Main page content begins


Compliance, risk management and internal audit functions  

01 December 2011

Impact Amber traffic light Medium/low impact: reporting line changes required

Other areas to consider

Organisational obligations

Current MiFID rules

MiFID requires firms to have:

  • a compliance function that maintains policies and procedures to detect and minimise the risk of non-compliance with the firm’s (including its managers, employees and tied agents) obligations under MiFID and to assess the adequacy and effectiveness of such policies and procedures.
  • a risk management function to establish and maintain risk management policies and procedures that identify risks relating to the firm’s activities and sets the level of risk appropriate for the firm, as well as establishing processes that manage the risks identified, in light of the risk tolerance of the firm.
  • an internal audit function that is separate and independent from the other functions and which is responsible for establishing, implementing and maintaining an audit plan to evaluate the overall adequacy of the firm’s systems and internal control mechanisms, and to issue and oversee the implementation of recommendations based on the plan.

MiFID Level 1 Directive Arts: 13(2) and 13(5) of MiFID

MiFID Level 2 Directive Arts: 6(1), 6(2), 6(3), 7(1), 7(2) and 8, Recital 14 and 15

FSA rules

SYSC 6.1, 6.2 and 7.1

Proposed changes
Draft Directive Article 80

The draft Directive strengthens the current framework for handling customer complaints by requiring that firms ensure the establishment of efficient and effective complaints and redress procedures for settlement of customer disputes.

    Find Publications

    Search by one or more criteria