The overall strategic and statutory objective of the Central Bank is safeguarding stability and protecting consumers.
Since 2011, the Central Bank has published a set of priority areas each February which it indicates will be a focus for the coming year. Making a statement about regulatory priorities assists the Central Bank in encouraging regulated entities to review compliance with the matters or industry sectors identified as a priority and have the added effect of promoting consumer confidence.
This is reflective of the enforcement approach outlined in the Central Bank of Ireland’s Strategic Plan 2013 -2015 and the Probability Risk and Impact System (“PRISM”) model of regulation embraced by the Central Bank in the aftermath of the financial crisis.
In her speech to delegates at the Compliance Ireland organised Central Bank Enforcement Seminar held on 12 December 2014, Director of Enforcement at the Central Bank, Ms Derville Rowland, noted
"We [the Central Bank] focus our enforcement resources on .... priority themes to help promote compliance in the areas that are of greatest importance to the Central Bank. Our enforcement actions do not however relate solely to these "pre-defined" enforcement priorities. We also make provision in our resourcing to allow us to take “reactive actions” in response to serious issues identified through day to day supervisory work and from other information sources for example, whistleblowing”
On 9th February 2015, the Central Bank of Ireland (the "Central Bank”) published its enforcement priorities for 2015. These are divided under two main headings (i) cross sectional enforcement priority areas and (ii) sector specific enforcement priority areas.
Cross Sectional enforcement priority areas:
The Central Bank sees adherence to prudential requirements as the cornerstone of its strategy for all regulated industry sectors. The Central Bank note their particular (but not exclusive) focus will be on:
"prudential requirements for credit unions, large exposure rules for credit institutions and markets, those applying to retail intermediaries, reserving and capital adequacy and insurance.”
The focus on Credit Unions and Credit Institutions is not surprising given Deputy Governor Mr. Cyril Roux’s comments at the Deloitte Future of Prudential Regulation briefing held on 15 April 2014. While expressing an outlook on enforcement priorities for 2014 it was clear that Credit Unions were an ongoing domestic enforcement priority for the Central Bank given they were not captured by European directives. That focus it seems will continue in 2015.
A large part of Mr Roux’s speech to delegates at the abovementioned briefing focused on the impact the Single Supervisory Mechanism (“SSM”) would have on the regulation of Credit Institutions with Mr Roux making it clear that while five large credit institutions would be supervised directly by the European Central Bank in Frankfurt, the remaining Credit Institutions and any branches of Credit Institutions operating in Ireland but authorised elsewhere, would be supervised by the Central Bank in Ireland to the same high standards set out in the SSM and importantly as Mr Roux put it “under the watchful eye of the ECB”.
The Central Bank considers the existence and proper functioning of a regulated firms systems and controls as essential in the context of compliance with regulatory requirements. The Central Bank also believes that having sound risk management systems assists in preventing against inadvertent harm to consumers and deliberate acts of misconduct.
It should come as no surprise that the implementation of adequate systems and controls aimed at ensuring regulatory compliance appears on the list of enforcement priorities as it has appeared on the list each year since the first list was published in 2011.
The Central Bank notes that the provision of inaccurate, incomplete or late regulatory returns by regulated entities compromises the Central Bank’s efforts at proper prudential regulation. The Central Bank notes that a number of the enforcement cases brought by the Central Bank in 2014 were related to deficient regulatory returns.
The Central Bank has over the last number of years increasingly moved to an online reporting system (“ONR”) for the purposes of receiving regulatory returns from regulated entities. In an address to the Irish Funds Industry Association on 20 November 2012, around the time when the ONR was initially being rolled out, Mr. Gareth Murphy in his capacity as the Director of Markets Supervision at the Central Bank noted the importance of ensuring the information received by the Central Bank was accurate:
“Accurate and comprehensive data is an efficient way for the Central Bank to monitor the activities of firms whilst focussing our resources where it matters……….These regulatory returns fulfill three roles: prudential assessment of firms’ financials and operations, informing the Central Bank on key trends and assisting the European Systemic Risk Board in filling out the larger picture of systemic risk across Europe.
As the expression goes: ‘garbage in – garbage out’. We cannot allow poor regulatory returns to undermine the supervisory effort and to ultimately damage the interests of investors and issuers. Where we encounter sloppy approaches to regulatory returns – as with other regulatory breaches – we will be prepared to take enforcement action.”
Outsourcing and governance failures associated with outsourcing were the subject of two different enforcement actions taken by the Central Bank in 2014. The Central Bank has noted that the issues were not confined to one industry sector and as a result the Central Bank has included outsourcing in its cross sectional priorities list.
