Financial Crime World

Compliance Risk Management: Key Requirements for Banks and Financial Institutions in the Philippines

The Bangko Sentral ng Pilipinas (BSP) has outlined key requirements for banks and financial institutions (BSFIs) to ensure effective compliance risk management. The guidelines aim to prevent legal or regulatory sanctions, material financial loss, or reputational damage that may arise from non-compliance with laws, rules, related self-regulatory organization standards, and codes of conduct.

Establishing a Dynamic Compliance Risk Management System

BSFIs must establish a dynamic and responsive compliance risk management system that identifies and mitigates potential risks. The system should be an integral part of the institution’s culture and risk governance framework, involving:

  • The board of directors
  • Senior management
  • Employees at all levels

Chief Compliance Officer (CCO)

The BSP has emphasized the importance of appointing a Chief Compliance Officer (CCO) who is responsible for overseeing the identification and management of compliance risks. To be eligible, the CCO must possess:

  • A bachelor’s degree in a relevant field
  • Five years of experience in banking or finance
  • Completion of a training program on compliance risk management

Board-Level Committee

BSFIs are required to establish a board-level committee that oversees the compliance program and ensures its implementation. The committee should be responsible for:

  • Reviewing and updating the institution’s compliance policy
  • Monitoring the effectiveness of the compliance program
  • Ensuring that compliance risks are identified, assessed, and mitigated

Senior Management Responsibilities

Senior management is responsible for implementing the compliance program, while the CCO is the lead operating officer on compliance matters.

Cross-Border Compliance Issues

The BSP has addressed cross-border compliance issues, requiring BSFIs to structure their compliance functions to address local compliance concerns within the framework of their organization’s overall compliance policy.

Outsourcing Compliance Risk Assessment and Testing

The BSP has permitted the outsourcing of compliance risk assessment and testing to qualified third parties, subject to certain requirements.

Consequences of Non-Compliance

Failure to comply with these requirements may be deemed as unsafe or unsound banking practices. The guidelines are intended to ensure that BSFIs maintain a robust compliance program that is commensurate with their size and complexity.