The term Compliance Committee is used in a variety of contexts in financial services. It may be a reference to a committee that is required by law, or it may be a reference to a committee that is not required by law.
It may be a reference to:
- the Compliance Committee of a registered managed investment scheme that is required by law;
- the Compliance Committee of an Australian Financial Services Licence (AFSL) holder or Australian Credit Licence (ACL) holder that is not required by law but that forms part of the licensee's overall governance framework; or
- the Compliance Committee of a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regime that is not required by law but is designed to ensure that the reporting entity maintains management oversight of its compliance with its AML/CTF obligations.
Let's consider each in turn.
Registered schemes
Where half of the directors of a registered managed investment scheme (registered scheme) are external directors, the Corporations Act 2001 ('the Act') requires that the registered scheme establish a Compliance Committee. The Compliance Committee must have at least three members, and the majority of members must be external members.
The Act sets out the responsibilities of the Compliance Committee of a registered scheme, which are limited to:
- monitoring the extent to which the responsible entity complies with the registered scheme's compliance plan, and reporting its findings to the responsible entity;
- reporting to the responsible entity any breach of the Act or provisions of the registered scheme's constitution of which it becomes aware;
- reporting to ASIC if the Compliance Committee forms a view that the responsible entity has not taken, or does not propose to take, appropriate action in relation to a breach reported to the responsible entity by the Compliance Committee;
- regularly assessing whether the registered scheme's compliance plan is adequate, reporting on that assessment to the responsible entity and making recommendations to the responsible entity about changes that it considers should be made to the compliance plan.
Interestingly, a registered scheme's Compliance Committee's responsibilities do not include monitoring or reporting on the responsible entity's compliance with the conditions of its AFSL, its compliance with the Act more generally, or its compliance with its AML/CTF obligations. However, such Compliance Committees can, and often do, also monitor these areas as well.
In carrying out its responsibilities and duties, the Compliance Committee of a registered scheme may obtain independent legal, accounting or other professional advice or assistance at the reasonable expense of the responsible entity.
The Act also sets out the duties of the members of a registered scheme's Compliance Committee, which include the duty to:
- act honestly;
- exercise the degree of care and diligence that a reasonable person would exercise if they were in the member's position;
- not make use of information they acquired by being a member of the Compliance Committee to gain an improper advantage for themselves or another person;
- not make use of information they acquired by being a member of the Compliance Committee to cause detriment to the members of the registered scheme;
- not make improper use of their position as a Compliance Committee member to gain, directly or indirectly, an advantage for themselves or for any other person or to cause detriment to the members of the registered scheme;
- take all reasonable steps to assist ASIC in carrying out surveillance of the responsible entity's compliance with the registered scheme's constitution, compliance plan and the Act; and
- disclose to the Compliance Committee a direct or indirect pecuniary interest they have in a matter being considered, or about to be considered, by the Compliance Committee where their interest could conflict with the proper performance of their duties in considering the matter.
The Compliance Committee of a registered scheme must, by law, keep minutes of its meetings, and records of its reports and recommendations to the responsible entity.
AFSL and ACL holders
AFSL holders are required to meet certain general conduct obligations, including the obligation to:
- do all things necessary to ensure that they provide the financial services covered by the licence efficiently, honestly and fairly;
- comply with the conditions on the licence; and
- comply with the financial services laws.
ACL holders have almost identical general conduct obligations to those of AFSL holders.
ASIC expects AFSL and ACL holders to have in place "compliance measures", being processes and procedures for ensuring that, as far as reasonably practicable, the licensee complies with its obligations as a financial services or credit licensee, including the general conduct obligations. In this regard, ASIC expects AFSL and ACL holders to:
- document their compliance measures "in some form";
- fully implement their compliance measures and monitor and report on their use; and
- regularly review the effectiveness of their compliance measures and ensure that they are up to date.
Regularly reviewing the effectiveness of compliance measures and ensuring they are up to date is a primary responsibility of the Board of an AFSL or ACL holder, and is where a Compliance Committee comes into the picture.
Unlike for registered schemes (the responsible entity's of whom are also AFSL holders), the establishment of a Compliance Committee is not required by law for other AFSL holders or for ACL holders. Rather, as part of its governance framework, and as part of its demonstration of a culture of compliance, the Board of an AFSL or ACL holder will often establish a Compliance Committee to proactively address compliance issues and monitor ongoing licensee obligations. The Compliance Committee could be either a formal Board sub-committee established under the licensee's Constitution, or a more informal arrangement as part of the licensee's compliance function. In either case, the Compliance Committee should be established pursuant to a Compliance Committee Charter that sets out, amongst other things, its membership structure, quorum for meetings and objectives.
A licensee's Compliance Committee will meet regularly (often quarterly) to review the licensee's key registers (risks, conflicts, training, breaches, complaints). The Compliance Committee will also review the effectiveness of the licensee's compliance measures by considering whether and how the licensee is complying with those measures and its general conduct obligations. The Compliance Committee will also consider the changing regulatory environment and ensure that the licensee is updating its compliance measures accordingly.
The make-up of a licensee's Compliance Committee will differ from licensee to licensee and may depend on whether the Compliance Committee is a formal Board sub-committee or an informal committee. Oftentimes, all or some of the licensee's Responsible Managers will sit on the Compliance Committee. Some Compliance Committees may include one or more of the licensee's directors and an external legal consultant to provide an objective compliance perspective. Generally, a licensee's compliance manager will not be a member of the Compliance Committee but will usually be responsible for arranging the Compliance Committee meetings and taking minutes. They will also attend meetings to provide information and reports to the members of the Compliance Committee relating to the licensee's compliance function.
Meeting agendas and minutes of a licensee's Compliance Committee should be prepared (and retained) and provided to the licensee's Board irrespective of whether the Compliance Committee is a formal Board sub-committee or not. In addition, the agenda and minutes of Compliance Committee meetings are useful documents for assessing a licensee's regulatory compliance when conducting an AFSL or ACL review of the licensee.
Reporting entities under the AML/CTF regime
As part of ensuring compliance with a reporting entity's obligations under the AML/CTF regime, a reporting entity's Board may establish a Compliance Committee and delegate to it oversight of the reporting entity's compliance with its AML/CTF obligations. This may also include regularly reviewing the effectiveness of the reporting entity's AML/CTF compliance measures and ensuring that its AML/CTF Program and money laundering and terrorism financing (ML/TF) Risk Assessment are regularly reviewed and updated.
In some cases, a reporting entity may also be an AFSL or ACL holder (or the Responsible Entity of a registered scheme) such that it already has an established Compliance Committee to which the Board can delegate such oversight.
As for AFSL and ACL holders, the Compliance Committee of a reporting entity should be established pursuant to a Compliance Committee Charter.
The composition of a reporting entity's Compliance Committee will depend on whether the reporting entity is also an AFSL or ACL holder and whether the Compliance Committee is a formal Board sub-committee or not. It will often include the reporting entity's AML/CTF compliance officer where the Compliance Committee is tasked with oversight of the entity's compliance with its AML/CTF obligations. Where, however, the reporting entity's AML/CTF compliance officer does not sit on the entity's Compliance Committee, the AML/CTF compliance officer will generally prepare a report, which sets out how the entity has complied with its AML/CTF obligations over the relevant period, for the Compliance Committee to consider.
A reporting entity's Compliance Committee that is tasked with oversight of its compliance with the AML/CTF regime, may also be responsible for:
- approving the reporting entity's AML/CTF Program;
- considering new and existing money laundering and terrorism financing (ML/TF) risks; and
- reviewing the reporting entity's ML/TF risk framework.
Similarly to AFSL and ACL holders, both meeting agendas and minutes of a reporting entity's Compliance Committee should be prepared (and retained) and provided to the Board.
As you can see, Compliance Committees may or may not be required by law. Either way, they form a part of an entity's general governance function and play and important role in helping an entity to monitor its compliance with its regulatory obligations.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.