Share with your friends

The Central Bank of Ireland’s proposals on the Individual Accountability Framework and Senior Executive Accountability Regime (SEAR) will impact employees at all levels across a broad range of financial services providers (“FSPs”), writes Gillian Kelly of our Risk Consulting practice.

Although we are still awaiting draft legislation, we expect that this will occur imminently. There are a number of legal issues and questions that need to be considered now to ensure FSPs are adequately prepared to adapt to the changes the new regime will introduce. These include matters such as review of employee contracts and disciplinary procedures in light of the new conduct rules, indemnities for senior staff who may be taking on additional risk as a result of SEAR, directors’ and officers’ insurance and provision of legal support to employees and former employees during regulatory investigations.

To assist you and your teams in preparing for these changes we have compiled a list of some of the major themes and frequently asked questions considered by some of our clients who have implemented individual accountability regimes in other jurisdictions. It should be noted that the solutions implemented are different depending on the jurisdiction, and therefore, need to be fully analysed when applying to the Irish market and legal environment. We hope that that these points below can help you understand the potential issues you may face, and more importantly, position your business to address these questions effectively.

1. Indemnities, Insurance and Support for Senior Executive Functions

  • How is ‘Insured Person’ defined within your current Directors’ and Officers’ (D&O) insurance policies? With the broadened scope of the Individual Accountability Framework and SEAR this definition may need to be updated to include wider scope of Senior Executive Functions (“SEFs”) and employees covered by the new regime.
  • What are the financial thresholds / aggregate limits under your current D&O policies? Do these need to be revised? Under the Individual Accountability Framework, the consequences of regulatory breaches are likely to impact a wider population than under the current Fitness and Probity regime. As a result of this broadened scope, financial or aggregate thresholds for regulatory breach may be reached much faster.
  • Will employment contracts for SEFs need to be reviewed to include a personal indemnity for breach of conduct standards? If so, this should dovetail with cover in D&O policy to ensure there are no gaps in cover should a breach arise.
  • What are the provisions for run-off i.e. does the D&O policy include a reporting period for retired directors allowing their actions to be covered in periods after such directors have left the firm? Any run-off provisions in policies should be reviewed to ensure that they mirror the time limit during which the regulator can take disciplinary action against those who previously occupied SEF roles.
  • Is cover required for the costs of mitigating any reputational damage in the event of a regulatory investigation and / or enforcement action?
  • Are there any gaps in cover between professional indemnity (PI) and D&O policies? To the extent an investigation of those in SEF roles concerns the provision of professional services this may be outside the scope of D&O and will need to be considered under PI policies.

2. Review of Employment Contracts

  • Employment contracts, along with HR policies and procedures will need to be updated to take account of new conduct standards. What approach will this take? Will the conduct standards be incorporated into the contracts of employment or standalone policies? How will this impact contracts for existing staff and/or contracts for new recruits? Will existing contracts be updated and if so, how will any updates be incorporated? Consideration should be given as to whether any such updates give rise to a change in the terms and conditions of employment such that existing contracts need to be renegotiated.
  • How will adherence to the conduct standards be monitored and incorporated into performance reviews? Who will own this ongoing monitoring; will it sit within HR or Compliance or alternatively, should a multi-disciplinary team be established?
  • How will remuneration be impacted by introduction of the conduct standards and impacts on the performance management process? Will employees expect additional remuneration? Will this be linked to an overall pay increase to compensate for increased risk and / or responsibilities or will it take the form of bonus payments for adherence with the standards?
  • Are there circumstances where the conduct of individuals outside of the workplace needs to be taken into consideration when making such assessment?
  • Job descriptions/statements of duties may have to be revised to reflect the nature of the SEFs role and responsibilities.
  • Disciplinary procedures and policies will need to be reviewed to ensure they adequately reflect the need to ensure there is sufficient investigation of issues and potential reporting of breaches to the Central Bank. Financial institutions should consider the following:
    • What is the escalation procedure?
    • Who will perform any investigation for a potential breach? Will this be HR or Compliance; alternatively, will a multi-disciplinary team be established?
    • Who will make the ultimate decision that a breach has occurred which requires reporting to the Central Bank?
    • What, if any, is the right of appeal for such determination?
    • How will this procedure align with the legal rights of employees; including employment rights and the constitutional rights of employees to earn a living, have their reputation protected, and be given the right to fair procedure.
  • What advices / training will be given to the board and staff to ensure they have sufficient understanding of the new conduct standards and the potential personal impacts if such standards are not adhered to?

