Frequently Asked Questions

What is a Compliance Officer?

What is the French translation? CSSF Circular 04/155 relating to the Compliance function foresees, in application of Articles 5 (2) and 17 (2) of the amended Law of April 5, 1993, the implementation of a control function within credit institutions and investment companies. Chapter I (3) of the same Circular states that the purpose of the “Compliance function” is to protect the institution from any adverse effect possibly resulting from non-compliance with currently prevailing standards that the institution is subjected to regarding its activities on the various markets. The “Compliance Officer” is the employee appointed by the institution to manage the Compliance function. The CSSF must be informed of the Compliance Officer’s name and of any change in this position. There is no literal translation of the term “Compliance Officer” in French, the word being of Anglo-Saxon origin (etymology: “to comply with”, “to respect” etc). In view of this, the French term, “directeur de conformité”, would appear as the closest.

Definition of the Compliance Risk

Under Chapter III (10) of CSSF Circular 04/155, the Compliance Risk is defined as the risk of adverse effects for an institution which does not comply with currently prevailing standards. The Compliance Risk can cover a variety of risks such as reputational, legal, litigation risks and sanctions including certain aspects of operating risk, and which are connected to all the institution’s activities.

Can a corporate lawyer be a bank’s Compliance Officer? Generally, what is incompatible with the Compliance function?

A corporate lawyer may indeed also be the bank’s “Compliance Officer”, as the solution to the obligation of setting up a “Compliance function” is part of the internal structural organisation of the considered institution. The CSSF Circular, although admitting a certain amount of flexibility - centralisation or non-centralisation of the Compliance function, partial delegation of responsibilities, part-time function – nevertheless insists on the independence, competences and sufficient resources of the Compliance function. With respect to incompatibility aspects, the Circular text expressly specifies that the Compliance function and Internal Audit are not compatible; the first cannot be part of the second. In general, operational responsibilities are not compatible with the Compliance function.

Which institutions should appoint a Compliance Officer?

The CSSF Circular 04/155 is applicable to banks, credit institutions, and also investment companies. In accordance with Article 24 of the amended Law of April 5, 1993, this last category includes the following professionals of financial sector: brokers, assets managers, professionals acting on their own account, CII share distributors, underwriters, professional depositories of securities or other financial instruments, including transfer and registrar agents.

Difference(s) between Internal Audit and Compliance

Whereas the Compliance Function (CSSF Circular 04/155) is an independent function of which the objective is to identify and assess the institution’s Compliance risk and to assist Management in managing and controlling the said risk, Internal Audit (IML Circular 98/ 148) is an independent function which monitors the correct performance of internal controls and periodically assesses operations in order to assist credit institutions’ Management and Managers, leading to their optimised control of their activities.
Although numerous complementary similarities exist between both functions (seniority, independence, organisation; charter, Committee, reports to Management and the institution’s Board; participation in third level control within the institution, drawing up an Annual Report on the state of the function), the Compliance function focuses on preventive aspects whereas the Internal Audit function is basically focused on control. As specified above, the Compliance and Internal Audit functions are not compatible.

What is the desired structure for a Compliance department?

The Compliance function is part of correct administrative and accounting organisation which each financial institution must possess in accordance with the Law of April 5, 1993, amended. As to the actual organisation of the Compliance function, the CSSF Circular 04/155 provides for a certain degree of flexibility: indeed, although the Circular fixes conditions to be fulfilled under all circumstances - independence, competence - it also allows flexible organisational terms with regard to resources and possible delegation in view of the institution’s actual size. Accordingly, no uniform model of function organisation exists - sometimes centralised, sometimes decentralised, it can provide for the delegation of certain tasks or even be entrusted to a person on a part-time basis.
However, full outsourcing is excluded. Efficient Compliance function organisation requires that 1) Compliance principles and operating rules constituting the institution’s behavioural model are specifically defined for the institution in question; 2) a Compliance Policy is drawn up and kept up-to-date; 3) a Compliance Charter detailing the practical terms of the Compliance function’s operations is drawn up and approved by the institution’s Management and Board of Directors; although constituting a Compliance Committee is optional, it is recommended that Compliance has the right to contact the Chairman of the Board of Directors and Management directly.