Watching The Watchdog: What The Fines And Enforcements Data Tells You About The Central Bank’s Focus – Finance and Banking


To print this article, all you need is to be registered or login on Mondaq.com.

A new analysis of Central Bank data shows that 27% of
settlements over the past six years relates to banks. Investment
and insurance firms also feature highly. However, if the watchdog
gets its way, the next focus will be on individuals writes RDJ
Regulatory Partner, DR. Brian Hunt in the following
article.

This article first appeared in The Currency on 3 November
2020

Financial Crisis and Reform of CBI

Just 12 months on from the night of the infamous bank guarantee
in September 2008, Matthew Elderfield was announced as the new Head
of Financial Regulation at the Central Bank of Ireland. Readying
himself to take up his position in January 2010, Elderfield was
under no illusions as to the scale of the task that lay ahead of
him – to bring law and order to the financial services
equivalent of the wild west.

It was an appointment which would change the face of financial
regulation in Ireland for some years to come. Just a few months
after taking up his role, Elderfield requested the High Court to
place Quinn Insurance in Administration – as clear a signal
as any that the rules of the old game had changed. In his first
public address (11 March 2010), Elderfield gave a very clear
indication of the type of change that was coming:

“I intend to implement a framework of assertive risk-based
regulation underpinned by the credible threat of enforcement. We
need to insist that the biggest and riskiest firms manage
themselves better and that firms and their management are held more
accountable for their actions. A risk-based regulatory model will
allow us to calibrate the intensity of our regulatory standards and
day-to-day supervisory approach depending on the risk profile of
the firms and sectors we supervise.”

These words signalled the shift to an assertive, risk-based
approach to supervision, as well as a clear intention to make
enforcement action a key tenet of the Central Bank’s approach
to overseeing the functioning of the financial services sector in
Ireland. Elderfied used his speech as an opportunity to expand on
his thinking around the need to sharpen his enforcement tools and
perhaps acquire some more:

“Ireland is competing as a premier financial services
centre. But you can’t referee a Premier League match with one
linesman and no red card in your pocket. It’s important that
we have the resources and powers needed to do the job. As a result,
there will need to be a substantial increase in resources at the
regulator. And we will need new legislation informed by an
assessment of the gaps in our current powers. I’m pleased to
say that there is a strong commitment at the Board and in
Government to do both.”

In case anyone doubted him, around 2 weeks later the Government
published the Central Bank Reform Bill 2010 which paved the way for
the introduction of the fitness and probity standards and all that
goes with that, such as the designation of key roles within
regulated entities as being controlled functions, as well as the
need to seek pre-approval from the Central Bank for the appointment
of persons to certain key roles within financial services
firms.

The circumstances surrounding the financial crisis in Ireland
were the subject of multiple investigations and reviews. The role
of the Central Bank of Ireland, but more particularly the role and
effectiveness of the Irish Financial Services Authority of Ireland
(IFSRA), were the subject of much scrutiny. The report produced by
Klaus Regling and Max Watson (June 2010) was scathing in
its criticism of the level and effectiveness of the supervision of
the financial services sector, finding:

“The supervisory culture was insufficiently intrusive, and
staff resources were seriously inadequate for the more hands-on
approach that was needed”

“… supervisory culture was insufficiently forceful
and pre-emptive. On-site inspections were infrequent. Targeted
follow-up was weak …”

“… there was a serious lack of skills, and to some
degree of numbers of people, in the regulatory authority”

“… supervisory approach in Ireland [consisted of]
light-touch regulation and reliance on markets”.

The Regling and Watson Report (as well as the other reports that
also focused on the causes of the crisis) confirmed many of the
failings that were already well understood. However, the starkness
of the findings served to inject real impetus into efforts to
remedy the problems that had been so well exposed.

For Elderfield this represented a mandate for major reform and
he set to work on utterly changing the regulatory landscape. He
rolled out a new Corporate Governance Code which became effective
in 2011. He oversaw the introduction of a specially developed
system of risk-based supervision, termed PRISM, in 2011, which
forced those tasked with supervision to place the greatest amount
of time and effort into focusing on firms, and aspects of firms
that posed the greatest level of risk. In the following year, 2012,
Elderfield rolled out the Fitness and Probity Standards and also a
new Consumer Protection Code.

His efforts at lobbying government for greater enforcement
powers paid off in the form of the Central Bank (Supervision and
Enforcement) Act 2013. The Act introduced a range of reforms, but
particularly significant were the increases in the maximum fines
which the Central Bank could impose under its administrative
sanctions regime. The Act increased the maximum level of fine from
€5 million to €10 million or 10% of turnover, which ever
is the greater. The maximum fine that could be imposed on an
individual was increased €1 million.

