Dear CEO letter: Fitness and probity

Summary

The Central Bank has issued a Dear CEO letter setting out the findings of its thematic inspection of firms’ compliance with the fitness and probity regime. The findings will be a useful resource for firms carrying out a gap analysis between their procedures and the Central Bank’s supervisory expectations.

Background

The Fitness & Probity Regime was introduced by the Central Bank in 2010 with the objective of ensuring that regulated firms and individuals who work in those firms are committed to high standards of competence, integrity and honesty, and are held to account when they fall below these standards.

This is the second Dear CEO letter which the Central Bank has issued in respect of fitness and probity. The first, issued in April 2019, identified a number of areas where compliance was found to be lacking, which prompted the Central Bank to undertake thematic onsite inspections across a sample of firms in order to assess the general level of compliance. The inspections focussed on the processes in place to manage compliance with the requirements of the Fitness and Probity Regime, rather than the fitness and probity of particular individuals.

The current Dear CEO letter sets out the key findings and observations from the inspections together with the Central Bank’s supervisory expectations. The letter also sets out examples of the good practices observed by the Central Bank when conducting the inspection.

Findings

The inspections found a wide divergence of standards in the implementation of the F&P Regime:

The role of the board

• Poor level of awareness by Board members of their F&P obligations in many firms;
• in relation to board appointment, these were generally not subject to the same level of scrutiny or formality as other PCF/ CF appointments (suitability assessments, succession plans);
• instances of the CEO screening potential Board candidates was observed in some firms, which is inappropriate given the conflict of interest between the respective responsibilities of directors and the executive.

Conducting Due Diligence

• The most consistently weak area across the majority of firms;
• initial due diligence: when submitting Individual Questionnaires (“IQs”) in connection with a PCF applications, firms must disclose all information relevant to the Central Bank’s assessment of a proposed appointee’s fitness and probity. The Central Bank has stated that it takes non-disclosure seriously, especially where there is an apparent attempt to mislead which may call into question not only the individual’s suitability but also the firm’s decision to propose the individual in question.
• ongoing due diligence: processes were found to be particularly poor. Firms have ongoing obligations to ensure that they do not allow a person to perform a CF unless they are “satisfied on reasonable grounds” that the person: (i) complies with the applicable standards of fitness and probity; and (ii) has agreed to abide by those standards. An annual self-declaration by PCF and CF role holders is the minimum expected by the Central Bank.

Outsourcing of CFs and PCFs

• The majority of firms had not, as part of their due diligence in appointing CF role holders, obtained the required documentation nor made any inquiries as to the outsourcing service provider’s process for assessing fitness and probity;
• firms did not have a process whereby outsourcing arrangements were analysed to verify whether PCF or CF roles were being performed; and
• it is important to note always that a firm’s obligations with respect to fitness and probity apply irrespective of whether the PCF or CF role is performed in house or outsourced.

Engagement with the Central Bank

• In the majority of firms the processes related to engagement with the Central Bank on fitness and probity issues, including the IQ submission process, have not been adequately developed, documented or embedded;
• many firms did not have robust processes in place to identify, escalate and notify the Central Bank in a timely manner of potential concerns regarding the fitness and probity of a CF or PCF holder; and
• the Central Bank expects firms to be proactive rather than passive in identifying fitness and probity issues as part of their ongoing due diligence and to report issues to the Central Bank without delay.

Role of the Compliance Function

• The fitness and probity process should be subject to comprehensive oversight by the Compliance Function and periodic independent review by the Internal Audit Function to ensure it is fit for purpose; and
• while the majority of firms had compliance frameworks, policies and procedures in place, given the findings of the thematic inspections, it is clear that many firms are not undertaking robust compliance testing of their fitness and probity processes and procedures.

The Dear CEO Letter concludes on the following points:

• Firms should review the details of these findings, which are appended to the letter, in order to assess their own systems and processes;
• Failure by a firm to comply with its ongoing obligations can result in an investigation under the Central Bank’s Administrative Sanctions Procedure, leading to potential sanctions for firms and individuals; and
• The Central Bank is concerned that a number of firms did not take action in light of the April 2019 letter to perform a gap analysis of their policies, processes and procedures. The Central Bank states that it is wholly unacceptable that such shortcomings continue to exist almost ten years after the introduction of the F&P regime.

The Senior Executive Accountability Framework and SEAR

It is to be expected that the findings of the F&P review which are set out in the Dear CEO letter will inform the Central Bank’s thinking when designing the details of the new individual accountability framework which was first proposed by the Central Bank in its July 2018 paper Behaviour and Culture of the Irish Retail Banks.

This new individual accountability framework will include four elements:

Conduct Standards

Three sets of clear and enforceable standards:

• Common Conduct Standards for all staff in regulated financial services providers;
• Additional Conduct Standards for senior management; and
• Standards for Businesses.

Enhancing the F&P Regime

• Firms will be required to certify the fitness and probity of their CFs on an annual basis;
• The Central Bank will be empowered to investigate individuals who performed CFs in the past.

SEAR – the Senior Executive Accountability Regime

The SEAR will be an entirely new regime in Irish law, and will be modelled on the UK’s SMCR. Some points to note are:

• SEAR will be introduced on a phased basis;
• It will create a new class of Senior Executive Functions (“SEFs”), which will include board members, executives reporting directly to the board and heads of critical business areas;
• Each SEF will have a set of inherent responsibilities, and firms will have mandatory responsibilities which must be allocated to an SEF;
• Each SEF will be required to draw up a statement of responsibilities, which must be submitted to the Central Bank; and
• Each firm will be required to draw up a responsibility map, which will document its key management and governance arrangements.

Unified Enforcement Process

• The removal of the “hurdle of participation” will allow the Central Bank to pursue individuals directly for their misconduct rather than only where they are proven to have participated in a firm’s wrongdoing.

Conclusion

Firms should use the findings of the thematic inspection to carry out a gap analysis of their fitness and probity procedures, and should also review these procedures in light of the proposed new regime. The main difference between the existing regime and the proposed new regime will be increased clarity with respect to accountability.

We have advised a large number of firms on their compliance with the UK SMCR, and we expect this experience to be useful when helping our Irish clients comply with the SEAR.

Take me back to Spotlight on Ireland