The Individual Accountability Framework: What it means for Directors - Remarks by Gerry Cross, Director of Financial Regulation, Policy & Risk

Today, I want to explain how the new Individual Accountability Framework for financial firms is very much aligned with such a vision.

It is often, and easily, considered, that the dominant mind-set of financial regulators is to stop bad things happening. You might be surprised to learn that this is not quite accurate. At the Central Bank of Ireland, we see our role in a more positive way. We are there as financial regulators to deliver and support good outcomes. You can see this in our vision and in our multiyear strategy. What we are focused on is the wellbeing of citizens in the context of a well performing, innovating, and sustainable economy supported by a resilient, well-regulated financial sector operating in the interests of consumers and investors. Our regulation of the financial sector is at all times grounded in this vision.

That does not mean that people won’t be held to account where necessary. They will and we all need to be. But that simply represents the basis of all social activity: ultimately, there need to be enforceable frameworks of rules.

And that is how we have approached the design and implementation of the IAF. It has been designed to support high quality leadership and governance of financial firms. It tries to do this by bringing enhanced clarity to the governance of such firms, to the allocation of responsibilities, and to the expectations that apply to those running the firms.

Importantly, it seeks to do this in a highly flexible way and in a manner that has proportionality and reasonable expectations embedded at every point. These are also the principles – flexibility, proportionality, reasonable expectations – that we are seeking to embed in our approach to the implementation of the framework. Our draft approach is currently out to consultation. We very much want to hear from you as to whether you think we are achieving this aim.

Background

On 9 March 2023, the Central Bank (Individual Accountability Framework) Act 2023 was enacted. We immediately launched a three-month consultation on its implementation, including the publication of draft Regulations and guidance.

The Act provides for the introduction of the IAF, which is designed to improve governance, performance, and accountability in firms providing financial services to individuals and businesses by establishing a framework of enhanced clarity as to who is responsible for what within firms. It also clarifies the standards to be met by individuals having these responsibilities, with a particular focus on senior executives.

As you are no doubt aware, the four key areas covered by the legislation are as follows: A Senior Executive Accountability Regime (SEAR), Conduct Standards, enhancements to the current Fitness & Probity (F&P) Regime and enhancements to our Administrative Sanctions Procedure (ASP). The IAF consultation deals with the first three components, which I will now provide a brief overview of, whilst enhancements to the ASP will be the subject of a second consultation in the coming months.

SEAR

The Senior Executive Accountability Regime (SEAR) will initially apply to a defined range of regulated firms, namely credit institutions (excluding credit unions), certain insurance undertakings and investment firms and incoming third country branches of these firms amounting in total to approximately 150 firms.

The SEAR ensures clearer accountability by imposing obligations on in-scope firms and senior individuals within them to set out clearly where responsibility and decision-making lies for their business. Firms will need to set out clearly the responsibilities of each individual in a PCF role in their Statement of Responsibilities. This will assist firms to develop a Management Responsibilities Map for the firm documenting key management and governance arrangements.

We have designed the framework such that, for consistency, the roles to which the SEAR applies at in-scope firms align with those existing PCF roles to which the F&P Regime applies. As is the case under the F&P Regime, firms will not be required to create new roles. Therefore, while bringing enhanced clarity, the SEAR is proportionate and flexible enough to accommodate the different business models and governance structures of firms.

There are two main types of responsibilities imposed under the framework:

1. Inherent Responsibilities: These are the responsibilities, which automatically align to any given PCF role at an in-scope firm. Our proposed description of such Inherent Responsibilities is set out in the draft SEAR Regulation;

2. Prescribed Responsibilities: These comprise a list of responsibilities, which it is proposed that each in-scope firm must allocate among individuals in PCF roles. Again, our proposed list of Prescribed Responsibilities is set out in the draft SEAR Regulation.

While firms must allocate all applicable Prescribed Responsibilities among PCFs at in-scope firms, the Central Bank does not intend to be overly prescriptive in terms of the allocation of Prescribed Responsibilities to specific PCF role-holders. This approach gives firms the flexibility to allocate responsibilities in a manner that accommodates different business models and organisational structures.

