YEARBOOK & DIRECTORY
Finance Dublin Yearbook 2024
The centrality of gatekeepers in financial services – individual accountability in Ireland
2024 will be considered the year of the implementation for individual accountability writes Matheson’s Niamh Mulholland, who says the importance of gatekeepers in FS long predates the IAF, analyses the impact of the ‘AB’ decision and the difficulties facing the Central Bank as ‘investigator, regulator, and decision-maker’ in the F&P realm.
There is little doubt that in Irish financial services, 2024 will be considered the year of implementation for Individual Accountability. By 1 July of this year, almost all of the provisions of the Individual Accountability Framework Act 2013, and the related Central Bank of Ireland Regulations and Guidance, will be in operation by persons considered Controlled Functions in Ireland.
The new regime contains a number of requirements that arguably crystallise and codify behaviours that are currently, innately demonstrated by individuals in senior financial services roles, or indeed were described and specified in codes of conduct and culture statements designed and specified by financial services firms and voluntarily complied with by its respective management teams and staff.
As such, there is arguably nothing substantively new in the requirements specified in the new Act and related Regulations and Guidance. Instead, the new regime principally seeks to clarify, and in some cases augment, the frameworks, policies and procedures within firms and the practices employed by individuals with the objective of driving good governance practices, clarifying the responsibilities of regulated firms, exemplifying good conduct and further delineating accountability for the individual when acting alone and in collaboration with others.
In addition, this new regime has put beyond doubt the importance of the ‘gatekeeper’ function performed by certain key individuals in regulated financial services firms.
Building on the post-crisis measures in the Central Bank Act 2010, in particular the Fitness and Probity Regime and the Central Bank Supervision and Enforcement Act 2013, the Individual Accountability Regime provides for:
▪ imposing a statutory duty on individuals performing Pre-Approval Controlled Functions (PCFs) at in-scope firms, referred to as the Duty of Responsibility.
▪ applying Common Conduct Standards on individuals performing Controlled Functions (CFs) in all firms across all sectors, which articulate the expected level of conduct within financial services firms.
▪ applying Additional Conduct Standards to senior individuals performing PCF roles, and other individuals who have a significant influence on the conduct of a firm’s affairs (ie, those classified as CF1s), around the expected standards of conduct in all firms across all sectors. These Additional Conduct Standards provide that individuals in PCF / CF1 roles need to take reasonable steps to ensure that the Standards are met.
▪ introducing SEAR and providing the Central Bank of Ireland (“the Central Bank”) with powers to prescribe inherent, prescribed and other responsibilities, and for the creation of Statements of Responsibilities for each individual in-scope of SEAR. In addition, the SEAR regime necessitates the preparation and maintenance of Management Responsibilities Maps for each in-scope firm, which are to delineate key management and governance arrangements in a comprehensive single source.
▪ enhancing the Fitness and Probity Regime with the introduction of a Certification requirement, means that in essence a firm or holding company shall not permit an individual to perform a CF role in relation to it unless that individual holds a certificate of compliance with standards of fitness and probity. The regime has also been expanded to include certain categories of holding companies established in Ireland.
▪ breaking the “Participation Link” which enables the investigation and potential enforcement against a Controlled Function, without a finding of wrongdoing against the relevant regulated financial service provider in the first instance.
While it is true that the design and application of this new legislative regime has held the focus of regulated financial service providers and the controlled functions within them, of the Central Bank and of the Government, it is important to note that the importance of ‘gatekeepers’ in financial services has long pre-dated the commencement of the 2023 Individual Accountability Framework Act.
In fact, the stated objectives of; improving the sustainability of the financial system; driving higher standards of behaviours and governance; achieving better outcomes for consumers; and augmenting positive culture in financial services firms - and by extension throughout the financial services eco-system - has been a central pillar of financial regulation and supervision since 2010. The legislative and regulatory architecture supporting this ‘gatekeeper objective’ was directly influenced by the severe financial and other consequences borne by customers and the considerable negative financial and reputational impacts on financial institutions in Ireland wrought by the financial crisis and its aftermath.
The Fitness and Probity regime has represented, and continues to represent, a key facet of these policy objectives. The Central Bank says that the “core function of the Fitness and Probity Regime is to ensure that individuals in key and customer facing positions - referred to in the legislation as Controlled Functions and Pre-Approval Controlled Functions - within a Regulated Financial Service Provider and certain holding companies are competent and capable, honest, ethical and of integrity and also financially sound.”
