In recent years the size of the administrative fines imposed by the Central Bank of Ireland (CBI) in enforcement cases has significantly increased. This article gives an overview of the CBI’s enforcement regime, including the compulsory information gathering-powers that the CBI has at its disposal and the scenarios in which these powers could be used in respect of UK-authorised firms.
The Administrative Sanctions Procedure
The CBI’s enforcement regime, known as the Administrative Sanctions Procedure (ASP), allows the CBI to sanction regulated financial service providers where a regulatory breach, described as a ‘prescribed contravention’, has been or is being committed. The definition of a ‘prescribed contravention’ includes contraventions of over 100 pieces of legislation that are referred to in the Central Bank Act 1942 (as amended) (the 1942 Act) and any code or direction or condition imposed or made under them (the relevant provisions).
It is worth being aware that in certain circumstances, the CBI could investigate a UK authorised financial service provider that provides services in Ireland. In order for a UK authorised entity to be subject to an investigation under the ASP, it would have had to have breached one of the relevant provisions, some of which can apply in certain circumstances to regulated financial service providers that are authorised in a state other than Ireland. For example, the Irish Consumer Protection Code applies to a variety of regulated entities operating in Ireland with the consequence that a UK insurer operating in Ireland on a freedom-of-services basis or via an Irish branch could be subject to the ASP if it breached the Irish Consumer Protection Code when selling to customers located in Ireland.
The CBI’s investigations have become more intense in recent years with voluminous documentation being often requested from the relevant firm and interviews with personnel both internal and external to the firm now routine.
At the end of the investigation, the CBI can impose sanctions either by entering into a settlement agreement with the relevant entity or after a negative finding is made at inquiry (the latter is a formal mechanism used whereby an inquiry member or members who are appointed by the CBI will decide if a ‘prescribed contravention’ has occurred – usually where a case does not settle). While a settlement can be agreed on any terms, the CBI tends to use the sanctions available at inquiry as a benchmark. These include maximum fines of up to €10m or 10% of turnover (whichever is the greater) on a regulated entity. Occasionally slightly different sanctions are provided for under specific pieces of sectoral legislation.
A notable feature of the CBI’s settlement process, is the CBI’s insistence on the firm (or on the individual as the case may be) admitting the breaches and agreeing to the publication of a detailed publicity statement. The publicity statement will be published on the CBI’s website a few days after settlement. Both the admission and publicity can have far reaching implications for a firm, particularly reputationally.
Since 2006, the CBI has entered into over 100 settlements with firms and individuals under the ASP, imposing fines of over €60m. Fines have generally been increasing – 2016 saw the biggest annual figure to date of €12.05m. Although no inquiries have been held yet in relation to regulated entities, some are on-going in relation to individuals.
Compulsory information-gathering powers
During the course of ASP investigations, the CBI frequently uses the compulsory information-gathering powers that set out in Part 3 of the Central Bank (Supervision and Enforcement) Act 2013 (the Act). These powers are wide-ranging and can be used on regulated entities, related undertakings of regulated entities and a person who is or was an officer, employee or agent of such entities, as well as other categories of persons. The powers are explicitly stated to apply to accountants, auditors and legal advisors to regulated firms, or to related undertakings of regulated firms.
A ‘regulated financial service provider’ is defined so as to include regulated entities whose business is subject to regulation by an authority that performs functions in an EEA country that are comparable to the functions performed by the CBI. Therefore an entity that is authorised by the Financial Conduct Authority or the Prudential Regulation Authority could find itself subject to the CBI’s compulsory information gathering powers, if it had committed a ‘prescribed contravention’ (see comments made earlier). Alternatively a UK parent company of a CBI authorised entity could be on the receiving end of the CBI’s compulsory powers where the CBI is investigating an Irish subsidiary under the ASP, on the basis that the UK entity is a ‘related undertaking’ of the Irish firm and may have information which could assist the CBI in its investigation.
In terms of scope, the CBI can use its compulsory powers to inspect premises and to take copies of records found at inspection, to require individuals to answer questions and also to operate computers found at a premises – among other matters.
It is a criminal offence not to comply with a requirement imposed under Part 3 ‘without reasonable excuse’. The legislation does not specify what might constitute a ‘reasonable excuse’, however it is clear from the Act that a refusal to answer a question or to provide documentation on the basis that to do so may incriminate you will not suffice – you are still compelled to provide the information, although it cannot be used against you in any criminal proceedings. However, that information could be used by the CBI when carrying out other functions eg under the ASP. The Act implicitly accepts, however, that a firm or individual is not required to handover documentation which consists of legal advice between the firm/individual and their lawyers. This is because the Act provides a mechanism for the CBI to apply to the Irish High Court for a determination to be made as to whether documents contain privileged legal material where access to information is refused on that basis.
What to do?
If a UK-authorised firm finds that it is subject to a CBI enforcement investigation or to a compulsory information request from the CBI, it would be wise to seek local Irish advice on the extent of the CBI’s powers, as there are certain nuances in the breadth of those powers, depending on the underlying legislation and the relevant facts.