Preview
About this topic
This topic deals with the fundamental concepts to understanding the principles of compliance. We look firstly at the concept of compliance and its definition. We also look briefly at underlying policy considerations and principles, and the different levels within a firm where compliance needs to be addressed. We go on to consider the functions of compliance and control. We discuss the need for compliance to be a culture within an organisation, the importance of ethics in relation to a compliance programme and the compliance culture. We conclude with a discussion on the importance of compliance.
This topic is presented as an overview, and many of the areas are dealt with in greater detail later in the course.
Topic Objectives
At the end of this topic, you should be able to:
(a) explain the concept and definition of compliance
(b) describe the policy considerations which underlie compliance
(c) explain the principles of compliance
(d) describe the different levels at which compliance needs to be addressed within a firm
(e) explain the compliance and control functions
(f) explain the meaning of compliance culture and its importance to a compliance programme
(g) describe the relationship between compliance and ethics
(h) explain the importance of compliance to the individual staff, to the firm and the industry
The Concept of Compliance
Introduction
The principle of compliance — whereby a firm should comply with all regulatory requirements and internal procedures applicable to the conduct of its business activities — is crucial for the effective development of the Malaysian capital market, and instils confidence among investors.
Compliance, in the context of this course, is a management discipline to ensure that a firm actually complies with the laws, regulations and codes of practice relating to its business activities. If viewed as a system, in addition to these matters, compliance will assure high quality service to clients and an ethical foundation for doing business.
Compliance encompasses much more than manuals and checklists or reliance on external monitoring by auditors, experts, or even the Securities Commission Malaysia (SC) through its surveillance programmes. Manuals and checklists do not themselves constitute an effective compliance programme as they can quickly become outdated or irrelevant. Of much greater importance to effective compliance is the realisation that what is most important is good line management operating procedures and ethical principles. By the same token, the audit function is usually an after-the-event activity and cannot prevent breaches, whereas monitoring and checking do prevent breaches.
In the past market crises and financial firm failures, at the secondary market level, some problems that emerged in firms included inadequate internal controls, poor segregation of duties and lack of adherence to “know your client” provisions.
Appropriate compliance programmes and culture can ensure these types of problems are avoided.
Compliance is now a requirement of doing business in the same way as keeping accounting records, meeting tax requirements and internal audit. It is important to understand that compliance is the collective responsibility of everyone in a firm.
Definition of compliance
Compliance has often been associated with behaviour which either does or does not comply with a set standard. In this context, compliance can be seen as having a connection with subservience and yielding to an objective standard. Under a merit-based system of regulation, whereby regulators set the standards and impose paternalistic values and obligations upon its subordinates, acquiescence and yielding coexist. The subordinate will then “comply” with the set standards and values.
Participants in the capital market have been directed towards self-regulation with the regulators overseeing the development and activities of the capital market.
Therefore, compliance must be defined as more than mere subservience and yielding.
The definition of compliance has, therefore, two tiers. Firstly, observance of and compliance with the rules and regulations, which constitute its base. Secondly, self-governance whereby capital market participants set their own standards, process and procedures. This second level incorporates issues of ethics and morality which are beyond law and regulations. Therefore, compliance as defined in the context of Malaysia’s capital market, goes beyond being compliant with rules and regulations and is the action or inaction of capital market participants to ensure the protection of investors and to safeguard the confidence of investors in the integrity of the market.
Case illustration of why compliance is important
Case of Societe Generale
On January 24, 2008, Societe Generale SA, one of Europe’s oldest and largest banks, announced that the bank had fraudulently lost €4.9 billion (an equivalent of USD7.2billion at the exchange rate during that time). According to the bank, a trader at one of its proprietary trading desks, 31-year-old Jerome Kerviel, had created large fraudulent positions in 2007 and 2008 beyond the trader’s authority. The fraud was discovered on 18 January 2008 during an inspection by the bank’s Inspection Department. On 5 October 2010, Jerome Kerviel was charged by the French authorities, found guilty and sentenced to five years’ imprisonment, with two years’ suspended and full restitution of the €4.9 billion lost. Jerome Kerviel had appealed against the decision and subsequently in October 2012, a Paris appeals court upheld in full the October 2010 guilty verdict and sentence.
