RegSol Blog


ESMA Guidelines - On certain aspects of the MiFID II Compliance Function Requirements

June 2020

The role of the Compliance officer has been that of an independent assurance function that reports to the Board providing balanced impartial advice. Sufficiently resourced with clearly defined roles and responsibilities with access to information and personnel to coordinate the management of compliance risk across the organisation. 

The European Securities and Markets Authority (ESMA), the EU’s securities markets regulator, published the final guidelines on the MiFID II compliance function on June the 5th. These guidelines replace the ESMA guidelines on the same topic issued in 2012 and include updates that clarify the new MiFID II compliance function requirements. 

These guidelines apply from two months of the date of publication of the guidelines on ESMA’s website in all EU official languages.

While the objectives and principles of the compliance function remain unchanged, the obligations have been further strengthened. The guidelines will clarify responsibilities in relation to MiFID II’s product governance requirements, by notably detailing further the reporting obligations of the compliance function. 

The guidelines also provide a comprehensive roadmap for any compliance professional wishing to ensure that their role is effective and a beacon of assurance for their Board and Senior management team.

Worthy to mention for all compliance professionals are:

  • Conducting a regular risk-based assessment, the output to be used to create an effective risk-based compliance monitoring program with the aim of ensuring the firm’s business is conducted in line with its licence, policies, procedures and internal controls
  • Using suitable tools and methodologies for monitoring activities that could be used by the compliance function include (but are not limited to):
    • the use of aggregated risk measurements (for example, risk indicators); 
    • the use of (additional) reports warranting management attention documenting material deviations between actual occurrences and expectations (exceptions report) or situations requiring resolution (issues log);
    • targeted trade surveillance, observation of procedures, desk reviews, interview of relevant staff and/or, where necessary, and at the discretion of the compliance function, of a relevant sample of firm’s clients
  • Reporting on Findings to include a summary of major findings of the review of the policies and procedures, including risks identified in the scope of the compliance function’s monitoring activities;  breaches and deficiencies in the firm’s organisation and compliance process;  the number of complaints received in the period under review if not already reported through other sources. 
  • Promoting a ‘compliance culture’ throughout the firm, which should be supported by senior management. The purpose of the compliance culture is not only to establish the overall environment in which compliance matters are treated, but also to engage staff with the principle of improving investor/consumer protection as well as mitigating systemic risks.

ESMA Guidelines Document can be found HERE

By Judy de Castro - Regulatory Consultant