3. Compliance in Financial Institutions: Tasks, Functions and Structure

Among the non-confidential documents there are most often documents which are declarations on corporate social responsibility, which are at the same time recommendations of compliance by employees with the principles set out therein, as well as various codes of ethics, which at the same time are a marketing instrument for shaping a positive image of a corporation. Other non-classified documents also include corporate governance rules and the procurement rules provided to cooperating companies.

On the modern role of market regulators in relation to companies see K. K. Reed, A Look at Firm—Regulator Exchanges: Friendly Enough or Too Friendly, Business and Society 48(2)/2009, p. 150.

Criticizing the tendency for market regulators to take too casuistic a stance and the counter-effectiveness of such a method see W. D. Loppit, The Neoliberal Era and the Financial Crisis in the Light of Social Structure Accumulation Theory, Review of Radical Political Economics 46(2)/2014, p. 142.

The difficulty here is largely due to the Basel Committee’s introduction of new solutions imposing so-called prudential obligations on banks, particularly with a view to increasingly stringent control of the processes involved in various types of risk. This was also followed by European Union regulations, including in particular Directive of the Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC Text with EEA relevance, OJ L 176, 27.6.2013, pp. 338–436 and Regulation of the European Parliament and of the Council (EU) No. 575/2013 of 26 June 2013 Regulation (EU) No. 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No. 648/2012 Text with EEA relevance, OJ L 176, 27.6.2013, pp. 1–337.

It should be noted that these are groups of regulations that can be described as systemic in the sense that they apply to all banks because of the role that they play in the entire financial system by virtue of the nature of their activities. For regulation in relation to the exercise of oversight of systemic risk in the European Union, including inter alia the structure, objectives and tasks of the European Systemic Risk Board, see more M. Fedorowicz, Nadzór nad rynkiem finansowym w Unii Europejskiej, Warsaw 2013, p. 130 et seq.

See the report prepared by a team chaired by Erkki Liikanen on 2 October 2012 under the auspices of the European Commission containing a proposal for structural reform in banking “Final Report High-Level Expert Group on Reforming the Structure of the EU Banking Sector,” http://​ec.​europa.​eu/​internal_​market/​bank/​docs/​high-level_​expert_​group/​report_​en.​pdf (download 10 November 2018).

See Directive 2004/39/EC of the European Parliament and of the Council of 21 April 2004 on markets in financial instruments amending Council Directives 85/611/EEC and 93/6/EEC and Directive 2000/12/EC of the European Parliament and of the Council and repealing Council Directive 93/22/EEC (MiFID), OJ L 145, 30.4.2004, pp. 1–44 and also Commission Delegated Regulation (EU) No. 148/2013 of 19 December 2012 supplementing Regulation (EU) No. 648/2012 of the European Parliament and of the Council on OTC derivatives, central counterparties and trade repositories with regard to regulatory technical standards on the minimum details of the data to be reported to trade repositories Text with EEA relevance, OJ L 52, 23.2.2013, pp. 1–10 (EMIR).

The United Kingdom Bribery Act (An Act to make provisions about offences relating to bribery and for connected purposes, 2010 Chapter 23 of 4 April 2010); The United States Foreign Corrupt Practices Act (Public Law No. 95-213, S. 305 of 19 December 1977); The Hong Kong Prevention of Bribery Ordinance (An Act to make further and better provision for the prevention of bribery and for purposes necessary thereto or connected therewith, HK Law 1997 Chapter 201 of 30 June 1997); The USA Patriot Act: Preserving Life and Liberty (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism, Public Law No. 98-1 and 357-66 of 25 October 2001).

These are the Systemicly Important Financial Institutions (SIFIS).

Apart from the subject of this discussion, the description of the phenomenon of accepting, also by non-financial and even non-commercial global organizations, the obligation to develop compliance norms remains beyond the scope of this discussion. About this: A. J. Meese, N. B. Oman, Hobby Lobby, Corporate Law, and the Theory of the Firm, Harvard Law Review 5/2014, p. 275.

R. M. Steinberg, Governance, Risks Management, and Compliance: It Can’t Happen to Us Avoiding Corporate Disaster While Driving Success, New Jersey 2011, p. 30. About the controversies on financial crises see R. Gwiazdowski, A nie mówiłem? Dlaczego nastąpił kryzys i jak naszybciej z niego wyjść, Prohibita 2012, p. 363.

Cf. T. Stawecki, Prawo i zaufanie. Refleksja czasu kryzysu [in] J. Oniszczuk [ed.] Normalność i kryzys – jedność czy różnorodność. Refleksje filozoficzno-prawne i ekonomiczno-społeczne w ujęciu aksjologicznym, Warsaw 2010, p. 115.

About other entities influencing how corporations operate, including their impact on compliance see F. den Hond, F. G. A. de Bakker, Ideologically Motivated Activism: How Activists Groups Influence Corporate Social Change Activities, Academy of Management 32(3)/2007, p. 901 et seq. as well as H. Cronqvist, R. Fahlenbrach, Large Shareholders and Corporate Policies, The Review of Financial Studies 22(10)/2009, p. 394.

On the tasks of control functions in banks and the impact of the control function of compliance on business decisions see J. Heckman, S. Navarro-Losano, Usining Matching, Instrumental Variables, and Control Functions to Estimate Economic Choice Models, The Review of Economics and Statistics 86(1)/2004, p. 30.

On the cascading of unpopular norms within the organization in response to external social expectations, and consequently also political and further, regulatory expectations see C. Bicchieri, The Grammar of Society: The Nature and Dynamics of the Social Norms, Cambridge 2006, p. 176.

About the influence of opinion leaders and the methods they use to influence internal compliance regulations in international corporations see G. Hilary, Regulations Through Social Norms, London 2014, p. 11.

