SURYODAY SMALL FINANCE BANK LIMITED COMPLIANCE POLICY

Transcription

1 SURYODAY SMALL FINANCE BANK LIMITED COMPLIANCE POLICY

2 Table of Contents 1. Introduction Objectives of the Policy Applicability and Compliance Philosophy Compliance Philosophy Compliance Function Board / ACB Compliance Department Functional Compliance Managers at the Functional Departments Branch Managers/ Branch Customer Care Representatives All Employees Scope of the Compliance Department Function of the Compliance Department Independence of Compliance Personnel Process of Compliance Management Identification and Dissemination of regulations Compliance Risk Assessment Identify emerging trends/ changes in products and processes Compliance Monitoring and Testing Identifying Breaches Compliance Breach Reporting Annual Audit by Internal Audit Disclosures Record Keeping Review

3 1. Introduction RBI vide circular on Compliance Function in Banks dated April 20, 2007 and March 4, 2015, advised that all banks shall formulate a Compliance Function for their respective banks and put in place a Compliance Policy with the due approval of their Board of Directors to manage compliance risk. In accordance with these guidelines, this Compliance Policy aims at establishing a robust Compliance System in Suryoday Small Finance Bank. The Compliance Policy document seeks to define the compliance philosophy in the Bank and lays down the scope of compliance, compliance processes and procedures for managing compliance risk. 2. Objectives of the Policy The objective of the Compliance Policy is to embed compliance in every department of the Bank in an effective way as a part of the corporate culture that emphasizes standards of honesty and integrity. It concerns everyone in the Bank and viewed as an integral part of the business. The Bank shall hold itself to high standards when carrying on business and, at all times, strive to observe the spirit as well as the letter of the law. The key objectives of the Compliance Policy are as under: Have an independent Compliance Department at the Head Office with an officer having a long banking or Financial Institution experience heading it with adequate support staff and its roles and responsibilities specified. Put in place a compliance structure in other Functional Departments at Head Office and in Regional Offices and branches, if required, specifying the role and responsibility of each functionary. Ensure that the remuneration of the compliance personnel is not related to the business line for which they exercise compliance responsibilities though it could generally be related to the financial performance of the Bank as a whole. Focus on regulatory compliance, statutory compliance, compliance with fair practice codes and other codes prescribed/ suggested by self-regulatory organizations, government policies, the Bank s internal policies and prevention of money laundering and funding of illegal activities. Institutionalize a framework for putting up appropriate reporting including reporting of monitoring results, compliance risk assessment and change in the compliance risk profile by the Compliance Department to the Senior Management and the Board of Directors or ACB as applicable.

4 Bestow adequate rights to the Compliance Department to have access to information necessary to carry out its responsibilities and for pointing out/ looking into possible breaches of the Compliance Policy. Defines the relationship between the Head Compliance and heads of other Functional Departments. Provide independence to the Compliance Department from the Internal Audit Department Put in place a mechanism for dissemination of information on regulatory prescriptions and guidelines among operational staff and periodic updating of operational manuals to incorporate changes in regulatory and statutory prescriptions. Define the process for approval of all new processes and products by the Compliance Department prior to their introduction. Monitoring strict observance and adherence to all statutory provisions contained in various legislations such as Banking Regulation Act, Reserve Bank of India Act, Foreign Exchange Management Act and Prevention of Money Laundering Act, other regulatory guidelines issued by RBI and standards and codes prescribed by BCSBI, IBA, FEDAI and FIMMDA from time to time. 3. Applicability and Compliance Philosophy The policy will apply to all departments of the Bank and covers all the products and services offered/ distributed by the Bank through BCs/sub-agents. In order to achieve and maintain a high standard of compliance, all departments should abide by its compliance philosophy. 3.1 Compliance Philosophy As a part of the Compliance philosophy of the Bank, it is envisaged to embed compliance in every department of the Bank in an effective way as a part of the corporate culture that emphasizes standards of honesty and integrity. The organization shall hold itself to high standards when carrying on business and, at all times, strive to observe the spirit as well as the letter of the law. The key components of the Compliance philosophy of the bank are as under:

