The Monetary Board (MB), in its meeting held on 16 May 2013, approved the adoption of a Compliance Rating System, an assessment tool that the BSP has developed to comprehensively evaluate during an on-site examination the effectiveness of a bank’s and other supervised financial institutions’ compliance system in mitigating business risk.
BSP Circular 747 requires institutions to have a robust, dynamically-responsive and appropriate compliance system as an integral component of an institution’s internal controls. The adoption of the Compliance Rating System will serve as a tool for BSP in assessing in a systematic and consistent manner the overall effectiveness of an institution’s compliance system, both to prevent and to address operational weaknesses and violations of rules and regulations.
The Compliance Rating System complements an increasingly broad array of assessment tools developed by the BSP. Earlier it had developed similar tools to assess AML compliance and the quality of corporate governance in banks and other supervised institutions. Specifically, the assessment on compliance system will form part of BSP’s assessment of “controls and independent oversight” factor in the Corporate Governance assessment as articulated in Memorandum to All BSP Supervised Financial Institutions No. 2013-002 dated 11 January 2013. Overall assessment of corporate governance, in turn, shall be incorporated in the “Management” component rating of a CAMELS1 rating. On the other hand, for branches of foreign banks, the compliance assessment shall provide an input in the “C” component of the ROCA2 rating system.
In arriving at the composite Compliance Rating System, the effectiveness of the compliance system will be assessed based on three components. These components will be assessed taking into account the size, complexity and risk profile of the institution. The first component is the effectiveness and efficiency of the Board of Directors (BOD) and Senior Management (SM), of which the Chief Compliance Officer (CCO) is the lead operating officer on compliance, in designing, implementing, and monitoring a compliance system. Ultimately, this component rating measures whether the BOD and SM have fulfilled their duties and responsibilities on compliance. A strong or acceptable Management oversight component exhibits the following characteristics: (a) clear delineation of duties and responsibilities of the BOD and SM; (b) independence of the compliance function; (c) sufficient resources of compliance function to carry out its responsibilities effectively; and (d) cooperative and constructive working relationship of the compliance function with the BSP and other units within the organization.
The second component is the soundness and effectiveness of implementation of Compliance Policy through a Compliance Program. The compliance system shall be designed to specifically identify and mitigate business risk which may erode the franchise value of the institution. To achieve this objective, SM shall design and implement sound policies and procedures which shall be documented in a Compliance Policy Manual and approved by the BOD. These policies and procedures are executed by the SM, through a compliance function, under a Compliance Program. The Compliance program sets out the compliance function’s planned activities, such as the implementation and review of specific policies and procedures, risk assessment, compliance testing, and educating staff on compliance matters.
The last component measures the adequacy and soundness of internal controls that support BOD and SM in identifying, measuring, monitoring and controlling business risks; and the effectiveness of the internal audit in assessing the compliance function.
Each component will be rated using a four point rating scale, with 4 as the highest rating which indicates the strongest and most effective compliance system that entails minimal supervisory concern on compliance. The lowest rating of 1, on the other hand, signifies the weakest compliance system which requires the highest degree of supervisory concern on compliance. The overall or composite rating generally bears a close relationship to each component rating assigned. However, composite rating is not derived by computing arithmetic average of the component ratings. The BSP shall assess which areas place the greatest impact on safety and soundness of the institution.
The Compliance Rating System will be used in assessing the effectiveness of banks’ compliance system in examinations starting September 2013.
1 Capital Adequacy, Asset Quality, Management, Earnings, Liquidity, and Sensitivity to Market Risk
2 Risk Management, Operational Controls, Compliance and Asset quality