A. Responsibilities of the compliance function.
Guideline 1: Evaluation of compliance risk.
Investment firms must ensure that the compliance function takes a risk-based approach in order efficiently to allocate resources to that function. Compliance risk assessment must be used to determine the core of the supervisory and advisory activities of the standards compliance function, and this valuation will be conducted periodically to ensure that the core and the field of the supervision and advisory activities are still valid.
Guideline 2: Obligation to supervise the compliance function.
Investment firms must ensure that the compliance function has a plan or supervision programme that covers all relevant areas of investment services, activities and ancillary services. This supervision programme must establish priorities identified by the assessment of compliance risk by ensuring that the full gamut of risk is supervised.
Guideline 3: Obligations of the reporting on the compliance function.
Investment firms shall ensure that regular written reports on the compliance function be sent to senior management. These reports must contain a description of the implementation and effectiveness of the conditions for the full supervision of investment services and activities and a summary of the risks which have been identified as well as the solutions that have been or will be adopted. The reports should be written periodically as appropriate and at least annually. If, in the fulfilment of the compliance function, any material fact were discovered, the compliance officer must immediately inform the senior management. The supervision function (or department), if any, shall also receive reports.
Guideline 4: Obligations of advice on the compliance function.
Investment firms must ensure that the advisory activities incorporated into the compliance function are performed; this includes providing support for training and providing daily assistance to employees, and participating in the establishment of new policies and procedures within the investment firm.
B. Organisational requirements of the standards compliance function.
Guideline 5: Effectiveness of the compliance function.
Investment firms, when they ensure that they have the appropriate human and material resources for the fulfilment of the compliance function, must take into account the size and type of financial services, activities and ancillary services that the entity carries out. The staff responsible for the compliance function must have the authority to fulfil their functions effectively and have access to all relevant information on the activities of the entity. The compliance officer must have comprehensive knowledge and experience and a sufficiently high degree of technical competence so as to enable him to assume the responsibility of compliance as a whole and ensure its effectiveness.
Guideline 6: Continuity of the compliance function.
MiFID requires that investment firms ensure that the compliance function performs his duties and responsibilities with the intention of being permanent. Investment firms shall adopt the appropriate performance predictions to ensure that the responsibilities of the compliance officer are carried out when he is absent and to ensure that these responsibilities are fulfilled continuously. These provisions must be be in writing.
Guideline 7: Independence of the compliance function.
Investment firms must ensure that the compliance function has a place within its organizational chart to ensure that the compliance officer and other employees performing the compliance function are independent of other departments in the fulfilment of their functions. The compliance officer shall be appointed and replaced by senior management or the supervisory department.
Guidelines 8: Exemptions.
If an investment firm considers that it is proportional to apply the requirements for the compliance function in article 6.3 c) or d) of the implementing directive or level 2, it must assess whether the effectiveness of the compliance function is compromised due to being exempt in whole or in part for compliance with those precepts. This assessment must be reviewed periodically.
Guidelines 9: Combination of the compliance function with other functions.
In general, an investment firm must not combine the compliance function with the internal audit function. The combination of the compliance function with other control functions may be acceptable if it does not compromise the effectiveness and independence of the compliance function. Any combination must be documented, including the reasons for it, such that the competent authorities may assess whether it is appropriate for each particular circumstance.
Guide 10: Outsourcing.
Investment firms must ensure that all requirements of the compliance function are fulfilled in the event of outsourcing of all or part of that function.
C. Supervision of the compliance function by the competent authorities.
Guidelines 11: Review of the compliance function by the competent authorities.
The competent authorities must review how entities are intended to fulfil, implement and maintain the requirements the MiFID sets out for the compliance function both in the context of the licensing process, following a risk-based approach, in the course of ongoing supervision firm once it has been authorised.
It may be recalled that ESMA guidelines bind its members in a quasi-compulsory manner since, according to articles 16.3 and 16.4 of Regulation 716/2010 of the Council and EU Parliament (ESMA Regulation), competent authorities have two months to decide and inform ESMA and the market if they meet the guidelines or, if not, to report the reasons for not following the recommendations. ESMA shall report to the Parliament, Council and European Commission on decisions taken by national competent authorities on the implementation of the guidelines, and the means that ESMA has to verify such compliance.
If you want to read the full document, click on: http://www.esma.europa.eu/system/files/2012-388.pdf