The Central Bank has consistently re-iterated the importance of ensuring that outsourcing arrangements are adequately and appropriately documented in Service Level Agreements and that the Board of the outsourcing regulated entity ensures on a continuous basis that the outsourced services are the subject of ongoing review. Firms authorised pursuant to the Markets in Financial Instruments Directive (“MiFID”) and fund administration companies outsourcing core functions e.g. the net asset value calculation process have been top of the Central Bank’s list in the past.
AML/CFT compliance is an important area of focus for the Central Bank and indeed an increased focus worldwide due to increased levels of terrorist activity.
Certain designated entities offering financial services are seen to be a gateway into the legitimate financial system for those who would seek to launder the proceeds of crime or finance the activities of terrorists. The Financial Action Task Force ("FATF") is the global body charged with the responsibility of drafting broad principles aimed at combatting AML/CFT activity. In Europe, the Third Anti-Money Laundering Directive (the “3rd Directive”) is the body of law which member states must incorporate into national legislation. In Ireland, the 3rd Directive was transposed into national law by way of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended) (the “Act”). The Central Bank is charged with ensuring those entities that are caught within scope; comply with the requirements of the Act. The Central Bank has been active over the last number of years in carrying out inspections and in some cases entering into enforcement actions against non-compliant firms.
The Central Bank’s AML/CFT supervisory work can be expected to increase significantly in over the next year for two main reasons. Firstly, the Fourth Anti-Money Laundering Directive (the “4th Directive”) is due to be published by European legislators in the very near future bringing with it a number of changes to the existing legislation. The 4th Directive places a lot of onus on competent authorities such as the Central Bank to carry out detailed risk assessments aimed at identifying and targeting areas which require particular focus as being potentially prone to AML/CFT activity. Once the high risk areas have been identified, industry should expect increased supervisory activity in those sectors.
Secondly, FATF are due to carry out a peer review of Ireland in 2016 one aspect of which will be a review of how competent authorities such as the Central Bank are discharging their obligations in terms of supervising and enforcing compliance with AML/CFT requirements. As Ms Rowland remarked at the Compliance Ireland seminar held on 12 December 2014:
“It is important that Ireland gets a positive review by the FATF in 2016 to show that Ireland takes its AML regulatory obligations seriously and that its financial system is not susceptible to be used for money laundering or terrorist financing purposes.”
This is the last heading specified by the Central Bank under the cross sectional list of enforcement priorities.
The Central Bank’s Standards on Fitness and Probity were introduced pursuant to Section 50 of the Central Bank Reform Act 2010 (the “Standards”). The Standards list a number of positions/roles at regulated financial services providers (the “RFSP”) which should only be occupied by persons who are fit and proper to do so and can produce evidence of that suitability on an ongoing basis. Certain functions cannot be filled until they have first being vetted by the Central Bank following their review of a detailed online questionnaire which is completed by the candidate. Only when that review is complete can the candidate take up his/her role.
The Standards specify that persons falling within scope must provide periodic updates that they continue to comply with the Standards, or, in the event they are unable to comply they will notify the Board of the RFSP with details of why compliance is no longer possible. The expectation is the Central Bank will be testing RFSP’s to ensure that they have complied with all aspects of the fitness and probity requirements and that they have received the periodic updates required from the relevant persons.
The Central Bank has also listed some specific sectoral priorities which they will focus on in 2015. These include:
The Central Bank of Ireland has published its programme of themed-inspections for 2015. The programme seeks to identify areas of emerging risk and compliments themed inspection work carried out by the Central Bank in previous years.
The themed-inspections announced for 2015 are:
PRISM is the risk framework which the Central Bank has developed which underpins how the Central Bank goes about supervising and regulating those entities falling under its regulatory responsibility.
The focus is primarily on ensuring that large systemically important financial institutions do not fail and targeting resources with that end goal in mind. PRISM uses data and information it has compiled on regulated entities to attribute those entities with a risk rating. High risk entities are the subject of rigorous supervisory oversight with low risk entities being the subject of more reactive regulation and themed inspections. However, the Central Bank reserves the right to make examples of lower risk entities where it is believed that the market must be sent a message in order to raise the standards of compliance within the industry sector in general.
Identifying enforcement priorities for the year ahead is just one aspect of the PRISM model in action.
Together, the following body of legislation gives the Central Bank wide ranging powers to enforce compliance with regulatory requirements:
Of all the tools available to the Central Bank the route most frequently taken of late is the Administrative Sanctions Procedure. The press release setting out the Central Bank’s enforcement priorities for 2015 notes that, during 2014 the Central Bank entered into:
“11 enforcement settlements with regulated financial service providers in 2014 resulting in the imposition of overall fines in excess of €5 million.”
Invariably to date the matter is concluded by way of a Settlement Agreement which is published in the Central Bank’s website but the Central Bank also has the following enforcement tools available to them: