In brief: financial services compliance programmes in Ireland

Compliance programmes

Programme requirements

What requirements exist concerning the nature and content of compliance and supervisory programmes for each type of regulated entity?

Requirements in relation to compliance programmes will vary depending upon the type of authorisation held by the firm and the nature, scale and complexity of the firm’s business. The applicable regulatory requirements are set out in domestic Irish legislation, EU legislation, guidance issued by EU bodies such as the European Supervisory Authorities, and the various guidelines, standards and codes issued by the Central Bank of Ireland (CBI). Regulatory expectations are set out in letters to industry, speeches and thematic review reports.

As part of the supervisory process, the CBI conducts inspections and review meetings. The inspections confirm compliance with regulatory requirements, and assess corporate governance structures, outsourcing arrangements, internal controls and risk management systems. Review meetings cover compliance issues and outstanding issues from previous inspections.

The CBI also undertakes themed inspections of regulated financial services firms. Themed inspections focus on a specific topic or product, rather than on a specific institution. The CBI disseminates the findings of the inspections to industry through publication on their website, providing guidance for best practice.

The CBI issues Risk Mitigation Programmes (RMPs) to financial services firms to mitigate unacceptable risks in firms. The Probability Risk Impact System (commonly known as PRISM) is the CBI’s risk-based framework for the supervision of regulated firms. Risk issues identified under this framework form the basis for RMPs. Regulated firms can engage with their supervisors at the CBI regarding the implementation of the RMPs.

Gatekeepers

How important are gatekeepers in the regulatory structure?

The CBI Fitness and Probity Regime seeks to ensure that individuals in key and customer-facing roles are competent and capable; act honestly, ethically and with integrity; and are financially sound. The regime requires that a person performing a controlled function (CF) must have a level of fitness and probity appropriate to the performance of that particular function. A person performing a pre-approval controlled function (PCF) requires prior approval of the CBI before appointment. Individuals performing a CF or a PCF are obliged to comply with the Fitness and Probity Standards for Regulated Firms. Where the key function relates to a bank classed as a significant institution, the assessment is the responsibility of the European Central Bank.

The CBI’s increased focus on culture in regulated firms in recent years has led to it advocating for legislative change to assign regulatory responsibility to individuals working in regulated firms. On 27 July 2021, the Irish Department of Finance published the General Scheme of the Central Bank (Individual Accountability Framework) Bill 2021 (the General Scheme). The General Scheme provides for the establishment of the Individual Accountability Framework (IAF), which includes the Senior Executive Accountability Regime (SEAR).

The purpose of the IAF is to create a framework to facilitate individual accountability and responsibility, particularly for individuals performing senior executive functions (SEFs) within Irish-regulated firms. The General Scheme also aims to remove the existing participation link, whereby regulators must first find that a financial firm committed regulatory breaches before they may impose sanctions on individuals for regulatory contraventions. Part 2 of the IAF implements the SEAR, which will mandate regulated firms to enhance their internal processes by clarifying the roles of their SEFs. This will be achieved by the creation of individual statements of responsibility, together with a management responsibility map documenting the regulated firm’s wider governance and management arrangements. The CBI will be empowered to take enforcement action and impose administrative sanctions where there is a breach of the duty of responsibility imposed on an individual performing a SEF within a regulated firm.

The SEAR will be rolled out on a phased basis, with the initial scope extending only to credit institutions, insurance undertakings (except reinsurance, captive (re)insurance and insurance special purpose vehicles), certain investment firms and any third-country branches of such firms. Additional sectors may, and likely will, be brought within the scope of the SEAR in the future.

The General Scheme also strengthens the CBI’s existing Fitness and Probity Regime. Under the General Scheme, a regulated firm will be required to certify, on an annual basis, that it is satisfied that any individual performing a PCF or a CF role meets the requirements under this regime.

As at January 2022, the Central Bank (Individual Accountability Framework) Bill is being drafted on the basis of the General Scheme. Following publication of the draft bill, it must pass through a number of stages in both houses of the Irish parliament before it becomes law.

The joint European Securities and Markets Authority and European Banking Authority 'Guidelines on the assessment of the suitability of members of the management body and key function holders under Directive 2013/36/EU and Directive 2014/65/EU' are also applicable to key individuals in banks and investment firms.

Directors' duties and liability

What are the duties of directors, and what standard of care applies to the boards of directors of financial services firms?

A senior manager that performs certain key and customer-facing duties may be deemed to be performing a CF or a PCF. By performing a CF or a PCF, a senior manager will be subject to the CBI Fitness and Probity Regime, which seeks to ensure that individuals in such roles are competent and capable; act honestly, ethically and with integrity; and are financially sound. A senior manager performing a CF or a PCF is obliged to comply with the CBI’s Fitness and Probity Standards for Regulated Firms.

The roles of executive director, non-executive director, chairman of the board and various board committee chairs are deemed to be PCF functions, and directors are obliged to comply with the standards imposed under the CBI’s Fitness and Probity Regime accordingly.

Duties of directors of regulated financial services firms also arise under the Companies Act 2014 (as amended) and Irish common law. The Companies Act 2014 (as amended) codified existing common law duties, duties previously developed by case law and existing statutory duties. The duties that directors owe to the company in the performance of their role include:

to act in good faith;
to act honestly and responsibly;
to act within their powers;
to avoid conflicting interests;
to act with due care, skill and diligence;
to keep adequate accounting records; and
to prepare annual financial statements.

