The European Securities and Markets Authority (ESMA), published on the 10 June 2020 the final guidelineson the MiFID II compliance function. These guidelines replace the ESMA guidelines on the same topic issued in 2012 and include updates that enhance clarity and foster greater convergence in the implementation, and supervision, of the new MiFID II compliance function requirements.
While the objectives of the compliance function as well as the key principles underpinning the regulatory requirements have remained unchanged, the obligations have been further strengthened, broadened and detailed under MiFID II. The guidelines will enhance the value of existing standards by providing additional clarifications on certain specific topics, such as new responsibilities in relation to MiFID II’s product governance requirements, by notably detailing further the reporting obligations of the compliance function.
The guidelines are addressed to investment firms and credit institutions providing investment services and activities, investment firms and credit institutions selling or advising clients in relation to structured deposits, UCITS management companies and external Alternative Investment Fund Managers (AIFMs) when providing investment services and activities in accordance with the UCITS Directive and the AIFMD.
Below are a list of additions to the 2012 guidance. It is certainly worth firms reviewing the requirements in the guidelines to ensure that they are complying.
General Guideline 1 – Compliance risk assessment
Ad hoc reviews of the compliance risk assessment may be triggered by, inter alia, changes in the regulatory framework.
General Guideline 2 – Monitoring obligations of the compliance function
The compliance function may, as an additional tool for monitoring activities, also interview the firm’s clients.
General Guideline 3 – Reporting obligations of the compliance function
The written compliance report to senior management should systematically include information about the compliance function’s role in the monitoring and review of the firm’s product government requirements along with any relevant findings, actions or general information in respect of the firm’s product governance arrangements.
The supporting guidelines also specify certain areas that the compliance report should address regarding the financial instruments manufactured and distributed by the firm (nature, complexity, distribution strategy, etc.).
General Guideline 4 – Advisory and assistance obligations of the compliance function
ESMA has inserted examples of the types of policies and procedures that the compliance function should help to elaborate, monitor and review. These include the firm’s remuneration policy and product governance policy and procedures.
Firms should promote a “compliance culture” which should be supported by senior management.
General Guideline 5 – Effectiveness of the compliance function
The firm should have arrangements in place to ensure effective communication between the compliance function and the other control functions, such as internal audit and risk management, as well as with any internal or external auditors.
General Guideline 6 – Skills, knowledge, expertise and authority of the compliance function
This is a new general guideline resulting from the split of the previous General Guideline 5, which previously focused on the compliance officer. The new guideline will require all of the firm’s compliance staff to have the necessary skills, knowledge, expertise and authority to discharge their obligations.
It is expressly provided that the compliance officer should demonstrate a high standard of professional ethics and personal integrity.
General Guideline 7 – Permanence of the compliance function
No changes have been made.
General Guideline 8 – Independence of the compliance function
The requirement that the compliance officer is appointed and replaced by senior management has been deleted as this has been incorporated in the MiFID II Delegated Regulation. No other changes have been made.
General Guideline 9 – Proportionality with regard to the effectiveness of the compliance function
The requirements which have been incorporated into the MiFID II Delegated Regulation have been deleted. No other changes have been made.
General Guideline 10 – Combining the compliance function with other internal control functions
If appropriate to the nature, scale and complexity of the business of the firm and taking into account the nature and range of investment services and activities undertaken, the firm should consider establishing and maintaining a core team of compliance staff members whose sole area of responsibility is MiFID II compliance.
General Guideline 11 – Outsourcing of the compliance function
The supporting guidelines clarify that a firm cannot discharge its compliance function responsibilities by outsourcing all or part of its compliance function. The relevant responsibilities attached to the outsourced functions or tasks will always remain with the firm.
General Guideline 12 – Competent Authority review of the compliance function
Updated to reflect good practices that certain national competent authorities use to supervise the compliance function requirements.
How we can help
If you would like to discuss any items raised in this article in relation to your compliance team, or you would like us to review your current compliance framework, please do get in touch.