Regulating individual accountability and consumer centric cultures in financial services has become an area of particular priority for Ireland’s financial services regulator, the Central Bank of Ireland (Central Bank) in recent years. This has culminated in the adoption of the Central Bank (Individual Accountability Framework (IAF)) Act 2023, supporting regulations and guidance. Collectively these are referred to as the IAF Regime. The IAF Regime represents the single most significant, cross-sectoral regulatory enhancement in Ireland over the last decade. While some elements of the IAF Regime apply to all regulated financial service providers (RFSPs), insurance undertakings and third country branches of insurance undertakings are captured by all aspects of the IAF Regime. Incoming European Economic Area (EEA) branches are also in-scope for discrete elements of the IAF Regime, namely the conduct standards. In this piece we consider the drivers behind the need for the IAF Regime, its foundational pillars and Matheson’s observations on implementation.
Drivers behind the need for the IAF Regime
The primary catalyst for the IAF Regime was the 2008 financial crisis, its aftermath and the significant failings in the Irish domestic banking sector, in particular, the treatment of tracker mortgages by the Irish retail banks. On the back of this, the then Minister for Finance and Public Expenditure and Reform requested the Central Bank to carry out an in-depth examination of the behaviour and culture of the Irish retail banks. It was in the Central Bank’s report to the minister that it first detailed a proposal for the introduction of the IAF Regime, explaining that without the adoption and implementation of such a regime ‘the likelihood of profound cultural change in the regulated financial services sector (would be) reduced’.
Of interest to international readers will be the fact that the Central Bank was influenced and guided by the experience of other global regulators which had adopted similar regimes including Australia, Hong Kong and the United Kingdom (UK). The equivalent regime in the UK was considered to be of particular relevance to the design of the new Irish regime, a regime which has universally been considered to be a success. As with other jurisdictions, Ireland has taken a number of the aspects of the Senior Managers and Certification Regime (SMCR), and adapted them for application in the Irish financial services market.
IAF’s foundational pillars
Throughout the development of the IAF Regime, the Central Bank acknowledged that a one-size-fits-all regime would not be effective but that establishing good foundations was seen as imperative. As a result, RFSPs have the flexibility to adapt the IAF Regime to their organisation, governance, culture and operations that are in place today, with the duty to ensure the expected levels of responsibility meet the requirements of the IAF Regime. So what are the foundational pillars of the IAF Regime?
- Conduct standards: common conduct standards are basic standards such as acting with honesty and integrity, with due skill, care and diligence, and in the best interest of customers, and applies to individuals in all RFSPs, including incoming EEA branches of insurance undertaking. This is the first time that such duties have been codified in legislation.Senior executives also have additional conduct standards related to running the part of the business for which they are responsible.
Finally, the conduct standards also include business conduct standards, which are currently being addressed as part of the Consumer Protection Code review.
- Enhancements to the current Fitness and Probity (F&P) Regime: this clarifies RFSPs’ obligations to proactively certify that individuals carrying out certain specified functions are fit and proper. Additionally, the F&P Regime has also been expanded to include certain holding companies established in Ireland, which includes insurance holding companies.
- Breaking of the ‘Participation Link’ and amendments to the Administrative Sanctions Procedure (ASP): previously the Central Bank had to prove an infringement or contravention against a RFSP before being in a position to hold an individual, who participated in the decision-making that led to the infringement or contravention, to account. This requirement has now been removed.
In addition to the changes necessitated in order to give effect to the breaking of the ‘Participation Link’, changes were also required to the ASP to reflect an Irish Supreme Court decision in a case called Zalewski v WRC & the AG [2021] IESC. This included a number of amendments such as:- placing the ASP on a statutory footing;
- the provision of a High Court confirmation of a settlement agreement entered into between the Central Bank and a person on consent;
- the requirement to have a statutory list of relevant considerations that inform the Central Bank’s determination of a sanction of an individual; and
- ensuring that there is independence between the investigative and inquiry stages of an ASP.
- Senior Executive Accountability Regime (SEAR): the aim of the SEAR is to overcome the difficulties the Central Bank explained it had experienced when identifying precisely who is in charge of which decisions within RFSPs. The initial scope of the SEAR is much narrower than the broad application of the conduct standards and reforms to the F&P Regime. Insurance undertakings, as well as incoming third country branches of insurance undertakings, are however in-scope. Such entities must identify and allocate to each Pre Approval Controlled Functions (PCF), in the first instance, inherent responsibilities pertaining to the PCF role itself, and secondly, allocated responsibilities pertaining to the business of the RFSP. RFSPs must also map out the roles, responsibilities and decision-making powers of these individuals.In addition to this is a statutory duty of responsibility on these PCF role holders. This requires them to take any steps that are reasonable in the circumstance for them to take, to avoid a contravention by the RFSP of its obligations under financial services legislation in relation to an aspect of the RFSP’s affairs for which the PCF role holder is responsible under SEAR.
These RFSPs must also create statements of responsibilities and responsibility maps pertaining to the RFSP, describing their governance arrangements and demonstrating clearly that there are no gaps.