It goes further in explicitly stating that the “Central Bank’s vision for the Fitness and Probity Regime is that Regulated Firms and individuals who work in these firms are committed to high standards of competence, integrity and honesty, and are held to account when they fall below these standards.”
This clearly establishes the foundations of the role of the gatekeeper within a regulated firm. Focusing on the importance of each individual’s competence, capability, honesty and integrity is vital, as both individually and collectively such individuals comprise the decision-making engine and the culture organ in regulated firms.
Importantly, the gatekeeper role assigned to and prescribed for decision-makers and people having control or influence in regulated firms is not the only gatekeeper role in play in Irish financial services law. In describing the Fitness and Probity Regime the Central Bank also describes its own gatekeeper role within the three pillars of the regime. These are, in full:
▪ Pillar 1: Regulated Firms’ Ongoing Obligations which deals with the obligations of the Regulated Firms in relation to the application of the Standards of Fitness and Probity
▪ Pillar 2: The Gatekeeper Pillar which deals with the Central Bank’s ‘Gatekeeper’ Role, ie the pre-approval of individuals proposed to take up PCF functions.
▪ Pillar 3: The Investigations Pillar which deals with the investigative and enforcement powers of the Central Bank and the European Central Bank in relation to an individual’s fitness and probity.”
In short, we have both a systemic gatekeeping role employed and deployed by the Central Bank which is intrinsically linked to the individual or firm level gatekeeping role employed by Controlled Functions, and in particular by those senior persons in pre-approval-controlled functions (“PCFs”).
Accepting the premise that the gatekeeper role has been in place at the level of the regulator and of the individual pre-approval-controlled functions in firms for quite some time, and coupled with an additional agreement that the requirements placed on individual controlled functions by the Individual Accountability Framework Act could not be considered materially different to the other substantive requirements that have been in place under various Irish and European regulatory requirements since 2010, why would the implementation of the regime in 2024 be seen as significant?
The reason is that this new regime, coupled with the recent decision handed down by the Irish Financial Services Appeals Tribunal (“IFSAT”) in A.B. v. The Central Bank of Ireland (“AB”), taken individually and collectively have enshrined the importance of process when it comes to the exercise of the gatekeeper function.
From an Individual Accountability Framework perspective, PCFs have to be demonstrably aware of which individuals are conducting which specified roles in the firm, and of what that means in respect of the level and degree of accountability that that individual has to the firm.
In addition, they also have to be demonstrably aware of how said individuals engage with each other in the delivery of the firm’s objectives against the strategy of the firm set by its Board.
Furthermore, the Individual Accountability Framework delineates a clear requirement that Controlled Functions need to have a full understanding as to how the actions, decisions and conduct of individuals has an impact on the compliance of the regulated firm with its regulatory universe.
So, a key change is the explicit and implicit requirement that the people performing the pre-approval-controlled functions can demonstrate ‘how’ compliance is achieved and how accountability standards are employed to the satisfaction of individual pre-approval controlled functions, the Regulated firm and the Central Bank. There are more onerous requirements placed on PCFs, in the form of Additional Conduct Standards, which can only be complied with with this aforementioned level of understanding and demonstration.
The other side of this gatekeeping equation is the requirement that the Central Bank adheres to and applies the requirements “of Constitutional and natural justice; including the necessity for fair notice; the duty to give reasons; and the observance of the principle of audi alterem partem” (hear the other side).
The IFSAT decision referred to above details that the Central Bank’s decision-making process was flawed in this case, and that the Appellant was denied fair procedures at each stage of the process. The Tribunal also found that this was “not a situation where minor deviations from procedure can be ignored or where, in reply, the Central Bank can simply point to the substance of the interviews [conducted].”
The IFSAT decision, very clearly recognised that the persons, namely PCFs, who are to be the subject matter of the gatekeeping decisions (referred to as Pillar 2 above) potentially have an effect on the livelihood of those individuals and not simply on their right to a good name and who are, as such, entitled to fair procedures.
Also, the Applicant’s evidence of his inability to obtain other approvals or authorisations in relation to other PCF applications went uncontroverted. This highlights the fact that a binding decision by the Central Bank in respect of Fitness and Probity (and the process that it employs in arriving at a decision) may well have broader implications for a person’s right or interest to earn a living outside the regulated firm for which the PCF is undergoing a Fitness and Probity Assessment.
