Skip to main content
search
Articles

[Resolution 4,595] CMN approves new compliance rules for financial institutions

By September 8, 2017#!28Thu, 28 Feb 2019 10:45:41 -0300p4128#28Thu, 28 Feb 2019 10:45:41 -0300p-10America/Sao_Paulo2828America/Sao_Paulox28 28am28am-28Thu, 28 Feb 2019 10:45:41 -0300p10America/Sao_Paulo2828America/Sao_Paulox282019Thu, 28 Feb 2019 10:45:41 -03004510452amThursday=904#!28Thu, 28 Feb 2019 10:45:41 -0300pAmerica/Sao_Paulo2#February 28th, 2019#!28Thu, 28 Feb 2019 10:45:41 -0300p4128#/28Thu, 28 Feb 2019 10:45:41 -0300p-10America/Sao_Paulo2828America/Sao_Paulox28#!28Thu, 28 Feb 2019 10:45:41 -0300pAmerica/Sao_Paulo2#No Comments

Source: https://www.machadomeyer.com.br

The National Monetary Council (CMN) published, on August 30, the Resolution 4,595, which provides for the compliance policy of financial institutions and other institutions authorized to operate by the Central Bank of Brazil (Bacen). The new rules do not apply to (i) consortium administrators and (ii) payment institutions, which must comply with specific regulations issued by Bacen.

The standard is in addition to the new regulatory framework established by CMN for risk management (Resolution No. 4,557 / 17) and internal audit (Resolution No. 4,588 / 17), aimed at strengthening and modernizing compliance structures of financial institutions and other authorized institutions. . In line with the proportionality provided for the risk management and internal audit rules contained in the resolutions mentioned above, Resolution No. 4,595 / 17 provides that institutions covered by the standard shall implement and maintain compliance policy consistent with the nature, size and , the institution's complexity, structure, risk profile and business model to ensure effective management of its compliance risk.

The resolution sets out some minimum parameters that the compliance policy should define, such as the purpose and scope of the compliance function, the clear division of responsibilities of the people involved - to avoid potential conflicts of interest (particularly with the institution's business areas). - and procedures for coordinating the activities of the compliance function with those of risk management functions and internal audit. The compliance policy must be approved by the institution's board of directors (or the board of directors if the institution does not have a board of directors), which will also have various responsibilities related to the management and implementation of the compliance policy.

The compliance function unit, when constituted, should be fully segregated from the internal audit activity.

Institutions subject to resolution shall maintain at Bacen's disposal: (i) the compliance policy documentation approved by the board of directors (or the board of executive officers, if no board of directors is established); and, for a minimum period of 5 years, (ii) reports containing a summary of the results of activities related to the compliance function, their main conclusions, recommendations and actions taken by the institution's management.

Although it does not explicitly cite Law No. 12,846 / 2013 (Anti-Corruption Law) and has as its object a broader understanding of the concept of compliance (such as preventing failures to comply with all applicable laws and regulations applicable to such institutions), the resolution has ended. by touching on points that coincide with the norms that deal with the prevention of breaches of integrity of an ethical nature in companies.

Thus, there is at least partial overlap of the new obligations with various elements established by anti-corruption legislation, such as recommendations for companies to adopt an integrity program.

The resolution expressly authorizes institutions to hire specialists to carry out compliance policy-related activities (the Board of Directors' duties and responsibilities being fully maintained). This opens the opportunity to combine compliance with the resolution's obligations with the implementation of elements of anti-corruption integrity programs, which, while optional, can bring relevant benefits to institutions (sanctioning and reputational, for example) and their administrators (who are less exposed to criminal and civil risks).

With rapid adaptation, compliance with the resolution may also imply compliance with various elements stipulated by the Anti-Corruption Decree (Decree No. 8.420 / 15), such as: training and qualification of relevant employees and third parties; periodic compliance risk analysis and compliance program monitoring; dissemination of standards of integrity and ethical conduct as part of the institution's culture; and ensuring the adoption of corrective measures in the event of failures.

Institutions subject to resolution must implement compliance policy by December 31, 2017.

Download the full text of the standard on here

Want to take a quick test?

How much do you or your company comply with the current Cyber Security Policy of BC Resolution No. 4658?

Answer below #8220; 10 Key Questions & #8221; and evaluate a company's current maturity level against BC Resolution No. 4658. Click on here or the button and start the test.

 

About [SAFEWAY]

THE [SAFEWAY] is a widely recognized company as a provider of premium information security and cybersecurity solutions. From its extensive portfolio, we highlight several solutions, including those based on platforms:

● Archer da RSA Security, considered by the institutes Gartner and Forrester and by the market itself, the most complete process integration solution for Governance, Risk Management, Compliance and Business Continuity Management;

● [SAFEWAY] Security Tower, supported by IBM Qradar (Watson technology), tailored to each organization in its security and cyber defense management needs.

● And others, involving technologies ImpervaThalesBeyondTrustManlyWatchGuard Technologies.

We await your contact: [email protected]

Leave a Reply

Close Menu