Compliance is a key function in credit institutions and insurance companies. Compliance officers ensure, with an independent point of view, compliance with laws and regulations, the integrity of activities and compliance risks. Two new acts have further reinforced this function.
New legal framework
The act of 25 April 2014 on the legal status and supervision of credit institutions (Official Gazette 7 May 2014, hereinafter the "Banking Act"), enshrines in Belgian law the concept of "independent control functions". As part of this category, the compliance functions appear alongside the internal audit and risk management functions (article 35).
The Banking Act implements, in part, Directive 2013/36/EU (known as "CRD IV") and goes beyond that directive by extending the principles it lays down for the function of risk management to internal audit and compliance functions.
The insurance sector undergoes a similar evolution, by means of article 9ff. of another act of 25 April 2014 containing various provisions. This act amends in particular the Act of 9 July 1975 on the supervision of insurance companies (the "Supervision Act"). Besides the three functions referred to above, a fourth function, the actuarial function, is part of the independent control functions that must be integrated into the governance of each insurance company, pursuant to the "Solvency II" Directive.
Fit and proper test
Compliance officers are henceforth required to be of good repute and to possess sufficient experience to perform their duties (article 19 of the Banking Act and new article 90 of the Supervision Act). Persons who provide the compliance function at the highest level occupy a key position within the institution. The Explanatory Memorandum for the new Banking Act is clear in this regard:
"The functions referred to above [i.e. the independent control functions] are critical to the effective and informed exercise of the management of the credit institution. Through their controls, their assessments and their expressed views, those in charge of these functions provide appropriate tools to the company's managers in order to help them in their management duties."
These requirements are combined with those of article 87bis of the act of 2 August 2002, which also requires that compliance officers are of good repute and possess sufficient knowledge and experience. Proper enforcement of this provision is supervised by the Belgian Financial Services and Markets Authority ("FSMA"), in the context of the approval of compliance officers.
As a reminder, the act of 30 July 2013 (the "Twin Peaks II Act") came into force on 30 April 2014. This act extends the Belgian implementation of MiFID to insurance companies.
Liability
A compliance officer will be criticised for being inefficient if he does not identify "non-compliance" in due time. He will also be accused of inefficiency if he points out risks of "non-compliance" too frequently. Furthermore, he may be held criminally liable if he does not expose the infringements that he identifies, even if such passivity is looked upon favourably by his superiors. In this respect, the case law of the Court of Cassation ("Hof van Cassatie"/"Cour de Cassation") should be kept in mind, according to which "an omission may result in a punishable participation if the author of such omission has a positive duty to act and, in addition, if his abstention provides a positive incentive to commit the infraction" (Court of Cassation 29 April 2003).
Consequently, the compliance officer will aim to identify his exposure and, if he does not have sufficient means to ensure the proper exercise of his functions, he will ask the company to remedy this, particularly within the context of his periodic reports to the legal management body.
Appointment
This new legislation strengthens the supervisor's control of the appointment of the compliance officer. On the one hand, prior to any appointment or renewal of persons in charge of the compliance functions, notification of such intention must be made to the supervisory authority (the National Bank of Belgium or the European Central Bank, as the case may be). On the other hand, their appointment is subject to the prior approval of the supervisory authority (article 60 of the Banking Act and article 90bis of the Supervision Act). As mentioned above, in consultation with the supervisory authority, the FSMA decides on the registration of compliance officers (article 87bis of the act of 2 August 2002).
Protection against "abusive" dismissal
Compliance officers will generally have employee status. The new rules reinforce the stability of their position, which fairly balances the independence required of compliance officers. If a company plans to dismiss a compliance officer, it must first inform the supervisory authority. In banks, the compliance officer may be dismissed from his functions only by the legal management body of the company (article 61 of the Banking Act). This additional protection does not exist in the insurance sector.
As such, in exchange for his scrupulous work, which implies an ability to independently monitor the directors' actions, the compliance officer receives some formal protection against the risk of "abusive" dismissal. However, the supervisory authority is not responsible for protecting the compliance officer. The power of dismissal still belongs to the company and the supervisory authority may only issue an opinion – which, even if it is adverse, will not necessarily be brought to the attention of the person concerned.