EVERYTHING YOU NEED TO KNOW ABOUT COMPLIANCE IN FINANCIAL

INSTITUTIONS IN THE CEMAC ZONE (CENTRAL AFRICA).

November 2023

EVERYTHING YOU NEED TO KNOW ABOUT

COMPLIANCE IN FINANCIAL INSTITUTIONS
IN THE CEMAC ZONE (CENTRAL AFRICA).

Mr. Ange NGANDJO

(Banker - Consultant)

Author : Mr. Ange NGANDJO, Email : pngandjo@yahoo.com ; November 2023 Page 1 of 14

 EVERYTHING YOU NEED TO KNOW ABOUT COMPLIANCE IN FINANCIAL
INSTITUTIONS IN THE CEMAC ZONE (CENTRAL AFRICA).

Table Of Contents
Introduction 3

I- The Compliance Function 5

1- Definition of the compliance function 5
2- Objectives of the compliance function 6
3- Key missions of the compliance function 6

II- Specificities of the Compliance Function 7

1- Permanence, independence, and functional organization
of the compliance function 7
2- Access to information and confidentiality 8
3- Distinction between the compliance profession and other
professions within the company 8

III- Organization of the Compliance Function 10

1- Structuring models 11
1.1- Financial security 11
1.2- Customer protection 12
1.3- Ongoing control 13
1.4- Ethics 13
2- Organization chart of the compliance function 14

Author : Mr. Ange NGANDJO, Email : pngandjo@yahoo.com ; November 2023 Page 2 of 14

 EVERYTHING YOU NEED TO KNOW ABOUT COMPLIANCE IN FINANCIAL
INSTITUTIONS IN THE CEMAC ZONE (CENTRAL AFRICA).

INTRODUCTION

Compliance, which is an essential pillar of the protection of credit institutions, microfinance

institutions, payment institutions, and their clients, emerged in the financial sector as early as the
1930s-1940s in Anglo-Saxon countries, primarily in the United States, according to a study conducted
by Price Waterhouse Coopers entitled "Regulatory Compliance: Adding value," focusing on
compliance regulations in a dozen Western countries.
The frequency of financial institution failures and systemic crises in the financial sector, largely
attributable to non-compliance or insufficient mastery of legislation or regulations, as well as the
financial and reputational external costs of these events, have prompted stakeholders in the financial
sector (financial institutions and regulators) to consider ways to strengthen the policies in place to
manage these risks.
The occurrence of several large-scale financial scandals in recent decades has led regulators to firmly
increase their requirements to ensure the integrity of the financial system.
Thus, ensuring that everyone complies with established rules becomes a major issue for both
financial institutions and their clients and employees.
In the CEMAC region, following the establishment of COBAC (Banking Commission of Central Africa),
it issued in December 1993 the first regulatory framework that would govern control in credit
institutions and mentioned for the first time the principle of compliance through COBAC Regulation
R-93/08, which consisted of 4 articles highlighting three (03) recommendations for effective internal
control, one of which stated that credit institutions were required to "conform" their organization
and internal procedures to professional standards and practices. However, this regulation quickly
showed its limitations due to its summary nature, lack of precision, and weak requirements, which
did not allow for the development of proper internal control systems within CEMAC credit
institutions. Recognizing the importance of sound and effective internal control that ensures
compliance in the prudent conduct of banking activities and contributes to financial stability, COBAC
undertook to strengthen its regulatory framework in this area. Taking into account the
recommendations of the Basel Committee on this matter, it adopted on December 5, 2001, COBAC
Regulation R-2001/07 on internal control in credit institutions, thus repealing COBAC Regulation R-
93/08.
Effective as of January 1, 2003, the provisions regarding internal control prescribed by COBAC
Regulation R-2001/07 had been implemented differently by credit institutions. It should be noted
that it also mentioned the principle of compliance but did not recognize "the compliance function" as
an integral part of "the internal control structure." That is why, ten (10) years after its entry into
force, when it was time to assess its implementation and content in order to consider improvement
perspectives, COBAC published a note in June 2013 entitled "Evaluation of the Implementation of
COBAC Regulation R-2001/07 on Internal Control in Credit Institutions." In this note, after recalling
the main provisions of COBAC Regulation 2001/07 (1), listing the weaknesses identified in the
implementation of this regulation (2), and providing some explanatory elements (3), it ended with a
proposal for some areas of improvement in view of revising the existing framework regarding its
applicability and content (4). It was then learned in section 2.2.5 that one of the weaknesses
identified in the implementation of this regulation is the fact that "The compliance function is often
nonexistent" because many credit institutions prioritize profitability over the compliance of their
operations. Consequently, in these institutions, the compliance function is not organized, and the

