Individual Accountability and SEAR – Increased Regulatory Scrutiny
Individual Accountability and SEAR – Increased Regulatory Scrutiny
This article was first published by the Irish Independent on 12 August 2021.
At the end of July, the long-awaited General Scheme of the Central Bank (Individual Accountability Framework) Bill 2021 was published. It provides for an Individual Accountability Framework designed to deliver heightened accountability in the financial system and follows the Central Bank of Ireland's focus on consumer issues in a number of sectors.
The proposals not only bolster the regulator's toolkit for pursuing individuals within financial services firms, they also pave the way for more intrusive supervision of firms themselves right across the industry and more effective enforcement action.
Senior Executive Accountability Regime
A focus of the reforms has been the Senior Executive Accountability Regime (Sear). This mirrors similar regimes introduced in other countries, such as the UK, since the global financial crisis. Initially, the Sear will apply to banks and certain insurance and investment firms. It aims to ensure clearer accountability by requiring firms to set out where responsibility and decision-making lies across their senior staff.
Firms must prepare 'statements of responsibility' for senior individuals setting out the areas of the business for which they will be held accountable if regulatory breaches occur and 'responsibility maps' clarifying their governance arrangements – which committee decides what and who reports to who.
As individuals' roles change over time, what is written down may not represent what happens in practice. The exercise of assessing senior individuals' documented roles is not simple for large organisations.
Care also needs to be taken where several business divisions overlap – when they feed into the same financial product or regulatory exercise. Many firms have already started plotting out updated responsibilities to prepare for the legislation. So far, so good.
The Sear will also introduce a 'duty of responsibility' for these senior individuals. They must take 'reasonable steps' to avoid their firm committing a regulatory breach in the area of the business for which they are accountable. If a breach occurs, and if they are found not to have taken these steps, these senior individuals can be sanctioned directly by the Central Bank with a fine of up to €1m.
Firms will need to start preparing now to devise the support structures these individuals will need, such as training, guidelines for delegating and overseeing functions and management information reporting.
Conduct standards for individuals and regulated firms
However, more far-reaching are the various 'conduct standards' beyond the Sear. These will apply not just to banks and some insurers and investment firms, but to any regulated firm across the financial services sphere regardless of their size or systemic impact and whether they are consumer-focused businesses.
The current proposals even signal that non-executive directors will fall within the scope of the individual conduct standards even though they do not have day-to-day executive roles in the business.
This could be a divergence with, for example, the UK regime where non-executive directors face similar requirements in more limited circumstances such as when they chair key committees.
'Common Business Standards' will apply to all regulated firms.
'Common Conduct Standards' will apply to individuals in those firms who are within the current 'fitness and probity' regime. The new standards will require firms and each of these senior individuals to conduct their business professionally and with integrity, due skill, care and diligence and to act in the best interest of customers. They will require firms to manage effectively conflicts of interest and observe proper standards of market conduct.
'Additional Conduct Standards' also apply to the most senior individuals – 'pre-approved controlled functions' whose appointment requires regulatory approval and those who otherwise exercise a 'significant influence' over their firm. These impose obligations to oversee delegated tasks and ensure the business for which they are responsible is controlled effectively and complies with regulatory requirements.
Flexibility of 'principles' based regulation and enforcement
Traditionally the Irish regulatory system has been 'rules based'. What is specifically required of firms is prescribed in detail.
The broad application of these new standards could see a greater emphasis on 'principles based' regulation, leaving firms more frequently to assess what the 'right thing to do' is in any particular case by reference to more general guidance.
The concept of general principles is not new to Irish financial regulation. For many years banks have been required to abide by general principles which developed into today's Consumer Protection Code. The general principles in these codes have been relied on publicly by the Central Bank when engaging with retail banks and insurers on consumer issues over recent years.
However, this has previously remained the realm of retail and consumer businesses. Now the flexibility these principles offer the regulator will apply to all firms and all of their senior staff.
All regulated firms should now prepare to train their staff, assess and understand the impact of, and be ready to monitor the regulator's pronouncements on its expectations for compliance with, these conduct standards. Assessing what the 'right thing to do' is in the light of these general principles can be driven as much by a firm's culture as the quality of a training session.
Other aspects of the reforms
The reforms also enhance other areas.They confirm that the Central Bank can investigate the 'fitness and probity' of senior individuals even after they have moved on from regulatory roles, strengthening the tools against 'rolling bad apples'.
When pursuing senior individuals in relation to a firm's regulatory breaches, the Central Bank is no longer required to prove specific 'participation' in that breach by the individual.
Updated requirements to notify the regulator if a firm takes its own disciplinary action following regulatory breaches or concerns as to an individual's fitness and probity highlight the delicate balance between regulatory compliance and employee's rights when things go wrong.
As lawyers, we have said many times since the Central Bank's first call for this regime that firms cannot start preparing early enough. The General Scheme of the legislation emphasises the breadth of its reach and the complexity in getting compliance right.