About the evolution of compliance in banking see R. Jakubowski, Rozwój funkcji compliance w polskim sektorze bankowym od 1989 r., Monitor prawa bankowego 11/2013, p. 58.

The empowerment of global financial institutions, the scope and effects of the exercise of powers held, the resulting liability, the ways of legitimizing the actual influence and the response of regulators to these phenomena see, e.g., G. R. D. Underhil, X. Zhang, Business Authority and Global Financial Governance: Challenges to Accountability and Legitimacy [in] T. Porter, K. Ronit [ed.] The Challenges of Global Business Authority: Democratic Renewal, Stalemate, or Decay? New York 2010, p. 117.

More on the concept of the compliance function as a standard-setter in a global and multipolar normative environment constituting the contemporary environment of economic institutions see K. D. Wolf, A. Flohs, L. Rieth, S. Schwindenhammer, The Role of Business in Global Governance: Corporations as Norm-Entrepreneurs, London 2010, p. 29.

Project teams are built in such a way that they are composed of members depending on the competence, nature of the project, its scope, etc. Thus, in general, in the case of global organizations conducting international projects, the project team is composed of people with different specializations working both at the local level, generally responsible for implementing the arrangements, and at the supra-local level, who coordinate these tasks and ensure consistency of their implementation in different countries. In practice, there may be different models of organizations of this type of task forces created in any configuration, which are almost always slightly different. The common feature, however, is that they largely omit formal structures of official subordination, “flatten” organizational structures for the duration of projects, operate independently of hierarchical organizational degrees, or even ownership ties, thus shortening the decision-making time, concentrating employees on tasks and facilitating their efficient implementation. There are many such project teams in each corporation at the same time—at different levels and for different parts of the business. In such a situation, it is not difficult to find cases of actions contrary to corporate governance requirements, in which the role of compliance is to create appropriate procedures ensuring, for example, the involvement of relevant decision-making bodies in making final decisions accepting decisions made by project teams. Typical examples are projects aimed at implementing new financial products. In working on such projects, the persons involved are equipped with appropriate competences representing various areas of the bank (sales, risk, finance, IT, lawyers, etc.). They work together on the parameters of such a new product, prepare appropriate plans and calculations, and set a schedule for their implementation. Ultimately, however, it is up to the management bodies of the institution to decide whether to accept the results of such a project. The advantage of creating project teams is that it enables selected employees to focus on selected project tasks. It is usually connected with shifting the importance of the tasks performed by them from the existing, everyday tasks to those of a project nature, but also shortening the paths of agreements and simultaneously taking into account in the implementation of a specific project the participation of all specialties necessary for further practical implementation of the objectives of this project. The disadvantage is the creation of a parallel, often unclear network of informal organizational links, especially when the same people participate in many projects at the same time. Organizations operating in the public space, especially financial institutions, where transparent organizational structures and clear definition of the responsibility of individuals for management is a regulatory requirement, face this type of collision on a daily basis, which in practice is resolved in favor of maintaining project team structures.

More on the stages of development of the process of globalization of legal systems and what stage a given phenomenon may be in the correlation of world regulations see M. Wolf, Why Globalization Works, Boston 2005, p. 97.

In practice, compliance services in an international bank operating in an EU country must take into account the normative environment, including regulatory environment, and thus also supervisory recommendations of the local regulatory authorities, such as the country financial supervision authority, the central bank, the office of competition and consumer protection, the general inspector of financial information, the authority of personal data protection. Independently of this, compliance tasks are influenced by European regulators, including the European Banking Authority (EBA), the European Securities and Markets Authorities (ESMA), the European Insurance and Occupational Pensions Authorities (EIOPA), the European Supervisory Authorities (ESA), the European Systemic Risk Board (ESRB), the European Securities and Markets Authority (ESRB) and the European Securities and Markets Authority (EIOPA), the European Systemic Risk Board (ESRB), but also the most important regulators of major financial markets with cross-border reach, especially the UK and US, including the US Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FIRA), the US Federal Reserve System (FED), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the United Kingdom’s Financial Conduct Authority (FCA), the Bank of England Prudential Regulation Authority (PRA), the Royal Treasury Office (HM Tresury).

On the subject of building compliance awareness within an organization as a way to ensure normative coherence and normative compliance of its conduct in the global space see R. V. Aguilera, G. Jackson, The Cross-National Diversity of Corporate Governance: Dimensions and Determinants, Academy of Management Review 39(4)/2014, passim.

On the subject of the role of soft law standards in banking law regulations, see R. Kaszubski, op. cit., p. 18. Also soft law in the broader context of the financial market see Z. Ofiarski, Rola soft law w regulacji rynku finansowego na przykładzie rekomendacji i wytycznych Komisji Nadzoru Finansowego [in] A. Jurkowska-Zeidler, M. Olszak [ed.] Prawo rynku finansowego. Doktryna, instytucji, praktyka, Warsaw 2016, p. 137 et seq.

More about global, also called general, compliance standards cf. D. Pupke, Compliance and Corporate Performance, Hamburg 2007, pp. 112–124.

A separate issue is how, regardless of the role of compliance as the guardian of compliance with global standards, the same service is subject to unification, “standardization” cf. S. Bleke, D. Hortensius, The Development of a Global Standard on Compliance Management, Business Compliance 2/2014, p. 316 et seq.

Uniformity of norms of corporate behavior is not the only manifestation of the globalization of financial law. Another is the unification of documentation, especially for complex transactions, such as project finance, which has gone so far as to describe this phenomenon as the emergence of global contract law. See A. Golden, The Future of Financial Regulation: The Role of the Courts [in] MacNeil, O’Brien [ed.] The Future of Financial Regulation, Oxford 2010, p. 86.

