The Board Of Directors, The CEO And The Compliance Officer: Who Is Responsible For Regulatory Compliance?

Share This Post

“MAS expects CEOs and directors to carry out the duties and functions of their offices effectively, including ensuring that financial institutions comply with regulatory requirements and providing complete and accurate information to MAS. Where appropriate, MAS has taken, and will continue to take, regulatory action against CEOs and directors of financial institutions that fail to comply with regulatory requirements.” – The Monetary Authority of Singapore1

On 12 April 2019, the Monetary Authority of Singapore (the “MAS”) announced it had reprimanded, Mr. Tan Choon Wee, the Chief Executive Officer (“CEO”) of Advance Capital Partners Asset Management Private Limited (“ACPAM”) for (i) omitting information in a capital markets services license application to the MAS, which made the application misleading in a material respect and (ii) failing to discharge his duty and function as CEO and director (the “Reprimand”). This public reprimand followed a private reprimand that had been issued to ACPAM for, among other things, being repeatedly late in its regulatory submissions.


Meanwhile, the MAS is continuing to finalise its Guidelines on Individual Accountability and Conduct (the “Proposed Guidelines”).2 The consultation paper was released in April 2018.3 The final version of the Proposed Guidelines could be published and go into effect at any time.4

The Proposed Guidelines are intended to promote the individual accountability of senior managers, strengthening oversight of employees in material risk functions,5 and reinforce standards of proper conduct among all employees.6


Typical management reporting structures 

In general, responsibility for management of a financial institution (“FI”) is held by its board of directors (the “Board”).7 Day to day management of the FI is delegated to senior management, which often includes one or more directors, led by a CEO.8 An FI’s legal and compliance functions (“L&C”) can be combined or separate. In either case, the head(s) of those functions usually have dual reporting lines. One reporting line goes to a member of senior management such as the CEO or chief operating officer. The second line is a direct reporting line to the Board.9

Responsibility for compliance

As a general matter, the Board of Directors of an FI is accountable for oversight of the management and activities of the FI, including compliance. In the Reprimand, the MAS stated: “As the CEO and a director of ACPAM, Mr. Tan was primarily responsible for ensuring that ACPAM complied with the regulatory requirements”.10

Authority of L&C

Excluding the FI’s articles of association, shareholder rights and any external legal or regulatory requirements that may apply, an employee’s authority within a corporate setting is derived from the Board. Sometimes a Board may give the Head of L&C authority to approve/veto certain actions such as entering into contracts or conducting new businesses. However, many Boards give senior management, including the CEO, discretion as to whether to follow the advice of L&C. In cases where the advice of L&C is not followed, the matter may or may not be reported to the Board depending on the facts and circumstances of the case.


In Singapore, are compliance officers directly accountable to a regulator for breaches by a licensed entity?

No.11 The general responsibility of the compliance officer is to provide an in-house compliance service that effectively supports business areas in their duty to comply with relevant laws and regulations and internal procedures.12 In Singapore, a compliance officer has a duty to his employer, but is not directly accountable to the MAS for breaches by committed by a licensed corporation. The rules of other jurisdictions may vary.

Can compliance officers, senior management and Boards have legitimate disagreements on matters of compliance? 

Yes. A decision of senior management or the Board to not follow the advice of L&C on any given matter may be completely proper and appropriate. Many matters on which L&C advises boil down to judgment or risk tolerance. If the Board wanted L&C to decide those grey cases, the Board could have (1) promoted the Head of L&C to CEO or (2) required L&C approval to go forward.

Instead, Boards of FI’s typically ask L&C to advise senior management and the Board. After considering the advice of L&C and any other relevant factors, senior management or the Board make a decision and are accountable for their actions. Meanwhile, L&C is accountable to the FI for its advice to the Board and senior management, but not the final decision taken.

For these reasons, L&C is generally viewed as an advisor to the Board and senior management rather than a decision-maker.

Should compliance officers have supervisory powers?

On 18 March 2019, the Hong Kong Securities and Futures Commission (the “SFC”) announced a reprimand and HK$15.2 million fine (the “Sanction”) against Guosen Securities (HK) Brokerage Company Limited (“Guosen”). The SFC found that Guosen failed to comply with anti-money laundering and counter-terrorist financing requirements when handling third party fund deposits.

Along with its announcement of the Sanction, the SFC published a Statement of Disciplinary Action relating to its findings (the “Statement”). Among the breaches noted by the SFC was Guosen’s failure to have in place an effective compliance function from 1 November 2014 to the end of 2015 (the “Relevant Period”). In its discussion of that breach, the SFC noted: “During the Relevant

Period, Guosen’s Legal and Compliance Department merely performed an advisory function and did not exercise a supervisory or review function” (the “Supervisory Remark”).