When Matthew Elderfield joined the Central Bank in 2010, its
staff numbers stood at approximately 1,000 and today the Central
Bank has a staff of just over 2,000. Not only has the Central Bank
dramatically increased its staff levels, its increased
effectiveness as a supervisor can be attributed to it now having a
more highly skilled and professional workforce which understands
the sector.

Importance of Enforcement

There are three pillars to the system of oversight of the
financial services system in Ireland: 1. Legislation, 2.
Supervision, and 3. Enforcement. We know that ineffective
supervision combined with deficient legislative framework, and a
near-absence of enforcement were all contributory factors to the
financial crisis.

In an address in 2012, Mathew Elderfield shared some of his
thinking on the importance of enforcement in the context of the
supervision of the financial services sector:

“The broader benefit, which supports supervision, is the
deterrent effect of enforcement. If firms think there is a credible
risk that their own non-compliance with regulatory standards would
lead to sanctions from the Central Bank, then that provides a very
powerful motivation to boards of directors and senior management
teams to ensure a high standard of conduct. The fact that the
Central Bank has sanctioned firms and has published details of
these sanctions has made some in the industry uncomfortable and
leads to pleas to ease up on the use of the enforcement tool. We do
not apologise for taking enforcement actions or publicising them.
There is no deterrence value unless firms, investors, consumers and
the public are aware that we will respond with enforcement action
where behaviour and practices fall short. I am firm in my belief
that this is a necessary and best practice element in the
regulatory toolkit of the Central Bank. And, unless these sanctions
are published with enough detail about what occurred and the
sanctions imposed the deterrent effect will be diluted.”

Even though Matthew Elderfield departed the Central Bank a
number of years ago, the Central Bank’s thinking and the
emphasis that it places in enforcement has not changed very
significantly. Speaking in 2016, Derville Rowland, then Director of
Enforcement Central Bank, seemed to reiterate Elderfield’s
mantra: “The Central Bank operates an assertive risk based
approach to supervision which is supported by a credible threat of
enforcement.”

Speaking in 2018, Seana Cunningham, the current Director of
Enforcement and AML suggested that the Central Bank had achieved
its objective of embedding a credible threat of enforcement in the
minds of those at eth helm of regulated entities:

“To my mind, the Central Bank has established the credible
threat of enforcement that it set out to achieve with the
establishment of the separate enforcement function. My message for
firms, their boards and their senior management, is that the
Central Bank has and will continue to take robust enforcement
action where serious or significant regulatory failings
arise.”

Enforcement is viewed by the Central Bank as being an integral
part of its engagement with the firms that it regulates. It is
viewed as being a complimentary strategy to regulation and
supervision. Enforcement action can take a number of forms and in
addition to resulting in the application of the Administrative
Sanctions Procedure, the Central Bank can issue prohibition notices
against individuals, and also has the ultimate power to revoke a
firm’s authorisation.

The Enforcement Division of the Central Bank consists of
multi-disciplinary teams which include a mix of lawyers,
accountants and investigative experts. In addition to initiating
investigations and triggering the administrative sanctions
procedure, members of the Enforcement Division also provide support
to the supervisory divisions before any formal enforcement action
even arises.

Enforcement in Practice – The Administrative Sanctions
Procedure

The Administrative Sanctions Procedure which derives from Part
IIIC of the Central Bank Act 1942, provides the Central Bank with
the power to administer sanctions in respect of the commission of
prescribed contraventions by regulated financial service providers
and by persons presently or formerly concerned in their management
who have participated in the prescribed contraventions committed by
the regulated financial service provider.

In practice, what this means is that where the Central Bank
suspects on reasonable grounds that a breach has been committed, it
may put in place an Inquiry panel to inquire into the matter,
determine whether the breach did in fact occur and, if so, to then
decide what sanctions ought to be imposed. On foot of such an
Inquiry or where a case settles prior to a formal determination
being made by the Inquiry, the Central Bank may impose a very
substantial monetary penalty. In circumstances where an individual
has been identified as being culpable, the Central Bank may also
disqualify an individual from being concerned in the management of
a regulated entity.

The operation of the administrative sanctions procedure is not
just about inflicting financial pain on firms; it is a process that
has been designed to be a deliberately intrusive and a less than
pleasant experience which invariably involves the Central Bank
requiring individuals to attend for interview, to account for their
actions and justify their own conduct and that of their firm.
Widely publicising the outcome is also a core part of the Central
Bank’s approach to enforcement. When it reaches a settlement
agreement with a firm, the Central Bank publishes a statement which
will set out in some detail the nature of the contravention, the
level of penalty imposed, and will also spell out the factors
considered by the Central Bank in deciding the level of penalty to
impose.