Underlying policy considerations
The increasingly complex and diverse markets and the new challenges posed by globalisation impede the task of regulating the activities of intermediaries and participants in the market. Hence, a higher standard of business practice, disclosure, corporate behaviour and professionalism from all involved in the market, especially the market intermediaries, is essential to protect investors interests and maintain their confidence.
Recognising this, the International Organization of Securities Commissions (IOSCO) had set out 38 Principles of securities regulation in the IOSCO Objectives and Principles of Securities Regulation (June 2010). The 38 Principles are based on the objectives of securities regulation which are to:
(a) protect investors;
(b) ensure markets are fair, efficient and transparent; and
(c) reduce systemic risk.
The IOSCO also issued the IOSCO Assessment Methodology (September 2011) to provide interpretation of the Objectives and Principles of Securities Regulation (June 2010) and guidance on the conducting of a self-assessment or third-party assessment of the level of Principles implementation.
Principle 31 of the IOSCO’s Objectives and Principles of Securities Regulation (June 2010) stipulates:
Market intermediaries should be required to establish an internal function that delivers compliance with standards for internal organization and operational conduct, with the aim of protecting the interests of clients and their assets and ensuring proper management of risk, through which management of the intermediary accepts primary responsibility for these matters.
Principle 31 is further explained in the IOSCO Assessment Methodology (September 2011, page 191) as follows:
Market intermediaries should conduct their businesses in a way that protects the interests of their clients and their assets and helps preserve the integrity of the market.
Regulation should require that market intermediaries have in place appropriate internal policies and procedures for observance of securities laws and appropriate internal organization and risk management systems. Regulation should not be expected to remove risk from the market place but should aim to ensure that there is proper management of that risk.
Instances of operational breach can occur despite the existence of internal procedures designed to prevent misconduct or negligence. It is not practicable for the regulator to oversee adherence to those internal procedures on a day-to-day basis. That is the primary responsibility of the management of the market intermediary. Management must ensure that they are able to discharge that responsibility.
The key issues for Principle 31 are management and supervision, organisational requirements and protection of clients, the details of which can be found in the IOSCO Assessment Methodology.
Both the 10SCO Objectives and Principles of Securities Regulation (June 2010) and IOSCO Assessment Methodology (September 2011) can be accessed at www.iosco.org.
Principles of compliance
The principles of compliance are:
(a) to comply with all laws and regulations;
(b) to set up, administer and monitor the internal processes applicable to the conduct of the business activities;
(c) to instil a compliance culture within the firm; and
(d) to instil investor confidence and promote the development of the Malaysian capital market.
These four principles inter-relate and are all necessary within the firm for a compliance culture to evolve effectively.
Compliance, in the context of this course, can be divided into three parts:
(a) Compliance and its association with laws and regulations. Compliance is a management discipline to ensure that a firm actually complies with the laws, rules and regulations.
(b) Compliance and risk management. The relationship between compliance and risk management is important because not all elements of the capital market are covered by laws and regulations. The risk-taking capacity of a firm will depend on its individuals. It is up to the firm to monitor and, where necessary, restrict its risk, taking activities.
(c) Ethical issues in compliance — beyond laws and regulations. Under disclosure – based regulation, a firm must set its own standards. Ethics, in this context, is embedding the compliance culture whereby if certain activities are not covered by the laws and regulations or in the internal procedures, the individual would first consider its effect to the firm as well as the capital market as a whole. This is the epitome of professionalism for intermediaries which is expected by the regulators.
Levels of Compliance
When looking at compliance relating to a firm which trades on behalf of clients in the market, there are three broad areas. They are generally:
a. Clients;
b. Operational; and
c. Financial.