Framed against an explicit acknowledgment by the Tribunal that both the Central Bank and its officials have to fulfil the difficult statutory functions of investigator, regulator, and decision-maker and similar to the articulation of the ‘how’ question addressed to PCFs under the Individual Accountability Framework, the IFSAT decision specified that “Constitutional statutory compliance requires more than apparent adherence to statutory procedures. Actual compliance requires those procedures be applied fairly.”
Further the Tribunal found that, in respect of the requirements placed on the Central Bank as a quasi-judicial body, the decision emphasised that in exercising the powers conferred on such a body, be they limited or extensive, the body, in this case the Central Bank, must be independent, impartial, dispassionate, apply the law and observe fair procedures.
When considering findings like these in the IFSAT Decision, it appears that there is almost a form of procedural contract in play which is on the one hand that the requirement of high standards or conduct and competence of individuals is rightly recognised as being a key pillar of the integrity of regulated firms and as a consequence the broader financial services system.
However, any individual being assessed against these criteria is also entitled to a clear statement of any case against them, as well as a discernible, objective and fair explanation of any finding against them. In addition, to the beginning and end of any gatekeeping process conducted by the Central Bank against an individual, the following procedural facets should also feature, including namely that:
▪ fair notice of the issues to be covered at interview(s);
▪ the matters that were outlined in the notice correlate to the subjects discussed in the interview;
▪ an interviewee would be questioned fairly and be afforded an opportunity to refer to pertinent materials in responding to questions; and
▪ the interviewers will consider all relevant matters in a fair and impartial manner.
Taking all of the above into consideration, it seems clear that in order for there to be an effective culture of individual accountability, the centrality of the roles of both sets of gatekeepers who ensure good conduct in the Irish financial system need to be recognised.
It is therefore arguable that Pillar 2 of the Fitness and Probity regime should not be considered a per se adversarial process but rather a legitimate process of inquiry, based on procedural fairness and transparency, where the aim is to achieve an objective understanding of the competence of a particular individual for a particular role with a particular financial services firm.
If such an individual is a ‘good fit’ for the firm and they can demonstrably comply with the knowledge and competence requirements then this is a welcome outcome for the firm in the pursuit of its commercial objectives, achieved in line with its regulatory requirements.
This is arguably also a good outcome for the Central Bank in its gatekeeping role as a coherent and cohesive cohort of competent and accountable individuals who will contribute to cultures of good governance and risk control.
Both of these over-arching positive outcomes are harder to achieve if there is a perception that individuals will not be treated fairly when submitting themselves to the scrutiny of the regulator.
As such, it is important that an appropriate level of consideration and a demonstration of due process and fair procedures is evident in the Central Bank’s gatekeeping function, if for no other reason than to enable a system-wide culture of substantive and procedural compliance by the entity level gatekeepers, as required of the PCFs in the Individual Accountability Framework Act.
While it is true that the design and application of this new legislative regime has held the focus of regulated financial service providers and the controlled functions within them, of the Central Bank and of the Government, it is important to note that the importance of ‘gatekeepers’ in financial services has long predated the commencement of the 2023 Individual Accountability Framework Act.
The new regime contains a number of requirements that arguably crystallise and codify behaviours that are currently, innately demonstrated by individuals in senior financial services roles, or indeed were described and specified in codes of conduct and culture statements designed and specified by financial services firms and voluntarily complied with by its respective management teams and staff.
As such, there is arguably nothing substantively new in the requirements specified in the new Act and related Regulations and Guidance. Instead, the new regime principally seeks to clarify, and in some cases augment, the frameworks, policies and procedures within firms and the practices employed by individuals with the objective of driving good governance practices, clarifying the responsibilities of regulated firms, exemplifying good conduct and further delineating accountability for the individual when acting alone and in collaboration with others.
In addition, this new regime has put beyond doubt the importance of the ‘gatekeeper’ function performed by certain key individuals in regulated financial services firms.
Niamh Mulholland
Building on the post-crisis measures in the Central Bank Act 2010, in particular the Fitness and Probity Regime and the Central Bank Supervision and Enforcement Act 2013, the Individual Accountability Regime provides for:
▪ imposing a statutory duty on individuals performing Pre-Approval Controlled Functions (PCFs) at in-scope firms, referred to as the Duty of Responsibility.
▪ applying Common Conduct Standards on individuals performing Controlled Functions (CFs) in all firms across all sectors, which articulate the expected level of conduct within financial services firms.
