Contents
Preview
About this topic
topic Objectives
Establishing and Monitoring Compliance
Contents
Preview
Abut this topic
Topic objectives
Developing a Comprehensive Compliance Programme
Establishment
Wit what do we need to comply?
Designing a programme
Advising
Monitoring
Training and education
Regular reporting
Communication
Code of Ethics/Conduct
Compliance Handbook
Staff Affirmation
Red Flags
Effective Compliance Infrastructure
Dealing with Conflicts of Interests
Managing Conflicts of Interests
Reporting Line and Audit Trail
Review of Compliance Programme
Appendices
AWA Limited – Case Study
Chinese Walls
NFA Self-examination Checklist
Sample of Compliance Monitoring Programme on Trading
Example of productive dealing with conflict of interest
Self-assessment/Exercises
Checklist
Preview
About this topic
The first step to be undertaken is to establish a comprehensive compliance programme within a firm which reflects the firm’s structure and business operations. This framework requires a supportive infrastructure within the firm which includes, among other things,
supervision, monitoring and management of conflict of interest. While operational manuals or checklists can provide a reasonable starting point, on its own it is not sufficient.
A compliance programme, in order to be comprehensive, also requires flexibility so as to be able to take account of changes in external regulations or weighting given to certain matters as a result of risk assessment or the efficacy with which it addresses certain matters. Once established, the requisite level of compliance needs to be carefully monitored and constantly reviewed in response to external and internal changes and pro-actively in relation to foreseeable issues.
Topic Objectives
At the end of this topic, you should be able to:
describe the regulatory environment for compliance in the Malaysian capital market
- list the matters which must be addressed and the steps to develop compliance
programme - explain the role and importance of advising, monitoring, training and
education, communication, having a code of ethics, compliance handbook,
staff affirmation and red flags to the compliance programme list the matters which need to be considered in creating an effective
compliance infrastructure describe conflict of interest and how a firm should manage conflict of interest
situations describe reporting lines and audit trails and their role in a compliance
programme explain the need for a compliance programme review.
Developing a Comprehensive Compliance Programme
Establishment
A comprehensive compliance programme must first be developed. A critical component of a compliance programme is the maintenance of a compliance manual. The compliance manual usually contains internal procedures which must be followed in regard to segregation of duties, management supervision and authorisations. The Guidelines for Compliance Officers can be used as a reference for details on the content of a compliance manual. The compliance manual sets out the guidelines which must be followed when dealing with, amongst others, clients or counterparties. However, the
existence of a compliance procedure manual does not itself demonstrate the
implementation of the procedures and that adequate supervision of employees is being conducted.
With the full support of the directors, establishing a compliance programme involves a number of steps. In a compliance programme the key steps include:
• establishing a proper understanding of the firm’s business — such as its management structure and products, and its existing compliance system
• reviewing the existing compliance system, even if it is informal or
undocumented
• conducting a legal audit to establish the legal and other requirements that apply to the business
• identifying the risks and gaps in the existing coverage of those risks, and the means by which these gaps can be narrowed and the risks realistically minimised
• producing a compliance programme or plan and determining the structure of the compliance programme
• selecting appropriate compliance tools
• implementing the compliance programme
The compliance programme should be comprehensively documented in the form of written procedures and tabled to the Board of Directors. The compliance procedures must be updated regularly to take account of regulatory changes, and any such amendments must be communicated to staff in an efficient and timely manner.
The successful implementation of a compliance programme is dependent upon every individual within a firm. It is, therefore, extremely important that the Board seeks to instil into a firm a culture of compliance. This involves a willingness to supervise all its activities and eliminate bad practices. An environment which encourages and rewards compliance is a prerequisite to the implementation of an effective compliance programme.
An interesting self-examination checklist compiled by the National Futures Association, USA can be found at www.nfa.futures.orq.
Self-assessment Exercise 1
While the existence of written procedures is mandatory, what else is required for a comprehensive compliance programme?
I. Review
II. Monitoring
III. Appropriate management structure
IV. Approval by internal audit department
A. (i) and (iii) only
B. (i), (ii) and (iii) only
C. (ii), (iii) and (iv) only
D. All of the above
1.2 With what do we need to comply?
Regulation in Malaysia is undertaken by the Securities Commission Malaysia (SC) as the sltahrtory authority, the front-line regulators (the exchange and clearing houses) and self-regulatory organisations such as the Federation of Investment Managers Malaysia (FRAM). In the context of the Malaysian capital market, there are three main sources of “rules” and these are:
(a) Securities laws — Securities and derivatives laws and regulations
(b) Rules of the exchanges and clearing houses (front-line regulators)
(c) Guidelines, policies and practice notes released by the SC, the front-line regulators and/or the self-regulatory organisations
Securities laws
Securities laws seek to ensure, in general, that:
(a) Securities and derivatives markets are approved by the regulators and that the markets are honest, fair and orderly markets capable of supervision. (Part II of the Capital Markets & Services Act 2007 (CMSA)).
(b) The Licensing framework sets out the provisions for carrying out regulated capital market activity (Division 1 of Part III of the CMSA). The Capital Markets Services Licence (CMSL) holders must meet the minimum capital requirement and other licensing requirements. The Capital Markets Services Representative’s Licence (CMSRL) holders must be competent, qualified and experienced — as provided for in the licensing requirements.
(c) Minimum standards of market behavior are met by licensed persons in the conduct of their business (Division 3 of Part III of the CMSA) and market misconduct and other unfair trading practices are avoided (Part V of the CMSA).
Rules of the exchanges and clearing houses (front-line regulators)
The following are the front-line regulators regulated by the SC:
• Bursa Malaysia Securities Berhad
• Bursa Malaysia Depository Sdn Bhd
• Bursa Malaysia Securities Clearing Sdn Bhd
• Bursa Malaysia Derivatives Berhad
• Bursa Malaysia Derivatives Clearing Berhad
Transactions on Bursa Malaysia Securities Berhad are subject to the Rules of Bursa Malaysia Securities Berhad and the Rules of Bursa Malaysia Securities Clearing Sdn Bhd, whereas transactions involving derivatives are traded in accordance with the Rules of Bursa Malaysia Derivatives Berhad and the Rules of Bursa Malaysia Derivatives Clearing Berhad.
The rules of front-line regulators form the basis of industry regulation. The rules regulate the conduct of the participants, in terms of their dealings with the exchange, clearing house, clients and other participants. They also set out the terms of the contracts traded on the exchanges.
Common to the rules of the different exchanges is that they all require participants to maintain integrity, high standards of business conduct in carrying out their activities in the markets operated by the exchanges. Amongst others, the rules focus on skills, knowledge and standards of business conduct.
Guidelines, policies and practice notes
The SC, front-line regulators and self-regulatory organisations issue guidelines and policies to give additional detail to industry participants which will assist them in understanding the regulatory requirements and to facilitate compliance with them and encourage self-regulation and sound risk management.