Looking at each of these briefly:
Clients
In relation to clients, firms and their representatives must:
(a) Obtain information from their clients
This includes understanding a client’s financial position, investment experience and investment objectives. Due diligence must be exercised by a firm to ensure that all essential facts are obtained and recorded. In addition, the Guidelines on Prevention of Money Laundering & Terrorism Financing for Capital Market
Intermediaries also stipulates that firms should conduct on-going due diligence and scrutiny of clients’ identity to ensure that the transactions being conducted are consistent with the firms’ knowledge of the client, its business and risk profile.
Another example is the need for written authorisation from a client in relation to the exercise of discretionary authority in a client’s account. Note the requirements for “know your client and product” and have a “reasonable basis” for any recommendation. In addition, complaints from clients must be dealt with in an efficient and reasonable manner and assessed to see whether they highlight a procedural deficiency which requires rectification. Client complaints or disputes must be documented, investigated and reported to a senior staff member. They can be useful in highlighting compliance issues which may need to be addressed.
Periodic review of accounts needs to be part of the compliance programme to check that the appropriate information, agreement or approval has been obtained and verified, and that order procedures have been complied with.
(b) Provide information to their clients
This includes disclosing certain interests in securities, providing certain statements (such as risk disclosure statement), providing monthly statements to clients (where money is held for the client or there has been a dealing on behalf of a client during a particular month), advertisements, sales literature and other forms of communication. Here, too, a firm must exercise due diligence to ensure that all information provided is accurate, and in relation to promotional material, that it is true, does not omit material facts, is not misleading, does not make promises as to returns and clearly identifies the possibility of losses if returns are mentioned.
(c) Hold monies or property on behalf of their clients
This includes keeping client property separate from the firm’s and keeping proper accounting records to enable identification of client’s property, keeping client’s money in a separate trust account, and keeping records of all transactions undertaken for clients. In relation to the custody and safeguarding of assets, the control of physical security includes the restriction of access to business premises, systems and departmental records.
In addition, each firm and representative should apply its own standards of corporate governance and ethical principles to the relationship it has with its clients.
An example which illustrates the issues of the duty of care owed to a client and the “know your client principle” is the bankruptcy of Orange County in the United States (US) which is summarised in Appendix 1.
An example which illustrates the need to disclose risk to a client is the lawsuit taken by Procter and Gamble against Bankers Trust (BT) in relation to an interest rate swap designed by BT for the company. This is summarised in Appendix 2.
The Guidelines for Compliance Officers contain provisions pertaining to client compliance.
Operational
This area would include procedures to make sure that all representatives are including, for example, “know your client and product”, having a reasonable basis for recommendations, adhering to client instructions, properly processing and recording transactions, avoiding any conflict of interest, maintaining confidentiality of clients’ personal information in compliance with the principles of the personal data protection act and ensuring client orders are given priority. The Compliance Guidelines for Futures Brokers highlight common areas of non-compliance.
Financial
Firms who are holders of the Capital Markets Services Licence must comply with the financial requirements set by the SC, exchanges and clearing house of which it is a participant.
Firms are also required to keep accounting and other records which explain the transactions and financial position of their business and enable true and fair profit and loss accounts and balance sheets to be prepared. The books and records of the firm need to be checked for arithmetical accuracy by the finance department.
Reconciliations, account totals and trial balances assist in checking that defined limits have not been exceeded. It is an offence to destroy, conceal or alter records or send them out of Malaysia with an intention of preventing, delaying or obstructing any examination or audit of a firm’s activities.
Compliance and Control Functions
A compliance programme is all the formal measures taken by the management to ensure that it meets all the obligations imposed upon it. Sound compliance programmes can be considered as a type of insurance against the risk of breach.
The 10SCO’s “A Report of the Technical Committee of the International Organization of Securities Commission (March 2006)” defined the compliance function as follows:
The term ‘Compliance function’ is used as a generic reference to refer to the range of roles and responsibilities for carrying out specific compliance activities and responsibilities.