Author : Mr. Ange NGANDJO, Email : pngandjo@yahoo.com ; November 2023 Page 3 of 14

 EVERYTHING YOU NEED TO KNOW ABOUT COMPLIANCE IN FINANCIAL
INSTITUTIONS IN THE CEMAC ZONE (CENTRAL AFRICA).
internal control system appears to be very deficient. COBAC proposes, therefore, to address these
shortcomings in terms of governance of internal control by making it mandatory to establish a
compliance function whose activity report will be analyzed and taken into account by internal audit
and communicated to COBAC, in accordance with the prescriptions of the Basel Committee contained
in the "Consultative Document on the Compliance Function in Banks" of October 27, 2003.
This document constitutes an international regulatory framework defined by the "Basel II standards"
issued by the "Basel Committee" in October 2003, following international discussions aimed at better
understanding credit and market risks after the Mexican crisis, the Asian crisis, and the bankruptcy of
LTCM (Long Term Capital Management), and formulating specific proposals for controlling "Non-
Compliance Risk". The Basel Committee, established in 1974 on the proposal of Peter Cooke (a
director of the Bank of England), is a meeting of central banks and banking supervisors from G10
countries and now meets four times a year in Basel, Switzerland, under the auspices of the Bank for
International Settlements (BIS).
The compliance control function, as defined by the "Basel II standards," is responsible for identifying,
assessing, and monitoring non-compliance risks faced by financial institutions. It advises and informs
the executive body and reports to the deliberative body on this matter. This has led the majority of
countries worldwide to establish compliance control functions within their financial institutions. This
trend increased after the occurrence of the subprime financial crisis in 2008 and the subsequent
reaction of the Basel Committee, which set the objective of Basel III in 2010: "To enhance the
resilience of the banking sector, i.e., its ability to absorb shocks during financial and economic stress,
regardless of the source." Hence, the COBAC's prescriptions on compliance function in its June 2013
note.
Currently, the compliance function holds a prominent position in European and American financial
institutions. In the CEMAC region, including Cameroon, the compliance function was established in
2016 through COBAC Regulation R-2016/04 on internal control in credit institutions and financial
holdings, which repealed Regulation R-2001/07. Article 03 of the regulation states that the
compliance function is the second component of the second level of ongoing control (which is the
first level of the internal control system, followed by internal audit or periodic control). Every
employee of a financial institution must be aligned with compliance, as emphasized in Article 9 of this
regulation, which states that "the executive and deliberative bodies must promote a culture of
internal control (including compliance) at all levels of staff within the subject institution. Each
member of the institution's staff should understand their role in the internal control system
(including compliance) and be fully involved."
It should be noted that the human and logistical resources allocated to non-compliance control vary
from one institution to another. Even the most high-performing institutions may fall short of
international standards. This is why the compliance function remains relatively unknown to
employees of financial institutions and completely foreign to clients.

Author : Mr. Ange NGANDJO, Email : pngandjo@yahoo.com ; November 2023 Page 4 of 14

 EVERYTHING YOU NEED TO KNOW ABOUT COMPLIANCE IN FINANCIAL
INSTITUTIONS IN THE CEMAC ZONE (CENTRAL AFRICA).
I- The Compliance Function
Created in March 2016 by COBAC Regulation R-2016/04 on internal control in credit institutions and
financial holdings, the compliance function is primarily responsible for monitoring the legal risk of
non-compliance (Article 54).
In line with the Basel Committee, COBAC defines the risk of non-compliance in Article 2 as "the risk
of judicial, administrative or disciplinary sanctions, significant financial loss, or damage to reputation
arising from non-compliance with provisions specific to banking and financial activities, whether
legislative and regulatory in nature, or professional and ethical standards, or instructions from the
executive body issued in particular in accordance with the guidelines of the deliberative body or not.".
The factors that can lead to the occurrence of these risks include the following:

