Introduction
On 09 March 2023, the long-awaited Central Bank of Ireland (Individual Accountability Framework) Act 2023 (the “Act”) was enacted with the aim of promoting improved governance and positive cultural change in Regulated Financial Services Providers (“RFSPs”). Our Individual Accountability Framework (“IAF”) team outlines the four main pillars of the IAF as well as the key questions firms should be asking themselves when considering its impact below.
The Act is broadly similar to the Central Bank (Individual Accountability Framework) Bill 2022 initiated in 2022 with minor amendments made only to the enforcement procedures.
The Central Bank of Ireland (“CBI”) launched an associated three-month consultation process on key aspects of the Individual Accountability Framework (“IAF”) on 13 March 2023, including the publication of draft Regulations and draft IAF Guidance.
Responses to the Consultation Paper must be submitted to the CBI by 13 June 2023 with implementation of IAF elements expected by 31 December 2023 (Conduct Standards and F&P enhancements) and 01 July 2024 (Senior Executive Accountability Regime).
The key components of the IAF are:
1. Senior Executive Accountability Regime (“SEAR”)
The SEAR will initially apply to credit institutions (excluding credit unions) insurance undertakings, investment firms which underwrite on a firm commitment basis and / or deal on own account and/or are permitted to hold client assets, and incoming third country branches of these entities.
Individuals to which the SEAR applies at in-scope firms directly aligns to the listing of Pre-Approval Controlled Functions (“PCFs”) under the current Fitness and Probity (“F&P”) Regime. This includes Board members, Non-Executive Directors (“NEDs”), and Independent Non-Executive Directors (“INEDs”).
The SEAR requires firms to:
- Allocate Prescribed Responsibilities and Other Responsibilities provided by the CBI to individuals in PCF roles.
- Create a Statement of Responsibilities (“SoR”) for each of their PCFs, outlining their role and the specific areas of their responsibility (Inherent Responsibilities).
- Develop a Management Responsibility Map (“MRM”) illustrating the key management and governance responsibilities within their organisation.
- Demonstrate the compliance of PCFs to their Duty of Responsibility by documenting the Reasonable Steps taken to avoid contravention of legal and regulatory requirements.
Based on the CBI’s Consultation Paper, it is expected that all in-scope regulated firms are in compliance with SEAR by 01 July 2024.
2. Conduct Standards
The Conduct Standards outline the standards of behaviour for RFSPs and the individuals working within them focusing on customers, market conduct, integrity, and controls. These Conduct Standards will apply to all regulated firms, regardless of whether the firm is in-scope for the SEAR.
There are three new sets of Conduct Standards being introduced:
- Standards for Business that are applicable to all firms across the regulated financial services sector, regardless of sector. These provide a counterbalance to the Common and Additional Conduct Standards imposed on individuals.
- Common Conduct Standards for all individuals performing Controlled Functions (“CFs”) roles. The Common Conduct Standards are accompanied by a list of example behaviours that would be expected to achieve compliance with the standard.
- Additional Conduct Standards for those individuals performing PCF roles and those who may exercise a significant influence on the conduct of the firm’s affairs (i.e., CF1 roles).
CFs and PCFs subject to the Common and Additional Conduct Standards are obliged to take any steps that it is reasonable in the circumstances for the person to take to ensure that the relevant conduct standards are met. Failure to take such reasonable steps will be a ‘prescribed contravention’ and are enforceable against the relevant individuals directly. Similarly, a breach of the Standards for Business will constitute a ‘prescribed contravention’ and will be enforceable.
Based on the CBI’s Consultation Paper, it is expected that all regulated firms are in compliance with the Conduct Standards, including the Additional Conduct Standards, by 31 December 2023.
3. Enhancements to the Current F&P Regime
The F&P Regime will be extended to apply to holdings companies established in Ireland. This applies to the following Irish-incorporated holding companies; financial holding companies, mixed financial holding companies, insurance holding companies, and investment holding companies. The enhancements to the current F&P Regime will apply to all RFSPs, irrespective of whether the firm is in-scope of SEAR.
In addition, firms and relevant holding companies will need to certify on an annual basis that the CF role holders within their organisation are fit and proper and in compliance with the F&P Standards. Where individuals cannot be certified, such certification will be revoked.
The power of the CBI’s Head of Financial Regulation to investigate the F&P of a person performing a CF will be extended to apply to persons who previously performed a CF up to six years prior to an investigation taking place.
Similarly, the CBI will have the power to issue a suspension notice where it has imposed prohibition (pending High Court approval) on the person from carrying out a CF role. The suspension notice can be issued for six months (where confirmed by the Head of Financial Regulation) regardless of whether an investigation has been launched into the person’s F&P. In essence, the CBI may suspend an individual from performing a CF role even if the individual intends to challenge the prohibition notice before the High Court.
Based on the CBI’s Consultation Paper, it is expected that all regulated firms are in compliance with the F&P Regime enhancements, including firm certification requirements and the inclusion of holding companies within the regime, by 31 December 2023.