The compliance function has also been described in the Compliance Guidelines for Futures Brokers as follows:
Compliance essentially refers to proper supervision and a competent system of internal controls within an organisation to maintain the integrity of its dealing practices, the safeguarding of its assets and compliance with all relevant regulatory requirements. Compliance is a component of proper business support and applies to all individual business activities and functions. Effective compliance requires the willingness of broker organisations to police their own activities, eliminate bad practices and to maintain routine contact with the regulators.
The essential elements of an effective compliance programme are:
(a) to design and establish a comprehensive programme;
(b) to educate and train all staff and work with senior management to instil a compliance culture;
(c) to constantly review the programme including regular reporting;
(d) to provide advice; and
(e) to work with the senior management so that there is open communication within the firm.
A compliance programme aims to:
(a) prevent breaches of laws, regulations, codes, internal policies etc.;
(b) maintain the integrity of the firm’s dealings and business practices;
(c) enable identification and rectification of such breaches; and
(d) promote a culture of compliance within the firm.
The Compliance Guidelines for Futures Brokers view compliance as an entire system of:
(a) complying with laws, rules and guidelines issued by the relevant authorities under the regulatory framework;
(b) assuring a high quality of service to clients in order to maintain long-term profitable relationships with business partners;
(c) managing risk, particularly operational risk, as part of an enterprise-wide risk management framework that is aimed at providing greater certainty for cash flow management purposes and hence enhancing risk-adjusted returns to shareholders of a broking firm; and
(d) encouraging one’s peers to equally adopt a high standard in order to minimise credit, systemic and reputational risk in the interest of promoting long-term development of the industry.
In addition to the need for compliance within the market as it now stands, is the need to be proactive. One of the additional functions of compliance and control is the focus on the future and the issues which will need to be addressed. Some of these include:
(a) the use of information technology as a mechanism to channel resources;
(b) dealing with globalisation and liberalisation of the market;
(c) reviewing the role of firms and representatives in light of Internet trading, electronic banking, cross-border trading and listing; and
(e) reviewing and amending operations and systems to meet the evolving needs of investors.
The Compliance Culture
Compliance culture
A compliance culture refers to an environment within a firm where there is a high level of compliance awareness which permeates in every individual in the firm. In other words, each level of the firm, from the Board of Directors and the executives to the support staff, is aware of what compliance is and its significance.
The culture of a firm arises from its values, attitudes and beliefs. These elements vary from one firm to another, so every firm has a different culture. Therefore, there cannot be one “right” culture, as at the end of the day a firm’s culture is a product of the firm itself including, among other things, its policies, decision-making procedures, accountabilities and organisational governance structure.
An existing firm will have a certain culture which must be identified at the outset and then modified in order to achieve the “right” state of compliance and culture.
Assessment of the existing firm culture may indicate that it is either pro-compliance or anti-compliance. This assessment may be undertaken by comparing the processes and procedures, administration of the firm, accountability and responsibility of individuals with the principles of compliance. Therefore, in order to comply, procedures that will ensure compliance need to be implemented for each business area — for example, dealing activities, customer documentation, payments and settlement activities, and the handling of client funds. While many of the procedures need the assistance of the Compliance Officer in order to be implemented, the ultimate responsibility for embedding a compliance culture within a firm rests with the Board of Directors and Chief Executive Officer.
Compliance, therefore, is not the sole responsibility of the Compliance Officer. The role of the Compliance Officer is to provide advice and monitoring of business areas and assist in formulating and delivering compliance training whereas the role of management is to implement a compliance programme and culture. Everyone in the firm is responsible to conduct their operations in a manner that is not only compliant with the letter of the law, but also the spirit of the law. This is the basis of a compliance culture. This may be achieved with a mission statement that cultivates an environment encouraging compliance and also the atmosphere they create and the decisions they make.
Mary Gentile in her article “Setting the right course: Business Ethics”, which is reproduced in Appendix 4, discusses the need for the development of an ethics programme, as a catalyst for risk management in terms of risk prevention.