5 Ownership of compliance - Compliance starts at the top. The Board of Directors of the Bank are responsible for overseeing the management of compliance risk and implementation of the Compliance risk management framework across the Bank. Shared compliance responsibility - Compliance is the responsibility of every individual in the organization and it is necessary for all staff to be aware and adhere to the applicable laws and regulations. Compliance culture - The Bank shall promote awareness of compliance obligations and ethical values to maintain an appropriate compliance culture throughout its businesses. Compliance shall not be seen as an activity of the Compliance Department alone but as a culture that shall pervade across the Bank. Independence - The Compliance Department shall be an independent function that has the ability to objectively assess and express its views on the policies and practices of other functions/businesses in relation to compliance. Communication The Bank shall have open lines of communication, both upstream and downstream so as to enable the staff to voice their concerns on actual/ potential compliance breaches irrespective of the hierarchy Coordination with other departments - The Compliance Department shall work in close coordination with the Functional and Business Departments in order to efficiently and effectively manage compliance risks. Compliance performance assessment The Bank shall integrate the parameters related to Compliance risk management in the overall performance management scorecard so that all staff members prioritize compliance. 4. Compliance Function Provided below is a brief summary of the roles and responsibilities of the key members of the Compliance Function: 4.1 Board / ACB The Compliance Policy shall be approved by the Board.. The Audit Committee of the Board (ACB) shall review the Compliance Reports on a quarterly basis. A detailed Annual Review shall be placed before the Board. 4.2 Compliance Department The Compliance Department headed by will be headed by an executive having sufficient banking experience designated as the Head - Compliance shall have team members to take

6 care of compliance functions namely Regulatory Advisory, Compliance Monitoring and Testing, Monitoring KYC/AML, Dissemination etc. The Compliance Department at the Head Office shall be responsible for implementing the Compliance Policy. 4.3 Functional Compliance Managers at the Functional Departments In future as the Bank will expand its presence, the Compliance personnel at the Functional Departments shall co-ordinate with the Compliance Department for managing the information system and the compliance related issues of the respective departments. The individual departments shall maintain a comprehensive data of rules and regulations derived from various sources. Apart from the data on regulatory and statutory compliances, data on internal policies, rules and guidelines shall be maintained by each Functional Department. The Functional Compliance Managers shall ensure that all regulatory and statutory guidelines are disseminated to field level functionaries for compliance. The Functional Compliance Managers shall also update and circulate all the rules, standards and laws relating to their functional area from time to time. 4.4 Branch Managers/ Branch Customer Care Representatives At branches, the Branch Managers (BMs)/ Branch Customer Care Representatives (Branch CCRs) will perform the role of Compliance Officer. However, in single man branches, the Branch Manager will perform the role of the Compliance Officer also. The Branch Managers shall submit the report on breaches/ non-compliances immediately to the RCMs The Branch Managers, functional managers shall submit the report on status/ extent of compliance using the available modes as prescribed at the periodicity in which the certification of compliance is to be done, which shall be assigned/prescribed by the Compliance Department at Head Office. 4.5 All Employees Compliance is a responsibility shared by every individual within the Bank. It shall be the responsibility of every employee in the Bank to: Follow the requirements of the Compliance Policy and other internal policies and procedures Consult Nodal officers/ Compliance Officers on compliance issues, as appropriate

