Central Bank’s Consumer Protection Function Reviewed
On 24 March 2015, the Central Bank published the outcome of an external review of its consumer protection function which was carried out by the Netherlands Authority for the Financial Markets using the G20/OECD High Level Principles on Financial Consumer Protection as a reference point. The Netherlands Authority for the Financial Markets is the independent supervisory authority in the Netherlands for the savings, lending, investment and insurance markets. The peer review was part of a knowledge sharing programme between the two regulatory authorities in relation to best practices and challenges in each jurisdiction.
The review noted the dedication of the Central Bank to continually strive to achieve better outcomes for consumers and that although the Central Bank’s consumer protection mandate is relatively new, a lot has been achieved in a relatively short timeframe. The review also identified possible areas for improvement and made recommendations to further develop the existing model and approach. The Central Bank will carry out a reciprocal review of the Authority for the Financial Markets this year.
Click here to read the full text of the review.
Fitness and Probity Standards for Credit Unions
Under the Central Bank Reform Act 2010, the Central Bank regulates persons performing controlled functions or pre-approval controlled functions in credit unions. Pursuant to this power, on 31 March 2015 the Central Bank published Fitness and Probity Standards which the above mentioned persons must comply with, and Guidance on Fitness and Probity Standards.
Please click here for copies of these documents.
Tom Kavanagh & Bank of Scotland plc –v- Patrick McLaughlin & Roseann McLaughlin
This case is relevant to the ability of a lender to transfer charges held by it over assets to a third party under the European Communities (Cross-Border Mergers) Regulations 2008 (S.I. No. 157 of 2008) (the “Regulations”). The Regulations facilitate mergers between Irish companies and those located elsewhere in the EU. The procedures involved vary depending on the type of merger taking place but all involve the preparation of common draft terms between the companies involved, the drafting of an explanatory report by the directors and advertisement of the proposed merger. The High Court must also review and approve all such mergers, both inbound and outbound, involving Irish companies. Once the merger is completed, the assets and liabilities of the Transferor Companies transfer automatically by operation of law, eliminating the need for any additional documentation.
In the present case, Patrick and Roseann McLaughlin had various facilities with Bank of Scotland Ireland Limited (“BOSI”). BOSI held security comprising both registered and unregistered mortgages/charges over various properties from the McLaughlins. The McLaughlins argued that the cross-border merger between BOSI and Bank of Scotland plc (“BOS”), did not have the effect of transferring the benefit of this security from BOSI to BOS.
The cross-border merger of BOSI to BOS was made under the Regulations in Ireland and the Companies (Cross-Border Mergers) Regulations 2007 in the UK. The orders approving the cross-border merger were made by the High Court on 20 October 2010, and by the Court of Session in Scotland on 10 December 2010. The effect of those orders was to ensure that all assets and liabilities of BOSI were transferred to BOS at 23:59 on 31 December 2010, and that BOSI then stood dissolved without liquidation and ceased to exist.
The McLaughlins argued that the security did not constitute an “asset” within the meaning of the Regulations. In the alternative, they argued that, if the cross-border merger did have the effect of transferring security from BOSI to BOS, as BOS was not the registered owner of the charge it did not have authority to appoint a receiver.
The Supreme Court held that security constituted an “asset” within the meaning of the Regulations on the basis that the ordinary meaning of the term "asset" in the context of a company refers to any element of a company's business that has the potential to confer value. When considering the value of a loan, the existence of security would have a significant effect on that valuation. In addition, in order for the Regulations to specifically exclude security from the definition of "asset", this would require clear wording in the body of the legislation.
Further, the Court held that the receiver was validly appointed under the terms of the charge as a matter of contract. The fact that BOS was not registered as the owner of the charge did not affect its contractual power to appoint a receiver. However in obiter comments, the Court did query how BOS could exercise its power of sale and give good title without being registered as owner of the charge and noted that in order to avail of the powers and protections of the Registration of Title Act 1964, and in the absence of a specific statutory provision to exempt this registration requirement, BOS must be registered as owner of the charge in the Land Registry.