The SEAR introduces a duty of responsibility for individuals performing PCFs at in-scope firms to take reasonable steps to ensure that their areas of responsibility conform to legislative and regulatory requirements.

Conduct Standards

The Conduct Standards will apply to all sectors, to all regulated financial services providers. The Common Conduct Standards will impose a single set of readily understood, basic obligations on individuals carrying out Controlled Functions (CFs) within firms, including obligations to conduct themselves with honesty and integrity, to act with due skill, care and diligence, and in the interest of consumers. We consider these to be the basic standards that should underpin the provision of financial services and in line with what would be considered as good practice by individuals carrying out such functions.

For individuals carrying out PCF and CF1¹ roles, a number of Additional Conduct Standards are imposed relating to the individual’s responsibilities as a senior executive. These standards require that the business of the firm for which they are responsible is controlled effectively, that it complies with regulatory requirements, that any delegation of responsibilities is appropriate and properly overseen, and that relevant information of which the Central Bank would reasonably expect notice is disclosed promptly and appropriately.

Once again, the concept of reasonable steps is at the heart of the Conduct Standards, with the expectation that an individual subject to the Conduct Standards shall take reasonable steps to achieve compliance.  The draft IAF Guidance sets out the Central Bank’s expectations in relation to the Conduct Standards and some non-exhaustive examples of the steps it may be reasonable in the circumstances for an individual to take to ensure they are met.

For example it is acknowledged that individuals coming into a more senior or different role for the first time will, subject to certain minimum expectations as to competence and capability to operate at that level, be on a learning curve. This will be taken into account in determining what steps are reasonable for them to take including for example how long they have been in the role and, where relevant, transitional arrangements for those new to the role and/or with new responsibilities.

In relation to running the part of the business for which they are responsible, reasonable steps would include the context of the nature, scale and complexity of the business of the firm, whether when they took up the role they assessed the operational and risk management arrangements in place, the steps they took to put in place adequate systems and controls, etc. The overall circumstances and environment in which the individual was operating at the time would feature in the Central Bank’s assessment.

Fitness and Probity Regime

The F&P Regime and the IAF can be thought of as two aspects of one overall framework of sound governance and accountability – with the F&P Regime being about suitability of individuals and the IAF about their clear responsibilities and ongoing conduct.

While the F&P Standards are relevant to assessing individuals prior to their appointment (and on an ongoing basis while performing the controlled function), the Conduct Standards only apply once the individual is in the role.

The IAF also introduces a number of enhancements to the F&P Regime to, amongst other things, strengthen the onus on firms and holding companies to certify that individuals in controlled functions are fit and proper on an ongoing basis.

On 20 April 2023, the Central Bank published updated Regulations and Guidance reflecting amendments of a more technical nature required in connection with the Act.

Separately, you will be aware that our portal has recently been enhanced to facilitate the submission of Pre-Approval Controlled Function (PCF) applications. Individual Questionnaires will no longer need to be submitted via the Online Reporting System (ONR), but will instead be submitted via our Central Bank Portal.  These changes became operational on Monday 24 April 2023 and provide applicants with an enhanced process for submitting applications. 

ASP

Amendments to the ASP are also provided for in the Act. Those changes include procedural amendments to our process, including additional fair procedures.

As mentioned, we will launch a separate public consultation on the changes to the ASP in the coming weeks to provide clarity and transparency as to the steps involved in an ASP and guidance as to how we will generally approach these steps.

The nature of the framework

Irish financial services firms play a key role. Not just in supporting the Irish economy and the economic wellbeing of the Irish citizen. But also in supporting the European economy and the wellbeing of EU citizens.

So what we do in financial regulation really matters. And how we, and how you as members of Boards, implement financial regulation really matters.

That is why it really matters that we have a good shared understanding of the new Individual Accountability Framework – how it should and should not be seen. How it should and should not operate.

It should be seen, and operate, as a framework supporting high quality governance, judgement and decision-making within firms. It should not be seen as a compliance framework.

