Enhanced governance, performance and accountability in financial services: the Individual Accountability Framework - address by Deputy Governor Derville Rowland

18 April 2023 Speech

Derville Rowland

The following address was delivered by Deputy Governor Derville Rowland at a joint Central Bank of Ireland / Law Society breakfast seminar, in Blackhall Place, Dublin, on 17 April 2023.

It is a pleasure to be with you this morning to discuss the Central Bank consultation on key aspects of the Individual Accountability Framework (IAF), and I’m grateful to the Law Society and its members for kindly hosting us.

At its core, financial regulation is about supporting positive outcomes, protecting consumers and investors, and, ultimately, contributing to the economic well-being of the community as a whole.

The regulatory expert Malcolm Sparrow, Professor of the Practice of Public Management at the Harvard Kennedy School, notes the challenge for all regulators of “reducing harms on the one hand, and respecting the traditional regulatory values of fairness, consistency, proportionality and predictability on the other”.1

Since day one in framing the IAF, this is a challenge we have been acutely conscious of.

The purpose of the IAF is to promote sound governance throughout the regulated financial services sector. The framework is very much in keeping with the key themes of the Central Bank’s strategy, namely: (i) safeguarding; (ii) future-focused; (iii) transforming; and (iv) open and engaged.

Safeguarding reflects our commitment to strengthen the design, implementation and operation of our core policy and supervisory frameworks.

By being future-focused, we are regulating for a rapidly evolving financial system – ensuring that the opportunities presented by change and innovation can be realised for citizens and the economy while the risks are managed.

Through transforming, we aim to be a more agile, resilient, diverse and intelligence-led organisation.

The IAF embodies these themes. Where firms and individuals take and demonstrate enhanced responsibility for customer and client outcomes, we can focus more on outcomes-based supervisory engagement, underpinned by clarity as to accountabilities.

The fourth theme of our strategy is being an open and engaged regulator. Which brings me to this event, and our desire to engage on as wide a basis as possible with interested stakeholders, including the public, regulated firms, financial services staff and industry representatives, members of the legal and compliance professions, members of professional services firms, and beyond.

I’m delighted to see so many of you here this morning, and I emphasise the Central Bank’s desire to hear your views.

Both in this consultation exercise, and on an ongoing basis, we want to hear from stakeholders on how the IAF is working and how it might be improved.

To help that discussion, I will briefly outline our proposed approach to implementation as set out in the Consultation Paper, including the rationale for key aspects of the IAF, and next steps – which I know is a major focus for firms and professional advisors in the period ahead.

Background

The IAF had its genesis in our Report on the Behaviour and Culture of the Irish Retail Banks, which identified poor governance, lack of consumer-focused cultures, and weak structures of accountability within firms.2 Those findings were consistent with issues we had seen in the wider financial services sector.

These issues were not unique to Ireland. As noted by the Bank of International Settlements, “two lasting imprints of the Great Financial Crisis were widespread failures in corporate governance and systemic breakdowns in corporate accountability and ethics”.3

It is important to acknowledge here that most firms and individuals aspire to high standards. That is why we have said that the majority of firms and staff will see nothing to fear in the IAF - because its principles are ones to which they already adhere. Nevertheless, the minority who do not aspire to such high standards cause reputational issues for the sector as a whole, and pose a risk to consumers, investors and wider society.

Hence, we proposed the IAF with a view to driving improved governance and accountability across the sector. In doing so, we emphasised from the outset that effective culture is, in the first instance, a matter for each individual firm to define, embed and own. As a regulator, we work to monitor, assess and influence culture within firms to guard against risk and drive better outcomes for consumers, investors and the system as a whole.

We worked closely with the Department of Finance to progress the proposals, and on 9 March, the Central Bank (Individual Accountability Framework) Bill 2023 was enacted. Shortly after enactment, we launched a three-month consultation on implementation of the IAF, including the publication of draft Regulations and guidance.

The Act provides for the introduction of the IAF, which is designed to improve governance, performance, and accountability in firms by establishing a framework of enhanced clarity as to who is responsible for what within firms. It also clarifies the standards to be met by individuals holding these responsibilities, with a particular focus on senior executives. As you are no doubt aware, the four key areas covered by the legislation are:

  • A Senior Executive Accountability Regime (SEAR) which ensures clearer accountability by imposing obligations on in-scope firms and senior individuals within them to set out clearly where responsibility and decision-making lies for their business;
  • Conduct Standards, which set out the standards of behaviour the Central Bank expects of firms and the individuals working within them;
  • Enhancements to the current Fitness & Probity (F&P) Regime to address some current limitations of that regime; and
  • Enhancements to our Administrative Sanctions Procedure (ASP), including a key change regarding our ability to take enforcement directly against individuals for breaches of their obligations rather than only for their participation in breaches committed by a firm.