 For the risk of judicial, administrative, or disciplinary sanctions, the most important factors are:
 Inadequate regulatory monitoring;
 Poor drafting, non-compliance, or improper implementation of internal compliance
procedures;
 Lack of staff training;
 Absence of prior validation of new products and services, or significant changes to existing
products (Article 121) ;
 Poor management of conflicts of interest.
 For the risk of significant financial loss, the following factors can be mentioned:
 Failure to detect insider trading;
 Inadequate monitoring of internal misconduct and fraud;
 Absence, failure, or non-application of internal procedures regarding ethics and good conduct
in banking activities.
 For the risk of damage to reputation, the following factors can be identified:
 Lack of filtering for criminal entities involved in money laundering and terrorism financing;
 Incomplete or negligent Know Your Customer (KYC) process & Customer due diligence (CDD);
 Lack of ethics from staff and collaborators;
 Lack of transparency in management.

Given the importance and specificity of the compliance risk, financial institutions have engaged, to
varying degrees, in a reflection on the organization and implementation of a system to ensure
compliance of their activities with applicable laws, regulations, standards, or professional practices,
which has led to the creation of the compliance function.

1- Definition of the compliance function

Acting in compliance means aligning one's actions with the provisions specific to banking and
financial activities, whether they are legislative or regulatory in nature, or related to professional and
ethical standards, or internal norms.
The compliance function, therefore, covers all areas of any financial institution. In this capacity, it
ensures and contributes to the compliance of policies, procedures, and internal regulations with the
regulatory framework, within the framework of the integrity policy that includes, in particular, the
following areas:

Author : Mr. Ange NGANDJO, Email : pngandjo@yahoo.com ; November 2023 Page 5 of 14

 EVERYTHING YOU NEED TO KNOW ABOUT COMPLIANCE IN FINANCIAL
INSTITUTIONS IN THE CEMAC ZONE (CENTRAL AFRICA).
 Professional ethics (code of conduct for the profession);
 Corporate governance;
 Prevention of conflicts of interest;
 Fraud prevention;
 Insider trading prevention;
 Financial security;
 Prevention of money laundering and terrorist financing;
 Protection of personal data;
 Compliance with prudential standards;
 Ensuring compliance with values and rules of good conduct as outlined in the code of ethics.

2- Objectives of the compliance function

In accordance with Article 129 of COBAC Regulation R-2016/04 on internal control in credit
institutions and financial holdings, which came into effect on January 1, 2017, the compliance
department is responsible for the following aspects, among others :
 Compilation of applicable regulations ;
 Identification and assessment of non-compliance risks ;
 Drafting procedures and instructions for implementing the compliance policy ;
 Ensuring compliance with the policy;
 Centralizing information on compliance issues;
 Raising awareness and providing training to staff;
 Documentation and internal reporting;

3- Key missions of the compliance function

According to COBAC regulations, internal laws of CEMAC member countries, practices in the Central
African banking and financial sector, as well as international principles, standards, and best practices,
the compliance function must include the following responsibilities:
 Validate new products or modifications to existing products to assess and prevent non-
compliance risks.
 Assist the different structures within the institution to ensure compliance with best practices,
professional rules, and ethical standards.
 Ensure the identification of non-compliance risks and the implementation of appropriate
preventive measures, including compliance with laws, regulations, and professional ethics.
 Assist the control departments in defining controls to prevent compliance issues.
 Analyze all relevant laws and regulations in the banking and financial sector and establish
their application methods based on their potential impact on the bank or financial institution.
 Maintain communication with external bodies and regulatory organizations regarding
compliance matters, including COBAC and the Ministries of Finance of CEMAC member
states.
 Ensure the follow-up and implementation of recommendations from external and internal
audit reports.
 Assist the General Management in designing the internal control system.
 Provide advice on compliance matters.