It should be seen, and operate, as enriching the context in which financial firms are supervised. It should not be seen as a new thing to be supervised. (And I will say a bit more about supervision shortly.)

It should be seen, and operate, as bringing helpful clarity as to what is and is not expected of individuals – including as to the limits of what can be reasonably expected. It should not be seen as something that will lead to a large number of enforcement cases against individuals. I say a little more about this in a moment.

We have learned from other jurisdictions that the implementation phase within firms is very important. It is important that the initial and ongoing implementation of this framework is not approached as a compliance exercise but rather that it is internalised throughout firms’ culture, approach and practices to ensure its successful and sustainable adoption.

For all firms, the IAF will exist as part of the broader corporate governance framework. Under the corporate governance framework the board, among other things, is responsible for setting and overseeing the strategy for the firm, has ultimate responsibility for the management of risk in the firm, and must ensure a robust and transparent organisational structure with effective culture, an adequate and effective internal control framework and compliance with applicable legal obligations.

We believe that the IAF will be a significant support to directors and boards in achieving these aims. This has been the experience in the UK where a 2020 review of the Senior Manager and Certification Regime (SMCR) has been credited as a sound framework for enhancing governance. Most senior managers (94%) who participated in the review observed that the regime brought about positive changes to behaviours, while 83% of firms said it had changed their working practices for the better.  Additionally the recent Discussion Paper on the review of the SMCR echoed this point, noting the positive feedback that regulators have received on the regime from firms and other stakeholders over the years in respect of improving conduct, governance, and individual responsibility, which helps them run their businesses more efficiently.

This is where firms taking real ownership of the framework from now will make a major difference. If firms embed the framework properly, it should ideally result in fewer serious issues in the sector over time – and, correspondingly, less need for enforcement actions. Our approach to enforcement of the new framework is consistent with the approach adopted in other jurisdictions, where similar frameworks have brought significant benefits in terms of improved governance within firms without material increases in enforcement activity.

Collective responsibility

In developing the IAF, it has been very important to ensure that the role of collective responsibility and decision-making remains central to firms. This aspect must not be negatively impacted as a result of an increased focus on individual responsibilities in the new framework. The framework makes clear that a key responsibility of individuals remains to act appropriately in the collective decision-making of firms, in line with their role. In this way, the IAF is designed to reinforce the concept of collective responsibility as a core aspect of well-functioning firms, which will assist boards and directors, both executive and non-executive in their respective roles in the governance of firms.

Non-Executive Directors

One aspect that has generated quite a bit of discussion is the proposed inclusion of Non-Executive Directors (including Independent Non-Executive Directors) within the scope of SEAR. We have given this careful consideration and have sought to be proportionate and clear in this regard. We are very conscious of its importance that individuals undertaking non-executive roles within a firm’s leadership are not dissuaded from doing so by a perception of being required to meet unduly demanding standards.

At the same time, these roles are key to the board’s performance and to the sustained success of the firm. They are a key component in a firm’s governance framework, in particular in respect of oversight and challenge. We consider that the expectations under the new framework are fully consistent with their existing responsibilities under the corporate governance framework and should not impose increased obligations.

We also think that if they were not included in scope, it would send the wrong message as to the importance of these roles. To be clear, the standards to be met by these individuals in their role as Non-Executive Director will relate purely to their non-executive oversight functions and will, of course, be limited to what should reasonably be expected of individuals in that context.

Sharing of responsibilities/roles

Inherent and Prescribed Responsibilities are integral to the relevant PCF role and cannot be shared or split amongst different individuals however the Central Bank recognises the importance of job sharing from a diversity and inclusion perspective.

To be pragmatic, we propose that while the default position is that each job sharing individual will have full accountability for the relevant responsibility, this will be discharged where s/he can demonstrate that s/he took reasonable steps to discharge the responsibility, including in relation to the manner in which activities and tasks were shared amongst the job sharers and in respect of their completion on that basis.