7 Report non-compliances to the Nodal officers/ Compliance Officers, as the case may be Attend trainings organized on compliance aspects Keep updated on regulatory compliance requirements advised from time to time. 5. Scope of the Compliance Department The main objective of the Compliance Department is to assess the compliance risks that the Bank may be susceptible to and the materiality of such risks. The Basel Committee on Banking Supervision (BCBS) has published a high level paper on Compliance Risk and the Compliance Function in Banks in April 2005 prescribing certain principles aimed at strengthening Compliance structure in Banks. The paper defines Compliance Risk as "the risk of legal or regulatory sanctions, material financial loss or loss to reputation a bank may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organization standards and codes of conduct applicable to its banking activities". Considering that the Bank s business activities and operations in India are governed by many laws, acts and regulations that have been developed by numerous regulatory and legislative bodies. The compliance areas in the Bank shall be divided into three broad categories: Statutory Compliance: The Bank has to ensure strict observance of all statutory provisions contained in various banking related legislations such as Banking Regulation Act, Reserve Bank of India Act, Foreign Exchange Management Act and Prevention of Money Laundering Act. Regulatory Compliance: The Bank has to ensure strict observance of other regulatory guidelines issued from time to time by the regulators such as RBI, Securities and Exchange Board of India (SEBI), Association of Mutual Funds of India (AMFI) and Insurance Regulatory and Development Authority of India (IRDA) and such compliances shall be termed as regulatory compliance. Other Compliances: In addition to the statutory and regulatory compliances, the Bank has to comply with standards and codes prescribed by IBA, BCSBI, FEDAI, FIMMDA, etc and other external regulations and also the Bank's internal policies and fair practices code

8 6. Function of the Compliance Department The primary functions of the Compliance Department are as under: Regulatory Advisory To identify statutory and regulatory compliance requirements and other compliance obligations arising out of the fair practices codes and other codes prescribed by selfregulatory organizations, IBA, FEDAI, BCSBI, FIMMDA, IRDA, SEBI, etc., government policies, prevention of money laundering and funding of illegal activities and the Bank's internal policies. Review the compliance framework with the CCM and get it approved by the Head - Compliance and then the Board/ ACB in line with the compliance testing results Provide a mechanism to ensure that regulatory guidelines/ instructions are promptly issued/ disseminated within the Bank and to monitor Compliance with the regulatory guidelines/ instructions. Develop function-wise compliance manuals and get them approved from the Head Compliance. Compliance Monitoring and Testing Liaise closely with Regulatory Advisory Compliance Manager and AML/KYC Compliance Manager to gather inputs on the themes/ emerging trends for compliance testing Providing compliance testing results to the Regulatory Advisory Compliance Manager and AML/KYC Compliance Manager to review products, processes or frameworks To assist the Senior Management of the Bank in managing effectively the compliance risks faced by the Bank. Provide a methodology to proactively identify, document, assess and monitor the compliance risks associated with the Bank's business activities and products. Provide procedures to integrate the Compliance Risk Management framework with the Bank's Operational Risk Management Framework. AML/ KYC Gather inputs from the Compliance Monitoring and Testing Manager on the test results and accordingly get the products/ processes reviewed Monthly compilation of cash transaction reports and suspicious transaction reports Creating AML/KYC awareness by conducting training for front-office, mid-office and back-office Develop the logic of alert generation for suspicious transactions, monitoring the results from the such triggers and updating the triggers based on periodic review or compliance monitoring/ testing results or findings

9 Monthly compilation of cash transaction reports and suspicious transaction reports Reporting 1 of information relating to cash transactions, cash transactions integrally connected to each other, all transaction involving receipts by non-profit organizations and cash transactions where forged or counterfeit currency notes have been used, to the Director, Financial Intelligence Unit- India (FIU-IND) 7. Independence of Compliance Personnel The Bank shall ensure independence of the Head - Compliance and the other staff in the Compliance Department to avoid conflict of interest and the compliance staff should primarily focus on managing compliance. The Head - Compliance shall have access to all information he requires and have the right on his own initiative to communicate with any staff member of the Bank and obtain access to any records or files necessary to carry out his responsibilities. The Head - Compliance shall be empowered to conduct compliance reviews and investigations whenever required and to request assistance from the specialists within the Bank. The authority to use external experts for the purpose of investigation shall be left to the discretion of the Head - Compliance with the permission of MD & CEO. The Head - Compliance shall be free to report to MD & CEO on any irregularities or possible breaches disclosed by its investigations without fear of disfavour from management or other staff members. The Compliance Department shall also have the right of direct access to the Audit Committee of the Board. 8. Process of Compliance Management The key processes followed by the Compliance Department are represented in the diagram as given below: 1 As per the circular on Master Circular Know Your Customer (KYC) norms / Anti-Money Laundering (AML) standards/combating Financing of Terrorism (CFT)/Obligation of banks and financial institutions under PMLA, 2002 (RBI/ /42 DBR.AML.BC.No.15/ / ) dated July 1, 2015 and RBI KYC Direction dated February 25,

10 New Regulatory identification & dissemination 2. Compliance Risk Assessment 6. Reporting to ACB/ Board Compliance Management Process 3. Identifying emerging themes/ changes in processes 5. Identifying Breaches 4. Monitoring &Testing plans 8.1 Identification and Dissemination of regulations Identification and Dissemination of all regulatory and statutory guidelines, circulars/letters received from RBI and other applicable regulators and Government of India (GOI). The Compliance Department shall follow up on a monthly basis compliance of all guidelines/ circulars/letters from Regulatory and Statutory authorities in connection with banking activity by the Functional Departments and submit a monthly status report on action taken on the guidelines/letters/circulars to the MD. Further a quarterly note on status with regard

11 to compliance of various directions of Regulatory and Statutory authorities is to be placed to Audit Committee/ Board. The Compliance Department shall monitor timely submission of regulatory returns by the controlling offices through a system of monthly/ quarterly return calendar which will indicate the returns/reports to be submitted by each Branch/ Regional Office/ Functional Department along with the due date of submission. The Compliance Department shall serve as reference point for the Bank's staff in Functional Departments for seeking clarifications/ interpretation of various regulatory and statutory guidelines With a view to create awareness and educate staff on the compliance related activities, the training programs conducted by the Bank should include suitable sessions on compliance and compliance risk management. 8.2 Compliance Risk Assessment The Compliance Department shall at frequent intervals interact with Risk Department, Legal & Secretarial Department and Internal Audit Department to take stock of the latest developments. The Compliance Department in coordination with the Risk Department and the other Functional Departments shall determine the universe of regulations applicable which would include guidelines, notifications and the circulars issued by the regulators. Further, they shall work closely to identify and categorize the compliance risks as "High", "Medium", and "Low" risks and subject such risks to the Frequency and Severity tests. This would enable the Bank to focus on the compliance risks that demand appropriate attention to mitigate the risks. The Compliance Department in coordination with the Risk Department and Internal Audit Department will identify and document the compliance risk associated with the Bank's business activities/ products basis the identified compliance universe which contains all laws, regulations and standards which are material and relevant to the business and formulate procedure for measuring the compliance risk and compliance testing from the most granular level e.g. a branch that is responsible for complying with various regulations. The compliance risks in all new products and processes shall be thoroughly analyzed and appropriate risk mitigants by way of necessary checks and balances should be put in place before launching. The Head - Compliance shall be a member of the "New Product & Process

12 Approval" committee to ensure that the new products/ processes have clearance from all perspectives including compliance. The compliance risk assessment is a dynamic process / activity which focusses on both ongoing risks endemic to the business of the unit and new risks, arising by virtue of new laws or regulations, new interpretations of existing laws or regulations or a new activity of the Functional Department. The Compliance Department shall carry out an annual compliance risk assessment in order to identify and assess major compliance risks faced by them and prepare a plan to manage the risks. The Annual Review shall broadly cover the following aspects covering all functional areas of the Bank's activities. All Functional Departments shall provide inputs in preparing this Annual Review: Independence of the Compliance Department Scope of compliance procedures and processes System of internal control to minimize compliance risk List of all major regulatory guidelines issued during the preceding year and steps taken by the Bank to ensure compliance Compliance with fair practices codes and adherence to standards set by self-regulatory bodies and accounting standards Compliance failures, if any during the preceding year and consequential losses and regulatory action as also steps taken to avoid recurrence of the same. Progress in rectification of significant deficiencies pointed out in the internal audit, statutory audit and RBI inspection reports and position of implementation of recommendations made therein Strategy for the next year including restructuring of Compliance Department, if necessary, posting/ transfer/ training of staff, etc. 8.3 Identify emerging trends/ changes in products and processes Based on the regulatory developments and the compliance risk assessments, the Compliance Department shall identify the emerging trends and themes arising out of the compliance monitoring and testing results as well as through internal audit findings. The Compliance personnel should analyse the impact of new regulations/ audit findings and assess which products and processes shall be impacted by such regulations/ audit findings. They should give guidance to the business/ operations teams for aligning the products/ processes with the new regulations/ audit findings.

13 8.4 Compliance Monitoring and Testing The internal audit findings shall serve as a feedback mechanism for the Compliance Department for assessing the areas of compliance breaches/ failures. For this purpose the Internal Audit Department at Head Office shall include compliance aspect as a part of the branch audit reports for the branch audit team/ concurrent auditors to verify the level of compliance. The Internal Audit Department at Head Office should keep the Compliance Department informed of the audit findings related to compliance. 8.5 Identifying Breaches The Compliance Department shall obtain a self-certification from all the business/ operating functions on compliance with all applicable laws, regulations and notifications. The Compliance shall find out the details of breaches/ deviations and violations from these selfcertifications and shall keep track of these violations. The Compliance Department shall ensure these violations are reported to the Audit Committee and shall track these action points to closure. Further, the Compliance personnel shall also find out compliance breaches through compliance monitoring and testing plans and such audit findings shall serve the basis for identifying compliance breaches. 8.6 Compliance Breach Reporting Staff Accountability shall be examined for all compliance failures and breaches and appropriate disciplinary measures shall be taken. The Bank shall endeavour to design a suitable system to give due weightage to the record of compliance during performance appraisal of the staff. Compliance failures/ breaches shall be immediately reported to Head Compliance and senior management and if they meet any of the following criteria: Criminal or fraudulent event (all events to be reported irrespective of loss amount) Material breach of the Bank s business principles Material breach of applicable laws, regulations and standards Material reputation damage Regulatory sanctions (all events to be reported irrespective of amount) Whistle blower event. The Compliance Department shall also review violations by outsourced parties (who have been employed for selling or distributing the Bank s products or services) of laws, regulations or standards applicable to third parties. Further, they should also review fraudulent, criminal or other unlawful conduct, as well as other conduct inconsistent with the Bank s internal standards and guidelines.

14 9. Annual Audit by Internal Audit The activities of the Compliance Department shall be subject to annual audit by the Internal Audit Department which shall be included in the risk assessment methodology of the Internal Audit function and the audit program shall cover the adequacy and effectiveness of the Bank's compliance including testing of controls commensurate with the perceived level of risk. The report of the Annual Audit shall be placed before the Board. 10. Disclosures Non-compliance with any regulatory guidelines and administrative actions initiated against the Bank along with corrective steps taken to avoid recurrence of the lapses shall be disclosed in the annual report of the Bank. Discomfort conveyed to the Bank on any issue by any regulator other than RBI, shall be brought to the notice of RBI. 12. Record Keeping 2 The records shall be retained for at least eight years. Where the compliance matter (i.e. compliance failure or compliance events which may develop into a failure) is ongoing, the responsible Compliance personnel shall maintain a complete file along with Legal & Secretarial Department. 13. Review The Policy shall be reviewed as and when required or at least once in a year, to suit the needs of the Bank and to comply with revised guidelines issued by RBI from time to time. **************** 2 The requirement of eight years for record retention is as per Companies Act 2013 and Income Tax Act. The RBI circular on Master Circular Know Your Customer (KYC) norms / Anti-Money Laundering (AML) standards/combating Financing of Terrorism (CFT)/Obligation of banks and financial institutions under PMLA, 2002 (RBI/ /42 DBR.AML.BC.No.15/ / ) dated July 1, 2015 and RBI KYC Direction dated February 25, 2016 specifies a period of five years from the date of transaction for retention of records