In an era where corporations seek to jealously guard their
reputations, the publication of the finer details of settlement
agreements is intended to secure the maximum level of publicity of
the settlement much to the chagrin of the firm that has been
sanctioned. It also serves as a stark reminder to other firms that
the Central Bank has teeth and is not shy about using them.

A Lookback at Enforcement Actions 2016 – 2020

According to the Central Bank, since 2006, it has entered into
139 settlement agreements under its Administrative Sanctions
Procedure, bringing total fines imposed by the Central Bank to over
€123m.

The analysis that follows is based on a lookback at CBI
enforcement activity over the past 5 years, during which time fines
imposed by the Central Bank (€78.4m) account for 63% of the
total imposed since 2006.

By simply looking at the number of settlement agreements entered
into so far in 2020, 4 in all, we can see that the range of sectors
and number of firms affected is down from 7 in 2019. While the
Enforcement Division at the Central Bank has substantial numbers of
staff and expertise, the reduced level of enforcement activity
across other parts of the financial services sector may be
attributable to a concentration of effort and resources on
finalising enforcement actions arising from the tracker mortgage
scandal.

While the final report on the Central Bank’s Tracker
Mortgage Examination was published in July 2019, we know from the
Central Bank’s Annual Report 2019 and Annual Performance
Statement that as at end-December 2019, enforcement investigations
were ongoing in respect of a number of lenders. While some have
since been finalised, it seems that the end of this saga has not
yet been reached.

Looking back at enforcement activity over the past five years,
we can get a sense of those parts of the financial services sector
where the Central Bank’s enforcement activity has been more
heavily focused. 27% of settlement agreements concluded in the
period involved banks. Settlement agreements concluded with
investment firms ranked second, at 17%, with insurance/reinsurance
firms accounting for 15%, and investment intermediaries/insurance
intermediaries also standing at 15%.

Banks

Of all of the categories of regulated firms, in terms of
enforcement, Banks have been hit hardest in recent years, handing
over €64.1m to the Central Bank in fines. Though we have yet
to reach year end, we can already see that 2020, just like 2019,
has been a particularly harsh year for certain banks which forked
out a total of €24.6m so far in 2020 and €28.1m in 2019
on enforcement actions. Banks have accounted for 99% of the Central
Bank penalties imposed so far in 2020, and contrasts with 2016 when
banks accounted for just 39% of penalties imposed that year.

Aside from tracker mortgage-related cases, the settlement
agreements reached with banks spanned a range of areas, including
failings in regulatory reporting, breaches of Code of Practice for
Credit Institutions, breaches of the Consumer Protection Code,
breaches of the Code of Practice on Lending to Related Parties, and
breaches of anti-money laundering requirements.

Insurers

In the five year period examined, insurers/reinsures have paid
€7.6m in fines to the Central Bank. This represents 9.3% of
the total value of fines imposed on the financial services sector
over the period. So far in 2020, and also for 2019, insurers have
fared much better than the banks, and have avoided being the
subject of any publicly announced settlement agreements with the
Central Bank. However, the sector did not escape attention in 2018
when two firms handed over a total of €5m to the Central Bank,
a sharp increase on the €1m paid in 2017 and the €1.6m
paid in fines in 2016.

The settlement agreements reached with insurers and reinsurers
covered a breaches across a number of different areas, including
reserving, solvency calculations, anti-money laundering
requirements, the Consumer Protection Code, the Minimum Competency
Code, the Minimum competency Requirements, and the Corporate
Governance Code.

Credit Unions

In four of the past five years Credit Unions have been the
subject of settlement agreements with the Central Bank, paying out
€773k in fines. Enforcement actions taken against Credit
Unions accounted for 5 of the 40 settlements reached with the
Central Bank in the period examined.

The contraventions which formed the basis of settlement
agreements with Credit Unions included the governance of long-term
lending, director remuneration, breaches of fitness and probity
requirements, governance and risk management failures arsing from
migration to a new IT system, as well as breaches of anti-money
laundering requirements.

Investment Firms

Investment Firms have been subject to 7 settlement agreements in
the past 5 years resulting in the payment of fines totalling
€2.7m to the Central Bank. The focus of the settlement
agreements included breaches of conditions of authorisation, breach
of outsourcing requirements, breach of anti-money laundering
requirements, breaches of conduct of business rules, breaches of
fitness and probity requirements, breach of client assessment
requirements, and also a breach of the terms of authorisation.