The standard of care applicable is that a director must exercise the care, skill and diligence that would be exercised in the same circumstances by a reasonable person who has the knowledge and experience that may reasonably be expected of a person in the same position as the director, and who also possesses the equivalent level of knowledge and experience that the director has.

When are directors typically held individually accountable for the activities of financial services firms?

Under the Fitness and Probity Regime, the CBI has the power to investigate the fitness and probity of a person to perform a CF or a PCF where there is a reason to suspect the person’s fitness and probity to perform the relevant function is not adequate.

Various matters may be taken into account by the CBI, including the suspicion that the person does not have the experience, qualifications or skills necessary to effectively perform the CF or the PCF (or part of it), that the person does not satisfy the Fitness and Probity Standards issued by the CBI, or that the person has participated in serious misconduct in relation to the business of a regulated financial services firm.

The CBI, following the conclusion of its investigation, will issue a report and advise whether a Prohibition Notice will be issued. A Prohibition Notice can prohibit the subject from carrying out the CF or the PCF, or part of it, for the period specified in the notice or indefinitely.

The CBI’s increased focus on culture in regulated firms in recent years has led to it advocating for legislative change to assign regulatory responsibility to individuals working in regulated firms. The General Scheme aims to remove the existing participation link, whereby regulators must first find that a financial firm committed regulatory breaches before they may impose sanctions on individuals for regulatory contraventions. Under the CBI’s proposed new SEAR, regulated firms will be mandated to enhance their internal processes by clarifying the roles of their SEFs. This will be achieved by the creation of individual statements of responsibility, together with a management responsibility map documenting the regulated firm’s wider governance and management arrangements. In addition, a legal duty of care is imposed on individuals while performing SEFs within regulated firms. Such SEFs are required ‘to take reasonable steps to avoid their firm committing, or continuing to commit, a “prescribed convention” in relation to the areas of the business for which they are individually responsible’. The CBI will be empowered to take enforcement action and impose administrative sanctions on individuals who breach their duty of responsibility.

Private rights of action

Do private rights of action apply to violations of national financial services authority rules and regulations?

A customer of a regulated firm who suffers loss or damage as a result of the failure by the firm to comply with any obligation under financial services legislation has a statutory cause of action for damages against the firm. The customer may also obtain a statutory injunction.

An individual may make a complaint to the Financial Services and Pensions Ombudsman. If a complaint is upheld, the Financial Services and Pensions Ombudsman may direct the firm to pay compensation to the complainant or may direct the firm to rectify the issue. The decision may be appealed to the High Court. An individual can also make a complaint to the Competition and Consumer Protection Commission regarding a breach of consumer law.

Standard of care for customers

What is the standard of care that applies to each type of financial services firm and authorised person when dealing with retail customers?

The Consumer Protection Code (2012) (the 2012 Code) sets out the standard of care that applies to regulated firms when dealing with retail customers.

The 2012 Code states that regulated firms, in all of their dealings with customers (whether retail customers or otherwise) within the scope of their authorisation, must, among other obligations:

act honestly, fairly and professionally in the best interests of its customers and the integrity of the market;
act with due care, skill and diligence in the best interests of its customers;
not negligently or deliberately mislead a customer as to the real or perceived advantages or disadvantages of any product or service;
make full disclosure of all relevant material information, including all charges, in a way that seeks to inform the customer;
seek to avoid conflicts of interest;
correct errors and handle complaints speedily, efficiently and fairly; and
not exert undue pressure or undue influence on a customer.

Does the standard of care differ based on the sophistication of the customer or counterparty?

The European Union (Markets in Financial Instruments) Regulations 2017 (as amended) distinguish between eligible counterparties, professional clients and retail clients. Each category of client is afforded different levels of protection, with retail (or consumer) clients afforded the highest level of protection.

More generally, consumers are afforded an array of enhanced protections under various EU and Irish regulations, including those relating to mandatory disclosures, provision of information, distance marketing, the management of arrears, complaints handling, unfair contract terms and competency requirements for consumer-facing staff, among others.

Rule-making

How are rules that affect the financial services industry adopted? Is there a consultation process?

The financial services regulatory framework is made up of domestic Irish legislation, EU legislation, guidance issued by EU bodies such as the European Supervisory Authorities, and guidelines, standards and codes issued by the CBI.

EU Directives must be transposed into Irish law before they take effect, generally by way of primary legislation or statutory instrument. EU Regulations have direct effect in Ireland and throughout the European Union without the necessity for domestic implementing legislation.

When developing proposed policy responses, guidelines, standards or codes, the CBI consults stakeholders – including industry and consumer representatives – and the Department of Finance. All public consultations are announced on the CBI’s website.

Register now for your free, tailored, daily legal newsfeed service.

In brief: financial services compliance programmes in Ireland

Filed under

Popular articles from this firm

The definition of advice under MiFID *

The 6th Motor Insurance Directive: New Regulations in Force *

Derivative Actions: When can a shareholder sue on behalf of a company? *

The use of tied agents under MiFID *

Corporate Disputes: High Court Considers Director Removal in Oppression Proceedings *

Professional development

Related practical resources PRO

Related research hubs

Ireland

Banking

Insurance