In Malaysia, the promotion of self-regulation within the framework of disclosure-based regulation means that participants in the capital market are to be responsible for monitoring the activities of their representatives and for establishing compliance and supervisory programmes. Government involvement in regulation is, in the long term, to be minimised.
In addition, there are industry associations which have a role to play in controlling the activities of their members. Industry associations often develop ethical statements (also known as codes of conduct) to provide a basis for guiding the behaviour of their members. They also devise more detailed rules and guidance statements for members covering specific aspects of business conduct.
Some examples of industry associations are:
• Malaysian Association of Asset Managers (MAAM)
• Malaysian Investment Banking Association (MIBA)
• Association of Stockbroking Companies Malaysia (ASCM)
• Malaysian Futures Brokers Association (MFBA)
Designing a programme
In order to design a comprehensive compliance programme, one of the most important sources of information to use as a starting point is the existing operations of the firm. The Compliance Officer must have a good understanding of the business activities of the firm. Any programme must be practical and implementable at the operational level — good operating procedures are essential.
The design of a programme could include the following steps:
(a) The setting up of a task force to plan the system. The task force should be multidisciplinary including compliance, operations, IT administration and marketing.
(b) Consideration of the most appropriate management system to implement the programme, for example, line management. This would include a high
standard of commitment from the Board which needs to flow down through
the firm, identification of matters which would impede compliance, and
decisions about what matters must be addressed by the plan (usually
undertaken by prioritising according to risk weighting). Effective management and control systems are essential for prudent business management. Management needs to be able to demonstrate that it knows and fully understands the individual as well as overall risks associated with all of the firm’s operations.
(c) Once these matters have been identified, the next step is to reach a conclusion on how each item is to be addressed. For example, written procedures which fit with the business in the form of a manual written- in plain language with step-by-step procedures on how certain tasks are to be undertaken, the standard of conduct required and also what cannot be done.
(d) Once the procedure has been finalised, it needs to be communicated to all relevant staff who need to be trained. The training should reinforce the procedures and should be readily understood, remembered and applied.
Training may also include an explanation of the costs of non-compliance and the benefits of adherence to the compliance programme to the firm.
(e) Supervision to ensure procedures are followed is crucial. Prevention is better than cure, and supervision is more immediate than monitoring which usually only identifies a problem after the event.
(f) Proper record keeping and monitoring systems are usually an integral part of a compliance plan, with regular reporting to the Compliance Department and/or the Board.
(g) Ongoing review is of the utmost importance as every firm is a developing entity. Existing programmes must be reviewed with lateral and forward thinking. They must also be tested to ensure that they are both effective in controlling exposures and limiting risks and remains relevant.
(h) Rigidity should be avoided. A compliance programme needs to be flexible so that it can be amended to take into account changes over time either within the firm, the market or the regulatory environment or be adapted due to the identification of problems with implementation.
(i) Establishing a Complaints Department is also important because it can highlight problem areas which can be then dealt with proactively.
Some of the pitfalls of setting up a compliance function are highlighted in the Compliance Guidelines for Futures Brokers.
1.4 Advising
As mentioned in the previous topic, advising on compliance matters is one of the main and most critical duties and responsibilities of a Compliance Officer. In order to do so, a Compliance Officer needs to understand all relevant regulatory requirements and interpret them in relation to the firm, i.e. take into account the firm's size and complexity. The Compliance Officer plays an important role in implementing compliance programmes. The information obtained by the Compliance Officer through monitoring the activities of the firm must allow the Compliance Officer to be aware of any problems or predict the probability for future difficulties for the firm. The Compliance Officer may use the information to advise management and the Board of Directors on the steps to be taken to ensure there are processes and procedures to safeguard the firm from future problems. In addition, the Compliance Officer may advise management and the Board of Directors on the introduction of new products. This is to ensure the products, and the activities surrounding the introduction of the products, are in line with the relevant rules and regulations. The Compliance Officer will also advise management and the Board of Directors on the steps or ways to implement compliance programmes. In doing so, the Compliance Officer will observe the operation and activities of the firm. Data collected from the activities of the firm will be analysed to ensure compliance with the regulations as well as to examine the areas in which non-compliance is at its highest risk. The Compliance Officer will then have to advise management and the Board of Directors on the appropriate steps. 1.5 Monitoring Adherence to and the effectiveness of an internal compliance programme can only be assessed by constant monitoring and review. Therefore, a compliance programme must include procedures for review and monitoring. See Compliance Guidelines for Futures Brokers, Guidelines for Compliance Officers and Guidelines on Compliance Function for Fund Management Companies. As mentioned in the previous topic, ongoing monitoring acts as a preventive measure and an early detection measure. It should take the form of periodic, audit-style compliance procedural reviews to ensure that the compliance programme has been implemented and is being adhered to, as well as daily reports to detect potential non- compliant trading activity. Every member of management needs to exercise supervision to monitor compliance within their area. The independent supervision of all activities is very important. The details of the supervisors or heads of department performing this function must be clearly identified. </code></pre></li>
Monitoring also refers to keeping up to date with proposed and potential developmentsin the regulation of industry practice. Regulation is not static and is constantly being revised or fine-tuned. The environment of regulation is evolving rapidly to keep pace with technological developments and changes in the practices and standards adopted in
the global arena. Mechanisms need to be put in place to allow for developments in this area to be monitored and addressed. Monitoring of regulation pertaining to sales practices, safeguarding of clients’ assets and bribery and corruption will be discussed below.
Monitoring programmes may differ among firms based on the type of business and the compliance risk faced by the firms. See Appendix 4 for a sample of a compliance monitoring programme on trading.
(a) Automated Monitoring
Due to the large volume and complexity of transactions, certain compliance monitoring is best done electronically. We have mentioned in the previous topic that automated monitoring systems generate alerts to Compliance Officers, who would then review the alert and decide whether the matter should be closed or investigated further.
Automated monitoring systems can be developed in-house or by outside vendors. As an example, an automated monitoring system may provide the following alerts which would enable a Compliance Officer to follow up and investigate any potential breaches of the law:
An electronic monitoring system such as this can replace the more tedious manual monitoring processes and in this manner allows the Compliance Officer to focus on his/her other compliance duties.
(b) Monitoring of Regulation
Sales Practices
The SC introduced the Guidelines on Sales Practices of Unlisted Capital Market Products (Sales Practices Guidelines) in December 2012. The Sales Practices Guidelines was introduced with a view to provide fair treatment of investors by requiring the product issuers and product distributors to have certain policies and processes embedded, to ensure investors’ rights and interests are protected. The Compliance Officer should monitor the firm’s compliance with the Sales Practices Guidelines.
The following are the areas covered by the Sales Practices Guidelines:
(i) Treating Investors Fairly
Fair treatment of investors must be made an integral component of the business conduct of product issuers and product distributors. A product issuer and a product distributor is expected to give due regard to the interests of investors in the development, marketing and sale of unlisted capital market products. See the Sales Practices Guidelines for details on the responsibilities of the product issuer and product distributors’ Board in relation to treating investors fairly.
