Financial services enforcement: past, present and future - Seana Cunningham, Director of Enforcement and Anti-Money Laundering

17 May 2019 Speech

Seana Cunningham

Remarks delivered at the Professional, Regulatory & Disciplinary Bar Association’s Annual Conference 2019

Good afternoon, I am delighted to have the opportunity today to speak with members of the Professional, Regulatory & Disciplinary Bar Association. Organisations such as yours play a crucial role in disseminating knowledge and provoking debate on important legal issues amongst practitioners. I think that this is particularly helpful in areas of law that are dynamic and evolving, such as regulation.

You will be aware that financial regulation is not only a dynamic field, but also a broad one. There are a number of rules, regulations and principles with which your clients, both corporates and individuals, must comply. As you advise those clients, my first message would be to take this breadth into account. It is not enough for regulated firms and those who work for them to comply with the black letter law of Solvency II, for example. They must also comply with the kinds of fundamental principles set out in the Corporate Governance Code or the Fitness and Probity Standards. So, to take one example, when asked to advise on a contract between a customer and a financial service provider, you should ground your advice not only in contract law, but also consider the wider context and ask whether the regulated entity has acted honestly, fairly, with due skill care and diligence and in the best interests of the customer, and whether full disclosure of all relevant material and key information has been made in plain and intelligible English and in a clear and accurate way that actually informs a customer, as required by the Consumer Protection Code. Do not adopt a narrow approach; you might miss the forest for the trees.

With that message in mind, I am going to look to highlight, from my perspective as Director of Enforcement and AML in the Central Bank of Ireland, some recent developments in a number of areas of financial regulation and enforcement, and to convey some ‘top tips’ based on our experience as the regulator.

Setting the scene

Before doing that, I would like to set the scene by highlighting some recent enforcement actions taken by the Central Bank against individuals and to then give some context regarding one of our primary enforcement tools, the Administrative Sanctions Procedure or ASP.

We have achieved some notable outcomes in recent times, particularly in enforcement action against individuals. Under the Fitness and Probity regime, we have issued six prohibition notices in respect of individuals in the last four years. The most recent prohibition notice was published this year in respect of a former partner of a financial brokerage firm, prohibiting him from performing any controlled function in a regulated financial service provider for an indefinite period. The publication of that prohibition notice is significant, as it is the first time that the Central Bank exercised its discretion to publish the prohibition notice in full, having only published brief statements in the past.

If you have not done so already, I encourage you to read the notice as it contains important messages about the Central Bank’s understanding of what constitutes ‘serious misconduct’, and the relevance of factors such as cooperation and the payment of redress. It also serves to highlight the importance of protected disclosures to the Central Bank in fulfilling our mandate.

Under our other principal enforcement process, the ASP, we have also achieved notable outcomes against individuals. For example, in December 2018 we imposed an 18-year disqualification order on the former Head of Commercial Lending at Irish Nationwide Building Society, which is the lengthiest such order yet issued by the Central Bank.

We continue to impose monetary sanctions on firms and individuals under the ASP. Since 2006 the Central Bank has concluded 128 enforcement actions and imposed monetary sanctions in the sum of over €70m pursuant to the ASP. Last year, we achieved a number of important enforcement outcomes and imposed fines totalling over €7m. Notable outcomes against firms included: a fine of €3.5m imposed on RSA Insurance Ireland following an investigation that found failings in the firm’s governance arrangements, accounting procedures and internal control mechanisms; and a fine of €443,000 imposed on Appian Asset Management for serious deficiencies in its risk management, compliance oversight, and systems of internal control, which exposed the firm to cyber-fraud.

The purpose of our enforcement actions is to deter misconduct and to promote compliance, and we use our public statements in relation to enforcement actions to outline not only the breaches of legal requirements identified by our investigations, but also the Central Bank’s expectations of all financial services firms. 

You will doubtless be aware that in August 2013, the maximum monetary penalties we could impose under the ASP were increased. For individuals, we can now fine up to €1million. For firms, we can impose a penalty of up to €10million, or 10% of the firm’s turnover, if the latter is a greater amount. We must and do have regard to these statutory revisions when deciding on the appropriate sanction. As we sanction increasingly for conduct that occurred in or after August 2013, you may therefore see an increase in the size of monetary penalties. These penalties need to be a real deterrent, and not be seen as a cost of doing business.

We have also met legal challenges to our enforcement process in recent years: the constitutionality of the ASP has been tested before the High Court and Court of Appeal. To date, the Central Bank has successfully defended each of the challenges brought. In that litigation, we have heard enlightening and helpful judicial commentary. For example, Hedigan J noted in one case that the expert evidence:

“… demonstrated very clearly the overwhelming public interest in maintaining the integrity of the financial sector of society … It is something that requires… effective forms of regulation and enforcement. The Oireachtas has provided that those functions should be carried out by the Central Bank … and have established complex and sophisticated administrative machinery for doing so.”1

These successes, both in using our enforcement powers and defending them in court, were undoubtedly factors behind the Law Reform Commission’s endorsement of our framework in its report of October 20182: in making its recommendations for a regulatory toolkit for all financial and economic regulators, it used the ASP as a reference model.

