RBI/2020-21/35

Ref. No. DoS.CO.PPG./SEC.02/11.01.005/2020-21 September 11, 2020

The Chairman / Managing Director & Chief Executive Officer

All Scheduled Commercial Banks (Excluding RRBs)
All Local Area Banks and
All Small Finance Banks and Payment Banks

Madam / Dear Sir,

Compliance functions in banks and Role of Chief Compliance Officer (CCO)

Please refer to the guidelines on compliance functions vide our circulars

DBS.CO.PP.BC.6/11.01.005/2006-07 dated April 20, 2007 and DBS.CO.PPD.10946/
11.01.005/2014-15 dated March 04, 2015.

2. As part of robust compliance system, banks are required, inter-alia, to have an effective
compliance culture, independent corporate compliance function and a strong compliance risk
management programme at bank and group level. Such an independent compliance function is
required to be headed by a designated Chief Compliance Officer (CCO) selected through a
suitable process with an appropriate ‘fit and proper’ evaluation/selection criteria to manage
compliance risk effectively.

However, it is observed that the banks follow diverse practices in this regard. The following
guidelines are meant to bring uniformity in approach followed by banks, as also to align the
supervisory expectations on CCOs with best practices.
2.1 Policy - A bank shall lay down a Board-approved compliance policy clearly spelling out
its compliance philosophy, expectations on compliance culture covering Tone from the
Top, Accountability, Incentive Structure and Effective Communication & Challenges
thereof, structure and role of the compliance function, role of CCO, processes for
identifying, assessing, monitoring, managing and reporting on compliance risk
throughout the bank. This shall, inter-alia, adequately reflect the size, complexity and
compliance risk profile of the bank, expectations on ensuring compliance to all applicable

