In addition to ‘suitability’ – see separate article – ESMA has also published guidance on MiFID compliance function requirements. Our comments on the earlier consultation paper can be found in Regulatory Roundup 38.
The publication does not contain any new ‘rules’, but simply sets out guidelines relating to current MiFID requirements – which in the Handbook are largely found in SYSC 6.1 (‘Compliance’) and SYSC 4.3 (‘Responsibility of senior personnel’).
As mentioned previously, links to the ESMA website do not appear to open on some web platforms. If you cannot access the document using the link please copy and paste the following address into your web browser: http://www.esma.europa.eu/system/files/2012-388.pdf.
Appendix II contains eleven ‘General guidelines’: competent authorities have to notify ESMA whether they comply or intend to comply.
The guidelines include the need to: take a risk-based approach; establish and maintain a suitable monitoring programme; and to submit regular written compliance reports to senior management. Guideline 3 includes the matters which should be addressed in such a report.
The feedback statement advises that 3 out of the 36 respondents to the consultation paper issued in December 2011 did not feel that the compliance function is an important or critical function. These responses left ESMA “very concerned”. Paragraph 73 of General guideline 10 makes it clear that outsourcing of the compliance function would fall within the ‘critical or important’ requirements in Article 14 of the MiFID Implementing Directive, which can be found in the Handbook in e.g. SYSC 8.1.6.
Firms may find the guidelines a useful tool when considering their own internal practices. Annex II reminds us that the guidelines should be read in a proportional manner, taking into account the nature, scale and complexity of the business in question.
