1710.19—Compliance and risk management programs; compliance with other laws.
(a) Compliance program.
(1)
An Enterprise shall establish and maintain a compliance program that is reasonably designed to assure that the Enterprise complies with applicable laws, rules, regulations, and internal controls.
(2)
The compliance program shall be headed by a compliance officer, however styled, who reports directly to the chief executive officer of the Enterprise. The compliance officer shall report regularly to the board of directors or an appropriate committee of the board of directors on compliance with and the adequacy of current compliance policies and procedures of the Enterprise, and shall recommend any adjustments to such policies and procedures that he or she considers necessary and appropriate.
(b) Risk management program.
(1)
An Enterprise shall establish and maintain a risk management program that is reasonably designed to manage the risks of the operations of the Enterprise.
(2)
The risk management program shall be headed by a risk management officer, however styled, who reports directly to the chief executive officer of the Enterprise. The risk management officer shall report regularly to the board of directors or an appropriate committee of the board of directors on compliance with and the adequacy of current risk management policies and procedures of the Enterprise, and shall recommend any adjustments to such policies and procedures that he or she considers necessary and appropriate.
(c) Compliance with other laws.
(1)
If an Enterprise deregisters or has not registered its common stock with the U.S. Securities and Exchange Commission (Commission) under the Securities Exchange Act of 1934, the Enterprise shall comply or continue to comply with sections 301, 302, 304, 402, and 406 of the SOA, as amended from time to time, subject to such requirements as provided by § 1710.30 of this part.
(2)
An Enterprise that has its common stock registered with the Commission shall maintain such registered status, unless it provides 60 days prior written notice to the Director stating its intent to deregister and its understanding that it will remain subject to the requirements of sections 301, 302, 304, 402, and 406 of the SOA, as amended from time to time, subject to such requirements as provided by § 1710.30 of this part.