From proposal to implementation
After an extensive period of negotiation between industry, the government and the Central Bank, as well as an in-depth pre-legislative scrutiny process, the IAF Act was signed into law in March 2023 some five years after the Central Bank’s first proposal. Following its enactment, the Central Bank launched a three-month consultation on the implementation of the IAF Act and the final supporting regulations and guidance were published by the Central Bank in November 2023.
The commencement of the finalised IAF Regime then followed with initial implementation in late December 2023. This required compliance with the conduct standards and enhancements to the F&P Regime, two of the foundational elements of the IAF Regime. The deadline for implementation of the SEAR, came hot on its heels in 1 July 2024 (save for independent non executive directors and non-executive directors whose compliance has been deferred until 1 July 2025).
Observations on the IAF Regime which will be of importance for implementation
For Irish-based insurance undertakings and third country branches of insurance undertakings operating in Ireland, there are a number of key considerations which the board and senior executives of those entities need to be cognisant of as they look to embed the IAF Regime, a principles-based regime. They include:
- The introduction of conduct standards in a codified form means that they take the form of positive, enforceable legal obligations on individuals to act in accordance with a single set of standards of expected behaviour. This is a material change, particularly for those who hold controlled functions (CFs) (CF includes such roles as those which exercise significant influence on the RFSP, those in a compliance function as well as those in customer facing roles). Compliance will continue to be a key consideration for RFSPs across 2024, as providing training, awareness and guidance will be central to individuals understanding their responsibilities and complying with the requirements of the IAF Regime.
- The scope of the conduct standards is such that individuals who are CFs in Irish insurance undertakings, but who are not directly employed by the entity, are captured. This is particularly complex when an Irish insurance undertaking is part of a large multinational group. Consequently, insurance undertakings will have to consider the IAF Regime in the context of its outsourcing, shared services and operational resilience arrangements.
- One of the lessons learnt from the implementation of SMCR was that a material amount of work was required to build RFSP’s formalised certification regime. In the feedback statement to its consultation on the IAF, the Central Bank clarified its expectations with regard to ongoing due diligence required of the F&P Certification Process. While it has retained certain clarifications of its expectations, importantly the initial proposal to extend enhanced due diligence checks to certain CF roles has been removed. This was a welcome clarification as it reduces some of the effort required to ensure compliance. This being said, the annual mechanics of the certification process is likely to take some time to design and implement in each RFSP.
- Proportionality is a thread woven throughout the IAF Regime, which reflects the fact that the regime is not intended to be a theoretical standard to which all RFSPs, regardless of nature, scale and complexity would have to comply with. As is the case with regulation in general, where a RFSP is adopting a proportionate approach to its compliance, it must document the reasons for same and we would encourage RFSPs to follow the same approach here. This is so as to ensure that, when the Central Bank looks to the RFSP’s compliance, it can understand how individuals and RFSPs are seeking to comply with the IAF Regime.
- The concept of reasonableness is embedded in the IAF Regime. The Central Bank has acknowledged that human error can occur and that perfection is not the required standard. The Central Bank will consider what steps an individual, in that position, could reasonably have been expected to take at that point in time. The reasonable steps taken should align with the day-to-day management of the CF holders’ respective area. It is important that the individual can demonstrate the reasoning and approach to decision-making, so that he or she can demonstrate how the relevant judgment may have been reasonable at that time.Additionally, the Central Bank also recognises the role of judgement exercised by those in senior roles and that while that judgement may have turned out to be wrong in a particular circumstance, with the benefit of hindsight, it is clearly possible for that individual to demonstrate how that judgement may have been reasonable at the time.
- The expected standard of PCF/CFs role holders is to also understand their obligations in relation to effective collective decision-making. This is a very particular and detailed consideration for individuals and RFSPs in order to ensure that the capacity in which a person is making a decision or contributing to a decision is specified. While complex, it is important that the practice of collaboration and collective decision-making should not be limited by the IAF Regime.
- The IAF Regime, as a regime impacting individuals, has a broad impact on employment law considerations and requires support by both human resources and compliance functions, particularly in the first annual cycle of application. RFSPs ought to consider the challenges that the IAF Regime may pose to existing employment, reward and disciplinary proceedings and future arrangements.
- Definitive compliance will not have been achieved by the deadlines of 29 December 2023 or 1 July 2024, as this regime is intended to be lived by individuals and remain adaptive to the evolving nature, scale and complexity of circumstances and issues that the financial services sector presents.
The implementation and embedding of the IAF Regime has now begun and will, no doubt, present questions and challenges for RFSPs, individuals and the Central Bank alike. With this in mind, we hope that all parties will, in the words of Deputy Governor of the Central Bank, Gerry Cross ‘work in the right spirit to deliver over the coming periods.’
Importantly, the Central Bank has committed to a review of the IAF Regime three years after implementation. This should provide sufficient time to gauge the effectiveness of the core elements of the IAF Regime and to allow the Central Bank to then act to take any necessary steps to amend/update the regime in light of its findings. In the meantime, it is hoped that the IAF Regime will effectively contribute to improving the public trust in financial institutions, produce better outcomes for consumers and effectively contribute to enhancing Ireland’s reputation as a global financial services centre.