent legitimacy to benefits of unlawful activities. If the layering process succeeds, integration schemes place the laundered funds back into the economy so that they re-enter the financial system appearing to be legitimate business funds.
Illegal funds laundered through the capital market sector may be generated by unlawful activities both from within and outside the sector. For illegal funds generated outside the sector, securities and derivatives transactions are used as the mechanism for concealing or obscuring the source of these funds.
The firm’s Board of Directors should be fully committed to establish appropriate policies and procedures for the prevention of money laundering and terrorist financing and ensuring their effectiveness and compliance with all legal and regulatory requirements. In seeking to comply with the above, firms should ensure the following:
Compliance with laws — Firms shall ensure that:
Laws and regulations are adhered to;
Business conducted conforms with high ethical standards; and
Service is not provided where there is good reason to suppose that such transactions are associated with money laundering activities.
Cooperation with law enforcement agencies — Firms shall cooperate fully with law enforcement agencies. This includes taking appropriate measures such as timely disclosure of information by the firm to the Financial Intelligence Unit (FIU) of Bank Negara Malaysia and relevant law enforcement agencies.
Policies, procedures and training — Firms shall:
Issue and adopt policies and procedures consistent with the principles set out under the Act and ensure that its staff are informed and fully understand such policies and procedures;
Provide adequate training to its staff on matters provided for under the Act;
Promote adherence to the principles set out under the Act; and
Approve and implement specific policies and procedures for customer identification, retention of financial transaction documents and reporting
of suspicious transactions.
Know Your Customer (KYC) — Firms shall obtain satisfactory evidence of the
customer’s identity, and have effective procedures for verifying the bona fides of customers. Every customer should be vetted on an initial basis and monitored on an on-going basis to ensure that the customer’s identity is known and continues to be known by the firm. In this manner, the firm can protect itself from intentionally or inadvertently dealing with criminals and terrorists or organisations.
It is crucial, therefore, that no transactions are carried out on behalf of a customer unless the customer has passed the initial KYC vetting process.
The Guidelines require firms to take the necessary steps to prevent money laundering and report transactions to the FIU if they appear to be suspicious. As a general principle, a suspicious transaction may be a transaction which causes a firm or its staff to have a feeling of apprehension or mistrust about the transaction considering:
(a) the nature of, or unusual circumstances, surrounding the transaction;
(b) the known business background of the person conducting the transaction;
(c) the production of seemingly false identification in connection with any
transaction, the use of aliases and a variety of similar but different addresses;

(d) the behaviour of the person or persons conducting the transactions (e.g. unusual nervousness); and

(e) the person or group of persons with whom the firm or its staff are dealing.

See the Guidelines for examples of suspicious transactions.

Roles of the Compliance Officer in Combating Money Laundering & Terrorism
Financing The Compliance Officer can assist in the formulation of policies and procedures on dealing with money laundering and terrorism financing. The Compliance Officer should ensure that the firm has in place a robust KYC policy and procedure. They are also expected to inform and update the Board of Directors and management of on-going compliance with anti-money laundering and counter of terrorism financing by the firm.

The Compliance Officer should monitor the activities of the firm to detect suspicious activities and make the necessary reporting to the FIU when such activity is detected.
The methods which the Compliance Officer may adopt to detect suspicious activities is by reviewing the KYC exception reports, monitoring the firms’ transactions (via manual or automatic monitoring) or investigating escalation of or whistle blowing on suspicious activities by staff of the firm.

Complaints from Clients
The capital market industry is an industry which deals with other people’s money.
Thus, complaints from clients are expected if a client is not satisfied with the services rendered by capital market intermediaries. Firms, therefore, should establish policies and procedures on handling clients’ complaints. The Compliance Officer could assist in the formulation of such policies and procedures if none exists or assist in enhancing the existing policies and procedures. The Compliance Officer should also review client complaints on a regular basis to ensure that complaints are dealt with promptly and properly escalated to the relevant parties. Client complaints can also be an indicator for potential breach of the firm’s policies, securities laws and/or regulations.
Complaints that can lead to potential breach should therefore be thoroughly investigated by the Compliance Officer.


Compliance Independence
In order for a Compliance Officer to effectively discharge his or her functions, the Compliance Officer function must be independent within the firm. Therefore, the Compliance Officer must have a direct line of reporting up to the highest level of the firm, e.g. the Board of Directors.
The Compliance Officer’s Relationship with the Firm and Regulators
Relationship with the firm
As discussed earlier, the function of a Compliance Officer within a firm includes providing compliance advice to staff, monitoring the firm’s compliance with the relevant rules and regulations and where relevant, assisting in the formulation and conduct of compliance training to ensure high standards of conduct and the preservation of the firm’s reputation.
Compliance often takes a longer term view of the impact of certain actions on the firm. From a compliance perspective, some actions which may be profitable to the firm in the short term may have a negative impact in the long term.
Notwithstanding the above, staff would still appreciate timely, accurate and complete feedback/advice from Compliance Officers. It is important for the Compliance Officer to constantly review his/her performance to ensure that he/she has performed his/her functions accordingly. To do this, a Compliance Officer should not work in silo. He/she must frequently engage with other departments within the firm to seek ways to improve his performance. The Compliance Officer must also be seen as people-friendly and approachable to staff of the firm.
Relationship with the regulators
Due to the independence of his/her function, the Compliance Officer is the most suitable person in the firm to be the liaison officer between the firm and the regulators. Hence, it is important for the Compliance Officer to establish good ties with the regulators. To achieve this end, the Compliance Officer must approach the regulators in an open, clear and co-operative manner in accordance with the regulators’ requirements and expectations.