As you are aware, that LRC report also covered corporate crime. While our primary enforcement mechanisms are regulatory, I should note that we also play a role in the wider Irish framework to fight financial crime, and engage and work regularly and constructively with other actors such as the Gardaí and the DPP. Further, we support reforms that aim to enhance inter-agency cooperation in this area.

Moving on to more recent developments that might be of interest to you as practitioners, I will speak to five in particular: anti-money laundering; the enforcement investigative process; fitness and probity; protected disclosures and proposals for reform.


I need not tell you that the focus of regulators and law enforcement agencies on money laundering and terrorist financing has grown in the past few years, as we try to combat the cash flows that are the lifeblood of organised or transnational crime.

The Irish AML/CFT legislative framework is set out in the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010. This framework was updated with the transposition of the 4th Anti-Money Laundering Directive into Irish law in the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2018.

Like most regulators, we perform three basic regulatory tasks: we authorise, we supervise and we enforce. In the broader anti-money laundering framework in Ireland, where a wide coalition of actors, including legal practitioners, are part of Ireland’s efforts to combat money laundering and terrorist financing, we supervise credit and financial institutions’ compliance with relevant requirements, and take measures to secure compliance by such institutions with their obligations. Last Friday, we published our most recent enforcement outcome in this area – fining the stockbroker Campbell O’Connor €280,000 for serious failings in their anti-money laundering framework. Importantly, the failures only came to light through our ongoing supervisory process – specifically a set of themed inspections in the investment firm sector. While this was the first AML enforcement action we have taken against a stockbroker, we have previously taken action in respect of these types of breaches by firms in many other sectors.

It is important to note in this context that the Central Bank has no remit to investigate allegations of money laundering. Such investigations are the function of the Financial Intelligence Unit within an Garda Síochána and it is with them and the Revenue Commissioners that Suspicious Transaction Reports (STRs) must be filed. However, if during the course of supervisory activity we form a suspicion that money laundering has occurred, we are obliged to and do report such suspicions to the Gardaí for further investigation.

We are currently in the process of finalising Anti-Money Laundering and Countering the Financing of Terrorism Guidelines for the Financial Sector, the aim of which is to assist credit and financial institutions in understanding their obligations under the CJA 2010, as amended. My message to you is to keep a very close eye on these developments, because the regulatory focus at national and EU level on this area is set to continue. In order to give full advice to financial services clients, it will be necessary to keep up to date with this fast-evolving area. The role of financial service providers in detecting and reporting suspected money laundering is vital in safeguarding the financial services sector from criminal activity and terrorist financing and this will remain a key area of focus for the Central Bank.


I thought it might be of interest to tell you a little more about the investigative work of our enforcement teams, and trends that we have seen in this area. In recent years our investigations have become more and more complex. They often involve vast amounts of data. As we deal with the explosion of data we rely increasingly on artificial intelligence and sophisticated document management software. We recently recruited a team of specialist data analytics professionals to manage this process. We are also using powers to compel information granted to us in the Central Bank (Supervision and Enforcement) Act 2013 to an ever greater extent, including through compelled interviews.

What then of your role in the investigative process, as legal practitioners? Well, notwithstanding your obligation to fearlessly defend the interests of your client, which we understand, I should like to highlight that cooperation with the regulator is important, and extends well beyond engaging in settlement discussions. One area in which we frequently see a lack of cooperation, or a level of cooperation that falls short of what is required, is in responses to statutory requests for information. We see failures to meet deadlines, or repeated unreasonable requests to extend deadlines. Whilst we will of course engage constructively with firms, we are seeking to progress investigations and will not permit firms and their lawyers to protract our investigations with repeated requests to extend statutory deadlines. This is not litigation - it is an investigation.