The objective of the IAF is to achieve better outcomes for consumers and users of financial services and for the ongoing functioning of the economy. It will do this by supporting firms in being well run and having sustainable business models. The framework is built on proportionality, predictability and reasonable expectations. Our approach to implementation also embeds these features.

Of course, the Irish financial system serves not only the Irish but also the European and global economies. The IAF, implemented in a high quality manner, should support the Irish financial system in further fulfilling this role while ensuring further protection for consumers and investors.

Context

In developing our proposals, we have considered the legislative, regulatory and policy framework in which they will operate. The IAF is, as mentioned, aligned to our strategy and rooted in our regulatory philosophy whereby regulation should be forward-looking, connected, proportionate, predictable, transparent and agile.

We have considered the changing financial services landscape and international developments in the area of individual accountability. We have noted the evidence of the effectiveness of related regimes introduced in other jurisdictions from the perspective of both the relevant regulators and the firms to which such regimes apply.

Notably, in the UK, senior managers and firms surveyed about the Senior Managers Regime in that jurisdiction say it has had positive effects on behaviours and working practices.4

We have also been informed by the work of European and international bodies such as the European Commission and the Financial Stability Board, which recommend identifying key responsibilities and clearly assigning them to the holders of various positions within a firm.

From the international experience, we believe the IAF will not just assist the Central Bank in our mission as regulator - but assist firms in achieving their objectives too, with the longer term outcome of a more trusted financial services sector, which is in everybody’s interest.

Cost Benefit Considerations

While the IAF is designed to bring substantive benefits5, we are conscious that there will also be costs associated with its introduction. Some of these will be inherent; others will depend on the manner in which the framework is implemented. Overall, it is important that the benefits outweigh the costs. We have carefully considered this aspect upfront but also recognise the importance of ongoing review, as is currently under way in the UK.

While the initial scope of SEAR will apply to approximately 150 firms, the Conduct Standards and enhancements to the F&P Regime and ASP procedures will apply to all regulated firms.

In the context of firms within the scope of the SEAR, there will inevitably be an increased, but necessary and proportionate, administrative burden during the implementation phase due to the requirement to prepare Statements of Responsibilities and the Management Responsibilities Map.

For the broader population of firms there will be a requirement to notify and train individuals in respect of the Conduct Standards and to provide an annual confirmation in respect of the certification of Controlled Functions (CFs), which includes Pre-approval Controlled Functions (PCFs), to the Central Bank.

We expect that, after the initial measures to comply with the legislation, the ongoing cost of compliance will be less as firms become more familiar with their obligations and fine-tune the necessary processes.

This assessment of cost is borne out in the Regulatory Impact Assessment6 carried out by the Department of Finance at the time of publication of the General Scheme.

Concerns have been voiced to us about the potential for the IAF have a deterring effect in relation to the recruitment and retention of high quality individuals to important roles in the financial system. We consider the framework to be well designed and balanced and therefore unlikely to produce such effects. Nonetheless, this is another of the aspects we will monitor in our review process.

Best practice provides that new and significant regulatory frameworks should be reviewed after an initial period of operation. Accordingly, it is our intention to prepare and publish a report on the operation of the new framework based on its first three years of operation. In our review, we will consider the functioning of the framework, how the benefits and costs are being realised in practice, and whether any changes should be introduced.

SEAR

Turning to some specific aspects, it is proposed that SEAR will initially apply to a defined range of regulated firms, namely credit institutions (excluding credit unions), certain insurance undertakings and investment firms and incoming third country branches of these firms.

Taking into account nature, scale and complexity, it is intended to apply a proportionate approach to low-impact-rated in-scope investment firms and incoming third country branches.7 In this regard, a reduced number of Prescribed Responsibilities are applicable to such firms. All other elements of the SEAR apply, including Statements of Responsibilities and the Management Responsibilities Map.

The Central Bank will have power via regulations to rollout the SEAR to other sectors in due course. It is our intention to increase the scope of application of the SEAR over time, with lessons from the initial roll-out to be incorporated as the scope is extended.