(ii) Product Highlights Sheet
A product highlights sheet (PHS) is a disclosure document that contains clear and concise information of the salient features of the unlisted capital market product.
It seeks to facilitate an investor’s understanding of the product and also promote competition by enabling product comparisons to be undertaken by an investor.
See the Sales Practices Guidelines for details on the PHS.
(iii) Suitability Assessment
Suitability assessment is an exercise which requires firms to gather necessary information from its clients in order to form a reasonable basis for recommendations. As stipulated in the Sales Practices Guidelines, the suitability assessment exercise comprises the following stages:
Stage 1 Gathering information pertaining to an investor
Stage 2 Analysing information gathered
Stage 3 Matching a suitable product to meet an investor’s risk
profile and needs
Stage 4 Making recommendation
See the Sales Practices Guidelines for the detailed explanation of each stage of the suitability assessment.
Safeguarding Clients’ Assets
Investor confidence is a critical factor in the capital market industry. One aspect of investor confidence is investors must feel that their assets which are in the custody of the capital market intermediaries are reasonably protected from misuse or the intermediary’s insolvency. Fully aware of this expectation, regulators around the world have introduced various regulations to ensure that client assets are adequately protected.
The Capital Markets & Services Act 2007 (CMSA) contains provisions on treatment of clients’ assets, with the following basic principles:
(i) client’s assets should be segregated from the firm’s assets in order to protect these assets in the event of the firm’s insolvency;
(ii) client’s money should be deposited in a client trust account at a licensed banking institution promptly; and
(iii) client’s assets could only be used for designated purposes as stipulated in the CMSA.
Firms and individuals who contravene the provisions of the CMSA on the treatment of client’s assets have committed an offence. An example is the Oasis Asset Management Sdn Bhd (OAM). OAM had concealed receipt of funds from clients by keeping separate books that were located outside its office and repeatedly submitting declarations to the SC that it was inactive and had no funds under management. However, investigations
revealed that OAM did receive monies from Koperasi Angkatan Tentera Malaysia Berhad. A director of OAM was subsequently convicted of criminal breach of trust under section 409 of the Penal Code for misappropriating RM45 million of Koperasi Angkatan Tentera Malaysia Berhad’s funds.
Firms therefore should establish policies and processes to protect its clients’ assets and the Compliance Officer could assist in the formulation of such policy and process if none Elitists or assist in enhancing existing policy and process. In relation to monitoring, the
Compliance Officer is responsible to:
(i) ensure that clients’ assets are properly segregated from the firm’s assets;
(ii) review the firm’s record keeping to ensure that clients’ assets are clearly distinguished from the firm’s proprietary assets;
(iii) monitor and ensure that client monies are promptly deposited in a licensed financial institution or the appropriate client trust account; and
(iv) monitor and ensure that withdrawals of client money are made for authorised purposes only.
Bribery and Corruption
Bribery is the intentional offer, promise, giving or receipt of anything of value, whether or indirectly, to or from any person, for that person to act improperly or refrain from acting or to act in breach of performance of official or fiduciary duties or in breach of contractual or other obligations.
Corruption, on the other, hand involves the misuse of public office or public power for private gain by offering or promising anything of value, whether directly or indirectly, to a public official in order to obtain, retain or direct business or to secure any other improper advantage.
Bribery and corruption are serious offences in Malaysia and other jurisdictions around the world. Firms and individuals within the firm involved in bribery and corruption could face very serious criminal penalties and could suffer severe reputation damage.
In addition, bribery, corruption and money laundering are intrinsically linked. Similar to other serious crimes, corruption offences, such as bribery and theft of public funds, are generally committed for the purpose of obtaining private gain. Money laundering is the process of concealing illicit gains that were generated from criminal activity such as corruption. By successfully laundering the proceeds of a corruption offence, the illicit gains may be enjoyed without fear of being confiscated.
Thus, firms should establish a policy prohibiting bribery and corruption, and the Compliance Officer could assist in the formulation of such policy if none exists or assist in enhancing existing policy. In relation to monitoring, the Compliance Officer is responsible to:
(a) review the payment of any gifts and entertainment to or from any party on a regular basis. Gifts and business entertainment are normal in business dealings and on their own may not be illegal. However, gifts and entertainment which are lavish or of significant value can give risk of actual or perceived conflicts of interest and allegations of bribery or corruption.
(b) review any transfers or payments of anything of value to public officials. Note, however, that there is no minimum amount prescribed for bribery or corruption. Public official includes any official, officer or employee of any government, agencies and regulators, entities owned by government and government agencies and political parties.
(c) review the appointment of third party intermediaries or “middle men” to solicit business for the firm. Third party intermediaries may include consultants, agents, finders, introducers, joint-venture partners. Third party intermediaries should not be used to offer or arrange for bribes.
(d) review charitable or philanthropic or political donations to ensure that they are not used to disguise a bribery or corruption.
(e) train staff to increase awareness on the firm’s anti-bribery and corruption policy.
(f) escalate to the Board of Directors of the firm and make reports to the relevant regulators when bribery or corrupt practice is detected.
Self-Assessment Exercise 2
1. With reference to the Capital Market And Services Act 2007, a firm can make withdrawals from clients’ trust account for which of the following purpose?
I. Making payment for defraying brokerage
II. Invest on deposit at interest with a licensed banks.
III. Invest in deposit with an approved clearing house for a derivatives exchange.
IV. Making payment in accordance with the written instruction of a person entitled to the monies.
A. I and IV only
B. I and III only
C. I, II and IV only
D. All of the above
2. The following statements are TRUE of the responsibilities of a Compliance Officer in relation to preventing bribery and corruption, EXCEPT:
A. Reviewing charitable and philanthropic donations.
B. Training the staff on the firm’s anti-bribery and corruption policy
C. Assisting to formulate a policy on bribery and corruption prevention
D. Reporting to the firm’s Audit Committee of any bribery or corrupt practice
1.6 Training and Education
In order to implement a comprehensive compliance programme, a staff which are firm need to understand their roles and the part they play within the firm’s compliance culture. Each person must understand their precise responsibilities and the procedures with which they must comply. For new staff, there must be introduction or introductory training to ensure that they are equipped with the necessary capabilities to carry out the responsibilities assigned to them. Training to the existing staffs on the other hand, could cover specific new topics of interest or ‘refresher’ courses compliance. See Compliance Guidelines for Futures Brokers, Guidelines for Compliance Officers and Guidelines on Compliance Function for Fund Management Companies.
Training should therefore encompass the following areas:
(a) regulatory framework within which the firm operates.
(b) regulation or anti-money laundering and terrorism financing.