Author : Mr. Ange NGANDJO, Email : pngandjo@yahoo.com ; November 2023 Page 6 of 14

 EVERYTHING YOU NEED TO KNOW ABOUT COMPLIANCE IN FINANCIAL
INSTITUTIONS IN THE CEMAC ZONE (CENTRAL AFRICA).
 Raise awareness among the financial institution's staff about compliance topics and potential
risks, promoting a culture of compliance within the institution.
 Establish an anti-money laundering and counter-terrorism financing framework within the
institution and ensure compliance with preventive measures.
 Evaluate the financial institution's policies for compliance with applicable laws and
regulations, identifying deficiencies and proposing necessary recommendations and
corrective measures.
 Submit reports to the executive body and risk committee regarding measures to control non-
compliance risks, as prescribed in Article 55 of COBAC Regulation R-2016/04 on internal
control in credit institutions and financial holdings.
 Establish a policy and charter for the compliance function, approved by the institution's
board of directors, and ensure its dissemination to all staff, as prescribed in Article 122 of
COBAC Regulation R-2016/04 on internal control in credit institutions and financial holdings.
 Contribute to promoting a positive attitude towards compliance based on shared values,
providing assistance and training on compliance matters (see Article 122 of COBAC
Regulation R-2016/04).

Some tasks related to compliance control responsibilities can be delegated to external experts
(services, units, or departments). In this case, compliance control assumes a coordinating role
between the entities responsible for carrying out the tasks arising from its responsibilities. (Refer to
Article 54 of COBAC Regulation R-2016/04)

II- Specificities of the Compliance Function

The compliance function must meet certain criteria and also have certain rights and obligations in the
performance of its duties. It is important to distinguish the compliance profession from other roles
within banks and financial institutions, which may appear similar or equivalent.

1- Permanence, independence, and functional organization of the compliance

function
The compliance function is exercised in a permanent manner as the second component of the second
level of ongoing control, which is the first level of the internal control system (Refer to Article 3 of
COBAC Regulation R-2016/04 on internal control).
As a permanent and autonomous function, compliance operates under the direct authority of the
executive body (Refer to Articles 3 and 54 of COBAC Regulation R-2016/04 on internal control) and
reports directly and simultaneously to the executive body and the risk committee (Refer to Article 55
of COBAC Regulation R-2016/04 on internal control).
Being part of the first level of the internal control system, the compliance function is independent
from the second level, which is "internal audit or periodic control." That's why the latter (Internal
Audit) falls within its scope of investigation.
The person in charge of the compliance function, after being appointed by the executive body, must
be informed of the directives and recommendations issued by supervisory authorities in order to
ensure the implementation of actions to improve identified deficiencies and malfunctions.

Author : Mr. Ange NGANDJO, Email : pngandjo@yahoo.com ; November 2023 Page 7 of 14

 EVERYTHING YOU NEED TO KNOW ABOUT COMPLIANCE IN FINANCIAL
INSTITUTIONS IN THE CEMAC ZONE (CENTRAL AFRICA).
The individuals responsible for compliance must possess a high level of expertise in banking and
financial activities, as well as a thorough knowledge of applicable rules and standards (Refer to Article
55 of COBAC Regulation R-2016/04 on internal control). Their team, dedicated to compliance control
tasks, does not perform operational functions. Their remuneration includes a variable component
that cannot be based on the operations they are responsible for monitoring (Refer to Articles 3 and
39 of COBAC Regulation R-2016/04 on internal control).
The compliance function adopts a structured framework that includes policies, procedures, an annual
plan, a compliance control program, a training program, tools and systems, as well as reports to be
submitted to the deliberative body and the executive body. Immediate information notes are also
sent to the Secretary General of COBAC in case local regulatory provisions hinder the application of
the rules provided by COBAC Regulation R-2016/04 on internal control (Article 127 Paragraph 4).
Following the compliance function report to the executive body, the latter keeps the deliberative
body informed of the risks of non-compliance and prepares a report at least once a year, addressed
to the deliberative body or the audit committee or an ad hoc committee. This report includes
information on the achievement of compliance objectives, the human and material resources
implemented, the main activities of the compliance function, any identified deficiencies, corrective
measures taken, and their follow-up (Refer to Article 122 of COBAC Regulation R-2016/04 on internal
control).