In this context, I cannot stress enough that engagement with enforcement forms but one part of an ongoing relationship between regulated firms and their staff on the one hand, and the Central Bank on the other. In addition to our enforcement teams, a firm’s supervisors are engaged at all stages of an enforcement investigation, and will attend settlement meetings. There is an explicit feedback loop between enforcement and supervision regarding the culture of the firm and our experience of the firm in the course of an investigation. And again, this is not litigation: unlike in most commercial settlements, the parties do not walk away at the conclusion of an enforcement action, perhaps hoping that their paths never cross again. There is in almost all cases an ongoing supervisory relationship, and cooperation with the regulator is a basic expectation of ours in the context of engagement with firms, whether in a supervisory or enforcement context. That is why lack of cooperation can have an impact on the size of a fine, and as we move into fines for post-2013 conduct, that impact could be considerable. By the same token, cooperation in the form of early settlement can bring considerable benefits under our early settlement discount scheme, namely a reduction of up to 30 per cent in the fine imposed. Early settlement is an efficient use of our resources, and provides timely resolution and transparency through the publication of the details of the case. In those public statements, we will call out the headline figure and the reduced figure, to serve as a reminder in black and white of the benefits of cooperation. Those benefits are many and various; as Abraham Lincoln wrote in his Notes for a Law Lecture, “Discourage litigation. Persuade your neighbours to compromise whenever you can. Point out to them how the nominal winner is often a real loser - in fees, expenses, and waste of time. As a peacemaker, the lawyer has a superior opportunity of being a good man. There will still be business enough.”

Fitness and Probity

So much for investigations and your role in them. As I noted earlier, they are conducted principally under two processes: the ASP and the Fitness & Probity regime. The ASP is the process with which I suspect you will be most familiar (and which tends to grab the headlines) but we have achieved notable outcomes in Fitness & Probity as well. There have been prohibitions, as I noted earlier. But our role is not limited to investigating past misconduct: as you know, alongside our role as investigator of fitness and probity issues, we act as gatekeeper for the most senior roles within the industry (the pre-approval controlled function or “PCF” roles) and as standard setter for controlled function roles. I think it is useful to highlight our work in these areas and why we see it as so important - this is about the Central Bank assessing the fitness and probity of those that firms wish to appoint to the most senior roles in financial services, and also about the important obligations to which regulated firms are themselves subject in this regard.

We take our gatekeeping role very seriously and where we have concerns regarding the fitness and probity of individuals proposed for PCF roles we will raise these concerns as part of this process. Often, this is done as part of interviews with proposed candidates – as part of our preparation for these interviews we may need to gather documents and information – we may also need to conduct more than one interview. What we are doing here is looking to ensure that those in the most senior jobs have the requisite skills and competency for the role, and the integrity and probity to be trusted in that role. We see our function here as critical to our mission to serve the public interest by safeguarding monetary and financial stability, and working to ensure that the financial system operates in the best interests of consumers and the wider economy. As with investigations, there is great benefit to firms and individuals in being open and cooperative with the Central Bank when engaging in the gatekeeper process.

Of course, the attributes required for PCF roles will differ greatly. Many PCF roles require specialised, technical expertise while other roles may be more generalist in nature. The competencies required for board members may differ from those required for senior executives in head of function type roles.

Moreover, the attributes required for a given PCF role may vary significantly between firms—even between firms in the same sector—depending, for example, on the nature, scale and complexity of the firm’s business activities. As such, there is no “one size fits all” approach to the assessment of fitness and probity for any given PCF role. It is for firms, in the first instance—prior to seeking approval from the Central Bank—to determine whether a given person is suitable for the specific PCF role within the firm. In doing so, firms must consider the Central Bank’s fitness and probity standards (a statutory code) when assessing the suitability of proposed PCFs. The Central Bank’s guidance on the fitness and probity standards will be of assistance to firms and practitioners in this regard.

Just to give you context to the level of activity in this area - to date, since the commencement of the regime, 70 applications for senior (i.e. PCF) positions have been withdrawn where the Central Bank has challenged the applicant. 

However, despite our best efforts we have noted a lack of general awareness in the industry regarding the scope of the Fitness and Probity Regime, particularly as to the extent of a firm’s own legal obligations. That is why last month we sent a “Dear CEO” letter to the heads of all regulated firms in the jurisdiction, to emphasise to firms that they have significant compliance obligations and first line responsibility under the Fitness and Probity Regime, and to highlight some of the main areas of compliance, which have been found to be lacking.

Amongst other matters, the letter noted a failure to carry out ongoing due diligence: certain firms are not assessing, on an ongoing basis, whether those carrying on controlled function roles remain ‘fit and proper’ to do so. Also, we have seen failures to notify us of concerns: certain firms who have had concerns regarding the fitness and probity of those carrying on controlled function roles have tried to address those concerns internally (including by way of suspension), but have not told us about their concerns, or the steps taken by them to address them. Of perhaps greater concern are failures to obtain PCF approval: certain firms have appointed senior persons to roles that require prior Central Bank approval without obtaining that approval. We can, and have taken action against firms for their failures to meet their obligations under the fitness and probity regime.

The Central Bank’s vision for the fitness and probity regime is that regulated firms and individuals who work in these firms are committed to high standards of competence, integrity and honesty, and are held to account when they fall below these standards. This is an ideal that should resonate with you all, and indeed with the wider public. As practitioners, you should bear this vision and these failings in mind as you advise firms and individuals. It is to the benefit of all that there is public trust and confidence in the financial system, and that the public interest is protected. Here, the roles of both Central Bank and regulated firms under the fitness and probity regime are vital.

