ESMA consults on Compliance Function Requirements
On 15 July 2019, the European Securities and Markets Association (“ESMA”) issued a consultation paper and draft revised guidelines on certain aspects of the compliance function requirements under MiFID II (the “Consultation Paper”).
The revised guidelines, when finalised, will replace the existing ESMA guidelines on the same topic issued in 20121 and will take into account the new requirements under MiFID II along with the results of supervisory activities carried out by national competent authorities in relation to the application of the compliance function requirements.
The Guidelines and ESMA’s approach to their review
The purpose of the guidelines is to enhance clarity and to foster convergence in the implementation of certain aspects of the MiFID II compliance function requirements. By helping to ensure that firms comply with the requirements, ESMA expects a corresponding strengthening of investor protection.
MiFID II reinforced the existing MiFID I requirements relating to compliance functions. ESMA therefore proposes clarifying, refining and supplementing the existing 2012 guidelines rather than replacing them.
ESMA has deleted any requirements that have been incorporated directly under the MiFID II Delegated Regulation2 , in order to avoid unnecessary repetition. However, the corresponding supporting guidelines have been generally confirmed, as they provide guidance as to how the requirements should be applied in practice.
What changes are proposed?
Many of the changes proposed by ESMA relate to the reorganisation of the guidelines on account of requirements having been incorporated in the MiFID II Delegated Regulation. The material changes or additions proposed by ESMA can be summarised by reference to the general guidelines as follows:
General Guideline 1 – Compliance risk assessment
- Ad hoc reviews of the compliance risk assessment may be triggered by, inter alia, changes in the regulatory framework.
General Guideline 2 – Monitoring obligations of the compliance function
- The compliance function may, as an additional tool for monitoring activities, also interview the firm’s clients.
General Guideline 3 – Reporting obligations of the compliance function
- The written compliance report to senior management should systematically include information about the compliance function’s role in the monitoring and review of the firm’s product government requirements along with any relevant findings, actions or general information in respect of the firm’s product governance arrangements.
- The supporting guidelines also specify certain areas that the compliance report should address regarding the financial instruments manufactured and distributed by the firm (nature, complexity, distribution strategy, etc.).
General Guideline 4 – Advisory and assistance obligations of the compliance function
- ESMA has inserted examples of the types of policies and procedures that the compliance function should help to elaborate, monitor and review. These include the firm’s remuneration policy and product governance policy and procedures.
- Firms should promote a “compliance culture” which should be supported by senior management.
General Guideline 5 – Effectiveness of the compliance function
- The firm should have arrangements in place to ensure effective communication between the compliance function and the other control functions, such as internal audit and risk management, as well as with any internal or external auditors.
General Guideline 6 – Skills, knowledge, expertise and authority of the compliance function
- This is a new general guideline resulting from the split of the previous General Guideline 5. Previously focused on the compliance officer, the new guideline will require all of the firm’s compliance staff to have the necessary skills, knowledge, expertise and authority to discharge their obligations.
- It is expressly provided that the compliance officer should demonstrate a high standard of professional ethics and personal integrity.
General Guideline 7 – Permanence of the compliance function
- No changes have been made.
General Guideline 8 – Independence of the compliance function
- The requirement that the compliance officer is appointed and replaced by senior management has been deleted as this has been incorporated in the MiFID II Delegated Regulation. No other changes have been made.
General Guideline 9 – Proportionality with regard to the effectiveness of the compliance function
- The requirements which have been incorporated into the MiFID II Delegated Regulation have been deleted. No other changes have been made.
General Guideline 10 – Combining the compliance function with other internal control functions
- If appropriate to the nature, scale and complexity of the business of the firm and taking into account the nature and range of investment services and activities undertaken, the firm should consider establishing and maintaining a core team of compliance staff members whose sole area of responsibility is MiFID II compliance.
General Guideline 11 – Outsourcing of the compliance function
- The supporting guidelines clarify that a firm cannot discharge its compliance function responsibilities by outsourcing all or part of its compliance function. The relevant responsibilities attached to the outsourced functions or tasks will always remain with the firm.
General Guideline 12 – Competent Authority review of the compliance function
- Updated to reflect good practices that certain national competent authorities use to supervise the compliance function requirements.
What happens next?
The closing date set by ESMA for the receipt of responses to the Consultation Paper is 15 October 2019. ESMA has indicated that it aims to publish its final report and the final guidelines during the second quarter of 2020.