Better Regulation logo
Table of Contents

Table of Contents

Expand all headings Collapse all headings Expand side bar Collapse side bar
Final Report on Guidelines on internal governance under Directive 2013/36/EU (EBA/GL/2021/05) (applicable from 31 December 2021)Executive summaryBackground and rationaleGuidelines on internal governance1. Compliance and reporting obligations (paras. 1-4)Status of these guidelines (paras. 1-2)Reporting requirements (paras. 3-4)2. Subject matter, scope and definitions (paras. 5-13)Subject matter (para. 5)Scope of application (para. 6-13)Definitions (para. 13)3. Implementation (paras. 14-15)Date of application (para. 14)Repeal (para. 15)4. Guidelines (paras. 16-234)Title I - Proportionality (paras. 16-19)Title II - Role and composition of the management body and committees (paras. 19-67)1 Role and responsibilities of the management body (paras. 19-27)2 Management function of the management body (paras. 28-31)3 Supervisory function of the management body (paras. 32-34)4 Role of the chair of the management body (paras. 35-39)5 Committees of the management body in its supervisory function (paras. 40-67)5.1 Setting up committees (paras. 40-45)5.2 Composition of committees (paras. 46-55)5.3 Committees’ processes (paras. 56-60)5.4 Role of the risk committee (paras. 61-63)5.5 Role of the audit committee (para. 64)5.6 Combined committees (paras.65-67)Title III - Governance framework (paras. 68-93)6 Organisational framework and structure (paras. 68-82)6.1 Organisational framework (paras. 68-70)6.2 Know your structure (paras,. 71-75)6.3 Complex structures and non-standard or non-transparent activities (paras. 76-82)7 Organisational framework in a group context (paras. 83-90)8 Outsourcing policy (paras. 91-93)Title IV - Risk culture and business conduct (paras. 94-140)9 Risk culture (paras. 94-98)10 Corporate values and code of conduct (pars. 99-104)11 Conflict of interest policy at institutional level (paras. 105-107)12 Conflict of interest policy for staff (paras. 108-131)12.1 Conflict of interest policy in the context of loans and other transactions with members of the management body and their related parties (paras. 120-128)12.2 Documentation of loans to members of the management body and their related parties and additional information (paras. 129-131)13 Internal alert procedures (paras. 132-138)14 Reporting of breaches to competent authorities (paras. 139-140)Title V - Internal control framework and mechanisms (paras. 141-224)15 Internal control framework (paras. 141-145)16 Implementing an internal control framework (paras. 146-151)17 Risk management framework (paras. 152-162)18 New products and significant changes (paras. 163-168)19 Internal control functions (paras. 169-178)19.1 Heads of the internal control functions (paras. 172-174)19.2 Independence of internal control functions (paras. 175)19.3 Combination of internal control functions (para. 176)19.4 Resources of internal control functions (paras. 177-178)20 Risk management function (paras. 179-203)20.1 RMF’s role in risk strategy and decisions (paras. 187-188)20.2 RMF’s role in material changes (paras. 189-190)20.3 RMF’s role in identifying, measuring, assessing, managing, mitigating, monitoring and reporting risks (paras. 191-197)20.4 RMF’s role in unapproved exposures (paras. 198-199)20.5 Head of the risk management function (paras. 200-203)21 Compliance function (paras. 204-213)22 Internal audit function (paras. 214-224)Title VI - Business continuity management (paras. 225-230)Title VII - Transparency (paras. 231-234)Annex I - Aspects to take into account when developing an internal governance policy5. Accompanying documents5.1. Draft cost-benefit analysis/impact assessment5.2. Summary of responses to the consultation and the EBA’s analysis
Tools
Set a date to view the document
Text comparison options
Full text - Date 1 vs Date 2 
Amendments requiring commencement - Current text vs Text requiring commencement
Draft proposed changes - Current text vs Text proposed by drafting documents
Recently generated comparisons
None generated
Print / Export options
Current page
Whole document
Selected pages
Consolidated PDF of the entire document as of 20th June 2026
Export
Export line by line
Export provision to provision
Report template
Create report template
Alert me to changes
Manage alerts
Bookmarks
This page
This document
Manage bookmarks
Search within this document
View previous searches
Share
Get page link
Share via email application

AI Summary of 21 Compliance function (paras. 204-213)

PreviousNext
Version date: 2 July 2021 - onwards

21 Compliance function (paras. 204-213)

204. Institutions should establish a permanent and effective compliance function to manage compliance risk, and should appoint a person to be responsible for this function across the entire institution (the compliance officer or head of compliance).

205. Where it is not proportionate to appoint a person who is dedicated only to the role of head of compliance, taking into account the principle of proportionality as set out in Title I, this function can be combined with the head of the RMF or can be performed by another senior person (e.g. head of legal), provided there is no conflict of interest between the functions combined.

206. The compliance function, including the head of compliance, should be independent of the business lines and internal units it controls and have sufficient authority, stature and resources. Taking into account the proportionality criteria set out in Title I, this function may be assisted by the RMF or combined with the RMF or other appropriate functions, e.g. the legal division or human resources.

207. Staff within the compliance function should possess sufficient knowledge, skills and experience in relation to compliance and relevant procedures, and should have access to regular training.

208. The management body in its supervisory function should oversee the implementation of a well-documented compliance policy, which should be communicated to all staff. Institutions should set up a process to regularly assess changes in the law and regulations applicable to its activities.

PreviousNext