What is a Compliance Officer?
What is the French translation? CSSF Circular
04/155 relating to the Compliance function foresees, in application of
Articles 5 (2) and 17 (2) of the amended Law of April 5, 1993, the
implementation of a control function within credit institutions and
investment companies. Chapter I (3) of the same Circular states that the
purpose of the “Compliance function” is to protect the institution from
any adverse effect possibly resulting from non-compliance with
currently prevailing standards that the institution is subjected to
regarding its activities on the various markets. The “Compliance
Officer” is the employee appointed by the institution to manage the
Compliance function. The CSSF must be informed of the Compliance
Officer’s name and of any change in this position. There is no literal
translation of the term “Compliance Officer” in French, the word being
of Anglo-Saxon origin (etymology: “to comply with”, “to respect” etc).
In view of this, the French term, “directeur de conformité”, would
appear as the closest.
Definition of the Compliance Risk
Under Chapter III (10) of CSSF Circular
04/155, the Compliance Risk is defined as the risk of adverse effects
for an institution which does not comply with currently prevailing
standards. The Compliance Risk can cover a variety of risks such as
reputational, legal, litigation risks and sanctions including certain
aspects of operating risk, and which are connected to all the
Can a corporate lawyer be a bank’s Compliance Officer? Generally, what is incompatible with the Compliance function?
A corporate lawyer may indeed also be the
bank’s “Compliance Officer”, as the solution to the obligation of
setting up a “Compliance function” is part of the internal structural
organisation of the considered institution. The CSSF Circular, although
admitting a certain amount of flexibility - centralisation or
non-centralisation of the Compliance function, partial delegation of
responsibilities, part-time function – nevertheless insists on the
independence, competences and sufficient resources of the Compliance
function. With respect to incompatibility aspects, the Circular text
expressly specifies that the Compliance function and Internal Audit are
not compatible; the first cannot be part of the second. In general,
operational responsibilities are not compatible with the Compliance
Which institutions should appoint a Compliance Officer?
The CSSF Circular 04/155 is applicable to
banks, credit institutions, and also investment companies. In accordance
with Article 24 of the amended Law of April 5, 1993, this last category
includes the following professionals of financial sector: brokers,
assets managers, professionals acting on their own account, CII share
distributors, underwriters, professional depositories of securities or
other financial instruments, including transfer and registrar agents.
Difference(s) between Internal Audit and Compliance
Compliance Function (CSSF Circular 04/155) is an independent function of
which the objective is to identify and assess the institution’s
Compliance risk and to assist Management in managing and controlling the
said risk, Internal Audit (IML Circular 98/ 148) is an independent
function which monitors the correct performance of internal controls and
periodically assesses operations in order to assist credit
institutions’ Management and Managers, leading to their optimised
control of their activities.
Although numerous complementary similarities
exist between both functions (seniority, independence, organisation;
charter, Committee, reports to Management and the institution’s Board;
participation in third level control within the institution, drawing up
an Annual Report on the state of the function), the Compliance function
focuses on preventive aspects whereas the Internal Audit function is
basically focused on control. As specified above, the Compliance and
Internal Audit functions are not compatible.
What is the desired structure for a Compliance department?
function is part of correct administrative and accounting organisation
which each financial institution must possess in accordance with the Law
of April 5, 1993, amended. As to the actual organisation of the
Compliance function, the CSSF Circular 04/155 provides for a certain
degree of flexibility: indeed, although the Circular fixes conditions to
be fulfilled under all circumstances - independence, competence - it
also allows flexible organisational terms with regard to resources and
possible delegation in view of the institution’s actual size.
Accordingly, no uniform model of function organisation exists -
sometimes centralised, sometimes decentralised, it can provide for the
delegation of certain tasks or even be entrusted to a person on a
However, full outsourcing is excluded.
Efficient Compliance function organisation requires that 1) Compliance
principles and operating rules constituting the institution’s
behavioural model are specifically defined for the institution in
question; 2) a Compliance Policy is drawn up and kept up-to-date; 3) a
Compliance Charter detailing the practical terms of the Compliance
function’s operations is drawn up and approved by the institution’s
Management and Board of Directors; although constituting a Compliance
Committee is optional, it is recommended that Compliance has the right
to contact the Chairman of the Board of Directors and Management