On 17 November 2020, the Central Bank of Ireland (the "Central Bank") issued an industry letter to all regulated financial service providers ("Firms"). This letter details the key findings identified by the Central Bank during its thematic onsite inspections of a sample of Firms from the banking and insurance sectors. These inspections were undertaken in order to assess the level of compliance with obligations under the fitness and probity regime ("F&P Regime") introduced by the Central Bank Reform Act 2010 (the "2010 Act"). The inspections took place after a Dear CEO letter was issued by the Central Bank to all Firms in April 2019 (the "2019 Letter") identifying a number of areas where Firm compliance with obligations under the F&P Regime was found to be lacking.
In its letter to industry the Central Bank notes that the inspections it conducted concentrated on evaluating the processes Firms have in place to manage compliance with the requirements of the F&P Regime and did not consider the fitness and probity of specific individuals. The key findings detailed in the letter focus on five distinct areas:
1. Role of the board of directors (the "Board") in the fitness and probity process
While the Central Bank found that the level of awareness of fitness and probity obligations was weak throughout Firms, it noted that the awareness of Board members of these obligations was particularly poor. A number of issues were identified in respect of Board appointments including that:
- such appointments were generally not subject to the same level of scrutiny or formality as other pre-approval controlled function ("PCF") or controlled function ("CF") appointments;
- there was a lack of interview notes or suitability assessments available to support such appointments;
- no evidence of Board approval, discussion or challenge of proposed PCF appointments was available; and
- CEOs were screening potential Board candidates, which the Central Bank states is inappropriate given the conflict of interests that arise between the respective responsibilities of directors and the executive.
The Central Bank highlights that the quality of succession plans for the Board and executive team did not meet expectations as such plans did not set out the skills, competencies and experience required for the various roles and/or how a proposed successor would demonstrate or acquire the requisite skills, competencies and experience to undertake the role.
The Central Bank advised that it expects that the same high standards and rigour be observed and applied to Board appointments as to those elsewhere within a Firm.
2. Conducting due diligence
The Central Bank noted that due diligence was consistently the weakest area across the majority of Firms. The Central Bank stated that in the majority of Firms inspected, the initial due diligence undertaken was not sufficiently robust to evidence compliance with the requirements of the fitness and probity standards. Issues identified include:
- a lack of evidence of academic qualifications;
- a lack of references from previous employers;
- a lack of requisite searches including judgment searches, regulatory searches, directorship searches and adverse media searches, including adverse media searches regarding previous employers;
- a notable absence of interview notes; and
- no evidence of a documented assessment as to the suitability of the candidate.
Firms should have defined processes in place for conducting initial due diligence which include:
- documented policies and procedures;
- clear allocation of responsibilities;
- due diligence searches being performed; and
- interview notes being retained.
The Central Bank expects full and frank disclosure at the individual questionnaire ("IQ") stage, where all information relevant and potentially relevant to the Central Bank's assessment, including any adverse information in relation to the candidate, should be brought to the attention of the Central Bank. It was noted that where a Firm has any doubt as to the materiality of a piece of information in this regard, this should be disclosed and explained.
The Central Bank found that the ongoing due diligence process undertaken by Firms was particularly poor and often limited to an annual selfdeclaration with no ongoing due diligence screening to check if a change in circumstances had impacted an individual's fitness and probity. It was noted that Firms have ongoing obligations under Section 21 of the 2010 Act to ensure that that they do not allow a person to perform a CF role unless they are "satisfied on reasonable grounds" that the person: (i) complies with the applicable standards of fitness and probity; and (ii) has agreed to abide by those standards. The Central Bank stated that an annual self-declaration by PCF and CF role holders is the minimum ongoing due diligence expected and Firms should proactively conduct ongoing due diligence screening of staff to ensure there has been no change in circumstances that may affect the fitness and probity of the individual.
3. Outsourcing of roles subject to the F&P Regime
The Central Bank found that where PCF or CF roles are outsourced to unregulated outsource service providers ("OSPs"), the majority of firms had not obtained the required documentation nor made any inquiries as to the OSP's process for assessing fitness and probity. In addition, Firms did not have a process whereby outsourcing arrangements were analysed to verify whether PCF or CF roles were being performed.
The Central Bank noted that Firms' obligations with respect to fitness and probity apply irrespective of whether the PCF or CF role is performed within the firm or outsourced and the Central Bank expects Firms to have appropriate processes and procedures to ensure compliance in both scenarios.
4. Engagement with the Central Bank
The Central Bank found that Firms did not have clearly defined procedures covering the various stages of the IQ process including initiation, compilation, completion, review, approval and submission of the IQ application. It was noted that Firms did not have robust processes in place to identify, escalate and notify the Central Bank in a timely manner of potential concerns regarding the fitness and probity of a PCF or CF holder. In addition, there was a distinct lack of policies or procedures to support these escalations.
The Central Bank expects Firms to be proactive in identifying fitness and probity issues as part of its ongoing due diligence and in reporting as appropriate to the Central Bank without delay.
5. Role of the compliance function
The Central Bank noted that while the majority of Firms had compliance frameworks, policies and procedures in place, it was clear that many Firms were not undertaking robust compliance testing of their fitness and probity processes and procedures. Furthermore, the Central Bank stated that in some cases there was an over reliance placed on the compliance function, thereby creating a potential key person risk.
The Central Bank expects that the fitness and probity process be subject to comprehensive oversight by the compliance function and periodic independent review to ensure it is fit for purpose.
Other issues highlighted
Three other issues referenced by the Central Bank in its letter worth highlighting relate to:
- functional responsibility for the fitness and probity process. The Central Bank found that where Firms have clear, prescribed roles and responsibilities in respect of this process the due diligence conducted was of a higher standard;
- the quality of fitness and probity policies and procedures. Examples of good practices observed by the Central Bank include checklists, fitness and probity steering committees, "how to" guides and clearly documented roles and responsibilities; and
- maintenance of a register of employees performing PCF and CF roles and reviewing changes in roles by individuals to determine whether that the new role is a PCF or CF role or not.
The Central Bank highlights that it will continue to engage with Firms to assess the robustness of their application of the F&P Regime, it will initiate necessary supervisory responses to any weaknesses identified and failure by a Firm to comply with its ongoing obligations can result in an investigation under the Central Bank's Administrative Sanctions Procedure, leading to potential sanctions for Firms and individuals.
The Central Bank expects all Firms to take appropriate action to address the significant issues outlined in its letter and be in a position to evidence this to the Central Bank, if requested. Firms should read this letter in conjunction with the 2019 Letter, the fitness and probity standards and the associated fitness and probity guidance and determine what action, if any, should be taken.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.