The same problem, albeit in different manifestations, exists in many jurisdictions in principle regardless of the type of business pursued and is not limited to financial institution activities only. See D. Pupke, op.cit., p. 45.

Protection against outflow of information and impact on financial institution activity by market regulators see, e.g., R. Boyer, From Shareholder Value to CEO Power: The Paradox of the 1990s, Competition and Change 9/2005, p. 8.

Here, too, a separate issue arises with regard to the accounting standards adopted in each country. While International Financial Reporting Standards (IFRS) are the predominant standard in most European countries, and Generally Accepted Accounting Principles (GAAP) in the United States, India and Japan, many countries still have national accounting policies that differ from each other and affect the ultimate values reported in financial reporting. Corporations operating in multiple markets must ensure that their financial reports comply with both local and home market regulations and the necessary standardization. See D. Tweedie, T. R. Seidenstein, Setting a Global Standard: The Case for Accounting Convergence, New Journal for International Law and Business 25/2005, p. 590.

About reporting and the need to create model normative solutions within global financial organizations to enable effective information flow: M. Eggert, Compliance Management in Financial Industries: A Model-Based Business Process and Reporting Perspective, Heidelberg 2014, p. 49.

C. R. O’Kelly Jr., R. B. Thompson, Corporations and Other Business Associations: Cases and Materials, Boston 1996, p. 160.

This is the interpretation of norms in relation to cultural conditions in the classic sense in which Fuller proposed it, pointing out that it is a process of adapting the content of the norm to the presumed requirements and values of the social group to which it is to refer see L. L. Fuller, Anatomia prawa, Lublin 1968, p. 91.

Szczególny charakter postanowień Nowej Umowy Kapitałowej wynika zwłaszcza z faktu, że jest to pierwszy tego rodzaju dokument, który wyraźnie wskazuje na rolę compliance w systemie zarządzania bankami, w tym zwłaszcza ich znaczenie dla właściwego określenia koniecznej dla bezpiecznego prowadzenia działalności bankowej bazy kapitałowej. Zastosowano w niej prosty model zależności – bank posiadający odpowiednie mechanizmy kontroli zgodności to bank prowadzony ostrożnie, czyli w mniejszym stopniu narażony na ewentualne skutki naruszeń obowiązujących go norm, czyli w konsekwencji bank, który potrzebuje odpowiednio niższą bazę kapitałową. Po drugie, postanowienia Komitetu Bazylejskiego stanowią pierwsze i dotychczas jedyne porozumienie międzynarodowe ustalające w tym zakresie konkretne ustalenia i nakładające na sygnatariuszy obowiązek ich wdrożenia. Po trzecie, ustalone w ramach prac tego forum postanowienia stały się de facto podstawą ustalania zobowiązań również dla podmiotów formalnie postanowieniem tym nie objętych. Tak więc regulatorzy ryków finansowych wszystkich państw rozwiniętych nakładają obecnie zobowiązania ostrożnościowe w oparciu o postanowienia Nowej Umowy Kapitałowej, która stała się wyznacznikiem minimalnych standardów w tej dziedzinie. Od tej pory powstawał szereg innych regulacji lokalnych w poszczególnych krajach, ale wszystkie one na ogół odnoszą się do postanowień bazylejskich. See S. G. Cecchetti, D. Domanski, G. von Peter, New Regulation and the New World of Global Banking, National Institute Economic Review 216(1)/2011, p. 30.

The document even specifies that a proper mandate means in practice that it should be a bank employee at the rank of an executive director or a member of the board of directors.

Differences between the competencies of the employees responsible for compliance and legal risk management within global financial institutions and in various institutions operating on global markets see R. McCormick, Legal Risks in the Financial Markets, Oxford 2010, p. 167.

Ibidem, p. 227. More on the subject of the unifying role of the EBA in relation to the practice of functioning of risk management processes in banks in the European Union see C. Kosikowski, Nowe prawo rynku finansowego Unii Europejskiej [in] A. Jurkowska-Zeidler, M. Olszak [ed.] op. cit., p. 32.

In some financial institution, the position of head of compliance is also referred to as the name of the compliance officer, while in other financial institution, the name of the compliance officer in the compliance function is referred to as the employee discharging the compliance responsibilities of the compliance function.

So Directive 2006/46/EC of the European Parliament and of the Council of 14 June 2006 amending Council Directives 78/660/EEC on the annual accounts of certain types of companies, 83/349/EEC on consolidated accounts, 86/635/EEC on the annual accounts and consolidated accounts of banks and other financial institutions and 91/674/EEC on the annual accounts and consolidated accounts of insurance undertakings (text with EEA relevance), OJ L 224, 16.8.2006, pp. 1–7.

Progressive professionalization of the profession of compliance officer, occurring particularly quickly in the financial sector, but also in medical and pharmaceutical corporations, manifests itself among others in attempts to unify the process of professional certification conducted on the basis of unified training courses and manuals. See D. Troklus, Candidate Handbook, Certified Compliance and Ethics Professional, Society of Corporate Compliance and Ethics 2014, www.​compliancecertif​ication.​org (download 12 March 2019).

Ibidem, p. 71.

Among other things, in order to avoid crises similar to the recent ones, supervision of financial markets has also been strengthened at European Union level. More on this subject see C. Kosikowski, Prawo Unii Europejskiej w systemie polskiego prawa finansowego, Białystok 2010, p. 113.

On regulatory requirements relating to prudential management of the financial institution see H. Assa, Risk Management Under Prudential Policy, Decisions in Economics and Finance 38(2)/2015, p. 220 et seq. and F. Feretti, A European Perspective in Consumer Loans and the Role of Credit Registries: The Need to Reconcile Data Protection, Risk Management, Efficiency, Over-Indebtness, and a Better Prudential Supervision of the Financial System, Journal of Consumer Policy 33(1)/2010, p. 3.

