The RBI, in a notification, said the CCO will have direct reporting lines with the managing director (MD) and CEO and/or board/board committee of the bank. The Audit Committee of the Board (ACB) will meet the CCO quarterly on a one-to-one basis, in the absence of the senior management, including the MD and CEO. The CCO will not have any reporting relationship with business verticals nor have any business targets.
Moreover, the performance appraisal of the CCO will be reviewed by the board/ACB, the RBI
said. As part of a robust compliance
should have an effective compliance culture, independent corporate compliance function and a strong compliance risk management programme at the bank and group levels.
The person heading such a function should be selected through a process with an appropriate ‘fit and proper’ evaluation criteria.
The banking regulator said a bank should have a board-approved compliance policy, clearly spelling out its compliance philosophy, expectations on compliance culture, accountability, incentive structure and effective communication and challenges.
It should also cover structure and role of the compliance function as well as role of the CCO. Also, there should be processes for identifying, assessing, monitoring, managing and reporting on compliance risk throughout the bank, the RBI
The policy should lay special thrust on building the compliance culture. The policy will be reviewed at least once a year.
Referring to the authority of the compliance function, the RBI said the CCO has the authority to communicate with any staff member. It can access all records or files that are necessary to enable it to carry out its responsibilities in respect of compliance issues. The compliance function will be subject to internal audit also.