Compliance programmes

Programme requirements

What requirements exist concerning the nature and content of compliance and supervisory programmes for each type of regulated entity?

In general terms, financial services providers must adopt internal mechanisms related to risk management, compliance and internal audits. These mechanisms should be implemented in accordance with the principle of proportionality, namely with regard to the nature, complexity and volume of the business of each entity.

The management body of the financial services provider is entrusted with the establishment of the above mechanisms. For that purpose, it is generally responsible for the development of a corporate governance system that, among other things, ensures the sound management of the provider. Additionally, certain regulated financial services providers must have internal control functions covering risk, compliance and internal audit functions, to support the management body in its regulatory duties.


How important are gatekeepers in the regulatory structure?

Compliance and internal auditing are two of the three essential functions of the internal control and corporate governance system mentioned in question 13.

Directors' duties and liability

What are the duties of directors, and what standard of care applies to the boards of directors of financial services firms?

Directors of financial services firms are subject to the general standard of care applicable to directors of any entity together with specific regulatory duties applicable only to directors of financial services firms.

The two primary duties of company directors are the duty of care and the duty of loyalty. The duty of care involves making careful and informed decisions. The duty of loyalty means that the director should act in the best interests of the entity and also its shareholders, without the interference of personal interests.

Directors of financial services firms have additional duties, such as:

  • designing and monitoring the corporate governance system of the financial services firm;
  • guaranteeing the integrity of the accounting information; and
  • supervising the disclosure of information.

When are directors typically held individually accountable for the activities of financial services firms?

Directors are responsible for the damage they cause to the entity, its shareholders and creditors. Liability will be triggered to the extent that such damage results from an act or omission involving negligence or wilful misconduct that is contrary to the law, the articles of association or their duties as directors. Liability may be civil, administrative or even criminal.

Private rights of action

Do private rights of action apply to violations of national financial services authority rules and regulations?

No private rights of action apply to violations of national financial services authority rules and regulations.

Standard of care for customers

What is the standard of care that applies to each type of financial services firm and authorised person when dealing with retail customers?

In general, financial services firms must act in the best interests of their clients. However, the specific standard of care depends on the type of service rendered. For instance, banking services regulations are intended to ensure that the client is fully informed before contracting a particular product or service. In turn, investment services regulations require entities to categorise their clients depending on their experience, knowledge and financial situation to ensure that they only receive services and products that are suitable for them.

Does the standard of care differ based on the sophistication of the customer or counterparty?

Yes, this is the case with regard to investment services. The standard of care is lower for clients categorised as professionals or eligible counterparties.

Rule making

How are rules that affect the financial services industry adopted? Is there a consultation process?

The opinion of interested parties (for instance, market participants, citizens or organisations) is sought at two different stages when developing a law or regulation:

  • before the law or regulation is drafted; and
  • once the law or regulation has been drafted but before the approval process starts.

The main areas on which persons or organisations may give their opinions are:

  • the issues that the relevant law or regulation intends to solve;
  • whether the law or regulation is necessary and appropriate;
  • its purpose; and
  • possible regulatory or non-regulatory alternatives for the law or regulation.