Compliance and Ethics
Closely related to concept of compliance is the concept of ethics. Whilst compliance is commonly regarded in light of observance to laws and regulations, compliance encompasses more than observance to laws and regulations. There will be many instances in the day-to-day activities where the law is not clear or where there are varying interpretations of the law or even, in cases of developing markets, the law in the area has not yet been formulated. Ethics will then come into the picture.
Compliance is concerned not just with whether a conduct is acceptable by virtue of a literal interpretation of the rules and regulations, but whether a conduct is acceptable ethically.
Ethics can be defined as the process and thinking which is involved in making moral choices. Ethics places importance on non-discriminatory behaviour towards clients, colleagues and other financial organisations and on fiduciary obligations towards clients, rather than on profit. In the context of the capital market, ethical considerations affect the way a deal is transacted and the manner in which representatives of a firm conduct themselves when dealing with clients and in the marketplace.
Ethics and ethical conduct are important to a firm’s reputation and also to the reputation of the market. It reflects the confidence of investors and the perception of the integrity of the firm. Codes of conduct and codes of ethics are being developed more and more, and these are forms of regulation. In Malaysia, the relevant rules contain requirements as to best business practices which prescribe unacceptable conduct and behaviour.
Please refer to the articles in Appendix 3 for further discussions by foreign experts on what compliance culture and ethics mean.
Importance of Compliance
1. To the Staff
Ultimately, compliance relates to adherence to laws and regulations which have the backing of punitive sanctions by regulatory authority. These sanctions range from cautions, to public reprimands, to fines and possible jail sentences for serious breach of the law.
Every person in a firm should be concerned with compliance, especially persons who hold the following positions:
(a) Board member;
(b) Chief Executive Officer;
(c) Senior management member; and
(d) Holder of a capital market’s representative licence
These are persons who are/or likely to be licensed and registered with the regulators. The regulators have a higher expectation on them in terms of compliance. There is a requirement that such licensed and registered individuals must be “fit and proper” in order to continue holding their positions. The Capital Markets & Services Act and the SC’s Licensing Handbook provide the instances where a person may be deemed to be no longer fit and proper. Non-compliance with any rule and regulation by these individuals could potentially result in them no longer being deemed to be a “fit and proper person” and hence no longer fit to hold their current position.
Due to the regulatory obligations imposed on these individuals, a Compliance Officer should regularly remind them of the fit and proper criteria so that these individuals are mindful of their regulatory responsibilities.
2. To the Firm
The capital market is a highly regulated industry as the industry deals with clients’ money. Over time, various rules and regulations have been introduced to the extent that nearly all aspects of a firm’s operations are subject to them. It is in the best interest of any firm carrying on business in the Malaysian capital markets to be serious in compliance to avoid breaching these rules and regulations. Any sanctions taken against the firm for non-compliance could affect the reputation of the firm and clients’ confidence.
In Appendix 5 of this topic we have set out several instances of actions taken by the SC and Bursa Malaysia on individuals and firms for non-compliance with the securities laws and rules of Bursa Malaysia Securities Berhad.
Very serious non-compliance can have more serious repercussions to the firm. Serious non-compliance could result in a regulator deciding that a firm is no longer “fit and proper” to hold a licence or continue to be registered. In such cases, the licence or registration could be revoked by the regulator, which would result in the firm no longer being in the position to carry on business in the capital market.
3. To the Industry
Compliance is also important to the financial industry as a whole. Firms acting as intermediaries are the players in the capital market. An efficient capital market is necessary for economic growth of the country and investor confidence is an important ingredient in an efficient capital market. Highly compliant firms strengthen investor confidence in the capital market. Non-compliant firms destroy investor confidence.
According to IOSCO:
“Compliance is intrinsic to the operations of market intermediaries because they must have systems or processes in place to help ensure that they are complying with all applicable laws, codes of conduct and standards of good practice in order to protect investors and to reduce their risk of legal or regulatory sanctions, financial loss, or reputational damage.