For example, JP Morgan Chase & Co., a total of $920 million, or even largest financial penalty imposed on HSBC for money laundering of $1.92 billion.

However, despite the high probability of non-compliance events occurring, the appetite for this risk is set at zero as the only one among many other categories.

P. R. Wood, op. cit., London 2014, p. 67.

On recommended practices for the involvement of board members in managing compliance risk see P. Montoya, The Role of the Board of Directors [in] F. Vincke, J. Kassum [ed.] ICC Ethics and Compliance Training Handbook, Paris 2013, p. 63.

For the examples of non-contractual liability risks set out below, the difficulty is less in relying on the amount of compensation paid for such third-party claims. It results from the fact that international institutions operating in many markets at the same time, conducting many advertising campaigns on them, introducing and withdrawing many products, using numerous software providers etc., are exposed to a number of such violations on a daily basis. As these cases involve relatively smaller amounts, are generally disconnected and different in nature, it is difficult to collectively grasp their scale. See M. El-Bannany, A Study of Determinants of Intellectual Capital Performance in Banks: The UK Case, Journal of Intellectual Capital 9(3)/2008, p. 488 et seq. and T. W. Koch, S. Scott Mac Donald, Bank Management, Boston 2014, p. 100.

On the universally accepted values in the law see A. Keay, Getting to Groups with the Shareholder Value Theory in Corporate Law, Common Law World Review 39(4)/2010, p. 362 et seq.

M. Kozak, Compliance Programmes as a Tool of Effective Enforcement of Competition Law—A Carrot and a Stick Method? [in] T. Skoczny [ed.] 25 Years of Competition Law in Poland, Warsaw 2015, passim.

Issues of the same rights arising from infringements of intellectual property rights often vary considerably between jurisdictions. Listing only a few of them for Poland, the Act on Copyright and Related Rights of 4 February 1994 provides for such rights in a relatively flexible manner (Dz. U. z 2010 r. Nr 152, poz. 106), which, despite numerous changes, is still a relatively underused instrument compared to the judicial practice of other countries, which is nevertheless adapted and updated as the changes take place. Much more important are, for example, the US Federal Copyright Act 1976 or the UK Copyright, Designs and Patents Act 1988. In contrast, the French law on copyright and related rights (Loi sur le Droit d’Auteur et les Droits Voisins dans la Société de l’Information—DADVSI) of March 2006 is much more topical, as is the Russian (Part IV of the Civil Code of the Russian Federation) law of 18 December 2006 and the Kazakh (Copyright and Related Rights Act of the same year) law based on it. Laws in many other countries were drafted at about the same time, and to a much greater extent they already address copyright issues in the global space, including on the Internet. For example, these are Brazilian Copyright Act No. 9/610/98, the Hong Kong Copyright Decree of 6 July 2007 and even Act No. 32 of 2006. Emirate of Dubai amending the Earlier Copyright and Neighbouring Rights Act of 2002.

With regard to compliance costs related to infringements of intellectual property rights see K. Walsh, C. A. Enz, L. Canina, The Impact of Strategic Orientation on Intellectual Capital Investments in Customer Service Firms, Journal of Service Research 10(4)/2008, p. 309.

About the tasks of management of international corporations in relations to intellectual property rights protection see W. M. Landes, R. A. Posner, The Economic Structure of Intellectual Property Law, Cambridge 2003, p. 354.

On the role of compliance in managing the risk of illegitimate registration of trademarks with a view to their subsequent resale to corporations under European law see M. Svensson, S. Larsson, Intellectual Property Law Compliance in Europe: Illegal File Sharing and the Law of Social Norms, New Media and Society 14(7)/2012, p. 1150 et seq.

This is usually done on the basis of contracts for the assignment of the right to use trademarks or other protected goods which are the subject of intellectual property with a very standardized wording, the trade mark license agreements (TMLA).

On cultural and ethical links in the context of compliance norms see M. McMillan, Difference Between Compliance, Ethics and Culture, Risk and Compliance Journal, 30 June 2014, http://​blogs.​wsj.​com/​riskandcomplianc​e/​2014/​06/​30/​the-difference-between-compliance-and-ethics/​ (download 3 February 2019).

On the impact of differences in managing the risk of litigation resulting from different legal cultures see H. M. Kutzer, F. K. Zemans, Local Legal Culture and the Control of Litigation, Law and Society Review 27(3)/1993, pp. 535–557.

This includes issues such as whether the TMLA is issued separately or as part of a larger contract, and whether the license agreements are concluded on standard terms that are convenient for the financial institutions in advance, or are negotiated locally on a case-by-case basis.

About the expanding the scope of intellectual property protection resulting from its incorporation into international law see R. Halfer, Regime Shifting: The TRIPs Agreement and New Dynamics of Intellectual Property Lawmaking, Yale Journal of International Law 29/2004, p. 6 et seq.

So often in countries with unflagged judicial systems and in those where a dictatorship with real powers is not conducive to the building of independent judicial or enforcement institutions.

Experience shows that in some central Asian countries, which were previously part of the USSR, as well as in some central African countries, the legal practice specializing in the area of intellectual property rights protection is developing slower. A useful source of practical information on the level of protection of intellectual property rights worldwide is the independent IP Watch organization (http://​www.​ip-watch.​org).

Some organizations have compliance procedures in place to address this issue, as expressed in the applicable legal sections of the functional instruction manuals, where there are appropriate chapters referring to control of the risks of non-contractual intellectual property obligations.

The size of amounts relating to litigation risks varies considerably from one to another financial institution, but to illustrate the scale, it may be pointed out that in the case of London banks, the risk is high in the value of cases connected by type exceeding USD 50 million, and the risk is low in the value of cases not exceeding USD 20 million.