3. Non-Executive Directors (NEDs)

Formal consideration will need to be given to the scope of the role of NEDs on the board of directors and the functions they perform in respect of governance, oversight and influence on decision making. In addition, the following questions will need to be considered:

  • What is the scope of responsibility of NEDs? Often, NEDS will hold a SEF and as such be considered under SEAR. In any event, it is likely the legislation will be drafted such that all NEDS, regardless of whether or not they hold a SEF, will be subject to the Individual Accountability Framework.
  • Who will be responsible for training NEDs on any conduct standards that they will be subject to? As NEDs are not employees, and not subject to the same standard employment contacts and policies as employees of FSPs, therefore careful consideration will need to be given to the terms of their letters of appointment and how will these reflect the enhanced obligations in respect of monitoring adherence to the new standards. If such letters of appointment are already in place how will they be amended or updated?
  • Who is responsible of any required ongoing monitoring of NEDs and how will such monitoring take place?
  • What policies and procedures are in place for the request of regulatory references for incoming NEDs?
  • What is the procedure if such conduct standards are breached?
  • How will letters of appointment/contracts incorporate the questions above?

4. Outsourcing

Where firms have outsourced certain processes or functions to either offshore teams or third parties, responsibility with ensuring compliance with the new regime will still remain with the firm themselves. They will therefore need to consider:

  • Do any service level or outsourcing agreements currently in place adequately address any additional regulatory requirements?
  • Has your firm considered the veracity of its Third Party Management policies and procedures as well as the on-going monitoring and review procedures it carries out on outsourced parties?
  • Are regulatory references required from such outsourcing parties and are they robust enough to comply with the new standards?
  • What processes are in place where a breach occurs on the part of the third party / outsourced agent? What processes are in place for periodic reviews outside of breach reporting to demonstrate ongoing compliance with standards?

5. Defence of Regulatory Breach

In the event of a regulatory breach, how will each SEF demonstrate that s/he has taken ‘reasonable steps’ to meet the relevant conduct standards accordingly?

Although the concept of ‘reasonable steps’ is a subjective term, the Central Bank has been explicit in saying that strict adherence to the legislation may not be a sufficient defence to what constitutes ‘reasonableness’. Instead, it will take a holistic approach to looking at whether or not the ‘spirit’ of the legislation was complied with in determining whether or not a breach of conduct standards has occurred.

In order to successfully defend an enforcement action and demonstrate reasonable steps, based on the experience of the UK’s Senior Manager Regime, as well as Australia’s Banking Executive Accountability Regime, senior executives and FSPs will have to take into account the roles and responsibilities of the SEF and the nature, scale and complexity of the FSP’s business. They will also have to take into account whether the SEF:

  • Exercised reasonable care when considering the information available;
  • Reached a reasonable conclusion on which to act;
  • Took reasonable steps to ensure that the issues were dealt with in a timely and appropriate manner;
  • Acted in accordance with his/her statutory, common law and other legal obligations;
  • Took reasonable steps to ensure that any delegation of his/her responsibilities was to an appropriate person;
  • Took reasonable steps to oversee the discharge of the delegated responsibility effectively;
  • Took reasonable steps to ensure an orderly transition either when or he/she was replaced by someone else or another SEF under their oversight or responsibility was replaced; and
  • Whether the SEF failed to take reasonable steps to understand and inform themselves about the FSP’s activities for which he/she was responsible and follow the FSP’s procedures where this was itself appropriate.

In order to assist with demonstrating reasonable steps, firms will have to consider the robustness of their policies and procedures, and consider the following:

  • How is decision making recorded?
  • What management information is used to assist with decision making and taking “reasonable steps”? How is it governed, produced and reviewed?
  • In addition, how will your firm record and deploy the management information that flows out of your governance framework in order to ensure that SEFs can evidence the reasonableness of their conduct during regulatory investigation.
  • How does individual accountability operate in terms of collective decision making? Where a breach has occurred, how can each SEF show that they took reasonable steps in contributing to the taking of a collective decision and how is responsibility allocated between any persons involved in the taking of such a decision?
  • Where does responsibility for dealing and liaising with the Central Bank lie where there has been a breach? Traditionally this is handled by Compliance or Regulatory teams however it is expected that the SEF with responsibility for the area in which the breach occurred will need to play a bigger role in communicating with the Central Bank going forward. What supports, if required, will be provided to such SEFs in these circumstances.
  • Where does responsibility for managing employee misconduct lie? Traditionally, employee misconduct has been a HR issue, however with the introduction of individual accountability, regulatory issues will need to be considered where employees engage in misconduct going forward. As a result, this will mean they are not just HR issues but will also require input from Legal and Compliance.

KPMG has a multi disciplinary team across legal, risk and regulatory matters with experience of implementing similar Individual Accountability regimes in other jurisdictions such as the UK’s Senior Manager and Certification Regime and Australia’s Banking Executive Accountability Regime. We can assist with the points listed above as well as matters ranging from: gap analysis, design and implementation, advice on contracts as well as technology implementation and provision of assurance.

We hope that you find these insights useful. Should you have any queries, please do not hesitate to contact us.

Read more