पय�वे�ण िवभाग, के�ीय काया�लय, व�� ट� े ड स�टर, स�टर-1, कफ परे ड, कोलाबा, मुंबई – 400 005
टे लीफोन: 022- 2216 3395 फै�: 022-2218 0157 ई-मेल - [email protected]
Department of Supervision, Central Office, World Trade Centre, Centre I, Cuffe Parade, Colaba, Mumbai - 400 005
Tel: 022-2216 3395 Fax: 022-2218 0157 e-mail: [email protected]
ब�क िहन्दी म� प�ाचार का स्वागत करता है।
 statutory provisions, rules and regulations, various codes of conducts (including the
voluntary ones) and the bank’s own internal rules, policies and procedures, and creating
a disincentive structure for compliance breaches. The bank shall also develop and
maintain a quality assurance and improvement program covering all aspects of the
compliance function. The quality assurance and improvement program shall be subject to
independent external review periodically (at least once in three years). The policy should
lay special thrust on building up compliance culture; vetting of the quality of supervisory
/ regulatory compliance reports to RBI by the top executives, non-executive Chairman /
Chairman and ACB of the bank, as the case may be. The policy shall be reviewed at least
once a year;
2.2 Tenor for appointment of CCO - The CCO shall be appointed for a minimum fixed tenure
of not less than 3 years. The Audit Committee of the Board (ACB) / Managing Director
(MD) & CEO should factor this requirement while appointing CCO;
2.3 Transfer / Removal of CCO - The CCO may be transferred / removed before completion
of the tenure only in exceptional circumstances with the explicit prior approval of the
Board after following a well-defined and transparent internal administrative procedure;
2.4 Eligibility Criteria for appointment as CCO -
Rank - The CCO shall be a senior executive of the bank, preferably in the rank of a
General Manager or an equivalent position (not below two levels from the CEO). The
CCO could also be recruited from market;
Age - Not more than 55 years;
Experience - The CCO shall have an overall experience of at least 15 years in the banking
or financial services, out of which minimum 5 years shall be in the Audit / Finance /
Compliance / Legal / Risk Management functions;
Skills - The CCO shall have good understanding of industry and risk management,
knowledge of regulations, legal framework and sensitivity to supervisors’ expectations;
Stature - The CCO shall have the ability to independently exercise judgement. He should
have the freedom and sufficient authority to interact with regulators/supervisors directly
and ensure compliance;
Others - No vigilance case or adverse observation from RBI, shall be pending against the
candidate identified for appointment as the CCO.
2.5 Selection Process - Selection of the candidate for the post of the CCO shall be done on
the basis of a well-defined selection process and recommendations made by the senior
executive level selection committee constituted by the Board for the purpose. The
selection committee shall recommend the names of candidates suitable for the post of the
CCO as per the rank in order of merit and Board shall take final decision in the
appointment of CCO;
2.6 Reporting Requirements - A prior intimation to the Department of Supervision, Reserve
Bank of India, Central Office, Mumbai, shall be provided before appointment, premature
transfer/removal of the CCO. Such information should be supported by a detailed profile
of the candidate along with the fit and proper certification by the MD & CEO of the bank,
confirming that the person meets the above supervisory requirements, and detailed
rationale for changes, if any;
2.7 Reporting Line - The CCO shall have direct reporting lines to the MD & CEO and/or
Board/Board Committee (ACB) of the bank. In case the CCO reports to the MD & CEO,
the Audit Committee of the Board shall meet the CCO quarterly on one-to-one basis,
without the presence of the senior management including MD & CEO. The CCO shall
not have any reporting relationship with the business verticals of the bank and shall not
be given any business targets. Further, the performance appraisal of the CCO shall be
reviewed by the Board/ACB;
2.8 Authority - The CCO and compliance function shall have the authority to communicate
with any staff member and have access to all records or files that are necessary to enable
him/her to carry out entrusted responsibilities in respect of compliance issues. This
authority should flow from the compliance policy of the bank;
2.9 The duties and responsibilities of the compliance function - These shall include at least
the following activities:
(i) To apprise the Board and senior management on regulations, rules and standards
and any further developments.
(ii) To provide clarification on any compliance related issues.
(iii) To conduct assessment of the compliance risk (at least once a year) and to develop
a risk-oriented activity plan for compliance assessment. The activity plan should
be submitted to the ACB for approval and be made available to the internal audit.
 (iv) To report promptly to the Board / ACB / MD & CEO about any major changes /
observations relating to the compliance risk.
(v) To periodically report on compliance failures/breaches to the Board/ACB and
circulating to the concerned functional heads.
(vi) To monitor and periodically test compliance by performing sufficient and
representative compliance testing. The results of the compliance testing should be
placed to Board/ACB/MD & CEO.
(vii) To examine sustenance of compliance as an integral part of compliance testing
and annual compliance assessment exercise.
(viii) To ensure compliance of Supervisory observations made by RBI and/or any other
directions in both letter and spirit in a time bound and sustainable manner.
2.10 Internal Audit - The compliance function shall be subject to internal audit;
2.11 Dual Hatting - There shall not be any ‘dual hatting’ i.e. the CCO shall not be given any
responsibility which brings elements of conflict of interest, especially the role relating to
business. Roles which do not attract direct conflict of interest like role of anti-money
laundering officer, etc. can be performed by the CCO in those banks where principle of
proportionality in terms of bank’s size, complexity, risk management strategy and
structures justify that;
2.12 The CCO shall not be member of any committee which brings his/her role in conflict
with responsibility as member of the committee, including any committee dealing with
purchases / sanctions. In case the CCO is member of a committee, he/she may have only
advisory role;
2.13 Typical core elements of the mandate of CCO must include the design and maintenance
of compliance framework, training on the regulatory and conduct risks, and effective
communication of compliance expectations, etc.;
2.14 The bank’s Board of Directors shall be overall responsible for overseeing the effective
management of the bank’s compliance function and compliance risk. The MD & CEO
shall ensure the presence of independent compliance function and adherence to the
compliance policy of the bank.

3. The instructions contained in the circular would come into effect immediately from the
date of this circular and any new appointment shall be governed by the instructions contained
herein. In respect of banks already having a CCO, they may follow the indicated processes for
selection of CCO within a period of six months and are free to reappoint the current incumbent
as the CCO if she/he meets all the requirements.

4. This circular supplements the guidelines issued by Reserve Bank of India on April 20,
2007 and March 04, 2015 and for any common areas of guidance, the prescription of this
circular shall be followed.

Yours faithfully,

(Ajay Kumar Choudhary)

Chief General Manager