1. Member States shall ensure that investment firms establish,
implement and maintain adequate policies and procedures
designed to detect any risk of failure by the firm to comply
with its obligations under Directive 2004/39/EC, as well as the
associated risks, and put in place adequate measures and
procedures designed to minimise such risk and to enable the
competent authorities to exercise their powers effectively under
that Directive.
Member States shall ensure that, for those purposes, investment
firms take into account the nature, scale and complexity of the
business of the firm, and the nature and range of investment
services and activities undertaken in the course of that business.
2. Member States shall require investment firms to establish
and maintain a permanent and effective compliance function
which operates independently and which has the following
responsibilities:
(a) to monitor and, on a regular basis, to assess the adequacy
and effectiveness of the measures and procedures put in
place in accordance with the first subparagraph of paragraph
1, and the actions taken to address any deficiencies in
the firm's compliance with its obligations;
(b) to advise and assist the relevant persons responsible for
carrying out investment services and activities to comply
with the firm's obligations under Directive 2004/39/EC.
3. In order to enable the compliance function to discharge its
responsibilities properly and independently, Member States shall
require investment firms to ensure that the following conditions
are satisfied:
(a) the compliance function must have the necessary authority,
resources, expertise and access to all relevant information;
(b) a compliance officer must be appointed and must be
responsible for the compliance function and for any
reporting as to compliance required by Article 9(2);
(c) the relevant persons involved in the compliance function
must not be involved in the performance of services or
activities they monitor;
(d) the method of determining the remuneration of the
relevant persons involved in the compliance function must
not compromise their objectivity and must not be likely to
do so.
However, an investment firm shall not be required to comply
with point (c) or point (d) if it is able to demonstrate that in view
of the nature, scale and complexity of its business, and the nature
and range of investment services and activities, the requirement
under that point is not proportionate and that its compliance
function continues to be effective.