The Supervisory Remark raises the question of what supervisory authority L&C should have. We believe that the Supervisory Remark was intended to remind licensed corporations that L&C should have sufficient authority to serve as an effective internal control. However, the significance of the SFC’s contrast of a supervisory function vs a mere advisory function is unclear, because at most FIs, L&C is ultimately an advisory role due to the reporting lines and ultimate authority of the Board.

Should compliance officers be licensed persons?

If compliance officers are required to specifically approve or veto certain actions of an FI, the compliance officer’s power will be nearly equal to the CEO with respect to those matters. Rather than give compliance officers veto/approval power or make them licensed persons which may produce the same practical outcome, an FI could achieve similar results by promoting its compliance officer to CEO or changing the incentives of the CEO to match the incentives of the compliance officer.

According to the MAS’ Guidelines on Risk Management Practices – Internal Controls, “Compensation for risk management, control and valuation functions should be sufficiently independent of the performance of trading activities or sales and revenue targets. This is to avoid providing incentives for such staff to condone excess risk-taking in the institution”.13

Compliance officers are not necessarily more ethical than other members of senior management. Nor do they necessarily have better judgment than other members of senior management. However, compensation incentives are different for a specific reason. Altering the power dynamics among the Board, the CEO and L&C could have material adverse effects on an FI’s financial results due to L&C’s relative lack of incentives to take risks or generate revenues.


We recommend that Boards and CEOs require compliance officers to certify to them on a monthly basis that the FI has complied in all material respects with applicable regulation (except as may be set forth in an attached schedule. FI’s are required to comply with applicable laws at all times. However, the purpose of having an L&C function is for such function to identify and escalate regulatory issues of which other senior management may not otherwise be aware. Upon any escalation, the Board and senior management should adequately address the issue raised. Still, requiring such certifications should help Boards and senior management (i) demonstrate their commitment to operating with a culture of compliance and (ii) reduce their personal risk regarding compliance breaches.


It is clear that the MAS as well as regulators globally are focused on increasing accountability of the Board, the CEO, L&C and other employees of FIs14 material risk functions. We strongly recommend financial institutions consider their existing governance to ensure they will be able to implement the final version of the Proposed Guidelines whenever they come into effect.

About the Authors

Holland & Marie is a compliance, C-Suite and legal solutions firm based in Singapore. We have extensive experience resolving typical compliance issues including regulatory inspections, satisfying regulatory requirements and maintaining best practices in corporate governance to navigate the rapidly changing regulatory landscape.

For further information, contact:

Chris Holland: Partner | Holland & Marie | 201802481R 7 Straits View, Marina One East Tower, #05-01 Singapore 018936

Disclaimer: The material in this post represents general information only and should not be relied upon as legal advice. Holland & Marie Pte. Ltd. is not a law firm and may not act as an advocate or solicitor for purposes of the Singapore Legal Profession Act.



(2)For reference, you may refer to the following memorandum published by Clifford Chance regarding the Proposed Guidelines – gemen.html

(3)See Proposed Guidelines on Individual Accountability and Conduct 

(4) The final guidelines were originally expected to be published by the end of 2018.

(5) In the Proposed Guidelines, the MAS proposed to defined employees in material risk functions as: “employees whose decisions or activities could materially impact a financial institution’s (“FI”) risk profile. These include but are not limited to employees in executive, business, risk management, control, or support functions who, while not senior managers, are vested with material decision-making authority or mandates which may lead to significant impact on the FIs’ safety and soundness, or cause harm to a significant segment of the FIs’ customers or other stakeholders. Material risk functions (“MRF”) will thus include front, middle, and back office functions, as applicable to the FI, as well as any other employee with supervisory capacity over such functions. Given the nature of their roles, it is appropriate for FIs to subject such employees to more stringent oversight and higher conduct standards than employees in non-MRFs.”

(6) See Paragraph 5 of the Proposed Guidelines.

(7) For example, see Section 157A of the Singapore Companies

(8) We recommend that a firm’s General Counsel and/or Head of Compliance not be appointed as directors so such officers can advise the Board without the complication of having fiduciary duties.

(9) Sometimes there are additional reporting lines to sub-committees of the Board, such as the Audit Committee.

(10) Paragraph 3 of the Reprimand.

(11) For certain licenses such as banking and insurance, the Chief Risk Office is required to be approved by the MAS.


(13) See Paragraph 10 of Internal Controls

(14) Companies that will become licensed under the Payment Services Act may also have to comply with the Proposed Guidelines, as well as other guidelines such as technology risk management, that currently apply to FIs. We encourage such payments business consider the potential application of these guidelines as they prepare for licensing under the Payment Services Act.

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore