Perched at the Peak: Compliance Officer as CXO

– Do LODR changes force all companies to change their org structures?

– Vinita Nair, Senior Partner (corplaw@vinodkothari.com)

This version: 3rd April, 2025 (Updated as per SEBI Circular dated 1st April, 2025)

With the enforcement of recent amendments in LODR Regulations effective December 12, 2024 a qualified company secretary appointed as a Compliance Officer (‘CO’) is required to be an officer, who is in whole-time employment of the listed entity, not more than one level below the board of directors, designated as a Key Managerial Personnel (‘KMP’) and form part of senior management.

Listed entities now face the question of whether this entails a re-look at the organisation structure, hierarchy, profile of the CO? Whether the board of directors needs to be sensitised of this requirement and the impact, if any?

Watch our YouTube video on the same here.

Scope of “compliance”

The Basel paper of 2005 gives clarity on what is compliance, and the ambit of compliance function.  First of all, the scope of the word “compliance” is not limited to laws and regulations only. “Compliance laws, rules and standards have various sources, including primary legislation, rules and standards issued by legislators and supervisors, market conventions, codes of practice promoted by industry associations, and internal codes of conduct applicable to the staff members of the bank. For the reasons mentioned above, these are likely to go beyond what is legally binding and embrace broader standards of integrity and ethical conduct.”

The compliance function is a cornerstone of an entity’s governance, internal control, and risk management framework. It includes the systems, procedures, and organisational infrastructure required to ensure:

1. Compliance with all statutory and regulatory requirements;
2. Maintenance of high standards of market conduct;
3. Implementation of effective systems for managing conflicts of interest;
4. Fair treatment of customers;
5. Delivery of suitable and high-quality customer service;
6. Compliance with the various codes of conducts (including the voluntary ones) and their own internal rules, policies and procedures.

Appointment of Compliance Officers (‘COs’)

Appointment of COs is required under different statutes. In case of listed entities, for the purpose of ensuring compliance with securities law, appointment of CO is specified in the initial listing regulations viz. SEBI ICDR^[1], SEBI ILNCS^[2] Regulations and the responsibility of CO for continuous listing requirement is included in the common obligations under LODR. In case of LODR the person is required to be a qualified Company Secretary (‘CS’) and in case of ILNCS, the CS of the issuer is required to be the CO. Similarly, the requirement under the Listing Agreement^[3] was to appoint the CS of the issuer as the CO.

SEBI PIT Regulations (applicable to a listed entity as well as an intermediary/ fiduciary) requires appointment of a senior officer, who is financially literate and is capable of appreciating requirements for legal and regulatory compliance under PIT regulations as the CO, who reports to the board of directors and ensures compliance of policies, procedures, UPSI preservation, implementation of codes etc, under the overall supervisions of the board of directors.

Additionally, Banks, NBFCs, Insurance companies, SEBI registered intermediaries, etc all are required to appoint CO as per laws specifically applicable to the company operating in that particular sector.

Whether one person can serve as CO for each of the above requirements? This is surely feasible, unless there is an express bar. For e.g., in case of banking regs/ NBFCs regs, there is a bar on dual hatting – that is, the CO as per those laws should not be dealing with any other line function. 

Position of CO under LODR post amendment

It may be contended that the role of a CS is a mix of compliance and ministerial functions. He/ she may be tasked with several other functions as well – depending on the organization. The provision of the LODR Regs is obviously not concerned with either other functions performed by the CO, nor with other compliance roles.

The intent of the provision, as we read it, is that the compliance function pertaining to LODR Regs is directly discharged by the CO under the supervision of the board of directors. The board has the supervisory responsibility, and the CO has the executive responsibility. The provision is intended to attach significance to the organisation-wide role of compliance function.

As observed from the report of the Expert Committee, recommendations were made for strengthening the position of the CO. The challenge faced by the CO, despite forming part of ‘senior management’, was inability to advise the management to act in accordance with the law and being in a position to get influenced by other people in senior management due to the reporting structure. Therefore, the suggestion was for appropriate positioning to get adequate power, commensurate with the responsibilities cast upon the CO, to be able to advise the management on points of law and ensure effective discharge of statutory duties and responsibilities.

In the light of above, the regulations now clarify the position of the CO by having them one level below the board of directors. Here the intent of the regulator, in our reading, did not seem to define the organisational structure, but to clear the path for the CO for effective discharge of its responsibilities. In our view, the amendment results in fixing the responsibility of the CO and that the CO, now, cannot shirk its responsibility or cannot take the pretext of being a junior person, having no power or access, having a reporting line limited to someone in senior management. It now provides the CO with straight access to the board of directors, when it comes to ensuring compliance with LODR requirements. To the extent of the compliance function the CO will now be directly accountable to the board.