(c) standard of compliance in the day-to-day operations of the firm;
(d) required standards of business conduct;
(e) compliance systems and procedures which are in place;
(f) methods of supervision and the persons responsible;
(g) regular meetings between supervisors and staff on compliance issues whether existing or prospective;
(h) methods for the quick and effective resolution of compliance problems; and
(i) disciplinary measures for non-compliance.
Once training has taken place, there is a need for retraining as operational or regulatory matters change or to ensure that the compliance standard is maintained.
1.7 Regular reporting
As part of the control function, the Compliance Officer should regularly report to the Board of Directors. Regular reporting would cover compliance activity undertaken during the period, activity to assist departments or units in complying, and any non-compliant activity detected.
The minimum content of a compliance report was discussed in the previous topic and is also mentioned in the Compliance Guidelines for Futures Brokers. See also Guidelines for Compliance Officers, Guidelines on Compliance Function for Fund Management Companies and Guidelines on Unit Trust Funds.
1.8 Communication
Within the compliance infrastructure, there must be good communication. The internal workings of any organisation consist of various departments and units. Every individual within a firm must have a clear picture of the operation of each of these units and departments and a broad understanding of the rules and regulations with which each of them should comply. There must be clearly delineated lines of communication between units and departments and between the departments and the Compliance Officer.
There must exist, a strong communication between the Compliance Officer and the Board of Directors. The Board of Directors must be informed and advised on contemporary issues in the regulations. On the other hand, Compliance Officers must be able to communicate with middle management and front liners to educate them on the underlying principles of certain rules and regulations.
1.9 Code of Ethics/Conduct
The term Code of Ethics/Conduct (“Code”) here refers to a firm’s internal policy document and not a code issued by regulators or industry association.
A Code is a high-level document that sets out the firm’s aspirations and expectations on the behaviour standards of all members of the firm. The Code is a firm’s guiding
document and sets the tone from the top. The Code therefore should be issued by the
Management (and not the Compliance department) and approved by the firm’s Board
of Directors. Full support and commitment from Management is critical for the Code to
be successful.
A Compliance Officer, nevertheless, may be involved in assisting the Management in
drafting the Code.
Extract of Suggested Guidelines for Writing a Code of Ethics/Conduct a publication the
Corporate Governance Services of Deloitte & Touche LLP, Deloitte Consulting LLP, and
Deloitte Financial Advisory Services LLP:
Writing a Code of Ethics/Conduct
Companies that follow both the letter and the spirit of the law by taking a “value-
based” approach to ethics and compliance may have a distinct advantage in the
marketplace. Give the average employee a legalistic “thou shall not….” Code and a
negative response is almost guaranteed. Give employees a document that states clearly
and concisely the company’s expectations, outlines acceptable behaviors, and presents
viable options for asking questions and voicing concerns and the likelihood is much
greater that they will meet those expectations and exhibit the desired behaviors. Make
the contents of the code equally applicable to everyone in the organization—at all
levels—and you have a key ingredient for a code that becomes cultural, with all of the
benefits.
Code Basics
There is no standard wording for a code of ethics/conduct. Each organization should
develop one to suit the needs of its personnel in defining expected behaviors and in
addressing the risks, challenges, and customs in the countries in which it operates, as
well as to fit their specific industry and situation. However, there are some basic points
to keep in mind when creating or modifying a code.
- The code language should be simple, concise, and readily understood by all
employees - The code should not be legalistic—written as “thou shall not”—but
rather state expected behaviors. - The code should apply to all employees and be global in scope. If the code
addresses financial risk and applies to all personnel, there may be no need for a
separate financial code of ethics. - The code should be written, reviewed, and edited by a multidisciplinary team in
order to be reasonably confident that it is consistent with other corporate
communications and policies, addresses relevant risk areas, has buy-in across
the organization, and represents the organization’s culture. Consider inclusion
of representatives from the following areas: Risk Management, Human
Resources, Communications, Office of General Counsel, Internal Audit,
Security, and relevant business units. The code should be revised and updated as appropriate to reflect business and
regulatory changes.
The elements or sections within a code can vary, but here are some standard
recommendations:
• An introductory letter from the senior leadership team or CEO that sets the
tone at the top and defines the importance of ethics and compliance to each
employee and the company.
• The company's mission statement, vision, values, and guiding principles that
reflect the company's commitment to ethics, integrity, and quality.
• An ethical decision framework to assist employees in making choices. For
example, a code might ask employees to answer some questions to guide them
in making an ethical decision about a possible course of action. The goal is for
employees to think before acting and to seek guidance when unsure. They
should be encouraged to think about this type of question in the context of an
ethical dilemma "Would you be unwilling or embarrassed to tell your family,
friends, or co-workers?"
• A listing of available resources for obtaining guidance and for good faith
reporting of suspected misconduct. For example:
- A means to report issues anonymously, such as a helpline or postal
address
- How to contact the ethics and compliance officer or office
- A definition of the reporting chain of command (e.g. supervisor,
department head, etc.)
- A listing of any internal ethics and compliance web site
• A listing of any additional ethics and compliance resources and/or the
identification of supplementary policies and procedures and their location.
Enforcement and implementation mechanisms that address the notion of
accountability and discipline for unethical behavior. For example, unethical
behavior will be subject to disciplinary action up to and including termination.
• Generic examples of what constitute acceptable and unacceptable behavior
could be included to further explain risk areas. Examples could be based on
relevant company or industry experiences.
Areas of Risk
It is important that a code cover relevant and important issues or risk areas. For
example, a manufacturing company would place greater emphasis on environmental
responsibilities than a professional services firm. Code content and depth of coverage
on a specific topic may vary by industry corporate objectives, or past corporate history,
i.e., a company operating under a corporate integrity agreement or with a history of
ethical violations or infractions. Content also may vary because of the regulatory
environment, as well as the questions and needs of intended audience, local laws,
customs, and culture.
Compliance Handbook
A Compliance Handbook (or alternatively called a Compliance Manual) is a concise
document that provides an overview of the key compliance policies and procedures
applicable in a firm. This document is distributed by the Compliance department to all
staff and copies should be made readily accessible to the staff; for example, it should be
made available on the firm’s Intranet page or in hard copies.
The Compliance Handbook should be the first point of reference for any staff wanting
to understand the firms’ and their compliance obligations. Hence it is a must-have
document for a firm wanting to establish a strong compliance culture.
It is recommended that the Compliance Handbook contain the following information:
Reference to the firm's Code of Ethics/Conduct as approved by the Board of
Directors of the firm.
Staff compliance obligations such as mandatory disclosures, training and
licensing requirements.
Summary of each key compliance policy such as conflict of interest policy and
anti-money laundering policy, and where further information on these policies
could be obtained.
Information on the role of the Compliance department.
Reminder to staff of the requirement to report any misconduct, breach of laws
and suspicious activities to the Compliance department.
Information on how staff can contact the Compliance department, such as
email address, telephone number, hotline, etc.
til Staff Affirmation
Staff affirmation is a process whereby staff is required to make certain declarations and
disclosures to the Compliance Officer.
