Printed . This content is updated regularly, please refer back to https://bcfsa.ca to ensure that you are relying on the most up-to-date resources.
Overall Compliance Management Assessment Criteria
Select the section you’d like to navigate to.
Accordion items
Role of CompliancePermanent link to this section
The compliance function provides independent oversight of the management of the provincially regulated financial institution’s (“PRFI”) compliance with laws, regulations, and guidelines relevant to the activities of the PRFI in the jurisdictions in which it operates. This function can be outsourced in smaller PRFIs; however, the criteria will still apply to the third party carrying out the function in addition to the BCFSA Outsourcing Guideline on the PRFI.
Quality of Compliance OversightPermanent link to this section
The following statements describe the rating categories to assess the PRFI’s compliance with applicable laws, regulations, and guidelines.
An overall rating of the compliance function considers both its characteristics and the effectiveness of its performance in executing its mandate. Characteristics and examples of performance indicators that guide supervisory judgement in determining an appropriate rating in the context of the nature, scope, complexity, and risk profile of a PRFI are set out below.
Strong | The mandate, organization structure, resources, methodologies, and practices of the compliance function meet or exceed what is considered necessary, given the nature, scope, complexity, and risk profile of the PRFI. Compliance has consistently demonstrated highly effective performance. Compliance characteristics and performance are superior to generally accepted industry practices. |
Acceptable | The mandate, organization structure, resources, methodologies, and practices of the compliance function meet what is considered necessary given the nature, scope, complexity, and risk profile of the PRFI. Compliance performance has been effective. Compliance characteristics and performance meet generally accepted industry practices. |
Needs Improvement | The mandate, organization structure, resources, methodologies, and practices of the compliance function generally meet what is considered necessary given the nature, scope, complexity, and risk profile of the PRFI, but there are some significant areas that require improvement. Compliance performance has generally been effective, but there are some significant areas where effectiveness needs to be improved. The areas needing improvement are not serious enough to cause prudential concerns if addressed in a timely manner. Compliance characteristics and/or performance do not consistently meet generally accepted industry practices. |
Weak | The mandate, organization structure, resources, methodologies, and practices of the compliance function are not, in a material way, what is considered necessary, given the nature, scope, complexity, and risk profile of the PRFI. Compliance performance has demonstrated serious instances where effectiveness needs to be improved through immediate action. Compliance characteristics and/or performance often do not meet generally accepted industry practices. |
Compliance Criteria*Permanent link to this section
Essential Elements | Criteria |
---|---|
1. Mandate | 1.1 Extent to which the function’s mandate establishes: a) Clear objectives and enterprise-wide authority for its activities; b) Authority to carry out its responsibilities independently; c) Right of access to the PRFI’s records, information and personnel; d) Requirement to express an opinion on the effectiveness of the compliance processes and status of compliance; and e) Authority to follow up with management on issues identified and recommendations made related to compliance. 1.2 Extent to which the mandate is communicated within the PRFI. |
2. Organization Structure | 2.1 Appropriateness of the stature and authority of the function head within the organization, for the function to be effective in fulfilling its mandate. 2.2 Extent to which the function head has direct access to the CEO and the board (or a board committee). 2.3 Appropriateness of the function’s organizational structure. 2.4 Appropriateness of the member complaint resolution and/or ombudspersons’ office. 2.5 Extent to which the function is independent of the PRFI’s business activities and day-to-day compliance processes. |
3. Resources | 3.1 Adequacy of the function’s processes to determine the required: a) Level of resources necessary to carry out responsibilities; b) Qualifications and competencies of staff; and c) Continuing professional development programs to enhance staff competencies. 3.2 Adequacy of the function’s resources and appropriateness of its collective qualifications and competencies for executing its mandate. 3.3 Sufficiency of staff development programs. |
4. Methodology and Practices | 4.1 Adequacy of policies and practices to ensure that the function’s approach and practices are in line with industry and regulatory compliance practices and are appropriate for executing its mandate. (Included are codes of conduct or ethics, consumer, and member complaint resolution procedures, responsible lending practices, etc.). 4.2 Adequacy of policies and practices to keep abreast of new and changing legislation and changes in the PRFI’s risk profile. 4.3 Adequacy of policies and practices to promptly develop or amend the PRFI’s compliance policies as legislation is introduced or amended or as new or changing business activities impose different legislative requirements on the PRFI. 4.4 Adequacy of policies and practices to document new or amended compliance policies and communicate them across the PRFI in a timely manner. 4.5 Adequacy of policies and practices to assist management in identifying, addressing, and integrating significant legislative or regulatory requirements into their business activities through appropriate procedural controls. 4.6 Adequacy of policies and practices to monitor adherence to applicable laws, regulations, and guidelines across the PRFI to ensure that significant issues are identified and brought to senior management’s attention for timely resolution, as well as to support senior management’s opinion on the status of compliance. 4.7 Adequacy of policies to review compliance practices regularly for continued effectiveness. |
5. Senior Management and Board Oversight | 5.1 Extent to which board (or a board committee) and senior management approval is required for the: a) Level of resources necessary to carry out responsibilities; and b) Function’s mandate and resources. 5.2 Adequacy of policies and practices to report periodically to the board (or a board committee) and senior management on compliance issues, recommendations, and status of compliance. 5.3 Adequacy of policies and practices to perform periodic independent reviews of the function, and to communicate results to the board (or a board committee) and senior management. |
Compliance PerformancePermanent link to this section
The quality of the compliance function’s performance is demonstrated by its overall effectiveness in overseeing management of the PRFI’s compliance with applicable laws, regulations, and guidelines as well as its conduct of business and fair treatment of members and employees.
The assessment will consider the effectiveness with which the compliance function actively promotes appropriate conduct of business; the fair treatment of members and employees; compliance with applicable laws, regulations, and guidelines throughout the PRFI; and ensuring that breaches are identified and resolved on time.
BCFSA will look to indicators of effective performance to guide its judgement during its supervisory activities.
These activities may include and are not limited to discussions with directors and management, including the chief compliance officer; review of practices to detect and dispose of breaches of compliance; review of reports of independent assessments of the function; the PRFI’s regulatory correspondence file; and review of consumer complaints.
Examples of indicators that could be used to guide supervisory judgement include the extent to which compliance:
- Develops, documents and actively communicates new and amended compliance policies or requirements to all impacted areas of the PRFI;
- Proactively assists management in identifying, addressing and integrating significant legislative or regulatory compliance requirements to all impacted areas of the PRFI;
- Actively monitors adherence to applicable laws, regulations, and guidelines across the PRFI;
- Escalates significant breaches of compliance requirements to senior management and the board;
- Proactively follows up to ensure that significant issues are addressed in a timely manner; and
- Periodically reviews compliance practices for continuing effectiveness.
* Examples of documentation that BCFSA may review in formulating its assessment of the characteristics of the compliance function include: mandate, policies, processes, standards of practice and planning; personnel’s curriculum vitae; training programs; assessment reports; management committee minutes and related presentations; board presentations; and compliance self-assessment reporting.