More about the risks connected with concluding transactions with public entities resulting from the practice of using non-legal instruments of pressure and soft norms see W. Reinicke, J. M. Witte, Interdependence, Globalization and Sovereignty: The Role of Non-binding International Legal Accords [in] D. Shelton [ed.] Commitment and Compliance: The Role of Non-binding Norms in the International Legal System, Oxford 2000, p. 76.

In addition, in the public tendering process, special extraterritorial legislation may also apply to anti-corruption procedures, such as the US International Corrupt Practices Act of 19 December 1977, §78dd-1 of Chapter 15 of the US Foreign Corrupt Practices Act (FCPA), which is not directly related to public procurement procedures, but is relevant to some large financial institutions doing business in many countries because it imposes additional obligations on them http://​www.​justice.​gov/​criminal-fraud/​foreign-corrupt-practices-act (download 7 November 2018).

For example, in the case of orders to operate in the debt instruments market, it refers to the conditions imposed on participants in a tender for their experience in similar procedures, references from other public sector principals, ratings held by recognized credit rating agencies, the provision of order execution warranties, the provision of irrevocable relevant guarantees, the payment of specified amounts of collateral, and the execution of the order in a strictly defined manner. See J. M. Logsdon, D. J. Wood, Global Business Citizenship and Voluntary Codes of Ethical Conduct, Journal of Business Ethics 59(1)/2005, p. 57 et seq.

This also applies to issues such as the power of representation of the entities concerned in public procurement procedures granted to individually identified persons. A particular type of complication is the cooperation with such persons who are subject to certain restrictions imposed by banks—the so-called politically exposed persons (PEP, politicians, persons sitting on the bodies of the State-owned companies etc.). See, e.g., K.-K. R. Choo, Challenges in Dealing with Politically Exposed Persons, Trends and Issues in Crime and Criminal Justice 386/2010, p. 53.

See A. Alfonso, M. G. Arghyrou, A. Kontonikas, The Determinants of Sovereign Yield Spreads in the European Monetary Union, European Central Bank Working Paper Series, April 2015, https://​www.​ecb.​europa.​eu/​pub/​pdf/​scpwps/​ecbwp1781.​en.​pdf (download 17 February 2019).

About the role of law in general as a specific management method, including risk management see M. J. Golecki, Między pewnością a efektywnością. Marginalizm instytucjonalny wobec prawotwórczego stosowania prawa, Warsaw 2011, p. 118.

The activities of the International Swap Dealers Association (ISDA), which issues legal opinions on the enforceability of close-out netting in relation to States and state-owned entities, are helpful in this respect. Although these opinions may not be applicable in the context of a given transaction, they are a good starting point for proper analysis. See The Importance of Close-Out Netting, http://​www2.​isda.​org/​search?​headerSearch=​1&​keyword=​close+out+nettin​g (download 19 February 2019).

In some jurisdictions it is not possible to determine the will of the contracting parties to the jurisdiction of another court and the law, as there is an obligation to settle only by the courts having jurisdiction over the defendant’s domicile. Concerning the provisions of the court and the determination of the applicable law in the credit documentation see Jurisdiction Clauses in Contracts, http://​www.​timeshareconsume​rassociation.​org.​uk/​jurisdiction-clauses-contracts/​ (download 2 April 2019).

On the stability of judgments and the risk of cross-border disputes on the example of companies listed in the United States see B. Cheng, S. Srinivasan, G. Yu, Securities Litigation Risk for Foreign Companies Listed in the U.S., Harvard Business School Working Paper 13–036/2012, p. 5 et seq.

A waiver of immunity from the framework ISDA agreement of 2002.

Due to the noticeable usefulness of solutions developed during the introduction of stabilization clauses to the market, they are more and more often applied not only to agreements on investment financing, but also to agreements relating to investment agreements themselves, for example, concerning the implementation of long-term infrastructure projects, especially those implemented in countries with relatively high observed variability of the legal environment.

On limiting the impact of the risk of changes in law on the content of contractual obligations see T. L. Brown, M. Potoski, Managing Contract Performance: A Transaction Costs Approach, Journal of Policy Analysis and Management 22(2)/2003, p. 287.

The role of the warranties and representations included in the texts of contracts in the scope of their construction and liability of the providing party under the contractual terms see A. Szlęzak, H. Gardocka, Ponownie o representations and warranties w umowach poddanych prawu polskiemu, Przegląd Prawa Handlowego 2/2011, p. 31.

Established in 1966, the ICSID with its registered office in Washington, DC is an independent arbitration body within the World Bank.

It is also true, however, that the earliest search for the definition of the role and meaning of the internal standards of international corporations started quite a long time ago. See D. F. Vagts, The Multinational Enterprise: A New Challenge for International Law, Harvard Law Review 83/1969–1970, pp. 739–792.

It is not, however, a non-negotiable model, which nevertheless takes place from the position of proving its ineffectiveness. See H. Davies, Banks Need to Question Their ‘Three Lines of Defense’, Financial Times, 9 July 2013. Also: Excuse Me, How Many Lines of Defense? The New Financial Maginot Lines, paradigmrisk.​wordpress.​com/​2013/​03/​18 (download 20 November 2018).

Although the models of the three lines of defense may differ in detail in relation to the scope of activities undertaken within their framework by individual organizational units, they are similar in substance. Possible further practical developments of this concept are a continuation of the basic model dividing the responsibility for defending against compliance risk into all financial institution’s units and reserving for compliance the role of control in this respect.

