Compliance RACI Matrix
Customize role titles and assignments to your org chart. One A (Accountable) per activity is recommended. This matrix supports the E&C Program Charter and should be reviewed annually.
Role definitions
| Role | Description |
|---|---|
| Board / Committee | Board of Directors or designated Audit, Risk, or Compliance Committee |
| CEO | Chief Executive Officer — administrative line for CECO; tone at the top |
| CECO | Chief Ethics & Compliance Officer (or Fractional CCO) |
| MLRO | Money Laundering Reporting Officer |
| Legal | General Counsel / Head of Legal |
| CTO | Chief Technology Officer — systems, custody tech, on-chain monitoring |
| COO | Chief Operating Officer — trading ops, listings, customer operations |
| HR | Head of People / HR — training logistics, disciplinary process support |
| IA | Internal Audit (or external audit coordinator) |
RACI legend
R Responsible — does the work
A Accountable — ultimately answerable (one per row)
C Consulted — input before action
I Informed — kept updated
E&C Program governance
| Activity | Board | CEO | CECO | MLRO | Legal | COO | HR | IA |
|---|---|---|---|---|---|---|---|---|
| E&C Program Charter approval | A | C | R | C | C | I | I | I |
| Annual conduct risk assessment | I | C | A/R | C | C | C | C | I |
| Code of Conduct & policy suite | I | C | A/R | C | R | C | C | I |
| E&C training program | I | I | A | C | C | I | R | I |
| Speak-up channel management | I | I | A/R | C | C | I | C | I |
| Conduct investigations | I | C | A/R | C | R | C | C | I |
| Disciplinary recommendations | I | A | R | I | C | I | R | I |
| Quarterly E&C board report | A | I | R | C | C | I | I | C |
Regulatory & financial crime
| Activity | Board | CEO | CECO | MLRO | Legal | CTO | COO | IA |
|---|---|---|---|---|---|---|---|---|
| AML/CTF program & policies | I | C | C | A/R | C | C | C | I |
| MASAK STR filing | I | I | I | A/R | C | C | R | I |
| Sanctions screening oversight | I | I | C | A | C | R | C | I |
| SPK regulatory liaison (conduct) | I | C | A/R | C | R | C | I | I |
| SPK licensing & KVHS submissions | I | A | C | C | R | C | C | I |
| MiCA governance & reporting | I | A | R | C | R | C | C | I |
| Regulatory incident escalation | A | R | R | R | R | C | C | I |
Crypto-specific operations
| Activity | Board | CEO | CECO | MLRO | Legal | CTO | COO | IA |
|---|---|---|---|---|---|---|---|---|
| Token listing governance | I | C | A | C | C | C | R | I |
| Market conduct / manipulation monitoring | I | I | A | C | C | R | R | I |
| Proprietary & treasury trading controls | I | A | R | C | C | C | R | I |
| Third-party DD (custodians, MM, KYC vendors) | I | I | A/R | C | C | C | C | I |
| DeFi / on-chain risk framework | I | C | A | C | C | R | C | I |
| Customer asset incident response | A | R | R | C | R | R | R | I |
Maintenance
- Review upon org changes, new entity licensing, or material regulatory updates
- CECO and MLRO jointly validate coordination rows to prevent accountability gaps
- Board Committee receives updated matrix annually as part of Program effectiveness review