Protected disclosures

Moving on to my penultimate area of focus, I will speak to a matter that has been much in the news of late, namely whistle-blowing, or protected disclosures.

Our Protected Disclosures regime allows members of the public or staff of regulated firms to provide information on suspected regulatory wrongdoing in a confidential form to the Central Bank. As you may be aware, senior individuals are under an obligation to report wrongdoing to us.

Protected Disclosures reports are an important supervisory tool to assist the Central Bank in discharging its supervision and enforcement mandate. These reports have triggered action such as on-site inspections, the issue of risk mitigation plans and enforcement action. The numbers of protected disclosures are increasing year on year. 113 protected disclosures were received in the twelve months to June 2018, compared to 79 in the year before that.

We encourage individuals to come forward to our dedicated Protected Disclosures team where they have concerns or information relating to suspected regulatory wrongdoing in financial services. We understand that this can be a difficult and indeed stressful step to take.

Protected Disclosures should therefore be on your radar, as international experience suggests that, as they mature, whistle-blowing regimes tend to generate a lot of queries from clients. The United States is a prime example of this trend. I therefore advise you to familiarise yourselves with the operation of our regime. When giving advice to individuals, you should be particularly conscious of the positive statutory obligation on those performing pre-approval controlled functions to report wrongdoing to us.


Finally, I shall talk to you a little about reforms (which have been a recent focus). I mentioned the Law Reform Commission’s October 2018 report in my introduction. That report followed submissions from a number of regulators, including the Central Bank. In our submission to the LRC in December 2017, we proposed changes to the legal framework to enhance the accountability of individuals. We expanded on these proposals in our July 2018 Report to the Minister for Finance on the Behaviour and Culture of the Irish Retail Banks.

We proposed an Individual Accountability Framework comprising four elements:

First, we proposed enforceable Conduct Standards which set out the behaviour the Central Bank expects of regulated firms and the individuals working within them. Examples of such standards include the binding obligations on firms and individuals to conduct themselves with honesty and integrity, act with due skill, care and diligence in relation to the conduct of their business and co-operate with relevant regulatory authorities.

Second, we proposed a Senior Executive Accountability Regime, or “SEAR”, to ensure clearer responsibility and accountability by placing obligations on firms and senior individuals within them to set out clearly where responsibility and decision-making lie for their business. Taking a risk-based approach, it was proposed in the Report to the Minister that the initial introduction of a Senior Executive Accountability Regime would focus on a sub-set of the financial services industry.

Third, we proposed further enhancements to the current F&P Regime, to strengthen the onus on firms to proactively assess individuals in controlled functions on an ongoing basis. We also proposed enhancements to overcome some current limitations of the Central Bank’s F&P oversight function (for example giving us the ability to investigate people who performed controlled function roles in the past).

Finally, we proposed a unified enforcement process, which would apply to all breaches by firms or individuals of financial services legislation. We also recommended that the hurdle of participation be removed such that the Central Bank could pursue individuals directly for their misconduct under the Administrative Sanctions Procedure, rather than only where they are proven to have participated in a firm’s wrongdoing.

The shape of these reforms are ultimately a matter for the Oireachtas, but if the Individual Accountability Framework is implemented, experience from other jurisdictions (and especially the UK) suggests that practitioners will play an important role in advising firms on the implementation of the new regime. I therefore encourage you to familiarise yourselves with the detail of the proposals in the Culture Report and to keep abreast of legislative developments.


In conclusion then, I would leave you with the following key messages:

  • Do not adopt a narrow approach; you might miss the forest for the trees.
  • With that in mind, keep a close eye on developments, particularly in areas such as anti-money laundering, which are rapidly evolving, in order to give full advice to your clients
  • Remember the need for cooperation – our enforcement investigations are exactly that – investigations, not litigation.
  • Always seek to remind firms of the important role that they play in the fitness and probity regime.
  • Finally, familiarise yourselves with the operation of our protected disclosures regime, as it is likely to be a growing area of work for you in the coming years.

Like all fields of regulatory law, financial services enforcement is evolving rapidly in this jurisdiction. As practitioners, you play a key role in ensuring that we achieve our goal: a financial system that is well-managed, well-regulated, and sustainably serves the needs of the economy and consumers over the long term. In playing that part, I urge you to keep abreast of developments and not to adopt a narrow approach, but to keep your eyes trained on the broad horizon. I thank you for your time and your interest this afternoon.

I would like to thank John Lynch, Jillian Fleming, Shane Connolly, David Hanlon, Stephen O’Halloran and Claire McGrade for their assistance in preparing my remarks.


1 Purcell v Central Bank & Ors. [2016] IEHC 514 at 8.7.

2 Law Reform Commission: Report on Regulatory Powers and Corporate Offences (October 2018)