Family Home Mortgage Settlement Arrangement Bill
The Family Home Mortgage Settlement Arrangement Bill (the “Bill”), which aims to deal with the issue of distressed mortgages, is currently being debated by the Dail. The Bill would remove the power of banks to veto proposals to restructure a family home mortgage and to allow arrears problems be tackled without immediately opting for legal action.
The Bill will allow people who have fallen into arrears to get an order specifically relating to the family home using the Insolvency Service of Ireland. No additional costs will be imposed on the State from setting up the new structure.
Under the Bill, the mortgage holder will be represented by a personal insolvency practitioner who is responsible for bringing the proposal before the courts. If a new arrangement can be established, the Courts can then make a range of orders including a split mortgage or debt for equity arrangement.
The proposed legislation includes the following safeguards in an effort to ensure a balance is struck between the reasonable interests of borrowers and lenders;
- The individual may enter into a Family Home Mortgage Settlement Arrangement only once;
- The individual must have exhausted the appeals process as set out in the Code of Conduct on Mortgage Arrears;
- A completed Prescribed Financial Statement must be made along with a statutory declaration confirming that the statement is a complete and accurate statement of the mortgagor’s assets, liabilities, income and expenditure.
European Banking Authority (the “EBA”) Recommends Crowdfunding Regulation Across the EU
The EBA published an opinion on crowdfunding on 26 February. The opinion looks into lending-based crowdfunding across the EU, identifies a series of risks and evaluates how they can be addressed in the EU legislative framework. The opinion notes that because crowdfunding is at quite an early stage, regulatory convergence should be based on existing EU legislation for example the Payment Services Directive. Click here to read the full text of the opinion.
Risk Management for Payment Service Providers who deal with Consumers in Ireland
In this article, Patrick Collins and Seána Glennon explain the potential legal risks that payment service providers (“PSPs”) should be mindful of when providing services to consumers located in Ireland.
For the purposes of this article, PSPs are institutions which execute payment transactions, provide money remittance services, issue payment instruments (e.g. credit cards) or provide payment accounts (e.g. current accounts, savings accounts). PSPs include banks, credit card companies and money remittance businesses.
The EU often imposes targeted financial sanctions, which may apply to specific persons, groups and entities responsible for objectionable policies or behaviour. Ireland is required to apply sanctions to individuals and entities prescribed by the EU. For example, the European Union (Afghanistan) (Financial Sanctions) Regulations, 2013 enforces financial sanctions against certain persons and entities associated with the Taliban in Afghanistan.
PSPs are required to adhere to those financial sanctions regulations. For example, they have an obligation to freeze all funds and economic resources of the targeted persons and entities, and prohibit the making of funds or economic resources available directly or indirectly to or for the benefit of those persons and entities.
Enactment of financial sanctions measures and related asset freezing restrictions are a matter for the Department of Finance and, at an operational level, are enforced by the Central Bank of Ireland (the “Central Bank”) (Ireland’s financial regulator). The Central Bank may, in the exercise of these powers, give directions or issue instructions to PSPs as it sees fit.
A PSP who fails to comply with the aforementioned obligations or who fails to comply with Central Bank’s directions or instructions commits an offence.
Where an offence is committed by a body corporate and is proved to have been so committed with the consent, connivance or approval of, or to have been attributable to the neglect on the part of any person, being a director, manager, secretary or other officer of the body corporate or a person who was purporting to act in any such capacity, that person as well as the body corporate commits an offence and is liable to be proceeded against and punished as if he or she committed the first-mentioned offence.
A person who commits an offence in relation to financial sanctions is liable:
- On summary conviction, to a Class A fine (no more than €5,000) or to imprisonment for a term not exceeding 12 months or to both, or
- On conviction on indictment, to a fine not exceeding €500,000 or to imprisonment for a term not exceeding three years or to both.
PSPs can adopt the following compliance procedures, so as to manage their risk of contravening the sanctions regime.
- Maintain a watch list of entities - promote awareness of the list within the business – update the list regularly.
- Senior management responsibility – take responsibility for policies and procedures - a high level of senior management awareness of the firm’s obligations regarding financial sanctions.
