What are the minimum requirements for WpHG Compliance Officers?
What are the minimum requirements for WpHG Compliance Officers? The organizational requirements and tasks for working as a WpHG Compliance Officer are governed by § 80 para. 1 WpHG and Art. 22 DV and Art. 26 para. 7 DV.
The MaComp regulations for working as a WpHG Compliance Officer specify
- in BT 1.1 the minimum requirements for the position of the compliance function and
- in BT 1.2.1.1 the minimum requirements for the risk analysis to be carried out.
Minimum Requirements for WpHG Compliance Officers – Overview
The table compiles core obligations, legal bases (e.g., WpHG, MaComp), typical evidence and recommended frequencies.
| Obligation Area | Core Requirement | Legal Basis | Proof/Documentation | Frequency |
|---|---|---|---|---|
| Compliance Function & Independence | Clear tasks, sufficient resources, reporting line to management | WpHG, MaComp (AT 4/5) | Organigram, job description, resource evidence | Ongoing; review annually |
| Risk Inventory & Assessment | Identification and assessment of regulatory risks | MaRisk/MaComp | Compliance risk map, methodology, management approval | Annually; ad hoc upon changes |
| Control Plan & Monitoring | Risk-based annual control plan and effective monitoring | MaComp (BT modules) | Audit programs, random samples, action protocol | Quarterly/rolling |
| Conflicts of Interest & Remuneration | Regulations, Chinese walls, independent controls | WpHG, MaComp (BT 1/2) | Conflict register, training evidence, escalations | Ongoing; semi-annual report |
| Product Governance (PoG) | Suitability/target market, monitoring distribution | WpHG, Delegated Regulation MiFID II | PoG process, target market approvals, reviews | At least annually; as needed |
| Recording & Retention | Complete, audit-proof documentation | WpHG, MaComp | Proofs, revision-safe storage | Ongoing; retention as required |
| Reporting | Independent compliance report to management/supervision | MaComp (AT 5) | Quarterly/annual report including KPI/KRI | Quarterly/annually |
| Training & Awareness | Risk-based mandatory training, effectiveness control | MaComp (AT) | Agenda, participation, understanding checks | Annually; target group-specific |
| Reporting/Escalation Paths | Defined processes for violations/whistleblowing | WpHG, Whistleblower Protection Act | Policy, incident register, action tracking | Ongoing; review annually |
| Outsourcing | Monitoring of outsourcing service providers | MaRisk/MaComp | SLAs, control reports, risk assessment | At least annually |
What are the minimum requirements for working as a WpHG Compliance Officer?
The MaComp regulations with BT 1.1 regulate the position of the compliance function. The management of a securities services company must establish and equip an appropriate, permanent, and effective compliance function that can perform its tasks independently. It bears overall responsibility for the compliance function and monitors its effectiveness.
The compliance function is a tool of management. It can also be assigned to a member of management. Notwithstanding this, it must be ensured that the chairman of the supervisory body can obtain information directly from the compliance officer, involving management.
The securities services company must appoint a compliance officer who, notwithstanding the overall responsibility of management for the compliance function, is responsible for reports to management and the supervisory body. The compliance officer is appointed or dismissed by management or released.
The importance of the compliance function should be reflected in its position within the corporate organization.
The securities services company promotes and strengthens a company-wide „compliance culture,“ creating framework conditions for promoting investor protection by employees and an appropriate perception of compliance matters.
Risk analysis as a basis for working as a WpHG Compliance Officer
The MaComp regulations with BT 1.2.1.1 regulate the risk analysis to be carried out by the WpHG compliance function. The scope and focus of the compliance function’s activities are to be defined based on a risk analysis.
The compliance function conducts such a risk analysis at regular intervals to check the currency and appropriateness of the definition. In addition to the regular review of identified risks, an ad-hoc review must be conducted if necessary to include emerging risks in the consideration.
Emerging risks can be e.g. those from the development of new business areas or due to changes in the structure of the securities services company.
Determining the risk profile by the WpHG Compliance Function
As part of its regular risk analysis, the compliance function determines the risk profile of the securities services company with regard to compliance risks. The risk profile is determined based on the type, scope and complexity of the securities services and ancillary services offered, as well as the types of financial instruments traded and distributed, taking into account the information resulting from monitoring complaint handling.
The obligations to be complied with by the securities services company and its employees according to the WpHG, the existing organizational and work instructions or processes, and all monitoring and control systems in the area of securities services must be taken into account. In addition, the results of previous monitoring actions by the compliance function, by internal audits and the audit results of external auditors, as well as all other relevant sources of knowledge, such as aggregated risk measurements, must be included in the risk analysis.
Priorities are set to ensure comprehensive monitoring of compliance risks.
FAQ´s
Compliance Seminars 2025/2026
Get a complete update on DORA, AMLA, ESG, WpHG, and internal controls – practical and regulatory grounded.
Compliance Officer Seminar
Learn how to identify compliance risks, avoid liability, and build an effective CMS – with many practical examples.
Compliance Training
Expand your expertise with practical training on MaRisk, DORA, ESG, and corporate due diligence obligations.
Outsourcing & Third Party Risk
Training for secure implementation of outsourcing according to MaRisk, BAIT, and DORA. With tools for risk analysis and control.
Capital Market Compliance
Understand and apply WpHG, MAR, and MiFID-II rules. Avoid insider trading, market abuse, and conflicts of interest.
Compliance Officer Course
Obtain the S+P Certified certificate for Compliance Officers – including case studies, tool box, and exam preparation.
MaRisk & WpHG Compliance Course
Deepen your knowledge of MaRisk and WpHG requirements. Learn how to successfully pass regulatory audits.