Management at financial institutions, including Financial Instruments Business Operators (FIBO), is required to develop and implement an appropriate and adequate compliance framework across all areas of their operations.  The Comprehensive Guidelines for Supervision of Financial Instruments Business Operators (June 2019), prepared by Japan’s Financial Services Agency’s (FSA), cites “sound and appropriate business operations” as key to ensuring a “fair and transparent securities market”.  The appropriateness of a compliance program is judged in part by: “Whether the Financial Instruments Business Operator has counted compliance as one of the most important management issues and formulated a basic policy concerning the implementation of compliance, a comprehensive implementation plan (compliance program) and a code of conduct (rules concerning ethics and a compliance manual, etc.).  In addition, whether it has informed all officers and employees of the existence and contents of the implementation policy, etc., and ensured a full understanding thereof and the implementation of compliance in daily business operations.” (page 47, III-2-1 Control Environment for Legal Compliance (i))

Note: In English, the order of rules and regulations would be: Code of Conduct > compliance policy > compliance regulations > compliance program > compliance manual, while the Japanese version, treats code of conduct as more or less equal in importance to the compliance manual.

FIBOs are required to formulate a basic policy, program, and manual for compliance, all of which must be reviewed and assessed periodically, at least once a year or whenever deemed necessary. 

The basic policy outlining and defining compliance is the foundation of compliance efforts.  The policy sets out rules that ensure a FIBO acts in accordance with all applicable laws, regulations, and guidelines from supervisory agencies.

The compliance manual explains the rules that executives and employees must follow and provides specific instructions on how to respond to inappropriate activities when they are discovered or recognized.  The number of potentially applicable laws, regulations, and internal checks is enormous; therefore, the manual should specify applicable rules in accordance with the business lines, characteristics, and corporate culture of the company.

The compliance program is the system for implementing compliance measures.  In general, the program is written as a table or Excel sheet, with columns stating areas to review, "responsible department/unit", "schedule", "action items”, etc.  Areas to review include contracts, operational guidelines, management of information security, management of officers' and employees' own transactions in purchasing/selling stocks and bonds, and compliance training, etc.  It is important to design measures that comport with the business content and circumstances of the institution.

The contents of the compliance manual and the compliance program should be reviewed at least once a year, and important changes generally must be approved by the board of directors.

Continuous enhancement of compliance should be one of management’s most important concerns.  It is incumbent on management to ensure that compliance systems are kept active and working properly.