Compliance - One Liner Notes

Compliance Function Overview

1.Compliance means adhering to applicable laws, regulations, and internal policies governing banking activities.

2.The compliance function helps prevent, detect, and address deviations, illegalities, and nonconformities in bank operations.

3.Compliance is an independent function responsible for identifying, assessing, advising, monitoring, and reporting compliance risks.

Objectives of Compliance

4.The key objective of compliance is to ensure effective management of compliance risk across the bank.

5.Compliance aims to foster a strong compliance culture at all organizational levels.

6.It prevents reputational risk that may arise from compliance failures.

7.Compliance ensures strict adherence to statutory, legislative, regulatory requirements, and internal codes.

Three Lines of Defense

8.First Line of Defense: Business Units manage risks as part of daily operations.

9.Second Line of Defense: Risk & Compliance functions oversee and challenge the risk management activities of business units.

10.Third Line of Defense: Internal Audit performs an independent review and provides assurance on effectiveness of controls.

Compliance Culture

11.Compliance culture is strengthened through regular training, e-learning modules, newsletters, and open communication.

12.Performance appraisal systems include incentives to encourage compliance-oriented behavior.

13.Mandatory ongoing training and disciplinary measures help reinforce a strong compliance culture.

Compliance Structure

14.The Compliance Department operates from the Corporate Office to maintain effective coordination with regulators.

15.Nodal Officers are appointed at Corporate, Zonal, Regional, and Branch levels to ensure adherence to compliance requirements.

16.Every employee is responsible for ensuring compliance within their respective functional role.

Role of Board and Audit Committee

17.The Board ensures that the Compliance Policy is framed, implemented effectively, and periodically reviewed.

18.The Board reviews the compliance function quarterly and ensures adequate staffing and resources.

19.The Audit Committee of the Board (ACB) reviews compliance reports and monitors supervisory and regulatory compliance.

Chief Group Compliance Officer (CGCO)

20.The CGCO is responsible for overall compliance risk management and reports directly to the MD/CEO and the Board/ACB.

21.The CGCO must have a minimum of 15 years of banking experience, including 5 years in compliance, audit, or risk management.

22.The CGCO interacts directly with regulators and ensures compliance across the entire bank.

Duties & Responsibilities of Compliance Function

23.The compliance function apprises the Board and Senior Management about key regulations and developments.

24.It conducts an annual compliance risk assessment and prepares a risk-focused activity plan.

25.It reports compliance failures and major regulatory changes to higher authorities.

26.It monitors and tests compliance using on-site and off-site checks.

27.It ensures timely reporting of penalties, regulatory actions, and supervisory issues.

Tools of Compliance

28.Compliance uses on-site and off-site test checking for KYC-AML and other parameters.

29.OCRMS data is pushed from the Big Data Lake; items left out are covered under OCTMS through branch visits.

30.Web-based compliance systems include CERMO Nxt, OCTMS, and OCRMS.

31.OCRMS (Offsite Compliance Reporting and Monitoring System) is done on a monthly basis.

32.There are 84 parameters in OCRMS assessment.

33.OCTMS (Onsite Compliance Testing and Monitoring System) is conducted on a quarterly basis.

34.There are 101 parameters in OCTMS assessment.

35.Action Taken Reports (ATR) are prepared for implementation of regulatory circulars.

KYC–AML–CFT Compliance

36.The four key elements of KYC–AML–CFT compliance are: CIP, CAP, Monitoring of Transactions, and Risk Management.

37.Mandatory KYC documents and periodic updation (Re-KYC) are required for all customers.

38.Enhanced Due Diligence (EDD) is mandatory for high-risk customers.

Administrative Enforcement of Accountability

39.Staff accountability is monitored using a Red Flag (negative) and White Flag (positive) points system.

40.Repeated non-compliance may lead to penal action against employees.

41.The accountability framework includes 94 Red Flag parameters (violations/non-compliance) and 39 White Flag parameters (good compliance).

Risk-Based Supervision (RBS)

42.A dedicated RBS Department coordinates with RBI and ensures timely regulatory compliance.

43.Compliance includes adhering to Risk Mitigation Plans (RMP) and Inspection Risk Assessment Reports (IRAR) issued by RBI.

Regional Compliance Officer (RCO)

44.The RCO is appointed at the Regional Office, generally in MMGS-II or MMGS-III rank.

45.RCOs conduct quarterly on-site compliance test checks — 25 branches per region per quarter, ensuring all branches are covered annually.

Zonal Compliance Officer (ZCO)

46.The ZCO is posted at the Zonal Office in SMGS-IV grade.

47.ZCOs perform onsite cross-verification and compliance test checks covering 5% of branches or at least 15 branches per quarter in their zone, with special oversight on high-risk branches.