Reasonable Steps

The SEAR introduces a duty of responsibility for individuals performing PCFs at in-scope firms to take reasonable steps to ensure that their areas of responsibility conform to legislative and regulatory requirements. To provide clarity about what is expected in this context, and given that reasonable steps also apply in respect of the Conduct Standards, we have provided guidance on the meaning of “reasonable steps”.

The concept of reasonable steps is likely to be already embedded in an individual’s day-to-day actions in managing their areas of responsibility. In assessing the steps that an individual took, the Central Bank will consider what steps an individual, in that position, could reasonably have been expected to take at that point in time. This will include, for example, taking account of whether the individual is a recent appointment to the role and their overall level of experience in the context.  This will depend on the overall circumstances and environment- and regulatory expectations- as they existed at the time rather than applying standards retrospectively.

Our Approach to Supervision

I said earlier that the IAF should be seen as an enhanced context in which financial firms are supervised. It should not be seen as a new thing to be supervised. What does this mean? Well, a couple of things.

First of all, and quite simply, that we are not approaching the IAF/SEAR as a new set of rules, compliance with which we will now set about supervising. That is not how we are looking at it.

As I have said, the IAF is about enhancing the governance and leadership of, judgement and decision-making within, financial firms. So, what that means, is that when we engage with firms in future as part of our ongoing supervisory activities – when we are considering their performance, their governance and leadership, their culture, their risk management. When we are supervising firms, the things that the IAF is getting at – clarity, quality, coherence, etc. – will form part of that supervisory engagement.

The IAF will help – help both firms and ourselves – to explain and to understand how the firm is being run, how it is implementing its business model, and managing its risks. In other words, the IAF will support the supervisory relationship rather than representing something to be separately supervised.

Let me give you a couple of straightforward examples:

Submission of Documents

Reflecting this approach, it is proposed not to impose initial or regular/periodic reporting requirement on firms in respect of Statements of Responsibilities and the Management Responsibilities Map. Instead, firms will prepare these materials on implementation and keep them updated. This reflects their primary importance as tools to support the sound governance of firms. They should be available to the Central Bank on request. For consistency within the F&P Regime, firms will be required to submit a Statement of Responsibilities with new PCF applications.

Annual Certification

The IAF introduces a number of improvements to the F&P Regime including that firms and holding companies will need to certify annually the ongoing compliance with standards of fitness and probity of individuals carrying out CF roles. In line with our approach to supervising the new framework, we do not propose to require firms to submit details regarding such certification to us, though this information should be available to us on request. As part of the existing annual PCF return, firms will required to confirm the completion of the certification process.

Supervisory evolution

But there is also a wider context in which the IAF will be relevant to supervision. As many of you will be aware, under our multiyear Strategy, two key themes are Safeguarding and being Future-focused. In the context of these themes, we are currently reviewing our approach to supervision. We are seeking to ensure that it remains fit, high quality and effective having regard to a rapidly changing landscape, a green and technologically driven future, and to the importance of continually learning lessons and enhancing our approach.

One aspect of this step change programme will be a focus on maturing the supervisory relationship. The more that firms and leaders can demonstrate that they have internalised their obligations, and that they, culturally and in their decision making, have embedded an alignment with regulatory objectives, then the less we need to be focused on compliance and the more we can engage about outcomes. That would be a real maturing of the supervisory relationship. And the IAF with its focus on governance quality and accountability can make a significant contribution in this respect.

Conclusion

I will conclude here. I hope you have found it useful to hear how the new framework fits within our overall approach to regulation, which is based on the principles of proportionality, predictability, and reasonable expectations. A framework which leverages the way that firms have chosen to structure themselves, which will enhance governance and provide a welcome support to directors and boards in meeting their obligations. And also, that it has been helpful to hear about some of the key aspects of the regime and our proposed approach to implementation and supervision.

In order to finalise the proposals, we are keen to receive feedback to the Consultation Paper from a wide range of stakeholders, including those of you in this room today.  I look forward to hearing your views and questions.

¹Those individuals who may exercise a significant influence on the conduct of the firm’s affairs.