Compliance reporting
A Compliance Officer should regularly escalate compliance concerns and recommended  actions to the relevant supervisor or management of the firm so that appropriate and timely actions could be taken.
The Compliance Officer is expected to regularly report to the firm’s Board of Directors. Reporting should cover, among others, compliance activity undertaken during a certain period, e.g. during the month or quarter, the activities conducted to assist departments within the  firm to comply with the relevant rules and regulations and any non-compliant activity detected.
Refer to the Rules of Bursa Malaysia Securities Berhad, Rules of Bursa Malaysia Derivatives Berhad and the SC’s Guidelines on Compliance  Function for  Fund Management Companies  for requirements in relation to reporting by Compliance Officers.


Self-assessment
Exercise 1
1. The following are TRUE of the responsibilities of a Compliance Officer, EXCEPT:
A.  Maintaining a record of all compliance advice given to the firm
B.  Assisting in the formulation and delivery of compliance training in the firm
C.  Evaluating risk and monitoring the effectiveness of the firm’s internal controls
D.  Monitoring the firm’s activities to ensure activities are in compliance with applicable rules and regulations

2.  Which of the following statements ACCURATELY describes the importance of compliance  monitoring to a firm?
I. It provides oversight on the firm’s financial reporting process
II. It provides continuous assessment of the efficacy of the firm’s compliance programme
III. It ensures that the firm’s compliance programme evolves with changes in the regulatory environment
IV. It ensures that the firm’s financial and accounting system represents a true and fair view of its financial position

A.  I and IV only
B.  II and III only
C.  II, III and IV only
D.  All of the above

Policies, procedures and training — Firms shall:
Issue and adopt policies and procedures consistent with the principles set out under the Act and ensure that its staff are informed and fully understand such policies and procedures;
Provide adequate training to its staff on matters provided for  under the Act;
Promote adherence  to the  principles set out under the Act; and
Approve  and  implement specific policies and procedures for customer  identification, retention of financial transaction documents  and reporting of suspicious transactions.
Know  Your Customer (KYC)  — Firms shall obtain satisfactory evidence of the customer’s identity, and have effective procedures for verifying the bona  fides of customers. Every customer should be vetted on an initial   basis and monitored on an  on-going basis to ensure that the customer’s identity is known and continues to be   known by the firm. In this manner, the firm can protect itself from intentionally or inadvertently dealing with criminals and terrorists or organisations.
It is crucial, therefore, that no transactions are carried out on behalf of a customer unless the  customer has passed the initial KYC vetting process.
The capital market industry is an industry which deals with other people’s money. Thus, complaints from clients are expected if a client is not satisfied with the services rendered by capital market intermediaries. Firms, therefore, should establish policies and procedures on handling clients’ complaints.
In order for a Compliance Officer to effectively discharge his or her functions, the Compliance Officer function must be independent within the firm.
The function of a Compliance Officer within a firm includes providing compliance advice to staff, monitoring the firm’s compliance with the relevant rules and regulations and where relevant, assisting in the formulation and conduct of compliance training to ensure high standards of conduct and the preservation of the firm’s reputation.
Due to the independence of his/her function, the Compliance Officer is the most suitable person in the firm to be the liaison officer between the firm and the regulators. Hence, it is important for the Compliance Officer to establish good ties with the regulators.
A Compliance Officer should regularly escalate compliance concerns and recommended actions to the relevant supervisor or management of the firm so that appropriate and timely actions could be taken.
The Compliance Officer is expected to regularly report to the firm’s Board of Directors. Reporting should cover, among others, compliance activity undertaken during a certain period, e.g. during the month or quarter, the activities conducted to assist departments within the firm to comply with the relevant rules and regulations and any non-compliant activity detected.
It may not be possible for a Compliance Officer to monitor all of the firm’s activities at the same time. A Compliance Officer should therefore formulate a compliance monitoring programme so as to- enable him/her to undertake the monitoring role in the most effective manner.
Firms may also implement an automated monitoring system as part of the compliance Monitoring   programme to assist the Compliance Officer in conducting the  monitoring work. Monitoring of areas such as dealing in securities or derivatives may be more effective if conducted using an automated monitoring system.
Compliance requires continuous training and   development on the authority and responsibilities of an individual in relation to the firm and in relation to the development of the capital market including products, rules and regulations.
The purpose of compliance training is to educate staff of the firm on their regulatory obligations so they can discharge their duties in a regulatory-compliant manner.
In general, the regulators require that the Compliance Officer:

(a) Performs a supervision role in certain areas such as new account opening, employee trading and complaints. The Compliance Officer should implement specific monitoring programmes in these areas.
(b)  Reports the occurrence of certain events such as a breach of the law and capital requirements as well as regular reporting to the Board of Directors/reguWtors.
Failure to carry out these functions could be viewed as a breach of rules and regulations. A Compliance Officer is advised to be intimately familiar with the regulatory requirements concerning  his functions.
The firm’s Board of Directors should be fully committed to establish appropriate policies and procedures for the prevention of money laundering and terrorist financing and ensuring their effectiveness and compliance with all legal and regulatory requirements. In seeking to comply with the above, firms should ensure the following:
(a) Compliance with laws — Firms shall ensure that:
(b) Laws and regulations are adhered to;
(c) Business conducted conforms with high ethical standards; and
(d) Service is not provided where there is good reason to suppose that such transactions are associated with money laundering activities.
(e) Cooperation with law enforcement agencies — Firms shall cooperate fully with law enforcement agencies. This includes taking appropriate measures such as timely disclosure of information by the firm to the Financial Intelligence Unit (FIU) of Bank Negara Malaysia and relevant law enforcement agencies.