- Risk assessment – conduct a comprehensive risk assessment, based on a good understanding of the sanctions regime, covering the risks that may be posed by clients, transactions, services, products and jurisdictions.
- Staff training and awareness – regularly update training and awareness programmes that are relevant and appropriate for the role of particular roles.
- Screening during customer on-boarding – screening against the list of restricted individuals/entities before providing any services or undertaking any transactions for a customer.
- Ongoing screening – screening of the entire client base within a reasonable time following updates to list of restricted individuals/entities. 3578302.1
- Adopt red flag procedures for when a counterparty appears to be connected to an entry on the watch list.
Most PSPs are designated persons for the purposes of the Criminal Justice (Money Laundering and Terrorist Financing) Act, 2010. The 2010 Act transposes the Third EU Money Laundering Directive into Irish Law. Designated persons have the following obligations under the 2010 Act:
- Conduct Customer Due Diligence (“CDD”) in relation to customers – CDD must be conducted: (i) prior to the commencement of a business, professional or commercial relationship between the designated person and the customer that the designated person expects to be ongoing; or (ii) prior to carrying out any single transaction or a series of transactions that are, or appear to be linked to each other with, for or on behalf of a customer, where the total amount of money paid by the customer in a single transaction or series of transactions is greater than €15,000. CDD is also required if a member of staff has reasonable grounds to believe that there is a real risk that the customer is involved in, or the service sought by the customer is for the purpose of, money laundering or terrorist financing. These requirements should, wherever possible, be fully satisfied by obtaining and checking acceptable documentation. For natural persons, this documentation will usually entail one proof of ID (e.g. driving licence), plus one proof of address (e.g. bank statement or utility bill). Designated persons should obtain and verify the name, date of birth and current address of customers.
- Suspicious Transactions Reporting – A designated person is required to report to the Garda Síochána (Irish Police) Financial Intelligence Unit (“FIU”) and Revenue Commissioners, known or suspected instances of money laundering or terrorist financing or where the designated person has reasonable grounds to suspect such instances.
- Tipping Off is Prohibited - A designated person shall not make any disclosure that is likely to prejudice an investigation that may be conducted following the making of an suspicious transactions report.
- Training and Internal Procedures - A designated person is required to adopt an AML/CTF policy, which is documented in writing. It must also train its staff, in relation to its obligations under the 2010 Act as described above.
- Record keeping – A designated person must retain customer records for a period of not less than 5 years following the date of the last transaction with the customer.
Furthermore, when conducting non face-to-face business (e.g. by post, telephone or internet) with customers who are individuals (this rule does not apply to customers who are companies), the designated person must carry out additional CDD measures (i.e. additional to those listed above). Examples of those additional CDD measures include:
- Telephone contact with the customer prior to the commencement of the business relationship on a home or business number which has been verified (electronically or otherwise), or a “welcome call” to the customer before the business relationship starts, using it to verify additional aspects of personal identity information that have been previously provided during the setting up of the account;
- Communicating with the customer at an address that has been verified (such communication may take the form of a direct mailing of account opening documentation to him, which, in full or in part, might be required to be returned completed or acknowledged without alteration);
- Internet sign-on following verification procedures where the customer uses security codes, tokens, and/or other passwords which have been set up during account opening and provided by mail secure delivery to the named individual at a verified address; and
- Card or account activation procedures where the customer uses security codes, tokens, and/or other passwords which have been set up during account opening and provided by mail secure delivery to the named individual at a verified address.
The designated person should satisfy itself as to the validity of any copy documentation received from or on behalf of non face-to-face customers where warranted by the risk. These additional risks may be mitigated by one or more of the following measures:
- Obtaining additional documentation to that obtained for face to face customers. These additional documents can be in electronic form;
- Verification of the customer’s identity on the basis of confirmation received from an acceptable institution e.g. their bank, that the customer is, or has been, a customer of that institution;
- Ensuring that the transaction is carried out through an account in the customer’s name with a bank; or
- Certification of the documents received (e.g. certification by the customer’s bank).