Market intermediaries should conduct themselves in a way that protects the interests of their clients and helps to preserve the integrity of the markets. They must comply with all regulatory frameworks in which they operate. Compliance with securities laws, regulations and rules (referred in this paper as “securities regulatory requirements”) is part of the essential foundation of fair and orderly markets as well as investor protection. It is equally important, however, that firms develop a business “culture” that values and promotes not only compliance with the “letter of the law,” but also a high ethical and investor protection standard.
Market intermediaries have become more innovative on how they structure their businesses in order to maximize profits and provide different services to their clients. For example, there has been unbundling of services to clients, partnering with other firms to meet all the needs of their clients, and outsourcing to other parties. The complexity of their business has increased, making the burden of the compliance responsibility heavier. To be compliant with all laws, regulations and rules has become both increasingly important as well as more challenging.
Although different jurisdictions may have different approaches and policies to help ensure compliance with their securities regulatory requirements, they share a common belief that the compliance function at market intermediaries plays an essential role in preventing possible misconduct and in promoting ethical behavior, which in turn can contribute to fair and orderly markets and investors’ confidence in the markets. Moreover, compliance is not the responsibility solely of those performing an official “compliance function.” It is a matter for which the firm and all its employees have responsibility”.
IOSCO Report “Compliance Function at Market Intermediaries” (March 2006).
This report can be accessed at www.iosco.orq.
Self-assessment
Exercise 1
Which of the following statements CORRECTLY describes the aims of a compliance programme?
I. To prevent breaches of laws and regulations
II. To promote a compliance culture within the firm
III. To maintain integrity of the firm’s dealings and business practices
IV. To enable identification and rectification of breaches of laws and regulations
A. (i) and (iii) only
B. (11) and (iv) only
C. (i), (ii) and (iv) only
D. All of the above
Checklist
Below is a checklist of the main points covered by this topic. Use this checklist to test your learning:
(a) The principle of compliance — whereby a firm should comply with all regulatory requirements and internal procedures applicable to the conduct of its business activities — is crucial for the effective development of the Malaysian capital market, and instils confidence among investors.
(b) The increasingly complex and diverse markets and the new challenges posed by globalisation impede the task of regulating the activities of intermediaries and participants in the market. Hence, a higher standard of business practice, disclosure, corporate behaviour and professionalism from all involved in the market, especially the market intermediaries, is essential to protect investors interests and maintain their confidence.
(c) The principles of compliance are:
(i) to comply with all laws and regulations;
(ii) to set up, administer and monitor the internal processes applicable to the conduct of the business activities;
(iii) to instil a compliance culture within the firm; and
(iv) to instil investor confidence and promote the development of the Malaysian capital market.
These four principles inter-relate and are all necessary within the firm for a compliance culture to evolve effectively.
(d) When looking at compliance relating to a firm which trades on behalf of clients in the market, there are three broad areas. They are generally:
(a) Clients;
(b) Operational; and
(c) Financial.
(e) A compliance programme is all the formal measures taken by the management to ensure that it meets all the obligations imposed upon it. Sound compliance programmes can be considered as a type of insurance against the risk of breach.
(f) A compliance programme aims to:
(i) prevent breaches of laws, regulations, codes, internal policies etc.;
(ii) maintain the integrity of the firm’s dealings and business practices;
(iii) enable identification and rectification of such breaches; and
(iv) promote a culture of compliance within the firm.
(g) A compliance culture refers to an environment within a firm where there is a high level of compliance awareness which permeates in every individual in the firm. In other words, each level of the firm, from the Board of Directors and the executives to the support staff, are aware of what compliance is and its significance.
(h) Ethics can be defined as the process and thinking which is involved in making moral choices.
(i) Ethics and ethical conduct are important to a firm’s reputation and also to the reputation of the market. It reflects the confidence of investors and the perception of the integrity of the firm.
(j) Every person in a firm should be concerned with compliance, especially persons who hold the following positions:
(i) Board member
(ii) Chief Executive Officer
(iii) Senior management member
(iv) Holder of a capital market’s representative licence