Compliance programmes

Programme requirements

What requirements exist concerning the nature and content of compliance and supervisory programmes for each type of regulated entity?

In Italy there are no specific compliance programmes issued by the competent supervisory authorities.

Gatekeepers

How important are gatekeepers in the regulatory structure?

Specific pieces of regulation issued by the supervisory authorities govern the internal organisation of supervised entities and the need to establish internal control functions (compliance, risk management and internal audit functions) and a board of statutory auditors.

Supervised entities must adopt and continuously maintain an internal control function to prevent breaches of law and regulation. To ensure correctness and independence of internal control functions, compliance staff must be provided with the necessary powers and resources. The persons in charge of the different internal control functions periodically report to the corporate bodies. The internal control functions need to be separate one from the other. In addition, persons who are part of internal control functions cannot participate in the performance of the services they are required to control.

Furthermore, the board of statutory auditors supervises all the activities carried out by the relevant entity and reports to the competent authority any infringement of the applicable provisions of law and regulation.

Directors' duties and liability

What are the duties of directors, and what standard of care applies to the boards of directors of financial services firms?

Directors of financial services firms must act in the sole interest of the company. According to the applicable regulations, they need to fulfil specific integrity, professionalism and independence requirements, as well as satisfying certain competence and correctness criteria and dedi­cate sufficient time to the performance of their office.

The board of directors sets out the aims, targets and strategies of the company, by approving its internal organisation and continually evaluating corporate procedures and policies, and the internal bodies’ functioning. 

These duties are part of the ‘duty of correct administration’, according to which directors are responsible for the efficient manage­ment of the company, taking into account the various economic and market developments, and responsible for the correct and efficient performance of the activities set out in the corporate object. Correct administration involves the application of a certain standard of diligence, which varies depending on the nature of the role (eg, the standard expected of executive directors and non-executive directors is different) and by the experience, skills, cultural background and education of the individual director. In this respect, each director shall act with a propor­tionate level of information and awareness, so that his or her decisions are informed and thought through.

The standard of care mentioned above also applies to senior managers given that, on top of being subject to the same fit and proper requirements as directors, they are also subject to the same liability regime.

When are directors typically held individually accountable for the activities of financial services firms?

The sanction regime provided for under the Consolidated Finance Act was amended as a consequence of the implementation of Directive 36/2013/EU (CRD IV).

The implementation of CRD IV determined a significant change with respect to the previous regime. Indeed, with the previous regime administrative sanctions were almost exclusively imposed on individuals holding offices within supervised entities and the latter were just jointly liable to pay the sanctions, if any, and then exercise a right of recourse against the relevant individuals.

According to the current regime, legal entities are directly liable. Only in some cases and provided that certain conditions are met (among others, in case the relevant director’s behaviour directly contributed to the breach of regulatory provisions) the Consolidated Finance Act provides for direct liability (or shared liability with the relevant intermediary) of natural persons.

In this respect, the CRD V did not amend the aforesaid innovative sanction regime determined by the CRD IV.

Private rights of action

Do private rights of action apply to violations of national financial services authority rules and regulations?

Private subjects (eg, banks and intermediaries’ clients, associations) may report to the National Commission for Companies and the Stock Market (Consob) and the Bank of Italy – within their respective competences – any supposed breaches of national financial services authority rules.

The reports represent a very important information source for the supervisory authorities that may decide, for example, to request information or start on-site investigations relating to a supervised entity and its conduct.

Standard of care for customers

What is the standard of care that applies to each type of financial services firm and authorised person when dealing with retail customers?

The standard of care required in the provision of investment services and activities to retail clients is higher compared with that in relation to professional clients or eligible counterparties. The applicable rules of conduct vary based on the investors involved.

Retail clients have little knowledge and experience in the financial services sector and investments and thus deserve the maximum level of protection.

Professional clients (eg, banks, investment firms) and professional clients on request (those not falling within the definition of professional client, but requiring to be treated as a professional client provided that they meet certain criteria) have a certain level of experience, knowledge and competence regarding investments allowing correct evaluation of risks.

Eligible counterparties are, among other things, entities that operate on a professional basis in the financial market. The classification of a client as an eligible counterparty only refers to determined investment services (ie, execution of orders on behalf of clients, dealing on its own account, reception and transmission of orders).

In general terms, all conduct rules apply to dealing with retail clients (eg, duty to provide clients with a complete set of information regarding, inter alia, the intermediary and its services, the financial instruments and costs), while certain conduct rules do not apply (or partly apply) to dealing with professional clients. As to eligible counterparties, almost all the conduct rules do not apply (with the exception of the rules regarding conflicts of interest). However, Italian law, in line with Directive 2014/65/EU (MiFID II) provides for the extension to dealing with eligible counterparties of the application of certain conduct rules and reporting requirements.

Does the standard of care differ based on the sophistication of the customer or counterparty?

If a client is classified by the relevant intermediary as a retail client, all conduct rules apply notwithstanding the client’s level of sophistication.

Rule-making

How are rules that affect the financial services industry adopted? Is there a consultation process?

With regard to both primary (in particular, to the Consolidated Finance Act and the Consolidated Banking Act) and secondary law sources, before any relevant amendment (eg, amendments to the Consolidated Finance Act deriving from the implementation of MiFID II) MEF usually starts a public consultation.

As to secondary legislation, Consob and the Bank of Italy are specifically required to start a public consultation for the issue or the amendment of their regulations.