Compliance RACI Matrix

Template Package B Deliverable Version 1.0 · July 2026 · For CASP / KVHS use

Customize role titles and assignments to your org chart. One A (Accountable) per activity is recommended. This matrix supports the E&C Program Charter and should be reviewed annually.

Role definitions

RoleDescription
Board / CommitteeBoard of Directors or designated Audit, Risk, or Compliance Committee
CEOChief Executive Officer — administrative line for CECO; tone at the top
CECOChief Ethics & Compliance Officer (or Fractional CCO)
MLROMoney Laundering Reporting Officer
LegalGeneral Counsel / Head of Legal
CTOChief Technology Officer — systems, custody tech, on-chain monitoring
COOChief Operating Officer — trading ops, listings, customer operations
HRHead of People / HR — training logistics, disciplinary process support
IAInternal Audit (or external audit coordinator)

RACI legend

R Responsible — does the work A Accountable — ultimately answerable (one per row) C Consulted — input before action I Informed — kept updated

E&C Program governance

Activity Board CEO CECO MLRO Legal COO HR IA
E&C Program Charter approval ACRCCIII
Annual conduct risk assessment ICA/RCCCCI
Code of Conduct & policy suite ICA/RCRCCI
E&C training program IIACCIRI
Speak-up channel management IIA/RCCICI
Conduct investigations ICA/RCRCCI
Disciplinary recommendations IARICIRI
Quarterly E&C board report AIRCCIIC

Regulatory & financial crime

Activity Board CEO CECO MLRO Legal CTO COO IA
AML/CTF program & policies ICCA/RCCCI
MASAK STR filing IIIA/RCCRI
Sanctions screening oversight IICACRCI
SPK regulatory liaison (conduct) ICA/RCRCII
SPK licensing & KVHS submissions IACCRCCI
MiCA governance & reporting IARCRCCI
Regulatory incident escalation ARRRRCCI

Crypto-specific operations

Activity Board CEO CECO MLRO Legal CTO COO IA
Token listing governance ICACCCRI
Market conduct / manipulation monitoring IIACCRRI
Proprietary & treasury trading controls IARCCCRI
Third-party DD (custodians, MM, KYC vendors) IIA/RCCCCI
DeFi / on-chain risk framework ICACCRCI
Customer asset incident response ARRCRRRI

Maintenance

← E&C Charter Template Pack Board Reporting →