The 2010 Act states that a designated person who fails to comply with the obligations described above commits an offence and is liable:
- on summary conviction, to a fine not exceeding €5,000 or imprisonment for a term not exceeding 12 months (or both), or
- on conviction on indictment, to a fine or imprisonment for a term not exceeding 5 years (or both).
Payment Services Regulations
PSPs authorised as Payment Institutions under the European Communities (Payment Services) Regulations, 2009 and credit institutions must comply with a variety of conduct of business rules outlined in the 2009 Regulations. Many of these rules relate to consumer protection in the event of an unauthorised transaction, such as fraudulent use of a customer’s credit card by another person. In those cases, the customer is required to notify the PSP without undue delay, and where the transaction is found to be unauthorised, the PSP must refund the customer immediately, unless the customer has acted fraudulently.
The Central Bank of Ireland’s Consumer Protection Code, 2012
PSPs are required to comply with the Code when dealing with consumers. “Consumer” as defined in the Code means an individual, but also means a company with an annual turnover of €3 million or less in the previous financial year. The Code contains conduct of business rules regarding: (i) sales processes; (ii) the content of terms of business issued to consumers; (iii) consumer complaints handling; (iv) provision of information to consumers; and (v) advertising of services.
Administrative Sanctions Procedure
A proven breach of the 2010 Act, the 2009 Regulations or the Code by a PSP could be subject to the Central Bank Administrative Sanctions Procedure (“ASP”).
In accordance with the ASP, the Central Bank can examine a potential breach of those regulations. If the Central Bank considers that a breach may have occurred, it can hold an inquiry in relation to the alleged breach. At the conclusion of the inquiry, the Central Bank may determine that a breach has occurred. In that case, the Central Bank can impose a range of sanctions against the regulated entity, including:
- caution or reprimand;
- monetary penalty - in the case of a corporate or unincorporated body, an amount not exceeding €10,000 or 10% of the annual turnover of the regulated entity in the last financial year, whichever is the greater, or in the case of a natural person an amount not exceeding €1,000,000;
- a direction to cease the contravention, if it is found that the contravention is continuing; and
- a direction to pay all or part of the costs of the investigation and inquiry.
Credit Risks and Chargebacks for Merchant Acquirers
If a consumer does not receive the goods or services paid for and requires a refund transaction, the merchant acquirer usually has an obligation to refund the card issuing bank and will usually be entitled to recover the sum from the merchant through their contractual arrangements. This reversal of the sales transaction is known as a “chargeback”, and commonly arises in cases where the wrong goods are supplied, the goods supplied are faulty or the goods are not supplied at all.
The risk for the merchant acquirer arises where the merchant becomes insolvent between the date of the transaction and the date of the chargeback and is unable to reimburse the merchant acquirer. If the acquirer cannot recover the amount of the chargeback from the merchant within the relevant period, it will bear the loss of the chargeback amount. The exposure of the acquirer arises during a “chargeback period” only. After the chargeback period, the risk passes to the card issuer. It is therefore important from an acquirer perspective to be aware of when the chargeback period commences (usually either the date the transaction is processed or the date the goods or services should have been received), in order to assess the period of liability for the acquirer.
In addition to being vigilant with regard to the period of liability, another important element for merchant acquirers to bear in mind is the financial position of merchants. Detailed financial due diligence procedures should be undertaken when on-boarding merchants. Acquirers may also wish to conduct on-going financial due diligence procedures in respect of existing merchant customers. These measures could include conducting regular updated credit assessments of merchants, or periodic audits of the merchant customer base where assessments are made of a cross section of merchants to determine whether any have been subject to an insolvency event.
In the case of a high risk merchant, or a merchant who may take payment up front but not necessarily provide the service or product immediately (for example, a concert promoter who sells tickets for future events), the acquirer may choose to either request that the merchant provide an agreed sum on deposit as collateral or, depending on the terms and conditions agreed to, withhold the funds processed for these transactions for a longer period of time to protect itself in the event of the merchant being unable to deliver the goods/services in question.
Central Bank Publications
The Central Bank has released a number of publications recently. Please see links below.