In the context of one of the more sophisticated models for managing compliance risk through three lines of defense, which operate in practice with international financial institutions, it is pointed out that the business line representatives should distinguish between them in the first line of defense:

The second line of defense in this model, in turn, provides for two main groups:

Cf. A document submitted for the financial institutions’ consultation: Bank for International Settlements, Consultative Document: Sound Practices for the Management and Supervision of Operational Risk, Basel, December 2010.

The question remains how to ensure compliance with the third line of defense in the face of the fact that it constitutes the final control, i.e. the question of who checks the checker. There are several ways to secure the compliance of an audit, the most common of which are:

Ultimately, however, the control of the correctness of internal audit in financial institutions, including compliance conditions, methodological reliability, etc., is carried out by regulators conducting audits as part of supervisory control.

In order to effectively manage the risks inherent in a given organization, specific financial institutions develop their own systems relating to key compliance risk management indicators. They are usually confidential internal documentation. However, some examples of universal, simplified and publicly accessible systems can also be found in online resources. One example of such a system, Compliance and Audit Management, can be found at: http://​www.​smartkpis.​com/​kpi/​functional-areas/​governance-compliance-and-risk/​compliance-and-audit-management/​ (download 10 September 2018).

On the measurement of aggregated customer complaints see D. D. Bradlow, Private Complaints and International Organizations: A Comparative Study of the Independent Inspection Mechanisms in International Financial Institutions, Journal of International Law 36/2005, p. 456.

In case of banks operating in countries of continental law with similar principles of corporate governance, this is a management board which should receive such information on an ongoing basis, but also a supervisory board to whom compliance is required to report not only its periodically determined action plans, but also their results, including the results of ad hoc inspections and tests. In countries where the boards of directors, composed of independent members, is the principal directing body of the financial institution, compliance communicates directly to the boards of directors or through appropriate committees established at the boards (e.g. committees of compliance, audit, operational risk, etc.).

Compliance tasks are slightly different and more importance is given to relations with public entities that are bank customers in the case of investment banks than in the case of banks operating in the area of consumer finance, which in turn must build appropriate structures to protect them against the risk of money laundering by individual customers.

The protection of personal data is a particular challenge for international financial institution, for which reciprocal access to data granted to individual entities is a competitive advantage, inter alia, in relation to customers with reduced credit rating. See A. Powell, N. Mylenko, M. Miller, G. Majnoni, Improving Credit Information, Bank Regulation and Supervision: On the Role and Design of Public Credit Registries, Washington, DC 2004, p. 10 et seq.

On banking secrecy and the flow of information within the system of financial institutions see V. Fitzgerald, Global Financial Information, Compliance Incentives and Terrorist Financing, European Journal of Political Economy 20(2)/2004, p. 392.

The scope of controls carried out by compliance in financial institutions includes a conflict between the obligation to maintain the secrecy and proper control of entities within the same capital group see K. Alexander, R. Dhumale, J. Eatwell, Global Governance of Financial Systems: The International Regulation of Systemic Risk, Oxford 2006, p. 134 et seq.

The management of issues itself is also subject to standardization, and here too the highest standards are being set and adhered to. Cf. S. Bleker, D. Hortensius, The Development of a Global Standard on Compliance Management, Business Compliance, February 2014, p. 34.

On evaluation of operational risk see K. Alexander, R. Dhumale, J. Eatwell, op. cit., p. 201.

On risk management in credit institutions, in particular through analysis of types and mechanisms of operation of collateral in financial practice and their significance for parties of financial transactions see M. Michalski, R. R. Zdzieborski, Ustawa o niektórych zabezpieczeniach finansowych. Komentarz, Warsaw 2005, p. 15 et seq.

Depending on the type of operations carried out, including, for example, whether the bank provides services to consumers, whether it has a network of physical branches, whether it provides cash services and in which territories it operates, such risks may be spread differently. More on issues related to ensuring continuity of bank operations in various situations see M. Power, The Risk Management of Nothing, Accounting, Organizations, and Society 34(6–7)/2009, p. 851.

More on information security management see D. Luthy, K. Forth, Laws and Regulations Affecting Information Management and Frameworks for Assessing Compliance, Information Management & Computer Security 14(2)/2006, p. 157.

Mandatory contractual clauses in public procurement contracts using the example of the World Bank see S. Williams, The Debarment of Corrupt Contractors from World Bank-Financed Contracts, Public Contract Law Journal 36(3)/2007, p. 281 et seq.

The differences in relation to the issue of equal treatment of workers are particularly evident in the confrontation of the constant tendency to extend employee rights and anti-discrimination guarantees in the European Union Member States and in other countries outside this area, particularly in the so-called low-cost countries. On trends in the expansion of the substantive guarantees of employees in the European Union see L. Mitrus, Równość traktowania (zakaz dyskryminacji) w zakresie zatrudnienia [in] A. Zawadzka-Łojek, R. Grzeszczak [ed.] Prawo materialne Unii Europejskiej. Swobodny przepływ towarów, osób, usług i kapitału. Podstawy prawa konkurencji, Warsaw 2013, p. 154.

On the role of compliance in shaping internal norms relating to employee relations see L. Baccaro, V. Mele, For Lack of Anything Better? International Organizations and Global Corporate Codes, Public Administration 89(2)/2011, p. 460 et seq.

About the guarantees of protection and procedures for reporting irregularities for employees see D. D. Bradlow, op. cit., p. 477.

On the subject of compliance obligations in the scope of removing irregularities in the operation of financial institutions identified by the employees themselves (the so-called self-identified issues) see P. Christmann, G. Taylor, Firm Self-Regulation Through International Certifiable Standards: Determinants of Symbolic Versus Substantive Implementation, Journal of International Business Studies 37/2006, p. 865.

On practical difficulties in complying with anti-money laundering compliance obligations see A. E. Sorcher, Lost in Implementation: Financial Institutions Face Challenges Complying with Anti-money Laundering Laws, Transactional Law 18/2005, p. 398 et seq.