4. Enforcement Process
The Act removes the current “participation link” that exists between the conduct of an individual and a firm’s wrongdoing to allow the CBI to pursue individuals directly for their misconduct. Breaches of Conduct Standards will also be subject to direct enforcement action by the CBI. The High Court will have oversight of the settlement process and will have to confirm sanctions imposed by the CBI.
Further amendments to pre-existing legislation have been introduced to both clarify the execution of the Administrative Sanctions Procedure (“ASP”) and ensure that it incorporates standards of fairness in the administration of justice.
Next steps
With the Act now signed into law and the associated CBI consultation process commenced, it is essential that all regulated firms take action now to assess the impact of the IAF on their governance structures and establish an implementation plan to address the various elements.
Our experience of implementing Individual Accountability regimes indicates that preparation is key due to the wide-ranging impacts across all aspects of the organisation. In the UK in particular, firms often underestimated the effort involved with the Senior Managers and Certification Regime (“SMCR”) and its impact on the employee lifecycle. In addition, regardless of whether a firm is in-scope of the SEAR, they will be subject to the Conduct Standards and the enhancements to the F&P Regime.
Therefore, all RFSPs should be considering the impacts now.
Key questions firms should ask of themselves are outlined below:
How robust is your current F&P compliance? Have you conducted a gap analysis against the CBI’s Dear CEO letters on F&P of April 2019 and November 2020 and closed any issues identified?
- A strong F&P baseline is key to ensuring successful IAF implementation. Organisations should ensure that the existing policies, processes, and procedures in respect of F&P are robust and meeting the CBI’s expectations.
Have you identified your programme sponsor, steering committee, and created a programme plan?
- The more successful IAF implementation programmes ensured that those who were involved in delivering the IAF programme also were part of the team responsible for ongoing compliance within BAU.
Are your current governance structures clearly defined? Are reporting lines clarified and documented (including any dotted reporting lines and influence from Group / overseas entities). Are the roles, responsibilities, and committee memberships of Senior Managers clearly defined?
- Organisations often used the IAF as an opportunity to review and rationalise pre-existing committee structures and memberships. MRMs often became a key artefact for the Corporate Governance Functions.
Have you identified the in-scope policies, processes, and procedures that will be impacted by the IAF?
- Organisations should prioritise heavily impacted areas such as the policies and processes associated with the end-to-end employee lifecycle.
Are you aware of weaknesses or deficiencies in your underlying control environment? Have you considered the results of assurance reviews and whether any issues remain open? Are you satisfied with your outsourcing control environment and thirdparty risk management?
- As with F&P compliance, a well-established control environment is a key building block of IAF implementation.
Do you understand the concept of “reasonable steps” and have you the appropriate frameworks and governance in place to demonstrate that “reasonable steps” are taken in the event of a potential regulatory breach?
- Building an effective “reasonable steps” framework should leverage pre-existing infrastructure within the organisation and address any identified gaps. RFSPs should review their pre-existing internal control frameworks, reporting, attestation and results of any pre-existing internal audit and compliance reviews, and identify any gaps and additional actions.
Have you identified all populations that will be in-scope of the IAF and the relevant requirements and communicated the impacts early? Have you considered the impact of union engagement, where relevant? What additional training will be required?
- A clear and consistent communications strategy is vital to ensure that any potential staff issues are identified upfront.
Do you understand your firm’s culture, and does it effectively promote the required behaviours? Have you conducted a recent culture audit? Does your organisation’s mission, vision, and values align with the CBI’s Conduct Standards?
- The CBI has clarified that organisations will be expected to comply with the spirit and not just the letter of the IAF. Key to this is ensuring that the right behaviours are promoted right across the organisation and at all levels.
How can KPMG help?
KPMG’s Risk and Regulatory Consulting team has experience in leading large-scale regulatory change programmes within Ireland as well as in implementing similar Individual Accountability regimes across the globe, particularly in the UK (Senior Manager and Certification Regime) and Australia (Banking Executive Accountability Regime).
Members of our Irish team have been involved in the design and implementation of global accountability regimes for small, medium, and large organisations. We have also supported several Irish clients with IAF readiness assessments and implementation planning. We will leverage our experience and global network, coupled with our extensive knowledge of the Irish financial services market, to support firms in this process.
Our team of IAF experts includes our KPMG Law colleagues who can provide advice on all elements of IAF and SEAR (including any HR or contractual implications of the legislation).
We can support you in your preparation for the IAF in the following ways:
1. Readiness Assessment
We can assist you with a readiness assessment and identify required changes to be implemented. This includes a remediation plan and clear actions for any gaps identified.
2. Design and Implementation
We can assist you with the design and implementation of a programme of work to implement the IAF requirements using the output of a readiness assessment. This includes target operating model design and implementation.
3. Technology
We can advise you on technology solutions to manage the IAF requirements, using our bespoke technology solutions which include our Accountability Manager Tool, that are adaptable for your needs.
4. Assurance
We can assist you to ensure that you are in adherence with the new requirements prior to implementation or post implementation, leveraging our experience with implementing and advising on F&P requirements as well as Individual Accountability regimes such as the UK’s Senior Manager and Certification Regime, and Australia’s Banking Executive Accountability Regime / Financial Accountability Regime.
