Fitness and Probity: Compliance weaknesses and diverging standards – Central Bank announces inspection results
The Central Bank of Ireland announced this week that it uncovered “significant issues” as part of its recent thematic inspections into compliance by regulated financial services providers (RFSPs) in the banking and insurance sectors with the Central Bank’s Fitness and Probity regime. This follows a similar message delivered to the financial services industry in April 2019.
Click here to view this briefing in PDF format.
Poor awareness of key obligations at senior level, and an absence of “robust” processes for escalating concerns about the fitness and probity of key office holders, were emphasised in the Central Bank’s press release.
By way of reminder, the Fitness and Probity regime (introduced in 2010) applies to those who carry out ‘controlled functions’ (CFs) (of which there are 11 broad types) within RFSPs. Those who carry on certain categories of CFs, known as ‘pre-approval controlled functions’ (PCFs) (of which there are 54 types) cannot carry out those functions without the prior written approval of the Central Bank.
Where a person is to carry on a CF role other than a PCF role, Central Bank approval is not required but the RFSP must be “satisfied on reasonable grounds” that the person complies with the Central Bank’s Fitness and Probity Standards.
During the first nine months of 2020, the Central Bank assessed 2,848 PCF applications, and 33 of those were referred to the Enforcement Division for further consideration. The Enforcement Division conducted 16 interviews, and 11 applications were withdrawn by RFSPs following referral to the Enforcement Division.
April 2019 ‘Dear CEO’ Letter
The Central Bank wrote to RFSPs in April 2019 noting that while there was good industry awareness of the obligations imposed on individuals under the Fitness and Probity regime, there was less awareness of the obligations on the RFSP itself. In particular, it recommended that:
- RFSPs should require those who perform CF roles to inform them of circumstances that might impact their fitness or probity and should assess those individuals at least annually.
- The Central Bank must be told “without delay” of any fitness and probity concerns and related actions taken regarding a person carrying on a CF role.
It also required RFSPs to:
- Review their fitness and probity policies, procedures and practices.
- Address any shortcomings.
- Be in a position to explain how they considered the issues raised in the April 2019 letter.
- Be in a position to explain and demonstrate any actions taken by them to remedy those shortcomings.
Our briefing on the April 2019 ‘Dear CEO’ letter is here.
However, Deputy Central Bank Governor Ed Sibley observed this week that it is “…a matter of concern that a number of firms did not take action, on being prompted by our April 2019 letter, to perform a formal ‘gap analysis’ of their policies, processes and procedures.”
Outcome of 2020 Thematic Inspections and ‘Dear CEO’ Letter
Following its 2019 ‘Dear CEO’ letter, the Central Bank carried out a number of thematic inspections covering a sample of RFSPs in the banking and insurance sectors. The key issues identified by the Central Bank as part of those recent inspections were set out in its ‘Dear CEO’ letter of 17 November 2020‘, and include the following:
- Poor levels of awareness, at board level, of obligations under the Fitness and Probity regime. In particular, the Central Bank noted that board appointments were not subject to the same detailed scrutiny within RFSPs as other PCF and CF roles.
- Weak due diligence processes (in particular, the Central Bank identified a lack of evidence of qualifications, reference checks and suitability searches). The Central Bank was particularly critical of situations whereby the role-holder annually self-declares that there are no issues, but the RFSP does not carry out any ongoing due diligence.
- A lack of robust processes for identifying potential concerns regarding the fitness and probity of a PCF or CF holder, and for escalating and notifying the Central Bank of those concerns.
- A lack of robust compliance testing by RFSPs of their fitness and probity policies and procedures.
- Where PCF or CF roles are outsourced to unregulated service providers, failures to obtain the necessary documentation, and failures to inquire about the service provider’s processes for assessing fitness and probity.
What Happens Next?
We expect continued focus by the Central Bank on this topic. In particular, Central Bank Deputy Governor, Ed Sibley, reiterated that supervisory responses would be taken where weaknesses in an RFSP’s application of the Fitness and Probity regime are identified.
In parallel with this, the Central Bank has also reminded RFSPs, following its July 2018 Report on Behaviour and Culture of the Irish Retail Banks and its July 2020 Thematic assessment of Diversity & Inclusion in insurance firms, that they should look at how they consider the collective mix of skills and composition, particularly at board and senior management levels, in addition to assessing individual competency.
With developments expected in 2021 on the proposed Senior Executive Accountability Regime (see our briefing on the SEAR here), this area is likely to remain towards the top of the Central Bank’s supervisory and enforcement agenda for the foreseeable future, both in terms of how it applies to RFSPs and to individuals performing CF roles. Both RFSPs and CFs should therefore consider the contents of the recent ‘Dear CEO’ letter very carefully and RFSPs should take any remedial action that might be required.