With regard to the compliance activities, the Compliance and Anti-Money Laundering Function is responsible for assessing, in accordance with a risk-based approach, the adequacy of the procedures, processes, policies and internal organisation to prevent the risk of non-compliance. The risk of non-compliance is defined as the risk of judicial or administrative sanctions, incurring losses or reputational damages as a result of failure to observe laws, regulations and directly applicable European regulations or measures of the Supervisory Authority or internal regulations such as by-laws, codes of conduct or corporate governance codes. It is also defined as the risk deriving from unfavourable amendments in the regulatory framework or case law decisions.
The Compliance and Anti-Money Laundering Function operates mainly by:
- constantly identifying applicable legal regulations and evaluating their impact on corporate processes and procedures, providing support and consulting to the corporate bodies and the other company functions on the matters for which compliance risk is relevant, particularly with reference to the planning of new products and substantial modifications of existing products;
- evaluating the adequacy and effectiveness of the measures taken by the Company for the prevention of the compliance risk, and recommending the implementation of organisational and procedural changes designed to ensure adequate supervision of that risk;
- evaluating the effectiveness of organisational adjustments (structures, processes and procedures) as a result of the suggested changes;
- arranging adequate information flows aimed at company bodies and the other structures involved.
The compliance operating process is articulated in the following stages:
- Analysis of legal and regulatory provisions;
- Risk evaluation;
- Identification of corrective actions;
The intensity of each stage depends on the “project” or “control” approach adopted by the Function according to whether the evaluation: (i) is related to the coming into force of new laws and regulations or to new projects/products/processes, or (ii) concerns external or internal provisions in force.
The assessments of the first type (ex ante assessments) are mainly aimed at supporting the Top Management in the corrective actions resulting from new projects/products/processes/laws and regulations. The assessments of the second type (ex post assessments) have the purpose of representing the level of compliance of the procedures, processes, policies and internal organisation with applicable legal and regulatory provisions, as well as compliance risk.