The Role and Responsibilities of a Compliance Officer
The Maltese financial services industry is a tightly regulated sector. Some would certainly argue that financial services operators are shackled by over-regulation, especially following the financial crisis of 2008/09.
When operators are required to comply with regulations, the risk of non-compliance, particularly in an overly regulated climate always exists. In the event of non-compliance, operators (and the individuals involved therein) may face criminal and/or administrative sanctions as well as reputational damage. Compliance officers, who the Malta Financial Services Authority (the “MFSA”) defines as “an [officials] of a regulated person (entity) whose role is to ensure that the entity complies with all laws under which it operates and rules issued by the Regulator” therefore play a crucial role in guiding operators through the maze of regulation and in helping operators identify and manage the risk of non-compliance.
Although there are several types of regulated entities (such as credit and financial institutions, insurance undertakings, investment services providers and collective investment schemes, and company service providers) with each entity having its own distinct compliance duties, a number of general responsibilities of the compliance officer can be identified. The general responsibilities, which are further detailed hereunder, are not mutually exclusive and are highly interrelated.
It must be emphasised that the role of the compliance officer is burdensome, not only because of the weight of responsibility but also because of the possibility of the imposition of personal liability including vicarious criminal liability in terms of article 13 of the Interpretation Act. It is therefore important for compliance officers to be clear about the nature and extent of their responsibilities. Compliance officers must also recognise that the MFSA expects extremely high standards of compliance from all regulated entities. This means that the compliance officer must inter alia ensure that the regulated entity: (a) abides by all license conditions; (b) demonstrates good faith; (c) acts in a manner that shows care and concern for its clients, potential clients, and the general public; (d) displays honesty and integrity; and (e) acts in a competent manner. Since the compliance officer is the individual responsible for all facets of compliance, the MFSA expects the compliance officer to act independently and to exercise proper day-to-day supervision over the activities of the licensed entity. Accordingly, while the compliance officer must refrain from any involvement in the operations of the license holder, the compliance officer must have oversight on all material business affairs of the license holder to be able to monitor, and on a regular basis assess, the adequacy and effectiveness of measures and procedures in place and to address any identified deficiencies. Essentially, this suggests that the compliance officer must be continually informed and keep updated on key business issues and the strategic direction that the license holder is taking.
To meet his/her obligations, a compliance officer must have a deep knowledge of all the laws, rules and regulations including any guidance issued by the MFSA that apply to the license holder. A compliance officer must take all reasonable steps to ensure that the license holder’s staff are aware of and familiar with those laws, rules, regulations, and guidance that are relevant to their role within the licensed entity. A compliance officer must establish, implement, and maintain robust policies and procedures to identify acts or omissions by the licensed entity and to minimize the risk of those acts or omission occurring. In essence, a compliance officer must not breach nor allow others to breach the pertinent license conditions. In the event that a compliance officer discovers wrongdoing, the compliance officer is expected to inform the person concerned, the board of directors (when appropriate) as well as the MFSA. Moreover, if a breach occurs it is the responsibility of the compliance officer to record in writing all breaches and the resulting action. The MFSA also obliges compliance officers to ensure, in so far as is possible, that no incorrect or misleading information is wilfully or recklessly provided to the Regulator. Given that the role of a compliance officer is arduous and complex the compliance officer must be prepared to discuss any doubts, worries, suspicions or queries relating to their role with the MFSA.
While a compliance officer is ultimately responsible for all aspects of compliance, their role goes beyond that. Indeed, a compliance officer’s role is constantly evolving. A compliance officer should strive to engender a stance of committed compliance and not of creative compliance or game-playing. That is, the compliance must abide by the spirit of the law and not only by its letter. This is crucial considering that we are living in an age of overregulation. To engender a corporate culture of committed compliance, a compliance officer ought to, amongst other things, ensure his/her seniority and command, employ effective leadership skills, build trust, adopt a proactive rather than a reactive approach to compliance, and promote discussions on ethics and morality. Compliance officers should also be aware of the role of technology. Technology can be a sword and a shield but also an Achilles heel. Regulatory technology solutions can help to automate cumbersome compliance processes and procedures. Technology in the hands of cybercriminals can cause widespread damage to companies and to the integrity of the financial system. Essentially, a compliance officer is a powerful agent of informal social control and a key player in industry self-regulation and whose role transcends traditional corporate compliance.
 Chapter 249, Laws of Malta.
 McBarnet, D. (2001). When compliance is not the solution but the problem: From changes in law to changes in attitude. Centre for Tax System Integrity, Research School of Social Sciences; Braithwaite, V. (2002). “Dancing with tax authorities: Motivational postures and non-compliant actions” in Braithwaite, V. (ed) Taxing democracy. Aldershot, UK: Ashgate Publishing Ltd