Article 22
Compliance
1.
Investment firms shall establish, implement and maintain adequate policies and procedures designed to detect any risk of failure by the firm to comply with its obligations under Directive 2014/65/EU, as well as the associated risks, and put in place adequate measures and procedures designed to minimise such risk and to enable the competent authorities to exercise their powers effectively under that Directive.
Investment firms shall take into account the nature, scale and complexity of the business of the firm, and the nature and range of investment services and activities undertaken in the course of that business.
2.
Investment firms shall establish and maintain a permanent and effective compliance function which operates independently and which has the following responsibilities:
(a)
to monitor on a permanent basis and to assess, on a regular basis, the adequacy and effectiveness of the measures, policies and procedures put in place in accordance with the first subparagraph of paragraph 1, and the actions taken to address any deficiencies in the firm's compliance with its obligations;
(b)
to advise and assist the relevant persons responsible for carrying out investment services and activities to comply with the firm's obligations under Directive 2014/65/EU;
(c)
to report to the management body, on at least an annual basis, on the implementation and effectiveness of the overall control environment for investment services and activities, on the risks that have been identified and on the complaints-handling reporting as well as remedies undertaken or to be undertaken;
(d)
to monitor the operations of the complaints-handling process and consider complaints as a source of relevant information in the context of its general monitoring responsibilities.
In order to comply with points (a) and (b) of this paragraph, the compliance function shall conduct an assessment on the basis of which it shall establish a risk-based monitoring programme that takes into consideration all areas of the investment firm's investment services, activities and any relevant ancillary services, including relevant information gathered in relation to the monitoring of complaints handling. The monitoring programme shall establish priorities determined by the compliance risk assessment ensuring that compliance risk is comprehensively monitored.
3.
In order to enable the compliance function referred to in paragraph 2 to discharge its responsibilities properly and independently, investment firms shall ensure that the following conditions are satisfied:
(a)
the compliance function has the necessary authority, resources, expertise and access to all relevant information;
(b)
a compliance officer is appointed and replaced by the management body and is responsible for the compliance function and for any reporting as to compliance required by Directive 2014/65/EU and Article 25(2) of this Regulation;
(c)
the compliance function reports on an ad-hoc basis directly to the management body where it detects a significant risk of failure by the firm to comply with its obligations under Directive 2014/65/EU;
(d)
the relevant persons involved in the compliance function are not involved in the performance of services or activities they monitor;
(e)
the method of determining the remuneration of the relevant persons involved in the compliance function does not compromise their objectivity and is not likely to do so.
4.
An investment firm shall not be required to comply with point (d) or point (e) of paragraph 3 where it is able to demonstrate that in view of the nature, scale and complexity of its business, and the nature and range of investment services and activities, the requirements under point (d) or (e) are not proportionate and that its compliance function continues to be effective. In that case, the investment firm shall assess whether the effectiveness of the compliance function is compromised. The assessment shall be reviewed on a regular basis.