The new compliance program defines compliance as the overall handling by the bank of business risks that could negatively affect the franchise value of the bank. Under the new circular of the BSP, business risk is defined as the conditions which may be detrimental to the banks’ business model and its ability to generate returns from operations.
The BSP first instituted its compliance framework in the aftermath of the 1997 Asian Financial Crisis as a means to immediately strengthen bank governance. The concept of compliance, however, was limited to the adherence of legal and regulatory provisions set either by law or through the prudential framework of the BSP.
This contrasts with the new definition which covers, among others, risks to the bank’s reputation from decisions that ultimately erode the public’s trust of the bank. That facet of compliance that refers to taking actions that are contrary to regulations and identified best practice has been retained but the new definition covers wider ground.
A critical element of the new guideline is the Chief Compliance Officer (CCO). While the Board of Directors of each bank shall define and approve the bank’s compliance program, it is the CCO who is responsible for overseeing the administration of this compliance program.
Highlighting the importance of the function of the CCO, the new compliance framework announced by the BSP clearly requires the CCO to be subjected to existing fit and proper rules.
Re-asserting the independence and seniority of the position, the new guidelines also mandates that the CCO shall have no line functions in the bank and should functionally report to the bank’s Board. A board-level compliance committee is mandated by the new circular and this committee shall be chaired by a non-executive director.
The BSP’s move on the new framework is in line with its position that prudent behavior and governance standards are primarily the responsibility of the bank and not the regulator. These are to be assured by the bank’s senior officers for which the bank CEO and the CCO take the lead as far as compliance is concerned.
This responsibility upon bank management is evident under the new framework. For example, the new circular dispenses with the prior requirement for the bank to submit a compliance manual. It requires instead the CEO and the CCO to submit an affidavit under oath that a compliance system has been approved by the bank’s Board and that the compliance manual reflects such an approved system. The manual itself can be requested by BSP examiners during on-site examination.
The BSP makes a distinction between “simple” and “complex” banking operations. This provision is found in the new compliance guidelines, in its revised corporate governance framework and its proposed amended outsourcing circular which has yet to be elevated to the Monetary Board.
The net effect of this distinction is that the CCO is envisioned to be a full-time position for banks’ operating complex business models. Those which are classified as simple may have a non-executive bank director acting concurrently as the CCO.
As a default mode, universal and commercial banks are deemed to operate complex business models. Thrift banks and rural banks are classified as operating simple business models. The BSP points out however that this classification is not permanent. The BSP can then adjust the classification of a particular bank as its evaluation may suggest.
The provisions of the new compliance program should be fully met by banks on or before July 1, 2012.