Investment Intermediaries/Insurance
Intermediaries

Settlement agreements reached with Investment
Intermediaries/Insurance Intermediaries accounted for fines of
€1.1m, however the bulk of this figure consists of a
settlement agreement reached with Capita Life & Pensions.

Individuals

In the period examined, the Central Bank published settlement
agreements relating to individuals on only three occasions, where
the average fine was €37k.

One thing that is notable about these particular settlement
agreements is that in each case the enforcement action against the
individual essentially flowed from an earlier enforcement action
taken by the Central Bank against the firm in which that person
previously served. In June 2020, the Central Bank concluded a
settlement agreement with the former CFO and Executive Director of
RSA Ireland. In 2018 the Central Bank had imposed a fine of
€3.5m on RSA.

In in February 2018, the Central Bank announced the conclusion
of a settlement agreement with the former Non-Executive Chairman of
Irish Nationwide Building Society, and in December 2018, the
Central Bank reached a settlement agreement with the former Senior
Manager of Commercial Lending in Irish Nationwide Building Society.
Both of these settlement agreements were preceded by a settlement
agreement, in 2015, involving Irish Nationwide itself.

The pattern that can be observed thus far suggests that the
Central Bank is pursuing enforcement actions individuals in
circumstances where they can be clearly held directly accountable
for egregious breaches that arose at the firm at which they held a
key office.

As mentioned earlier, in addition to imposing a reprimand and
fine on an individual, the Central Bank can also issue a
Prohibition Notice, which in practice means that the individual is
prohibited from performing a controlled function for a specified
period or indefinitely. Since the introduction of the fitness and
probity regime, the Central Bank has issued eight such notices.

Average Fines

A look at the average level of fines across the various segments
of the sector is worthwhile, however as always when looking at
averages deduced from statistically low volumes, caution must be
applied.

In the period 2016 to 2020, the average fine imposed on banks
was €5.8m, very substantially higher than the average fine of
€1m imposed on insurers. In contrast with banks and insurers,
there appears to be a reasonable level of consistency as regards
the individual fines imposed on Credit Unions, with the average
fine standing at €154k. The average fine imposed on Investment
Firms over the period was €398k, a figure which is distorted
somewhat by the €1.6m fine that was imposed on JP Morgan in
2019. More typically investment firms are being subjected to fines
in the region of €230k-240k. Investment Intermediaries and
Insurance Intermediaries are typically subjected to an average fine
of €1,544.00.

Exposure of Breaches

The Central Bank has a range of tools that it utilises in order
to more effectively supervise firms. At the most routine level, the
Central Bank will request documentation or information from a
regulated entity. Also, the Central Bank may occasionally request
to meet with senior executives at a regulated entity, either for
the purpose of discussing a particular matter that has come to its
attention or in the context of fulfilling requirements under
PRISM.

The Central Bank also has the power to conduct different types
of reviews and inspections. These include the conduct of a full,
detailed risk assessment of firms on a periodic basis. The Central
Bank also conducts thematic reviews, which in practice involve the
Central Bank selecting a particular segment of the financial
services sector and reviewing or inspecting those firms in relation
to one particular topic. Targeted Risk Assessments are another
tool, whereby the Central Bank selects a particular topic within a
particular firm, for closer scrutiny, which often involves an
on-site visit by a team from the Central Bank. At the more
intrusive end of the scale, the Central Bank conducts more lengthy
on-site inspections, which can involve a team of dedicated
inspectors taking up residence in a firm’s office for a
period of several weeks, poring over files and systems as well as
conducting interviews.

Each of these represent opportunities for the Central Bank to
interact with a firm, identify any deficiencies or potential
contraventions. Invariably when the central Bank conducts a
firm-specific review or inspection, it produces a report which sets
out a series of remediation actions which a firm is required to
take within a specified timeframe. The potential for enforcement
action arises where a contravention of existing regulatory
requirements has been identified during an inspection, or where a
firm, having been given an opportunity, fails to implement the
required remediation action either correctly or in a timely
way.

Of the 40 settlement agreements entered into by the Central Bank
in the period 2016 to 2020, in the vast majority of cases, the
contravention was discovered by the Central Bank on foot of the
deployment of its own supervisory and investigative tools,
principally thematic reviews and on-site inspections. Of the 40 or
so settlement agreements examined, it would appear that in only 6
or 7 (15%) of the cases was the firm itself responsible for
identifying the potential contravention and then self-reporting the
matter to the Central Bank. However, even in those instances, the
firms which took the initiative to self-report contraventions were
subjected to substantial fines, ranging from €185k to
€3.5m, with the average being €1.3m.