More on combating money laundering in the light of European Union regulations see C. Kosikowski, Finanse i prawo finansowe Unii Europejskiej, Warsaw 2014, p. 75.

The legal basis for such a survey is national laws to combat the marketing of criminal assets or other undisclosed sources.

About the changes observed by major financial market actors in the role played by regulators, in particular central banks, including issues arising from the control of banking relations by defining profiles of entities with which banks should not cooperate. Cf. e.g. S. King, M. Jha, The Central Banking Revolution, Global Economics 2/2013, p. 11.

On the inadmissibility of cooperation with terrorists and drug traffickers cf. e.g. N. W. R. Burbidge, International Anti‐money Laundering and Anti‐terrorist Financing: The Work of the Office of the Superintendent of Financial Institutions in Canada, Journal of Money Laundering Control 7(4)/2004, p. 322 et seq.

On debt restructuring and reorganization in international insolvency proceedings and the role of compliance in the context of international insolvency proceedings see, e.g., S. L. Schwarz, Sovereign Debt Restructuring: A Bankruptcy Reorganization Approach, Cornell Law Review 85(956)/2001, p. 970 et seq.

On political risk in financial institutions’ activities see J. Madura, International Financial Management, Stamford 2015, p. 495 et seq.

This includes the rankings of organizations such as Transparency International. On the use and abuse of such rankings by other financial institutions see S. Andersson, P. M. Heywood, The Politics of Perception: Use and Abuse of Transparency International’s Approach to Measuring Corruption, Political Studies 57(4)/2009, p. 748.

S. Macleod, D. Lewis, Transnational Corporations: Power, Influence and Responsibility Global Social Policy 4/2004, p. 80 et seq., and also, for example, articles and monographs devoted to this subject: T. R. Piper, Odnaleziony cel: przywództwo, etyka i odpowiedzialność przedsiębiorstw [in] L. V. Ryan, J. Sójka [ed.] Etyka biznesu: z klasyki współczesnej myśli amerykańskiej, Poznań 1997; M. Żemigała, Społeczna odpowiedzialność przedsiębiorstwa, Cracow 2007; also D. Walczak-Duraj, Ład Etyczny w gospodarce rynkowej, Łódź 2002 i W. Gasparski, A. Lewicka-Strzałecka, B. Rok, G. Szulczewski, Etyka biznesu w zastosowaniach praktycznych: inicjatywy, programy, kodeksy, PAN, Warsaw 2002.

A. Kolk, op. cit., pp. 1–15.

On the unification of financial standards in international companies see D. Masciandaro, Politicians and Financial Supervision Unification Outside the Central Bank: Why Do They Do It? Journal of Financial Stability 5(2)/2009, p. 130 et seq.

On basic principles of conduct of banks in international transactions with other financial institutions see J. Gitman, R. Juchau, J. Flanagan, Principles of Managerial Finance, Pearson 2011, p. 435 et seq.

Irregularities detected by supervisors in relations between banks and other financial institutions may pose a significant threat to the stability of the financial system as a whole. Hence the importance of anticipatory compliance services for controlling and regulating these issues see D. W. Arner, Financial Stability, Economic Growth, and the Role of Law, Cambridge 2007, p. 51.

Restrictions on the involvement of banks in their relations with other financial institutions may result from various reasons. As a result, they are subject to internal compliance regulations. See G. Ercel, Globalization and International Financial Environment, Bank of International Settlements Review 79/2000, p. 4.

More about the audits carried out by regulators see J. R. Fichtner, The Recent International Growth of Mandatory Audit Committee Requirements, International Journal of Disclosure and Governance 7/2010, p. 237 et seq.

Obligations imposed by regulators on banks in contractual provisions with customers see R. Inderst, Retail Finance: Thoughts on Reshaping Regulation and Consumer Protection After the Financial Crisis, European Business Organization Law Review 10(3)/2009, p. 457.

Criticizing the ineffectiveness of regulators’ penalties for detected irregularities see J. A. Allison, Market Discipline Beats Regulatory Discipline, Cato Journal 34/2014, p. 345.

On cross-border compliance obligations to comply with regulatory requirements see J. G. Sutinen, K. Kuperan, A Socio‐Economic Theory of Regulatory Compliance, International Journal of Social Economics 26(1/2/3)/1999, pp. 174–193.

The importance of ethical issues in building appropriate conditions for business development in compliance conditions see A. B. Carroll, A. K. Buchholtz, Business and Society: Ethics, Sustainability, and Stakeholder Management, Stamford 2015, p. 175.

About the importance given by corporate authorities to compliance issues, the so-called “tone from the top” see O. Boiral, The Certification of Corporate Conduct: Issues and Prospects, International Labour Review 142(3)/2003, p. 322.

The organizational structures introduced in different corporations are not uniform and differ significantly from each other, they are also subject to constant changes. These changes in complex international structures are usually the result of both new regulations and other factors, including business needs (new development plans, reductions, ownership changes, introduction of new products, or even just the departure of key employees, etc.).

B. W. Heineman, Don’t Divorce the GC and Compliance Officer, the Harvard Law School Forum on Corporate Governance and Financial Regulation and Harvard Kenedy School of Government, December 2010, www.​law.​harvard.​edu/​corpgov (download 15 March 2019); B. W. Heineman, Can the Marriage of the GC and Chief Compliance Officer Last? Corporate Counsel, 30 March 2012, Law.​com (download 15 March 2019); D. Boheme, When Compliance and Legal Don’t See Eye to Eye, Corporate Counsel, 8 May 2014, www.​compliancestrate​gists.​com/​csblog/​2014/​05/​11/​ (download 20 October 2018). Also: M. W. Peregrine, The Increasingly Problematic Coordination of ‘Legal’ and ‘Compliance’: New Pressures on the Board: Best Practices for Resolving Tasks, Bloomberg Law, 3 September 2014, www.​Bloomberg_​Law/​law/​compliance (download 20 October 2018).

