The Irish Finance Ministry’s publication on 27 July of the general scheme of the Central Bank (Individual Accountability Framework) Bill will create Ireland’s first comprehensive senior executive accountability regime (SEAR). SEAR will introduce prescribed responsibilities for senior managers and strengthen firms’ obligations to undertake due diligence on staff. It will also impose more onerous conduct standards that can be enforced directly by the Central Bank of Ireland (CBI) against staff through fines and other sanctions. However, the draft Bill sets out only the main regime features with important details delegated to subsequent CBI rulemaking. For example, we don’t yet know whether SEAR will require financial firms to obtain regulatory references from previous employers, nor do we know precisely what kinds of staff action will result in fines and potentially career-ending regulatory sanctions. Extensive consultations will be critical when the CBI exercises its rule-making powers under the proposed legislation to avoid damage to Ireland’s important foreign direct investment financial sector.
SEAR is the latest Irish example of the current prominence of cultural and conduct issues in financial regulation, but what are we likely to see next? Even pre-pandemic, the Financial Stability Board (the G-20’s financial think-tank) and the EU Commission were focused on some other prominent themes, including FinTech developments, climate risks and cyber-resilience. Let’s look more closely at three recently proposed and important related evolutions in EU financial regulatory law.
FinTech and AI
The FinTech and InsurTech sector is alive with excitement about the possible applications of artificial intelligence (AI), and the Commission’s April 2021 proposed AI Regulation (AIR) will have wide-ranging impacts on the sector. AIR will impose specific requirements on financial firms using AI in “high-risk” settings, such as creditworthiness as well as more routine applications such as chatbots. Some uses of AI will even be prohibited under the proposals. MHC has prepared a 10,000 ft view of AIR – see link here.
In the climate area, the Commission’s July 2021 strategy on financing the transition to sustainability announced that it will shortly propose further amendments to CRDIV/CRR, the prudential framework for banks. These amendments will be designed to ensure that ESG factors are consistently included in risk management systems and supervision. To achieve this, clear requirements will be set to identify, measure, manage and monitor sustainability risks, including climate change stress testing for banks. It seems likely that these changes to risk management systems will subsequently be rolled out by the EU beyond banking to other financial sectors, such as insurance. MHC is regularly monitoring developments in sustainable finance – see link to our overview here.
The EU Commission’s proposed Digital Operational Resilience Act (DORA), published in September 2020, is worth watching in this area. The EU has produced standards for cyber-resilience previously (the NIS and draft NIS2 directives) but DORA, as a sector-specific piece of legislation, should take precedence for the financial sector. DORA aims to bring critical third-party ICT providers to the financial sector within the regulatory perimeter and seeks to strengthen and standardise ICT risk management frameworks across the sector. It will also intensify regulatory scrutiny in this area.
What short-term evolutions can we foresee in the CBI’s post-pandemic engagement with industry? Reverting to the FSB, its July 2021 report on the financial system’s functioning during the pandemic highlights some possible areas of focus. It suggests that Irish financial firms should be ready for close scrutiny of their crisis management/business continuity and operational resilience arrangements in the aftermath of the pandemic. The CBI will focus on hybrid working arrangements, expecting firms to have carefully analysed inherent risks and to demonstrate that necessary additional controls have been implemented. The CBI is likely to encourage firms to further prioritise ESG in their businesses, perhaps by setting up stakeholder engagement groups or even pressing firms to allocate board seats to stakeholder advocates. Finally, with impending EU action in this area, the CBI will focus ever more closely on firms’ risk management frameworks relating to climate risk, building on previous CBI industry climate risk surveys.
In his “Wealth of Nations”, Adam Smith bemoaned the economic damage done by “do-gooder” market regulators. There seems to be little sympathy for Smith’s views among today’s politicians and regulators. All economic theories fall out of fashion eventually, but the financial industry’s current regulatory rollercoaster ride seems far from over.