2- Access to information and confidentiality

The compliance policy must identify the fundamental aspects of non-compliance risk and also provide
for the development of a compliance charter that grants the compliance function the right to access
any information necessary for the performance of its duties (Refer to Article 128 of COBAC
Regulation R-2016/04 on internal control). Additionally, the compliance function is responsible for
centralizing information on compliance issues (Refer to Article 129 of COBAC Regulation R-2016/04
on internal control).
However, all information obtained by members of the compliance function team cannot be used for
their own interests or purposes other than those within the scope of the compliance function's
duties, nor in a manner detrimental to the banking or financial institution. They are all bound by
professional secrecy. In Cameroon, the national collective agreement for banks and other financial
institutions in Cameroon states in Article 25 regarding professional secrecy that "the worker is bound
by professional secrecy. Any breach of this obligation may result in a sanction, including dismissal,
after consultation with the disciplinary board, if it exists."

3- Distinction between the compliance profession and other professions within

the company
As previously mentioned, the compliance charter grants the compliance function permanent access
to any information necessary for the performance of its duties. It must therefore directly or indirectly
cover the various business areas of the bank or financial institution, in accordance with the
recommendations of COBAC Regulation R-2016/04 on internal control, in order to prevent financial
loss, sanctions, and/or reputational risks for the financial institution and its staff.

The compliance function is part of the overall risk management framework implemented within
banks and financial institutions. That is why the compliance function must coordinate with other
business areas of the institution to ensure the smooth execution of its assigned tasks. Moreover, the

Author : Mr. Ange NGANDJO, Email : pngandjo@yahoo.com ; November 2023 Page 8 of 14

 EVERYTHING YOU NEED TO KNOW ABOUT COMPLIANCE IN FINANCIAL
INSTITUTIONS IN THE CEMAC ZONE (CENTRAL AFRICA).
missions of the compliance function evolve with regulations, the financial institution's strategy, and
the offering of products and services.
To avoid any ambiguity between different business areas within banks and financial institutions (such
as Internal Audit and Legal Affairs) and the compliance function, it is useful to present a comparative
table that highlights the characteristics of each of these roles.

Comparative table of the compliance function, internal audit, and the legal
affairs department.
compliance function internal audit legal affairs department

- Ensuring compliance with good - Intervene upstream on all legal and

governance and professional ethics by regulatory operations processed on
ensuring adherence to regulatory
behalf of the institution and its
requirements and internal provisions
clients.
(procedures, information system).

- Ensuring that all employees are aware
of regulatory and ethical requirements
and especially being able to
demonstrate to regulatory authorities
that all expected requirements are truly
implemented and complied with to
avoid the risk of non-compliance, which
is assessed based on the harmful
consequences it may cause to the
institution due to non-compliance with
regulatory provisions and good banking
practices. For example, if a regulation
requires the inclusion of a specific
clause in a contract and it is absent, it
represents a risk of non-compliance.
- Perform ongoing control missions to
assess the risk of non-compliance with
applicable laws and regulations, good
practices, and professional and ethical
rules.
- Have access to reports prepared by
other units of the two (02) levels of the
internal control structure (Internal
Audit, risk management, etc.), and
collect incidents related to non-
compliance risks that could result in
legal, administrative, or disciplinary
sanctions and financial losses, as well as
damage to the reputation of the
banking or financial institution.
- Analyze and validate the legal
aspects of new banking products
and services.
- Adapt the contractual conditions
regarding the institution and its
clients to regulatory and/or
jurisprudential changes.
- Ensure that banks and financial
institutions fulfill their contractual
obligations to avoid legal risk, which
is defined by the consequences
resulting from a failure to meet
- Conduct periodic control missions
these obligations.
to assess the compliance of
operations, the actual level of risk
incurred, adherence to
procedures, the effectiveness and
appropriateness of compliance,
security, validation of operations,
and adherence to due diligence in
risk monitoring.
- Evaluate the permanent control
framework implemented by the
institution.

Audited by the statutory auditor. Audited by the statutory auditor. Audited by the internal audit.