The way we read this requirement is that it certainly attaches significance to the compliance function, and therefore, may result in repositioning of compliance officers in the organization hierarchy. But is the law concerned with organisation hierarchy, designations, scales, ranks, etc? In our view, the objective of the law is attained by a functional reporting line to the board. This is also evident from SEBI’s analysis of the suggestions/ comments received,^[4] that the objective is to empower COs to perform their duties and discharge their responsibilities effectively. Some companies do have the practice of having a CO report to the Managing Director / CEO. However, it is for the listed entity to decide the reporting structure of its KMPs and senior management while ensuring compliance with the regulatory requirements.

However, SEBI has issued a Circular dated April 1, 2025, where SEBI states: “it  is  clarified  that  the  term  ‘level’  used  in  regulation  6(1)  refers  to  the position of the Compliance Officer in the organization structure of the listed entity. Therefore, ‘one level  below  the  board  of  directors’  means  one level  below  the  Managing  Director  or Whole-time Director (s) who are part of the Board of Directors of the listed entity.” After issuing this Circular, SEBI staff has also issued two Informal Guidance letters, being for DCB Bank Ltd and Pakka Ltd. 

Hence, SEBI seems to be clearly opining that SEBI is intending the organisational hierarchy of the entities to also be adjusted to reflect the CO’s position at one level below the board.

Reporting structure of CO post amendment

Organizational hierarchy is a matter of many things. Regular reporting structure for the various functions that a position has:  lines of authority and responsibility, scales and other benefits related to the scale, promotion policies, regular administrative roles such as approval of claims, benefits, etc

The CO stands empowered to manage the compliance function independently and without fear, and to that extent the CO needs to report to the board. However, boards meet infrequently. The company may or may not have an MD/ WTD – it may be working with a CEO/president reporting to the board. It is quite possible in an organisation to have one or more WTDs who report to the MD. There are several officers who report to the MD but their level in the organisation is not the same as those of other seniors placed at one level below the board. In such cases, whether the CO reporting to an MD is a sufficient compliance? SEBI’s IG, specifically in the matter of DCB Bank Ltd , seems to answer in the negative. Therefore, SEBI suggests the organisational levels also to align to the expected reporting lines. Therefore, the amendment, seen in the SEBI’s circular of 1st April,  is concerned with both reporting lines as well as organisational hierarchy of the CO. Irrespective of the SEBI Board agenda dated 30th September, 2024 stating that organisational structure is an internal matter for companies, “…it is for the listed entity to decide the  reporting  structure  of  its  KMPs  and  senior  management  while ensuring compliance with the regulatory requirements”,  it seems that the regulator has done so in the 1st April 2025 circular. Although, in general, the organisational hierarchy usually corresponds to and is commensurate with functional hierarchy; however, the law has sought to interfere with the organisational structure.

CS as CO under LODR

Does the amendment necessitate a relook on whether the CS can continue as CO? The answer to this also seems negative, as law only prescribes who can be the CO. SEBI has also clarified that the CO and CS may be different persons. While law admits having different persons occupying the position, practically, it seems less feasible in view of the overlap and interconnectedness in the functions discharged by a CS in terms of Companies Act, 2013 and by a CO under LODR.

Actionable for listed entities

The amendment is certainly required to be sensitised to the board of directors. However, do the regulations expect companies across the country to revisit their organisational structures? SEBI has expressed its views in the 1st April, 2025 circular. Therefore, listed entities need to evaluate if the functional level and organisational level of the CO is in line with the regulatory requirements and expectations. If no, listed entities may want to revisit the same.

Power brings onus

Everyone may also readily understand that SEBI’s intent in empowering the CO is not just to confer a new power, but to be able to hold the CO answerable for any compliance gaps. Therefore, if it is a new cap that the CO is donning, the cap is made of flowers and nettles both.

---

^[1] Reg 23 (8) ICDR – The issuer shall appoint a compliance officer who shall be responsible for monitoring the compliance of the securities laws and for redressal of investors’ grievances.

^[2] Reg 27 (4) of ILNCS – The lead manager(s) shall ensure that the draft offer document clearly specifies the names and contact particulars including the postal and email address and telephone number of the compliance officer who shall be a Company Secretary of the issuer.

^[3] The requirement was notified on May 18, 1999 pursuant to the recommendations of the Accounting Standards Committee constituted by SEBI under the Chairmanship of Shri Y. H. Malegam to the effect that Compliance officer to be appointed by Listed companies in Compliance  with Circular No. SMD/POLICY/CIR-06/98 dated February, 12, 1988 (every company shall appoint a Senior Officer as Compliance Officer) shall  be the Company Secretary of the Company.

^[4] Agenda of SEBI BM dated September 30, 2024 [Clause (iii) (a) of Para 28.3.2].

---

Other Resources on LODR:

1. Webinar: Online workshop on SEBI LODR 3rd Amendment Regulations 2024
2. Youtube video: Position of Compliance Officer: Analysing ‘one level below the board’
3. The Load of LODR: Listing regulations become more prescriptive
4. Presentation on LODR 3rd Amendment Regulations, 2024