In the meantime, our view is that there is much in the spirit of the SEAR that firms not initially falling within scope should recognise as aligned with good quality governance.

Responsibilities

We have designed the framework such that, for consistency and coherence, the roles to which the SEAR applies at in-scope firms align with those existing PCF roles to which the F&P Regime applies.

As is the case under the F&P Regime, firms will not be required to create new roles. Therefore, while bringing enhanced clarity, the SEAR is not expected to alter the existing governance structures of well-run firms.

There are two main types of responsibilities imposed under the framework:

1) Inherent Responsibilities: These are the responsibilities which automatically align to any given PCF role at an in-scope firm. Our proposed description of such Inherent Responsibilities is set out in the draft SEAR Regulation.

2) Prescribed Responsibilities: These comprise a list of responsibilities which it is proposed that each in-scope firm must allocate among individuals in PCF roles. Again, our proposed list of Prescribed Responsibilities is set out in the draft SEAR Regulation.

While firms must allocate all applicable Prescribed Responsibilities among PCFs at in-scope firms, the Central Bank does not intend to be overly prescriptive in terms of the allocation of Prescribed Responsibilities to specific PCF role-holders. This approach gives firms the flexibility to allocate responsibilities in a manner that accommodates different business models and organisational structures.

Non-Executive Directors

One aspect that has generated some debate already is the proposed inclusion of Non-Executive Directors (including Independent Non-Executive Directors) within the scope of SEAR. We have given this careful consideration.

It is important to recognise that Non-Executive Directors have existing responsibilities under the corporate governance framework, including, for example in respect of governance, oversight and challenge. We consider that responsibility under the SEAR is fully consistent with those existing responsibilities and should not impose increased obligations in that regard.

Importantly, the standards to be met by these individuals in their role as Non-Executive Directors will relate purely to their non-executive oversight functions and will, of course, be limited to what should reasonably be expected of individuals in that context.

Duty of Responsibility / Reasonable Steps

The SEAR introduces a duty of responsibility for individuals performing PCFs at in-scope firms to take reasonable steps to ensure that their areas of responsibility conform to legislative and regulatory requirements.

To provide clarity about what is expected in this context, and given that reasonable steps also apply in respect of the Conduct Standards, we have provided guidance on the meaning of “reasonable steps”.

In assessing the steps that an individual took, the Central Bank will consider what steps an individual, in that position, could reasonably have been expected to take at that point in time. This will include, for example, taking account of whether the individual is a recent appointment to the role and their overall level of experience in the context.

Conduct Standards

The Common Conduct Standards will impose a single set of readily understood, basic obligations on individuals carrying out CFs within firms. We consider these standards to be straightforward and in line with what would be considered as good practice by individuals carrying out such functions.

For individuals carrying out PCF and CF18 roles, a small number of Additional Conduct Standards are imposed relating to the individual’s responsibilities as a senior executive.

You will find that the legislation itself sets out a range of helpful detail as to what is required under the different Conduct Standards. Once again, the concept of reasonable steps is at the heart of the Conduct Standards, with the expectation that an individual subject to the Conduct Standards shall take reasonable steps to achieve compliance.

The draft IAF Guidance sets out the Central Bank’s expectations in relation to the Conduct Standards and some non-exhaustive examples of the steps it may be reasonable in the circumstances for an individual to take to ensure they are met.

Interaction with the Fitness and Probity (F&P) Regime

The F&P Regime and the IAF can be thought of as two aspects of one overall framework of sound governance and accountability – with the F&P Regime being about suitability of individuals and the IAF about their clear responsibilities and ongoing conduct.

For reasons of clarity, familiarity and convenience, they can continue to be considered separately. The operation of the F&P Regime, including the F&P gatekeeper function and the systems in place to support the F&P Regime, will remain substantially unchanged.

While the F&P Standards are relevant to assessing individuals prior to their appointment (and on an ongoing basis while performing the controlled function), the Conduct Standards only apply once the individual is in the role.

The IAF also introduces a number of enhancements to the F&P Regime to, amongst other things, strengthen the onus on firms and holding companies to proactively certify that individuals in controlled functions are fit and proper on an ongoing basis, and to address some current limitations of the F&P investigative function.

The need for firms to take ownership

Central to successful implementation – and driving a permanent uplift in governance standards – is the need for firms to take real ownership of the framework. This will make the fundamental difference. If firms embed the framework properly, it should ideally result in fewer serious issues in the sector over time – and, from our perspective, less need for enforcement actions.