The affirmation process reminds and educates staff on the firm’s Code of
Ethics/Conduct and compliance policies. By performing the affirmation process, staff
could not claim that they are not aware of the firm’s policies. In addition, the
affirmation process assists the firm in the management of conflicts of interests via
employees’ disclosures.
A staff affirmation process is usually undertaken by new employees upon joining the
firm and on a regular basis (e.g. once a year) for existing employees.
It is recommended that a firm’s staff affirmation process includes a requirement that
staff declares and disclose the following types of information:
That they understand and acknowledge their job functions and responsibilities;
That they have read and understood the firm's Code of Ethics/Conduct;
That they have read and understood the relevant compliance policies and
procedures applicable to them, including the Compliance Handbook;
• Personal information on fit and proper for example, disclosure of any
bankruptcy proceedings taken against the staff;
• Information on personal securities accounts and investments which are in the
staff name or which he/she controls; and
• Information on any other business activities outside the firm held by the staff
such as any outside directorships.
It is the role of the Compliance Officer to ensure that all staff complete the affirmation
process and to investigate any disclosures that may be detrimental to the interest of the
firm.
1.12 Red Flags
Red Flags are warning signals that may indicate improper behaviour and could be
caused by a breach of laws and regulations. A Compliance Officer must be aware of
and alert for any Red Flags and investigate the Red Flags to understand the reasons
behind them. In addition, the Compliance Officer should also train Management to be
aware of and be on alert for Red Flags.
Below are examples of common Red Flags in a firm:
Personnel
• Unusual or large entertainment or personal expenses;
• Staff who are reluctant to take vacations or delegate work to others;
• Persistent signs of unusual, anxious or agitated behaviour; and
• Staff who fail to adhere to information barriers or cross policies and
procedures.
Regulatory
• Awareness of an inquiry received from a regulator regarding activity in which
the firm is involved;
• Questions raised by internal auditors or external examiners in the course of
their review;
• Questions raised by the back office regarding unusual activity or matters that
cannot be resolved by back office personnel; and
• Customer complaints.
Client Activity
• Client activity that has no apparent economic benefits;
• Unexplained transactions at odds with the client’s historic trading activity or
stated objectives;
- Transactions where parties cannot be determined because of the complexity,
structure or use of special purpose vehicles; and - Transactions with compensation that appears to be hugely disproportionate
(either excessive or inadequate) to the services provided or to market norms.
Trading Activity
A trader or fund manager who exceeds credit, market or other established risk
or trading limits; Transactions that appear to have no legitimate purpose (e.g. wash sales,
sudden rapid activity over short period of time); An unusually large concentration in a specific security or products Unusually large trading or transactions; A trader/fund manager/business that is generating an unusual amount of
profit/loss; A specific transaction that results in an unusual amount of profit/loss; and
A specific error that results in an unusual amount of profit/loss.
Ctperational
A large number of errors, failed, cancelled, amendments, late trades; A recurrent pattern of failed, cancelled, amendments, late trades with the same
counter party or the same trader; A pattern of late allocations or re-allocations, either by the same counterparty
or the same trader.
following was reported by the newswire Reuters on 24th June 2011:
Nladoff trustee triples JPMorgan suit to $19 billion
NEW YORK (Reuters) – The trustee seeking money for Bernard Madoff’s victims is now
demanding $19 billion in damages from JPMorgan Chase & Co, more than tripling
what he hopes to recover from what had been the main bank for the now-imprisoned
Ponzi schemer.
The amended complaint by the trustee Irving Picard adds new charges and was filed
three days after the second-largest U.S. bank agreed to pay $153.6 million to settle U.S.
Securities and Exchange Commission fraud charges.
Picard maintained that JPMorgan was “thoroughly complicit” in Madoff’s fraud and ignored red flags. In his original complaint, made public in February, he had sought $6.4 billion, including $5.4 billion of damages and $1 billion for fraudulent transfers and claims.
"JPMorgan Chase chose to enable Madoff's fraud, not just through the various ways it
participated in its activity, but by helping to cover Madoff's naked theft with the
imprimatur of a globally recognized financial institution," the 155-page amended
complaint said.
The higher damage request reflects "life-to-date damages," or what the trustee
considers the minimum losses over the entirety of Madoff's Ponzi scheme.
Picard is also seeking at least $500 million that JPMorgan made "off the backs of
Madoff's victims," and more than $400 million of alleged fraudulent transfers.
Tasha Pelio, a JPMorgan spokeswoman, repeated in an email the bank's earlier
statement that Picard's lawsuit is meritless and distorts the facts and law.
"JPMorgan did not know about or in any way become a party to the fraud orchestrated
by Bernard Madoff," she said. "At all times, JPMorgan complied fully with all laws and
regulations governing bank accounts."
Picard has filed roughly 1,050 lawsuits seeking more than $100 billion for former
investors at Bernard L. Madoff Investment Securities LLC.
"BEFORE THEIR VERY EYES"
The amended JPMorgan complaint adds new allegations that another financial services
company around 1997 investigated nearly daily transfers of $1 million to $10 million
between Madoff's account there and his account at Chase.
It said that company questioned Madoff's employees about the suspicious back-and-
forth transfers. Having failed to be satisfied about them, they closed Madoff's account,
it said.
"JPMorgan Chase's bankers literally watched the fraud unfold before their very eyes,"
Deborah Renner, a lawyer representing Picard, said in a statement. Both are partners at
the law firm Baker & Hostetler.
The amended complaint also discusses Madoff's longtime relationship with Sterling
Equities, a private banking customer of JPMorgan founded by Fred Wilpon and Saul
Katz, owners of the New York Mets baseball team.
Picard has sued the Mets' owners for $1 billion, prompting them to enter talks to sell
part of the team to hedge fund manager David Einhorn for $200 million.
[ID:nN26247232] The owners have denied knowing Madoff was committing fraud.
In a regulatory filing last month, JPMorgan estimated that as of March 31 it might have
to pay out as much as $4.5 billion more for litigation than it had set aside for that
purpose. It also said it faced more than 10,000 legal proceedings.
Self-assessment Exercise 3
(a) Which of the following should be included in a firm’s Code of Ethics/Conduct?
(i) An ethical decision framework to assist staff in making decisions
(ii) Generic examples of what constitutes acceptable and unacceptable
behavior
(iii) Explanation on the firm’s expectations on the behaviour standards
expected of staff
(iv) Enforcement and implementation mechanism addressing accountability
and discipline for unethical behavior
(A) (iii) only
(B) (ii) and (iii) only
(C) (i), (ii) and (iv) only
(D) All of the above
(b) The staff affirmation process requires employees of the firm to declare and
disclose which of the following information to the Compliance Officer?
