AB Partners - The purpose of compliance function and differences from internal audit and other departments

What is the objective of the Compliance function and how does it differ from the functions of other departments?

Nowadays, great importance is given to the Compliance function in organizations with a corporate governance culture. With this analysis, AB Partners presents what is the purpose of implementing the Compliance function in financial institutions, as opposed to the functions of internal audit and other departments. In the upcoming analytical material, we will also refer to the principles of operation of the Compliance function and the effectiveness of management.

The purpose of Compliance function is to ensure that the organization adheres to the requirements of its environment, namely to laws, regulations, internal legal acts, code of conduct and international standards, while legal, sanctions and reputational risks (Compliance risks overall) are mitigated.

When considering the implementation of compliance function, organizations generally face two questions:

What is the difference between the Compliance and Internal Audit functions and how to avoid mixing those ones?

Whether the issues related to international sanctions are anti-money laundering and terrorism financing function, hence, internal monitoring body should be in charge of these duties?

Separation of the compliance function from internal audit

Compliance and internal audit departments have clearly defined and functional differences, which are summarized in the following main points:

The task and main goal of the Compliance department is to ensure the ongoing control of the organization, compliance of concluded transactions with respective internal procedures, current laws, and international best practices. Compliance should also ensure that possible deviations from these procedures are acceptable for the organization, and unacceptable deviations or violations are identified and excluded in advance, the root causes are being studied and remediated. From this perspective, one of the key functions of compliance department is the development of compliance culture in the organization by means of implementing informative and educational events.

The task and main purpose of internal audit is to control and assure that the organization is acting in accordance with its internal procedures, as well as the procedures for detecting and correcting violations are in place. The tasks of internal audit do not imply the implementation of ongoing control over compliance with laws, the relevance of internal procedures and comparability with international best practices.

Separation of the compliance function from Internal Monitoring Unit (IMU)

Compliance and Internal Monitoring units also have clear functional differences.

Functionally, the compliance function is broader and mainly covers fraud in financial transactions, prevention (not disclosure) of money laundering and terrorist financing, identification of sanctions risks, tax legislation, market abuse, investigation of conflicts of interest in the field of procurement, protection of personal data and ethics in issues related to personnel management, neutralization of corruption phenomena, etc.

Responsibilities of IMU are related to all issues in the fields of combating money laundering and terrorism financing; starting from the study of risks, their assessment and the coordination of works related to the definition of risk appetite, to the presentation of reports on transactions, monitoring, disclosure of risky transactions, coordination of internal processes and procedures for combating ML/TF.

Equally important is the subordination of these three functions to the corporate governance system of the organization and which management unit do they support with their activities. Depending on the specific management model of the financial organization, the functions of these two departments can also be in the structure of one common department, but they must individually have operational independence for making decisive decisions, and the issues raised by them, and the work done must be submitted either to the Board or the Compliance Committee attached to the Board.

Therefore, both Compliance and IMU, having different objectives and functions, should work closely together to identify and prevent compliance risks. At the same time, the annual program of internal audit should include a study of their activities.