Future Direction of Enforcement

In comparison to how it stood in the aftermath of the financial
crisis, the Central Bank’s enforcement regime has been
transformed in several respects, particularly in terms of the
powers and resources now available to it. In parallel with that,
the Central Bank has very significantly increased its activity
around enforcement.

In recent times the consideration of enforcement has expanded to
encompass issues relating to organisational culture. This shift in
emphasis has largely been driven by a recognition that invariably,
poor organisational culture is not conducive to the consideration
of the best interests of customers. Another driving force behind
the increased prevalence of organisational culture as a
consideration has been the Central Bank’s deep frustration at
the need for it to almost coerce certain banks to do the right
thing in relation to the tracker mortgage scandal.

However, in terms of completing the revamp of its enforcement
capabilities, for the central Bank, there remains one large piece
of unfinished business.

For some time now, the Central Bank has vocalised its ambition
to be afforded greater scope to hold individuals to account. There
are four elements to the Central Bank’s demands:

  • the introduction of enforceable Conduct Standards which would
    set out the behaviour the Central Bank expects of regulated firms
    and the individuals working within them;

  • the introduction of a Senior Executive Accountability Regime
    (SEAR), which would oblige firms and senior individuals within them
    to set out clearly where responsibility and decision-making lie for
    their business;

  • enhancements to the current fitness and probity Regime;

  • a unified enforcement process, which would apply to all
    breaches by firms or individuals of financial services legislation,
    and the removal of the hurdle of participation so as to pave the
    way for the Central Bank to pursue individuals, rather than only in
    circumstances where they are proven to have participated in a
    firm’s wrongdoing.

The Central Bank’s proposals look set to be implemented in
the Central Bank (Amendment) Bill which is currently being
drafted.

But the delivery of SEAR and the other components will not mark
the end of the development of the enforcement regime. In an age
where financial services regulation sometimes lags behind
technological developments, in order to be remain effective in the
long term, the enforcement regime will need to continuously
evolve.

In the meantime, we can expect the Central Bank to continue to
invest considerable resources in pursuing enforcement actions, and
once the anticipated new Central Bank Bill becomes law, we can
expect to see much of that activity being focused on holding
individuals to account.

Avoidance of Enforcement Action

Not everything in any business is perfect all of the time, but
that does not mean that regulated firms should not strive for a
high level of compliance or that they should ditch their
zero-tolerance for regulatory breaches.

It’s not all in the hands of the gods; there are steps
that the Boards and management teams of regulated firms can take to
reduce the risk of their firm being subjected to enforcement
action.

There is no doubting the resolve of the Central Bank to pursue
firms for regulatory breaches and to hit them where it hurts, both
in fiscal and reputational terms. No Director or executive wants to
have an enforcement action sully their otherwise clean fitness and
probity record. But avoiding the risk of enforcement action does
not happen by accident.

There is always scope for Boards and management within financial
services entities to take more seriously the concerns of their
Compliance, Risk and Internal Audit functions. Those functions, as
well as the first line risk owners have the capability and
responsibility to call out issues of deficiencies that if left
unchecked could cause the firm to be in breach of the legislative
and regulatory requirements. To do this in an effective way,
management teams and Boards must be receptive to early warnings of
potential issues from within the executive ranks. Management teams
and Boards should be more proactive in seeking out potential
pitfalls so that they can be remedies. Boards should use the
Internal Audit capability wisely and point them towards areas of
concern.

For regulated firms, building trust with the Central Bank is key
to developing a strong relationship. Openness and transparency is
central to this. The Central Bank will be sensitive to reticence
and slowness in responses to requests that it makes of a firm under
its supervision, as these are indicators of a poor organisational
culture. Firms should prioritise requests that are received from
the Central Bank and avoid at all costs the temptation to ask for
an extension of the Central Bank deadline.

Transparency is also critical in the context of Central Bank
on-site inspections. A firm which thinks that it can fob the
Central Bank off is setting itself up for an increased level of
supervisory attention.

Where a firm is subject to a Central Bank remediation programme,
a wise firm will implement the remediation actions to the letter as
well as in spirit. The half-hearted or delayed implementation of
remediation actions could serve to attract more unwanted
supervisory attention.

Boards and management should assess on an ongoing basis the
settlement agreements that are concluded by the Central Bank and
consider whether there are lessons within those which can be
applied within their own firm.

In addition to keeping apace with legislative developments and
supervisory developments domestic level, firms should look further
afield to developments at regional and international level, because
in time those developments are likely to be adopted in this
market.

Where something goes wrong and a regulatory breach is likely to
have arisen, it is crucial for firms to establish the facts and
ensure that the Board and the Central Bank are informed in a timely
way.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

Source link

Add a Comment