Today, RBI in its notification said that an independent compliance function is required to be headed by a designated Chief Compliance Officer (CCO) of banks, selected through a suitable process with an appropriate ‘fit and proper’ evaluation/selection criteria to manage compliance risk effectively.The Central Bank also directed all the banks to lay down a board-approved compliance policy to bring uniformity in the approach followed by banks and also to align the supervisory expectations on CCOs with best practices. The compliance policy of a bank should spell out its compliance philosophy, expectations on compliance culture covering tone from the top, accountability, incentive structure among other things, it said. The policy also needs to lay special thrust on building up compliance culture; vetting of the quality of supervisory / regulatory compliance reports to RBI by the top executives, non-executive Chairman / Chairman and ACB of the bank, as the case may be. The policy shall be reviewed at least once a year, it said.
According to the RBI circular, the CCO of a bank should be a senior executive of below the age of 55 years, preferably in the rank of a General Manager or an equivalent position (not below two levels from the CEO). This officer selected through a suitable process with an appropriate ‘fit and proper’ evaluation/selection criteria to manage compliance risk effectively, and he/she has to be appointed for a minimum fixed tenure of not less than three years. The CCO shall have an overall experience of at least 15 years in the banking or financial services, out of which minimum 5 years shall be in the Audit / Finance / Compliance / Legal / Risk Management functions to be eligible for the post.He shall have good understanding of industry and risk management, knowledge of regulations, legal framework and sensitivity to supervisors’ expectations, it said. There shall not be any vigilance case or adverse observation from RBI, shall be pending against the candidate identified for appointment as the CCO.The CCO shall have the ability to independently exercise judgement. He should have the freedom and sufficient authority to interact with regulators/supervisors directly and ensure compliance. This rule would come into effect from immediate effect (From September 11, 2020). The CCO could also be recruited from the market, it said. In terms of RBI directives, prior intimation to the RBI’s Department of Supervision shall be provided before appointment, premature transfer/removal of the CCO and the information provided should be supported by a detailed profile of the candidate, along with the fit and proper certification by the MD & CEO of the bank, confirming that the person meets the above supervisory requirements, and detailed rationale for changes, if any.
The guidelines underscored that there shall not be any ‘dual hatting’ – the CCO shall not be given any responsibility, which brings elements of conflict of interest, especially the role relating to business. As per the guidelines, the CCO shall not be a member of any committee that brings his/her role in conflict with responsibility as member of the committee, including any committee dealing with purchases / sanctions. In case the CCO is a member of a committee, he/she may have only an advisory role.The CCO shall have direct reporting lines to the MD and CEO and/or board / board committee (ACB) of the bank. In case the CCO reports to the MD and CEO, the Audit Committee of the board shall meet the CCO quarterly on a one-to-one basis, without the presence of the senior management, including MD and CEO. The CCO shall not have any reporting relationship with the business verticals of the bank and shall not be given any business targets. Further, the performance appraisal of the CCO shall be reviewed by the Board/ACB, the circular said.