Author : Mr. Ange NGANDJO, Email : pngandjo@yahoo.com ; November 2023 Page 9 of 14

 EVERYTHING YOU NEED TO KNOW ABOUT COMPLIANCE IN FINANCIAL
INSTITUTIONS IN THE CEMAC ZONE (CENTRAL AFRICA).
Ensure the establishment of regulatory
and legal monitoring in collaboration with
the legal department by developing
control plans.
Operates under the direct authority of
the executive body (Refer to Articles 3
and 54 of COBAC Regulation R-2016/04
on internal control) and reports directly
and simultaneously to the executive body
and the risk committee (Refer to Article
55 of COBAC Regulation R-2016/04 on
internal control)
To ensure the implementation of the
non-compliance risk control framework.
Ensure training, assistance, and guidance
of staff regarding regulatory non-
compliance risks.
Prepare reports for the executive body
and the risk committee.
Ensure compliance of the institution's
information systems/processes with
current regulations and best practices.
Manage thematic control missions
Ensure the establishment of
and internal control assessments to
permanent regulatory and legal
contribute to the optimal
monitoring in collaboration with
functioning of the institution
compliance.
(inspection).
Attached to the deliberative body
and the audit committee (Refer to Attached to the executive body.
Articles 3 and 54 of COBAC
Regulation R-2016/04 on internal
control).
Evaluate the functioning of the
established internal control system,
Ensure compliance with contractual
conduct a diagnostic, identify
obligations to mitigate legal risks.
deficiencies, and propose
recommendations.
Monitor the implementation of Provide legal expertise, advice, and
training on non-compliance risks and
consultancy to various entities within
other risks for the benefit of staff.
the bank or financial institution.
Draft and monitor banking agreements
Prepare audit reports for the and contracts necessary for the
deliberative body and the audit smooth operation of the business and
committee. compliance with Basel Committee
standards.
Ensure the security and effectiveness
of the institution's computer system.

Although different and independent from each other, these professions are complementary and
contribute to managing the various risks faced by the bank or any financial institution.

III- Organization of the Compliance Function

The COBAC regulations prescribe complete autonomy for the compliance function to effectively fulfill
its missions. To achieve this, it must have the necessary financial, human, and logistical resources
(See Articles 3 and 54 of COBAC Regulation R-2016/04 on internal control).

The number of employees assigned to the compliance function should be proportional to the size of
the institution, workload, and volume of transactions conducted annually.

The compliance function operates under the direct authority of the executive body (See Articles 3
and 54 of COBAC Regulation R-2016/04 on internal control) and reports directly and simultaneously
to the executive body and the risk committee (See Article 55 of COBAC Regulation R-2016/04 on
internal control). This privileged position makes it essential among the members of the management
bodies as it provides valuable regulatory advice, guidance on international standards, prevention of
fraud and financial crimes, and overall counter-terrorism financing.

Author : Mr. Ange NGANDJO, Email : pngandjo@yahoo.com ; November 2023 Page 10 of 14

 EVERYTHING YOU NEED TO KNOW ABOUT COMPLIANCE IN FINANCIAL
INSTITUTIONS IN THE CEMAC ZONE (CENTRAL AFRICA).
1- Structuring models
The structuring models can vary depending on whether the institution is affiliated with a group or
not. They can also vary from one institution to another.
This independent permanent control structure, directly attached to the executive body, which must
be mandatory for financial institutions subject to COBAC regulations, can be under the responsibility
of the head of permanent control or any other person designated by the executive body. The
identity of the person responsible for non-compliance risk control in the institution must be
communicated to the COBAC General Secretariat, according to Article 55 of COBAC Regulation R-
2016/04 on internal control.
Regardless of the adopted structuring model, financial institutions must ensure the independence of
compliance function members. However, perfect coordination should be ensured by the executive
body to make it strong and effective and to ensure consistency with other areas of the institution, its
overall strategy, etc.
In practice, financial institutions strive to assemble diverse and complementary profiles within their
compliance teams: legal experts, former internal or external auditors, and former operational staff.
The compliance function should consist of four main structures: (1) Financial Security; (2) Customer
Protection; (3) Ongoing Control; and (4) Ethics.

