This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

CSSF circular 13/563 - 22/03/2013


DOWNLOAD  

Assessment of the suitability of members of the management body and key function holders, and MiFID compliance function requirements

 

Update of CSSF Circular 12/552 on central administration, internal governance and risk management of banks and investment firms

On 21 March 2013, the CSSF published the Circular 13/563 (the “Circular”, hereafter) amending the Circular 12/552 by introducing the EBA guidelines 2012/06 on the assessment of the suitability of members of the management body and key function holders of 22 November 2012 (“the EBA guidelines”, hereafter).

The CSSF Circular 13/563 introduces as well the ESMA guidelines 2012/388 on certain aspects of the MiFID compliance function requirements (the “ESMA guidelines” hereafter). Key aspects of the ESMA guidelines are provided later in this communication.

The Circular is applicable to credit institutions, investment firms and professionals carrying on lending operations (the “institutions”, hereafter). The deadline for the compliance to the new provisions are:

1) Overview of EBA guidelines 2012/06 on the assessment of the suitability of members of the management body and key function holders

The EBA guidelines set out the process, criteria and minimum requirements for assessing the suitability of members of the management body and key function holders.

Assessment

The assessment of the experience of members of the management body and key function holders should take into account the nature, scale and complexity of the business of the credit institution as well as the responsibilities of the position concerned. Being of good repute is mandatory.

The suitability assessment shall be performed according the reputation, the experience and the governance criteria that can be summarized as follows:

  • Reputation criteria: Some factors shall be carefully considered, such as conviction for a criminal offence or imposition of administrative sanctions for non-compliance with regulatory provisions. The EBA guidelines list as well some indications which should be considered for the investigation of the past business dealing, such as the reasons for any dismissal from former employment or information from recognised credit bureau. Good repute is altered if personal or business conduct gives rise to any material doubt about the ability to ensure the sound and prudent management of the institution.
  •  Experience criteria: The experience assessment should consider the theoretical experience (education and training) and the practical experience, according particularly the following fields:
    •  Financial markets;
    •  Knowledge on regulatory framework and requirements;
    •  Understanding of the business strategy;
    •  Knowledge on risk management;
    •  Understanding of governance, oversight and controls; and
    •  Ability of interpretation of financial information and identification appropriate controls and measures.
  • Governance criteria that include notably:
    •  Potential conflicts of interest;
    •  Ability to commit sufficient time;
    •  Overall composition of the management body;
    •  Collective knowledge and expertise required; and
    •  Members‟ ability to perform their duties independently without undue influence from other persons.

All the assessments and their results shall be recorded. In case of negative conclusion of the assessment, the institution shall inform the competent authority of the situation and of the corrective measures.

Policies

A policy for selecting and assessing members of the management body shall be established in accordance to the proportionality principle. Such policy shall define amongst other :

  •  Individual or function responsible for performing the suitability assessment;
  •  Necessary competencies and skills of a member of the management body;
  •  Information and evidence that a member of the management body should provide; and
  •  Situations where a re-assessment of the suitability should be performed.

A similar document shall also exist for key functions, defining at least :

  •  Positions for which a suitability assessment is required;
  •  Individuals or function responsible for performing the suitability assessment
  •  Criteria for reputation and experience to be assessed for the specific position

The CSSF considers that people covered by this assessment include at least the member of the board of directors, the authorised management and the persons in charge of the internal control functions.

2) Overview of ESMA guidelines 2012/388 on certain aspects of the MiFID compliance function requirements

As per implementation in Luxembourg by the CSSF Circular 13/563, the ESMA guidelines are applicable to credit institutions and to investment firms that provide investment services.

The ESMA guidelines are structured as :

  •  General guidelines, which do not provide further guidance than the provisions of Chapter 6 of the CSSF Circular 12/552 and that apply to all the activities of the institutions; and
  •  Supporting guidelines, whose purpose is to clarify the application of certain aspects of the MiFID compliance function requirement when providing investment services.

The covered topics are :

 

Filed Topics
Compliance risk assessment Responsibility of the compliance function regarding the identification of  the level of compliance risk the institutions faces, taking into account the investment services, activities and ancillary services provided and the types of financial instruments traded and distributed
Monitoring obligations of the compliance function Implementation by the compliance function of a risk-based approach to determine the appropriate tools and methodologies, as well as the extent of the monitoring programme and the frequency of monitoring activities performed by the compliance function
Reporting obligations of the compliance function Information to include in the regular written compliance reports to senior management, including a description of the implementation and effectiveness of the overall control environment for investment services and activities and a summary of the risks that have been identified as well as remedies undertaken or to be undertaken
Advisory obligations of the compliance function Purpose of the compliance culture, which is as well to engage staff with the principle of improving investor protection
Effectiveness of the compliance function
  • Human and IT resources’ allocation
  • Access rights
Permanence of the compliance function Back-up
Independence of the compliance function Position in the organisational structure that ensures that the compliance officer and other compliance staff act independently when performing their tasks
Exemptions Proportionality exemption under Article 6(3) of the MiFID Implementing Directive
Combining the compliance function with other internal control functions
  • Combination of the compliance function with other control functions (no compromise on the effectiveness and independence of the compliance function)
  • Documentation

We trust this information is of assistance and remain at your disposal for any further questions. You can also access our dedicated web page (http://www.deloitte.lu/governance/) for further information.

Page Last Updated

Contacts

Name:
Laurent Berliner
Company:
Deloitte Luxembourg
Job Title:
Partner - EMEA Financial Services Industry Enterprise Risk Services Leader
Phone:
+352 451 452 328
Email
lberliner@deloitte.lu
Name:
Stéphane Césari
Company:
Deloitte Luxembourg
Job Title:
Partner - Audit - Financial Sector Professionals (FSP) Leader
Phone:
+352 451 452 487
Email
scesari@deloitte.lu
Name:
Martin Flaunet
Company:
Deloitte Luxembourg
Job Title:
Partner - Banking & Securities Leader
Phone:
+352 451 452 334
Email
mflaunet@deloitte.lu
Name:
Jean-Philippe Peters
Company:
Deloitte Luxembourg
Job Title:
Partner - Business Risk
Phone:
+352 451 452 276
Email
jppeters@deloitte.lu

Share

 

Stay connected:
Get connected
Share your comments
More on Deloitte Luxembourg
Learn about our site

Recently published