Our approach to enforcement – both in relation to the IAF and more generally – is based on the key concepts of proportionality and targeted deployment with a rigorous focus on outcomes.

Enforcement is a critical component of our regulatory framework – but just one component. We have a broad range of powers, and we escalate as appropriate depending on the scale and gravity of an issue.

We think of it like a pyramid, whereby, at the wide base, we most commonly use our soft powers of education, persuasion and similar to promote compliance. Further up – and less frequently used – are our ‘hard powers’. Nearing the peak are the more punitive measures, such as administrative sanctions. We use those powers judiciously and sparingly, but we will act where warranted.

I provide this context to again underscore an important point: the IAF, in our view, is about encouraging the good, not just focusing solely on stopping the bad.

While robust enforcement action will continue to underpin our powers, we would far rather that firms focus on preventing, identifying, and acting upon issues in the first place - and we believe the IAF will assist firms in that purpose.

Implementation and Next Steps

While the key components of the IAF have been communicated for some time, we recognise that firms and holding companies will need time to prepare for and implement the various elements of the IAF effectively. Our proposed approach to implementation seeks to balance the need to maintain momentum by introducing the framework while allowing appropriate time for in-scope firms to ensure its quality implementation.

In order to finalise the proposals, we are keen to receive feedback to the Consultation Paper from a wide range of stakeholders, including those of you in this room today.

Following the receipt and review of feedback to the Consultation Paper and the publication of the related Feedback Statement, we intend to allow for an appropriate transitional period for firms and holding companies to implement the relevant changes introduced by the IAF. This would see:

  • Conduct Standards to apply from 31 December 2023;
  • Fitness & Probity Regime – Certification and inclusion of Holding Companies to apply from 31 December 2023; and
  • Regulations prescribing responsibilities of different roles and requirements on firms to clearly set out allocation of those responsibilities and decision making to apply to in-scope firms from 1 July 2024.

I would encourage firms to use this time to prepare to implement the new framework by understanding their obligations and assessing their current governance structures in order to identify clearly who is responsible for what within the firm.

Firms will need to clearly define the roles and responsibilities of individuals and ensure clarity over reporting lines and any delegation of tasks. Firms should review their current Fitness and Probity processes to assess any enhancements required to meet the annual certification requirements.

Firms should also examine their internal culture and values as compared to the IAF principles and identify areas of focus. Education and training will also play an important part in the success of this framework. These steps will help firms to assess gaps and identify the key changes needed on a timely basis.

The framework also introduces changes to the Central Bank’s enforcement processes. The Central Bank will issue updated F&P Investigations Regulations and F&P Investigations Guidance once the underlying legal provisions have been brought into effect in the coming days.

The Central Bank intends to launch a separate public consultation on the changes to the ASP in mid-2023. This consultation package will include consolidated end-to-end ASP Guidance which will include  Investigation, Inquiry, Settlement and Sanctions Guidance for consideration by all relevant stakeholders.

Conclusion

I will conclude here. I hope you have found it useful to hear how the new framework fits within our overall approach to regulation, which is based on the principles of proportionality, predictability, and reasonable expectations, and which leverages the way that firms have chosen to structure themselves, while ensuring that such structures have appropriate levels of governance and clarity.

My colleagues and I look forward to hearing your views and taking your questions.

1Sparrow, M. The Character of Harms (2008, Cambridge University Press).

2Behaviour and Culture of the Irish Retails Banks

3Oliveira, Walters and Zamil, When the Music Stops: Holding Bank Executives Accountable for Misconduct (2023, BIS Financial Stability Institute).

4Bank of England, Evaluation of the Senior Managers and Certification Regime

5Acting as a driver of high quality governance and performance amongst all firms; supporting positive outcomes including helping firms to secure the interests of their customers while ensuring sustainable business models; enhancing levels of trust and confidence in the financial system so that it fulfils its potential in supporting the Irish and European economy; and advancing the maturity of the regulatory system so that where levels of responsibility and accountability within firms are increased, supervision can focus more on performance and outcomes.

6Central Bank (Individual Accountability Framework) Bill 2022, Regulatory Impact Analysis

7The Probability Risk and Impact System (PRISM) is the Central Bank’s risk-based framework for the supervision of regulated firms. 

8Those individuals who may exercise a significant influence on the conduct of the firm’s affairs.