1.1. Financial Security

The compliance function is attentive to the financial security of the financial institution and
works towards combating fraud, money laundering and terrorist financing (AML/CFT), market
abuses, and embargoes. Its responsibilities include :
- Establishing an AML/CFT framework in accordance with Article 6 of Regulation No.
01/CEMAC/UMAC/CM on the prevention and repression of money laundering, terrorist
financing, and proliferation in Central Africa. This is to ensure that the economic and
financial system is not used to convert proceeds from illegal activities into legitimate
resources (money laundering) or to provide funds for terrorist purposes (blacklisting).
Vigilance should be exercised from the start of the business relationship. If the financial
institution is unable to identify its client or obtain information about the purpose and
nature of the business relationship, no transactions are executed, and no business
relationship is established or continued with that client (Article 21 of Regulation No.
01/CEMAC/UMAC/CM on the prevention and repression of money laundering, terrorist
financing, and proliferation in Central Africa). Vigilance should also be applied to
transactions conducted by bank customers. Any suspected money laundering
transactions must be reported to the ANIF (National Financial Investigation Agency),
which is under the supervision of the Minister in charge of finance, as stated in Article 83
of Regulation No. 01/CEMAC/UMAC/CM on the prevention and repression of money
laundering, terrorist financing, and proliferation in Central Africa.
- Establish a fraud prevention system that addresses both internal threats such as
embezzlement and fraudulent financial actions, as well as external threats such as bank
identity theft and fraudulent payment systems. It should be efficient and reinforced with
precautionary measures directed towards both customers and employees. Monitoring of
transactions is conducted, with necessary investigations into any unusual or suspicious

Author : Mr. Ange NGANDJO, Email : pngandjo@yahoo.com ; November 2023 Page 11 of 14

 EVERYTHING YOU NEED TO KNOW ABOUT COMPLIANCE IN FINANCIAL
INSTITUTIONS IN THE CEMAC ZONE (CENTRAL AFRICA).
transactions detected, and by performing reasonable due diligence which is duly
documented. Any suspicious transactions are to be reported to possible declaration of
non-compliance.
- There is also strict adherence to embargoes and financial sanctions. Financial sanctions
can be imposed by the UN, EU, AU, the US, other countries, and economic communities.
Sanctions could be related to an individual, legal entity, organization, sector of activity or
even a country.

The head of the compliance function and the financial security officer must have in their
possession all the necessary means to be able to fulfil these responsibilities to combat the risk of
money laundering and the financing of terrorism (AML/FT). The AML/CFT officer should
therefore report any transaction that proves to be unusual or suspicious to the head of
compliance function with a view to a possible declaration.
On 22 October 2022, the Cameroonian regulator published the "Guide on measures to identify
Ultimate Beneficial Owner in Cameroon", which complements COBAC AML/CFT provisions and
sets out the legal framework for the concept of "ultimate beneficial owner and the obligations of
professions subject to AML/CFT regulations with regard to beneficial ownership". It is applicable
to all persons subject to the AML/CFT regulations, as defined in Articles 6 and 7 of the AML/CFT
Regulation. This guide is based on a legal framework that incorporates the FATF
recommendations (1), Global Forum standards on ultimate beneficial ownership (2), OHADA
uniform acts (3), the Extractive Industries Transparency Initiative (EITI) (4) and Regulation No.
01/CEMAC/UMAC/CM on the prevention and suppression of money laundering, terrorist
financing and proliferation in Central Africa (5).

1.2. Customer Protection

Its ensures, in parallel, continuous customer protection by preserving their own interests as well
as those of the markets or the bank itself, in accordance with Article 3 of Regulation No.
01/20/CEMAC/UMAC/COBAC regarding the protection of consumers of banking products and
services in CEMAC, which states that: “ Any credit institution, microfinance institution, payment
institution, as well as any intermediary in banking operations operating in the territory of one of
the CEMAC member states, which offers banking products and services to consumers, is subject to
the provisions of said regulation. ”.
This structure then concerns the control of commercial practices, advertisements as well as
contracts, products and services. Customer protection is a cross-functional subject. It concerns a
large number of processes such as product creation, internal control and customer relationship
management. The compliance function coordinates all the company's stakeholders on the
subject of customer protection through the implementation of a “Conduct Risk” system and the
strengthening of its permanent control system.