(i) Any outside directorship held by the employee
(ii) Employees’ client list from his previous employment
(iii) Any bankruptcy proceedings taken against the employee
(iv) Understanding of their job functions and responsibilities within the firm
(A) (i) and (iii) only
(B) (ii) and (iv) only
(C) (i), (iii) and (iv) only
(D) All of the above
2 Effective Compliance Infrastructure
The compliance programme identifies all the areas of a firm’s business which will be a
part of the compliance system — including the Board of Directors, the board’s delegate
In relation to compliance, the Compliance Officer, marketing and sales, investment,
administration, IT, etc. — and the aspects of compliance for which each area is
The compliance infrastructure must be suitable for the firm’s business and its existing
departments. It describes the relationships between the Board, the compliance
committee, the Chief Executive Officer, and those involved in the various areas of the
firm’s business identified in the compliance programme.
The organisational structure must include a hierarchy which clearly delineates the
department responsible for each business function, the levels of responsibility and
reporting structure within each department, for the heads of each department and for
the Executive Director or Chief Executive Director.
In establishing a compliance infrastructure, methods that may be used generally include:
• a presentation on the importance of compliance to obtain the Board's
commitment to the compliance programme and its implementation;
endorsement by the Chief Executive Officer of the compliance programme with
emphasis on active involvement;
• a properly documented and detailed compliance programme;
• up-to-date manuals and checklists;
• education of all directors and employees as to the importance of compliance;
• training of all directors and employees on the compliance programme;
• a system of effective monitoring of the compliance programme;
• identification and control of high risk areas;
• a legal audit;
• an effective system for monitoring and resolution of complaints;
• the incorporation of compliance checks into all operating procedures;
• a system to report compliance breaches;
• prompt changes to the system where identified breaches occur, and
appropriate disciplining of those responsible; and
• maintenance of details and complete records and statistics relating to
compliance.
The AWA case illustrates a lack of adequate checks and balances on a foreign exchange
trader, including lack of segregation of front and back-office functions, access to
accounting records, lack of "effective" dealing limits and inadequate knowledge and
experience of other foreign exchange staff and the AWA Board. Appendix 1 contains a
case study describing the details of this case.
Dealing with Conflicts of Interests
Actual or potential conflicts of interest are inherent to all firms. A firm will be acting for many clients in different capacities and may also conduct commercial activities in its own account. It is inevitable that the interests of some clients will at times conflict with the interests of other clients, or that the firm’s own interest will differ from its clients’ interests.
Actual or potential conflicts of interest may arise between:
the interest of two or more clients;
the firm’s own interests and those of a client or clients;
the interests of staff and those of a client or clients; and
the interests of staff and the firm.
Sometimes the conflict may be obvious or it may be difficult to see. At other times, the conflict is not apparent in the beginning but subsequently becomes more obvious. The following are examples of conflict of interest or potential conflict of interest situations that can occur within a firm:
When the firm is advising a public listed client on a transaction which is still not made public and the firm is trading on the client stocks on its own behalf or on behalf of other clients.
When the firm is advising a purchaser in a sale trade, and it also acts for another client who is a potential purchaser.
When the firm’s research analyst produces a report to its investing clients about a company and it is advising that company or that it is holding proprietary position on the company’s stocks.
When the firm obtains confidential information about a client’s business and later acts for another client who is a competitor to the first client.
When one of the firm’s client places a large order on the stock market, which may affect the market price of traded securities, the firm’s proprietary trading desk trades on the same securities or an employee of the firm trades on the same securities.
Managing Conflicts of Interests
In addition to legal and regulatory obligations, key stakeholders including clients, shareholders and regulators expect firms to identify and manage such conflicts of interests appropriately.
Conflicts of interest may be actual or perceived. The perception of an actual or potential conflict of interest is enough to make clients lose confidence in the firm. A real or apparent failure to identify and manage conflicts of interest appropriately may harm the firm’s reputation and franchise, and may bring into question the firms’ integrity.
There are a variety of methods which can be used to manage actual or potential conflicts of interest. These include, but are not limited to the following:
(a) In many cases it is sufficient if the existence of a conflict is disclosed to and/or acknowledged by the client (for example, by including disclaimers on research or other advisor documents noting the potential conflict). In other cases, there may be legal requirement on the need to obtain clients’ consent.
(b) The conflict can be so acute that it is necessary to act only for one client and decline to act for another client or in the firm’s proprietary activity. For example, in a case of a hostile take-over.
(c) Have procedures and rules prohibiting activity which gives rise to conflict such as front-running or rule on priority of client orders.
(d) Restrict the flow of confidential information across the firm through
segregation or by having an Information Barrier Policy and by observing the Need-to-Know principle.
Responsibility of Management
The Board of Directors and Management of the firm are responsible for ensuring that reasonable steps are taken to identify, assess and manage actual or potential conflicts of interest arising from its business. The Board of Directors and Management of the firm are also responsible for ensuring the maintenance and effective operation of organisational and administrative arrangements such as practicing proper segregation and having an appropriate Information Barrier Policy. (See Appendix 5 for an example of the procedure for dealing with conflicts of interest.)
Chinese Walls or Information Barrier
A firm which assumes more than one function must maintain proper segregation of those functions within its organisation to prevent:
(a) the flow of sensitive or confidential information between the different parts of its organisation which perform each function; and
(b) any conflicts of interest which may arise as a result.
The term, “Chinese Walls” or “Information Barrier” refers to barriers or segregation between departments within a firm to control or prevent the flow of sensitive information, including clients confidential information, the transfer and misuse of non-public information and any conflicts of interest which may arise as a result.
The internal framework adopted must allow the Compliance Officer to undertake surveillance and regular monitoring of business activities and conduct unannounced audits of records. The Compliance Officer must put in place informational and operational barriers with the appropriate firewalls. Information Barriers are placed around certain departments and staff within the firm to ensure that the flow of sensitive or confidential information is restricted only to those who have legitimate needs to
access such information.
By preventing inappropriate flow of information, information barriers assist in the management of perceived or actual conflict of interest and allow some areas of the firm to continue their normal commercial activities despite the firm being in possession of sensitive information.
Information barrier status
Every staff in a firm can be categorised as either being on the public or private side of an information barrier. The categorisation is determined based on the staff need to access such sensitive or confidential information as follows:
Public Side
Staff is on the public side of an information barrier if they never or rarely have a legitimate business or need to access sensitive or confidential information held behind the information barrier. If, on rare occasions, they have a legitimate business or need to access sensitive or confidential information, they may cross over the barrier to the private side on an ad hoc basis upon approval by the Compliance Officer. In granting or refusing such an approval, the Compliance Officer would take into account matters such as the nature of the transaction, its time frame, the materiality of the information, whether there will be any conflict of interest and whether it will become public in the near future.
Private Side
Staff is on the private side of an information barrier if they have a continuous and legitimate business to access sensitive or confidential information held behind an information barrier, e.g. those in the Corporate Finance Department.
The Compliance Officer is required to maintain an up-to-date record of the following:
(a) Information barriers established within the firm
(b) The information barrier status of all staff in the firm
(c) The firm’s Restricted List and Watch List (Restricted List and Watch List are explained in more detail later in this topic.)
The Compliance Officer, together with the relevant departments, where applicable, is responsible to monitor potential breach of the information barrier or the information barrier crossing process. The role of Compliance Officer in relation to information barrier policies is normally referred to as “Control Room”.
In relation to the segregation of duties within the structure of the firm, there must be procedures which deal with proper business conduct, outlining the expected standards of personal and professional integrity, especially as regards unethical or unfair practices.
Segregation of duties and functions is fundamental in protecting against the risk of fraudulent or unauthorised activities.
The segregation of the duties of employees refers to allocation of tasks so that one employee’s role acts as a check and balance over that of another, to avoid one person performing all parts of a transaction. This is a method of management control designed to ensure compliance and prevent fraudulent activities. The Compliance Guidelines for Futures Brokers provides the following examples of segregation for a trading participant, between:
(a) procurement of clients and credit-risk analysis;
(b) trading activities and dealing duties and settlement transactions;
(c) funds transfer and transaction booking;
(d) daily maintenance of general ledger balance and validation of general ledger balance; and
(e) maintenance of record balance and physical release of collateral.
See Guidelines for Compliance Officers.
In a large organisation, this form of segregation of tasks between two or more employees may not be practical, in which case other methods such as audit and management review may have to be used.
Trading and back-office settlement functions must at all times be properly segregated and there must not be a concentration of authority for any one supervisor. For example,
the Head of Operations responsible for back-office operations in a stockbroking firm
must not also supervise the dealing/trading operations. Similarly there must be complete
segregation between client trading and trading on behalf of the firm to ensure that no
conflict of interest arises, and between front-office trading and risk management areas
which are incompatible, to ensure appropriate checks and balances are in place. A firm
must have written rules and procedures to ensure compliance with this. Restricted Lists and Watch Lists Firms should develop and maintain a Restricted and Watch Lists to manage conflict of
interest. Restricted Lists A Restricted List is a list of securities or companies on which the firm and/or its staff are
restricted from performing any activities due to legal, regulatory or contractual
obligation or best practice. A security or company is generally placed on the Restricted
List when the firm is appointed as an adviser, underwriter or placement agent in a
publicly announced transaction. The Compliance Officer is mandated by rules and regulation to impose appropriate
restrictions and conditions on sales, trading, the distribution of research and personal
account trading in relation to the securities or companies on the Restricted List. For
example, in a take-over situation, a Compliance Officer will impose a condition that all
dealings in the target company where the firm acts as an adviser must be disclosed to
the SC in accordance with the Malaysian Code on Take-overs and Mergers. Watch List The Watch List is used by Compliance Officer as a mechanism for monitoring potential
improper trading arising from a breach of an information barrier within the firm. The
Watch List is a highly confidential list and is only made available to very limited number
of staff on a “need-to-know” basis only. Companies are placed on the Watch List when
the firm has unpublished price sensitive information in relation to them. Using the Watch List, the Compliance department will monitor the firm’s trading and
sales activity and staff account trading to detect potential improper activity and breaches of any information barrier. Particular attention is placed on personal account
, trading by staff who are on the private side of the information barrier.
Personal Account Dealing
Personal account dealing refers to the personal investment activities of staff and directors of a firm. As discussed earlier, one of the potential areas of conflict of interest is between the staff and client and/or the firm. Failure to observe high ethical and professional standards in personal investments may expose the firm and staff to legal, compliance and regulatory risks.
Which firms should have a Personal Account Dealing Policy?
This would depend on the nature of the firm. Firms that deal in listed securities for its clients, publish research reports and provide corporate finance advice and securities underwriting services should have this policy in place. Such firms establish internal policies to govern personal account dealing for the following purpose:
(a) to avoid conflict of interest with the firm’s clients;
(b) to avoid misuse of sensitive information including unpublished price sensitive information;
(c) to satisfy regulatory obligations;
(d) to avoid the appearance of impropriety; and
(d) to protect the firm’s reputation. |
What is the content of a Personal Account Dealing Policy?
A firm’s Personal Account Dealing Policy should normally set out the following:
(a) Type of securities or derivatives accounts covered under the policy;
(b) Disclosure by staff of the existence of their personal investment accounts to the Compliance department upon joining the firm and periodic updates on the same;
(c) Requirement for staff to obtain the necessary approval before conducting a personal account dealing transaction. In this respect, the role of the Compliance Officer is to vet the application against the firm’s Restricted and Watch Lists;
(d) The minimum holding periods for which staff are not allowed to dispose of securities under certain circumstances. This is especially relevant where the staff is on the private side of an information barrier;
(e) Reporting of the Personal Account Dealing post-execution by the staff; and
(f) Disciplinary consequences for failing to adhere to the policy.
Outside Business Activities
Another form of conflict of interest arises from outside business activities of the staff or directors.
Consider the following scenarios involving staff of a firm:
(a) Appointment to the Board of Directors of a company which is involved in asimilar business as the firm;
(b) Appointment to the Board of Directors of a company which supplies the firm with services or goods;
(c) Working as a part-time salesman of a direct marketing company; and
(d) Holding an official position in a political party or a partisan non-governmental organisation.
All the above may give rise to situations of conflict of interest between the staff and the firm and possibly even a conflict with the clients of the firm. Hence, firms may also establish an “Outside Business Activities” policy with the purpose of ensuring staff do not accept or maintain any external position that may give rise to conflicts of interest, reputational, legal or credit risk or litigation that could potentially involve the firm and/or its staff.
A firm’s Outside Business Activities Policy should normally set out the following:
(a) Scope of the policy. Certain activities such as sporting clubs, resident and school associations are normally automatically exempted from the policy;
(b) Requirement for staff to disclose their outside business activities to the Compliance department upon joining the firm and for periodic updates to be given;
(c) Requirement for staff to obtain necessary approval before taking part in any outside business activities; and
(d) Disciplinary consequences for failure to adhere to the policy.
Self-assessment Exercise 4
(a) Conflict of interest may arise in the following situations, EXCEPT:
A. Firm XYZ producing a report on Selasih Berhad to its clients while holding a proprietary position on Selasih Berhad’s shares
B. Miss Belinda, having obtained information which is not made public on
DEF Berhad, trades on DEF Berhad Securities on behalf of her clients
C. Firm ABC, having obtained confidential information about its client’s
business, subsequently acts for another client who is a competitor to the
first client
D. Mr. Ang, an existing board member of Teratak Berhad being appointed as a board member of Delima Sdn Bhd who is a wholly-owned subsidiary of
Teratak Berhad
(b) If physical segregation within a firm is not possible, select from the following the other forms of segregation which can be implemented by the firm.
(i) Supervise daily trading to look for suspicious or unusual trading
(ii) Restrict access to data processing of trades and records such as password protection
(iii) Restrict access to trading room where only authorised personnel will be allowed entry
(iv) Review that appropriate records are maintained in accordance with compliance procedures
(A) (i) only
(B) (i) and (iii) only
(C) (ii) and (iv) only
(D) All of the above
4 Reporting Line and Audit Trail
The Compliance Officer, as part of the compliance programme, needs to delineate clearly the firm’s structure in terms of supervision and reporting. For example, clients’ accounts should be reviewed periodically to check that account opening procedures and client’s order procedures have been adhered to. This is of particular importance in relation to the accounts of high-risk clients or high-exposure accounts. Regular meetings
between the supervisor and the Compliance Officer will aid in the identification of problematic or potentially problematic accounts which can then be more closely monitored.
Procedures for the accurate recording of all forms and documents are important in two respects. The first is that documentary evidence is the best way to demonstrate compliance. The second is that proper documentary systems, such as accounting voucher systems, provide an audit trail which can indicate accountability and also enable he Compliance Officer to recreate the events surrounding a trade.
5 Review of Compliance Programme
The Compliance Officer must continually review the adequacy of the firm’s compliance programme, in light of changes in internal and external conditions.
There are several methods of reviewing the compliance programme, which acts as a check of the proper functioning of the compliance procedures. Some of these are:
• requiring approval by an appropriate authorised person for certain transactions;
• properly documenting all transactions to allow for review and accountability;
• review of all transactions by an independent person; and
• accounting control activities to check, on a daily basis, the records and books of the firm.
The frequency with which reviews are carried out is determined according to the level of risk involved.
Answer to Self-assessment Exercise 1
Answer to Self-assessment Exercise 2
(a) D
(b) D
Answer to Self-assessment Exercise 3
(a) D
(b) C
Answer to Self-assessment Exercise 4
(a) D
(b) D
Checklist
Below is a checklist of the main points covered by this topic. Use this checklist to
check your learning.
13 A comprehensive compliance programme must first be developed. A critical
component of a compliance programme is the maintenance of a compliance
manual.
The successful implementation of a compliance programme is dependent upon
every individual within a firm. It is, therefore, extremely important that the
Board seeks to instil into a firm a culture of compliance.
13 Regulation in Malaysia is undertaken by the Securities Commission Malaysia (SC)
as the statutory authority, the front-line regulators (the exchange and clearing
houses) and self-regulatory organisations such as the Federation of Investment
Managers Malaysia (FIMM).
The Compliance Officer must have a good understanding of the business
activities of the firm. Any programme must be practical and implementable at
the operational level --- good operating procedures are essential.
U Advising on compliance matters is one of the main and most critical duties and
responsibilities of a Compliance Officer.
Ongoing monitoring acts as a preventive measure and an early detection
measure. It should take the form of periodic, audit-style compliance procedural
reviews to ensure that the compliance programme has been implemented and
is being adhered to, as well as daily reports to detect potential non-compliant
trading activity.
Due to the large volume and complexity of transactions, certain compliance
monitoring is best done electronically.
O The SC introduced the Guidelines on Sales Practices of Unlisted Capital Market Products (Sales Practices Guidelines),in December 2012. The Sales Practices Guidelines was introduced with a view to provide fair treatment of investors by requiring the product issuers and product distributors to have certain policies and processes embedded, to ensure investors’ rights and interests are protected.
The Compliance Officer should monitor the firm’s compliance with the Sales Practices Guidelines.
• Investor confidence is a critical factor in the capital market industry. One aspect of investor confidence is investors must feel that their assets which are in the custody of the capital market intermediaries are reasonably protected from misuse or the intermediary’s insolvency.
O Bribery is the intentional offer, promise, giving or receipt of anything of value, whether directly or indirectly, to or from any person, for that person to act improperly or refrain from acting or to act in breach of performance of official or fiduciary duties or in breach of contractual or other obligations.
Corruption, on the other, hand involves the misuse of public office or public power for private gain by offering or promising anything of value, whether directly or indirectly, to a public official in order to obtain, retain or direct business or to secure any Other improper advantage.
O In order to implement a comprehensive compliance programme, all staff within a firm need to understand their role and the part they play within the firm’s compliance culture. Each person must understand their precise responsibilities and the procedures with which they must comply.
O As part of the control function, the Compliance Officer should regularly report to the Board of Directors.
O Every individual within a firm must have a clear picture of the operation of each of these units and departments and a broad understanding of the rules and regulations with which each of them should comply. There must be clearly delineated lines of communication between units and departments and between the departments and the Compliance Officer.
O A Code is a high-level document that sets out the firm’s aspirations and expectations on the behaviour standards of all members of the firm. The Code is a firm’s guiding document and sets the tone from the top.
O A Compliance Handbook (or alternatively called a Compliance Manual) is a concise document that provides an overview of the key compliance policies and procedures applicable in a firm.
O Staff affirmation is a process whereby staff is required to make certain declarations and disclosures to the Compliance Officer.
• Red Flags are warning signals that may indicate improper behaviour and could be caused by a breach of laws and regulations.
The compliance infrastructure must be suitable for the firm’s business and its existing departments.
O Actual or potential conflicts of interest are inherent to all firms. A firm will be acting for many clients in different capacities and may also conduct commercial activities in its own account. It is inevitable that the interests of some clients will at times conflict with the interests of other clients, or that the firm’s own interest will differ from its clients’ interests.
Conflicts of interest may be actual or perceived. The perception of an actual or potential conflict of interest is enough to make clients lose confidence in the firm. A real or apparent failure to identify and manage conflicts of interest appropriately may harm the firm’s reputation and franchise, and may bring into question the firms’ integrity.
The Board of Directors and Management of the firm are responsible for
ensuring that reasonable steps are taken to identify, assess and manage actual or potential conflicts of interest arising from its business.
The term, “Chinese Walls” or “Information Barrier” refers to barriers or segregation between departments within a firm to control or prevent the flow of sensitive information, including clients confidential information, the transfer and misuse of non-public information and any conflict of interest which may arise as a result
Firms should develop and maintain a Restricted and Watch Lists to manage conflicts of interest.
Personal account dealing refers to the personal investment activities of staff and directors of a firm.
Another form of conflict of interest arises from outside business activities of the staff or directors.
Procedures for the accurate recording of all forms and documents are
important in two respects. The first is that documentary evidence is the best way to demonstrate compliance. The second is that proper documentary systems, such as accounting voucher systems, provide an audit trail which can indicate accountability and also enable the Compliance Officer to recreate the events surrounding a trade.
The Compliance Officer must continually review the adequacy of the firm’s
compliance programme, in light of changes in internal and external conditions.
Other related topics:
Overview and Glossary/Abbreviations – Fundamentals of Compliance – Roles and Responsibilities – Compliance Officers – Risk Management – Costs benefits of Compliance and Case Studies – Structural Framework and Principles of Capital Market Regulation – Guidelines for Compliance