What to consider when drafting and amending internal rules?

Internal rules are important throughout the life-cycle of a financial institution. Appropriate internal rules play a key role in ensuring that the financial institution’s operations comply with legal acts and thereby in mitigating the possibility that a compliance risk materialises. Therefore, it is necessary to pay sufficient attention to drafting and amending the internal rules.

Process based internal rules.

Internal rules should be drafted with a sufficient level of detail. Whereas it is important that the internal rules are not merely principle-based, simply listing the financial institution’s various obligations under legal acts. Listing obligations would leave excessive room for interpretation in terms of what should be done to comply with a particular obligation. This in turn gives leeway to the interpretation that the performance of such obligation of the financial institution would have required additional activities, therefore, the financial institution’s activity is not in compliance with legal acts.

Internal rules should be seen as a description of the work process, based on which existing as well as new employees in their performance of work duties should be able to ensure that the financial institution’s activity complies with legal acts. This might raise the question of the line between sufficient and excessive level of detail. In such case, the basis should be that the internal rules provide the employees with an understanding of the specific work duties of the employee who participates in the process and at what time the employee has to perform the work duties.

Clear areas of responsibility for employees.

Just as internal rules should describe work processes, they should also clearly set out which employees participate in the process and which are the work duties that the employee participating in the respective process is responsible for. Therefore, it does not suffice if the internal rules provide only impersonal obligations or obligations for which the financial institution itself is responsible. In such case nobody knows who needs to do what and when. The financial institution comprises of employees who have a role in the processes. It is the process-based approach that helps ensure that employees have specific obligations and responsibilities.

Applying the principle of proportionality.

When internal rules are drafted, it should be assessed to which extent the requirements could apply to the financial institution proportionally. The principle of proportionality means that the nature, scope and level of difficulty of the activities of the financial institution should be taken into account. The principle of proportionality is enshrined in several legal acts, enabling the proportionate application of the requirements of such legal acts. The principle of proportionality should also be observed in a broader sense. For example, it could justify the level of detail or complexity of the internal rules. It means that the more complex the financial institution, the more complex and detailed the internal rules should be.

Internal rules should include all relevant requirements.

In addition to the provisions of national laws or the European Union regulations, the drafting of internal rules should also take into account secondary legal acts. Therefore, attention should be paid to the requirements that arise from the guidelines of European Union level institutions or the financial supervision authority. It is also important to proceed from market practice. Internal rules need to combine all the relevant requirements and present these in a format and language that is understood by the employees. But internal rules should also refrain from legal complexities and references to legal acts that could provide additional requirements. Internal rules should be comprehensive and in their work the employees should be able to rely only on the internal rules, without analysing any additional requirements arising from the legal acts.

Therefore, the purpose of the internal rules is to provide the employees with clear instructions for the performance of their work duties. Internal rules that are too general or do not include all the relevant requirements are grounds for the materialisation of the compliance risk. This in turn could have extremely negative consequences for the activity of the financial institution and integrity in general.

The article was written by Ellex experts Anneli Krunks and Marion Müürsepp.