"Conduct Risk" encompasses issues related to fair and equitable treatment of clients, including:

Author : Mr. Ange NGANDJO, Email : pngandjo@yahoo.com ; November 2023 Page 12 of 14

 EVERYTHING YOU NEED TO KNOW ABOUT COMPLIANCE IN FINANCIAL
INSTITUTIONS IN THE CEMAC ZONE (CENTRAL AFRICA).
 To communicate clear, accurate, precise and non-misleading information on the
characteristics and risks associated with products through documentation addressed to
customers;
 Adapt the offer and advice to the needs and risk profile of customers;
 To invoice products fairly and equitably.

1.3. Ongoing Control

It is also part of the overall permanent control system and is responsible for managing
compliance risks.
The control plan drawn up by Permanent Control includes, in particular, controls designed to
ensure the compliance of transactions. Compliance must therefore work with Permanent Control
to define the most appropriate controls and analyse their outcomes.

1.4. Ethics

The ethics department is also an integral part of compliance, ensuring that the financial
institution's code of ethics is complied with, as well as dealing with reports that may come from
any of the bank's employees.
These are guidelines for ethical behavior implemented by our bank and largely influenced by
regulatory requirements or incentives from regulators. Compliance officers must guarantee that
these guidelines are followed, specifically in preventing conflicts of interest.
By conflict of interest, we mean “any professional situation in which the power of appreciation or
decision of a person, a company or an organization, can be influenced or altered, in its
independence or integrity, by personal considerations or through pressure from a third party”.
A conflict of interest generally arises from a situation in which a person employed by a public or
private body has, in a private capacity, interests which could influence or appear to influence the
manner in which he carries out his duties and responsibilities which have been entrusted to him.
In practice, there are three (03) types of conflicts of interest :
 The “potential” conflict : when it does not yet exist because no direct link between
the interests of the person and their position has yet been established, but a
change in situation (taking up position, promotion, transfer) could create;
 The “apparent” conflict: when no suspicious interest has been proven, but only an
analysis of the situation will make it possible to remove any doubt about the
integrity of the suspected person ;
 The “real” conflict: when it is proven that a personal interest can influence the
behavior of the person exercising their professional functions.

There is a “conflict of interest” when the individual interests of a person come into, are likely to
come into or appear to come into conflict with the interests of a financial institution, its clients or
its directors.
In addition to these expert centers (Financial security; Customer protection and Ethics), cross-
functional centers (Sector animation and training) as well as business centers (the different
professions of the financial institution) generally constitute the compliance function.

Author : Mr. Ange NGANDJO, Email : pngandjo@yahoo.com ; November 2023 Page 13 of 14

 EVERYTHING YOU NEED TO KNOW ABOUT COMPLIANCE IN FINANCIAL
INSTITUTIONS IN THE CEMAC ZONE (CENTRAL AFRICA).
The cross-functional centers are the most specific to each company, beyond the management of the
compliance sector and training, certain companies will have a department mapping non-compliance
risks, a BCP department (Business Continuity Plan) or a CSR (Corporate Social Responsibility)
department within the compliance department. A business continuity plan (BCP) whose purpose is to
outline the strategy and all the provisions that are planned to guarantee an organization the
resumption and continuity of its activities following a disaster or an event seriously disrupting its
normal functioning.

2- Organization chart of the compliance function

Compliance which can be defined as all actions aimed at the integration, in a financial institution, of a
process and procedures that comply with the requirements of external standards (laws, regulations,
national and international standards), has as control body the compliance function according to
COBAC regulation R-2016/04 Relating to internal control in credit institutions and financial holding
companies, of March 8, 2016 and entered into force on January 1, 2017. This body within the
meaning of the COBAC regulation, could be implemented within a financial institution, following the
following hierarchical organization scheme :

The Executive Board

The compliance function

expert centers cross-functional centers business centers

Customer Financial Sector Corporate banking

Ethics
protection security animation

Private banking
AML/CFT Ethics
Training

Fraud Asset management

conflict of
interest
Personal banking and
Embargo and
wealth management
financial
sanctions

Legal Affairs

Author : Mr. Ange NGANDJO, Email : pngandjo@yahoo.com ; November 2023 Page 14 of 14