The Compliance Function has the role of assessing, according to a risk-based approach, the adequacy of procedures, processes, policies and internal organisation in order to prevent the risk of non-compliance, that is the risk of incurring legal or administrative sanctions, material financial loss or reputational damage resulting from the violation of mandatory (laws, regulations, provisions of the Supervisory Authority) or self-governance (for example, by-laws, codes of conduct, corporate governance codes, internal policies and corporate communications) rules.
- the on-going identification of applicable regulations and the assessment off the impact thereof on corporate processes and procedures;
- the assessment of the adequacy and effectiveness of the measures adopted by the Company for the prevention of non-compliance risk, and the proposal of organisational and procedural changes to ensure the proper supervision of this risk;
- the assessment of the effectiveness of organisational adjustments (structures, processes, procedures) resulting from the suggested changes;
- the preparation of information flows to the corporate bodies and structures involved.
- ex ante activities, which aim to assess the regulatory compliance of new products/projects/processes, or of corporate organisation in relation to the entry into force of new regulations. Within the scope of such activities, “regulatory analysis”, “risk assessment” and “adjustment identification” phases are particularly important;
- ex post activities, which specifically regard the monitoring phase, or rather the assessment of the regulatory compliance of corporate processes, carried out through the assessment of existing controls and of the implementation status of planned actions.