The compliance function monitors compliance with the laws and regulations, regulatory requirements and other external specifications and standards (hereafter referred to as: external requirements) to be observed.
The compliance function monitors in particular whether compliance with the external requirements is ensured based on appropriate and effective internal procedures.
This does not necessarily mean that the compliance function implements these procedures itself. Rather, the compliance function is required to monitor whether the relevant units have established appropriate and effective procedures under their own responsibility.
The compliance function must be aware of the internal regulations aimed at ensuring compliance with the external requirements so that it can monitor these. To the extent that other teams review whether these internal regulations are being complied with, the compliance function must be aware at a minimum of the type, scope and results of this review and assess these in relation to the compliance aspects.
The monitoring includes the areas of law associated with material risks at a minimum. This involves at least the statutes, regulations and regulatory requirements applicable to operating the business.
This does not affect the responsibilities and schedule of tasks of any company officer prescribed by statute. Company officers prescribed by statute do not, however, lead to the relevant areas of law being excluded completely from the responsibility of the compliance function.
The compliance function must at least monitor whether the company officers are exercising their responsibilities prescribed by statute in relation to areas of law associated with material risks.
The compliance function advises the management board in relation to compliance with the statutes, regulations and regulatory requirements applicable to operating the business.
It may also support the management board on, inter alia, making the staff aware of compliance issues and work towards ensuring that attention is paid to these in daily work activities.
The compliance function evaluates any potential impact of changes to the legal environment. It must observe and analyse developments in the legal environment at an early stage for this purpose. The full management board must be informed of the consequences of any material changes to the legal environment in sufficient time to allow it to implement corresponding precautions and actions.
The compliance function identifies and evaluates the compliance risks. The compliance risks include all risks resulting from a failure to comply with the external requirements.
The compliance function identifies and evaluates the compliance risks from a risk point of view at regular intervals.
The compliance function carries out its activities based on a compliance plan.
The compliance plan takes into account all relevant business units. Activities are selected based on a risk-oriented approach.
The compliance plan must be reviewed and updated on a regular basis.
The compliance function regularly reports to the full management board on current compliance issues. It prepares a report for this purpose at appropriate intervals, and at least annually.
The report must explain at a minimum the material compliance risks and the measures mitigating these risks and provide the management board with an overview of the adequacy and effectiveness of the procedures implemented to comply with the external requirements.