The Markets Compliance function is independent of the company that is primarily responsible to ensure that applicable Markets Compliance regulatory requirements are identified, understood, disseminated to the process owners, and implemented. Companies are required to ensure that the compliance function fulfills its advisory, and assistance responsibilities, including providing support for staff and management training, providing day-to-day Markets Compliance assistance to the employees, and participating in the establishment of Markets Compliance policies, and procedures.
The Markets Compliance Function
As per article 22 of the MiFID II Delegated Regulation, the compliance function is required to conduct a risk assessment to ensure that market compliance risks are identified and monitored. The compliance function establishes a risk-based program where compliance risk assessment is performed to determine key risks and the focus of the compliance monitoring is put on those areas.
Markets Compliance functions ensure that high risks customers or clients are identified before onboarding as an investment client or investor. High-risk customers include politically exposed persons (PEPs). PEP is the person who holds a prominent or higher position or influence in a jurisdiction and is more accepted to being involved in Money Laundering, bribery, or Corruption
Compliance Risk Assessment
The findings of the compliance risk assessment should be used to set the work program of the compliance function and to allocate the function’s resources efficiently. The compliance risk assessment should be reviewed regularly, and, when necessary, updated to ensure that the objectives, focus, and scope of compliance monitoring and advisory activities remain valid.
In identifying the level of compliance risk the firm faces, the second subparagraph of Article 22(1) of the MiFID II Delegated Regulation requires the compliance function to take into account all the areas of the investment services, activities, and ancillary services provided by the firm. This should include the types of financial instruments traded and distributed, the categories of the firm’s clients, the distribution channels, and, where relevant, the internal organization of the group.
The compliance risk assessment should consider the applicable obligations under MiFID II, national implementing rules, and the policies, procedures, systems, and controls implemented within the firm in the area of investment services and activities. The assessment should also consider the results of any monitoring activities and any relevant internal or external audit findings.
The identified risks should be reviewed regularly and, when necessary, also on an ad-hoc basis to ensure that any emerging risks are taken into consideration (for example, resulting from new business fields, other relevant changes in the firm’s structure, or the applicable regulatory framework).
The aim of the risk-based monitoring program should be to evaluate whether the company’s business is conducted in compliance with its obligations under Markets Compliance related regulatory requirements, such as those laid down under the MiFID II, as well as whether its internal policies and procedures, and control measures remain effective, and appropriate to ensure that Markets Compliance risk is comprehensively monitored.
Where a company is part of a group, responsible for the Markets Compliance function rests with each company in that group. A company should therefore ensure that its compliance function remains responsible for monitoring its own Markets Compliance risk. This includes where a company outsources Markets Compliance tasks to another company, within the group. The Markets Compliance function within each company should take into account the group of which it is a part. For example, by working closely with audit, legal, regulatory, and compliance staff in other parts of the group.
The Markets Compliance function should also ensure that its monitoring activities are not only risk-based but that it also verifies how the Markets Compliance-related policies and procedures are implemented in practice, for example through the on-site inspections at the investment units. The Markets Compliance function should also consider the scope of reviews to be performed, to ensure compliance with applicable regulations, such as MiFID II, and other applicable regulations.
Monitoring activities performed by the Markets Compliance function should take into account:
- the company’s obligation to comply with applicable provisions of market regulatory requirements;
- the first level of control in the company’s areas; and
- reviews by the risk management function, internal audit function, or other control functions in the area of investment services and activities.
The compliance function should have a role in monitoring the operation of the complaints process, and it should consider complaints as a source of relevant information in the context of its general monitoring responsibilities.
Market intermediaries should act in a way that protects their clients’ interests while also contributing to the market’s integrity. They are required to adhere to all regulatory frameworks in which they operate. Compliance with securities laws, regulations, and rules (referred to as “securities regulatory requirements” in this paper) is a necessary foundation for fair and orderly markets as well as investor protection. It is also critical that businesses create a “culture” that values and promotes not only compliance with the “letter of the law,” but also a high ethical and investor protection standard.