The particular position of the Basel Committee’s guidelines is due in particular to their transnational scope and the optional nature of the guidelines. Contrary to the recommendations issued by national regulators of the markets in which individual banks operate, the Basel Committee does not have the power to bind banks. It only sets out a framework within which it is possible to structure their risk management and subsequent capital adequacy activities in an optimal way. Other regulators operating within their own jurisdictions issue regulations whose application becomes an obligation for institutions operating in a given area. Although the scope of these regulations is not always exclusively local, it is rather due to the fact that some regulators have the possibility to influence banking groups due to the fact that the seat of these banks is located in the territory subject to their cognition. It is essential, however, that these individual regulators refer in their regulations to the recommendations made within the framework of the Basel Committee’s work. In practice, although international banks cannot formally assume that some regulators are more important, the importance of the recommendations of some of them, due to the scope of their impact, the possibility of influencing large areas of business activity or, for example, their influence on the elements necessary for this activity that are particularly important for the banks’ operations (access to foreign exchange markets, capital requirements, imposing additional obligations with respect to maintaining reserves at an appropriate level, etc.), plays a de facto leading role. Thus, for example, recommendations issued by the FED—Federal Reserve System, FRB—Board of Governance of the Federal Reserve System, FDIC—Federal Deposit Insurance Corporation, FinRA—Financial Industry Regulatory Authority, NASD—National Association of Securities Dealers, SEC—US Securities and Exchange Commission, NYSPD—New York State Banking Department, OCC—Office of the Comptroller of the Currency, FISMA—European Commission Directorate-General for Financial Stability, Financial Services and Capital Markets Union, ECB—European Central Bank, EBA—European Banking Authority, PRA—Prudential Regulation Authority, FCA—Financial Crime Authority and other regulators operating on American, European Union or London markets are, on the one hand, important from the point of view of compliance activity, the task of which is to ensure their observance. On the other hand, however, with regard to the definition and positioning of compliance obligations, it often develops and gives substance to the ideas developed by the Basel Committee. See K. L. Young, Transnational Regulatory Capture? An Empirical Examination of the Transnational Lobbying of the Basel Committee on Banking Supervision, Review of International Political Economy 19(4)/2012, p. 670.

These protections are implemented using all available tools to ensure their effectiveness on the basis of the results of research in the field of management theory. The introduction of procedures and other internal regulations at different levels of the hierarchy would not be sufficiently effective in so many organizations as multinational corporations if it were not accompanied by simultaneous training, information campaigns and incentive systems and evaluation of employees in this area.

The major British banks have adjusted their compliance structure to the organizational changes introduced at the regulators’ level. See P. O. Mülbert, Corporate Governance of Banks After the Financial Crisis—Theory, Evidence, Reforms, European Corporate Governance Law 130(4)/2010, p. 12 et seq.

The question of to what extent some regulations may be more relevant than others remains separate. It can be assumed that the materiality of regulations is determined by the following factors:

As for example, in the Basel Committee on Banking Supervision document, Internal Audit in Banks and the Supervisor’s Relationship with Auditors: A Survey of August 2002, http://​www.​bis.​org/​publ/​bcbs92.​pdf (download 19 July 2018).

These adjusting organizational changes, although already introduced in banks, have not yet covered many institutions. For example, the world’s largest UK organization of corporate compliance specialists, the International Compliance Association, issues qualification certificates to applicant institutions that still cover both areas together.

The Basel Committee on Banking Supervision also refers to the issue of banks’ relations with high-risk customers and their obligations towards the classification of customers in this category, in the document Customer Due Diligence for Banks, October 2001, http://​www.​bis.​org/​publ/​bcbs85.​htm (download 13 February 2019).

This means that it is determined whether account transactions are carried out in accordance with the knowledge of the client’s business and do not involve the financial institution in illegal or unethical activities consisting not only in the financing of drugs or terrorism, but also other activities that the financial institution deems inappropriate from its perspective, such as cooperation with certain countries, institutions or industries like the military industry.

The division used here is not, of course, the only possible one, but only the one used most frequently by the large international financial institutions. Such systematization of legal risks derives from the common law, where a large part of financial centers is located.

The complexity of issues related to the management of legislative and regulatory risk is due to at least three factors:

Lack of compliance is only one of the types of legal risks, it refers in principle only to the norms currently in force and remains the domain of compliance services, while the tasks of legal departments traditionally focused on advisory tasks supporting business activity. In view of this division, entities specializing in a broadly defined management of all legal risks, including the identification of those elements of the business activity which may expose corporations to new types of risks and anticipating the effects of potential unpreparedness for these risks, are relatively new creations, whose importance in the complex global financial environment is constantly growing.

R. C. Bird, P. A. Borochin, J. D. Knopf, The Role of the Chief Legal Officer in Corporate Governance, Journal of Corporate Finance 34/2015, p. 5.

N. Stanley, Clearly, and Quite Righty, Data Loss Is Now a Legal Issue and IT Professionals Need to Be Aware of Their Responsibilities, A White Paper by Bloor Research, March 2009, https://​www.​qualys.​com/​docs/​EU_​Compliance.​pdf (download 11 March 2019).

An example of the scope of activities of that a local compliance association can be found e.g. on the following site: http://​compliancepolska​.​pl.

This type of associations also publishes their own bulletins, organize regular trainings and large compliance conferences, whose subject matter, depending on the needs arising in a given period, concern such different issues as new regulations and technologies and their impact on the compliance functions and anti-money laundering in its own financial institutions.