The Central Bank of Ireland's Dear CEO letter to all regulated financial services providers was published on 17 November 2020. The letter outlines the outcomes of the Central Bank's recent Fitness & Probity (F&P) thematic inspection. This looked at the processes in place to manage compliance with the F&P regime rather than compliance by individuals with the Fitness and Probity Standards. Banks and insurers were the subject of the inspection but the findings are being shared with – and are relevant to - all regulated financial services providers.
The Central Bank Reform Act 2010 introduced the Fitness and Probity regime which gives the Central Bank the power to vet and approve candidates for certain senior roles, prescribed by the Central Bank as pre-approval controlled functions (PCF). The F&P regime also sets Fitness and Probity Standards for PCF holders and those occupying other controlled functions (CF), such as those who interact with customers or make decisions affecting customers. The Central Bank recently expanded the list of PCF roles ahead of the introduction of an Individual Accountability Framework and Senior Executive Accountability Regime which will introduce conduct standards and additional compliance requirements for senior executives in specific roles, and conduct standards for other individuals, within some regulated financial service providers.
Key findings of the Central Bank's inspection included industry-wide issues and some examples of good practice. The main themes can be assessed as being related to governance, due diligence, outsourcing, regulatory engagement and expectations of the compliance function.
The Central Bank noted that some boards did not have a good level of awareness of F&P obligations. There was a lack of challenge at board level on proposed appointments to PCF roles and appointments to PCF roles were not always approved by the board. Succession planning did not meet regulatory expectations and succession plans did not set out the relevant F&P Standards for the roles and/or how the proposed successor would demonstrate or acquire the skills, competency or experience needed to meet the standards.
The inspection noted that some board appointments were not subject to the same scrutiny as other PCF appointments and there was a lack of underlying material to support appointments to the board. The Central Bank identified instances where the CEO conducted screening of board candidates which the Central Bank describes as inappropriate. Good practice was also identified, including the use of a board skills matrix to identify gaps in the combined experience of the board.
On the topic of board appointments, the European Central Bank (ECB) published an article on 18 November which outlines the implementation of new measures for fit and proper assessments for Banks under the Single Supervisory Mechanism. The measures include the intended publication in 2021 of a new handbook to replace the current Guide to fit and proper assessments. The new handbook promises to improve transparency on supervisory expectations and increase the efficiency of the assessment process.
ECB suitability assessments will also expand in scope to consider individual accountability at board level where a candidate was previously on the board of a bank that had been subject to severe supervisory findings. The ECB states that this is appropriate given that the whole board is responsible for the management of a bank and that all board members have a role in the decision-making process when an infringement occurs. The new measures will also provide additional guidance on findings relating to money laundering and to the reassessment of the suitability of board members where new information emerges relevant to their fitness and probity.
The inspection found that initial and ongoing due diligence was not sufficient to evidence compliance with the F&P Standards in the majority of firms. Failing to keep evidence of reference checks, suitability searches and qualifications of personnel in PCF roles was observed in the inspection. Ongoing diligence was noted as being limited to an annual self-declaration in many firms. Where concerns arise about an individual's fitness or probity, the Central Bank expects the firm to investigate and take appropriate action without delay.
Having defined processes in place for conducting initial due diligence was cited as an example of good practice. Further good practice includes retaining interview notes, documenting suitability assessments for board appointments and conducting ongoing due diligence in the form of searches on an annual basis for PCFs and a sample of Controlled Functions.
The inspection found that the majority of firms had not obtained documentation or made inquiries of the process for assessing F&P where PCF or CF roles had been outsourced. Firms did not have a process to analyse outsourcing arrangements to verify whether PCF or CF roles were being performed and the Central Bank is concerned that this gives rise to a risk that relevant individuals in outsourced service providers are not identified or subject to the F&P Standards.
Engagement with the Central Bank
When submitting individual questionnaires (IQ) on behalf of PCF applicants, firms are expected by the Central Bank to disclose all potentially relevant information on a full and frank basis. Adverse information should be disclosed with an explanation of why the firm does not believe this affects the candidate's suitability for the role.
In addition, the Central Bank found that processes related to engaging with the Central Bank on F&P issues, including IQ submission, were not developed, documented or embedded in the majority of firms. Many firms did not have processes in place to identify, escalate and notify the Central Bank of potential concerns. Overall, the letter sets the expectation that firms must be pro-active in engaging with the Central Bank on F&P issues.
Expectations of the compliance function
The Central Bank inspection found that some firms did not have a register of employees performing CF and PCF roles. Many firms were identified as not undertaking robust compliance testing of their F&P processes and procedures. The Central Bank expects F&P processes and procedures to be subject to comprehensive oversight by Compliance and internal audit functions.
Good practices include having clear, prescribed roles and responsibilities with segregation of duties, F&P steering committees, checklists and having a requirement to review job descriptions for vacancies to determine if the role is a PCF or CF.
Firms will be mindful of the regulatory focus on fitness and probity and may wish commence a review of their F&P internal framework in line with the updated regulatory expectations set out in the Central Bank's letter. Our team are also working with firms who have commenced or are planning projects to assess the potential changes required, and prepare for, the anticipated Senior Executive Accountability Regime.