▪ applying Additional Conduct Standards to senior individuals performing PCF roles, and other individuals who have a significant influence on the conduct of a firm’s affairs (ie, those classified as CF1s), around the expected standards of conduct in all firms across all sectors. These Additional Conduct Standards provide that individuals in PCF / CF1 roles need to take reasonable steps to ensure that the Standards are met.
▪ introducing SEAR and providing the Central Bank of Ireland (“the Central Bank”) with powers to prescribe inherent, prescribed and other responsibilities, and for the creation of Statements of Responsibilities for each individual in-scope of SEAR. In addition, the SEAR regime necessitates the preparation and maintenance of Management Responsibilities Maps for each in-scope firm, which are to delineate key management and governance arrangements in a comprehensive single source.
▪ enhancing the Fitness and Probity Regime with the introduction of a Certification requirement, means that in essence a firm or holding company shall not permit an individual to perform a CF role in relation to it unless that individual holds a certificate of compliance with standards of fitness and probity. The regime has also been expanded to include certain categories of holding companies established in Ireland.
▪ breaking the “Participation Link” which enables the investigation and potential enforcement against a Controlled Function, without a finding of wrongdoing against the relevant regulated financial service provider in the first instance.
While it is true that the design and application of this new legislative regime has held the focus of regulated financial service providers and the controlled functions within them, of the Central Bank and of the Government, it is important to note that the importance of ‘gatekeepers’ in financial services has long pre-dated the commencement of the 2023 Individual Accountability Framework Act.
In fact, the stated objectives of; improving the sustainability of the financial system; driving higher standards of behaviours and governance; achieving better outcomes for consumers; and augmenting positive culture in financial services firms - and by extension throughout the financial services eco-system - has been a central pillar of financial regulation and supervision since 2010. The legislative and regulatory architecture supporting this ‘gatekeeper objective’ was directly influenced by the severe financial and other consequences borne by customers and the considerable negative financial and reputational impacts on financial institutions in Ireland wrought by the financial crisis and its aftermath.
The Fitness and Probity regime has represented, and continues to represent, a key facet of these policy objectives. The Central Bank says that the “core function of the Fitness and Probity Regime is to ensure that individuals in key and customer facing positions - referred to in the legislation as Controlled Functions and Pre-Approval Controlled Functions - within a Regulated Financial Service Provider and certain holding companies are competent and capable, honest, ethical and of integrity and also financially sound.”
It goes further in explicitly stating that the “Central Bank’s vision for the Fitness and Probity Regime is that Regulated Firms and individuals who work in these firms are committed to high standards of competence, integrity and honesty, and are held to account when they fall below these standards.”
This clearly establishes the foundations of the role of the gatekeeper within a regulated firm. Focusing on the importance of each individual’s competence, capability, honesty and integrity is vital, as both individually and collectively such individuals comprise the decision-making engine and the culture organ in regulated firms.
A key change is the explicit and implicit requirement that the people performing the pre-approval-controlled functions can demonstrate ‘how’ compliance is achieved and how accountability standards are employed to the satisfaction of individual pre-approval controlled functions, the Regulated firm and the Central Bank.
Importantly, the gatekeeper role assigned to and prescribed for decision-makers and people having control or influence in regulated firms is not the only gatekeeper role in play in Irish financial services law. In describing the Fitness and Probity Regime the Central Bank also describes its own gatekeeper role within the three pillars of the regime. These are, in full:
▪ Pillar 1: Regulated Firms’ Ongoing Obligations which deals with the obligations of the Regulated Firms in relation to the application of the Standards of Fitness and Probity
▪ Pillar 2: The Gatekeeper Pillar which deals with the Central Bank’s ‘Gatekeeper’ Role, ie the pre-approval of individuals proposed to take up PCF functions.
▪ Pillar 3: The Investigations Pillar which deals with the investigative and enforcement powers of the Central Bank and the European Central Bank in relation to an individual’s fitness and probity.”
In short, we have both a systemic gatekeeping role employed and deployed by the Central Bank which is intrinsically linked to the individual or firm level gatekeeping role employed by Controlled Functions, and in particular by those senior persons in pre-approval-controlled functions (“PCFs”).
Accepting the premise that the gatekeeper role has been in place at the level of the regulator and of the individual pre-approval-controlled functions in firms for quite some time, and coupled with an additional agreement that the requirements placed on individual controlled functions by the Individual Accountability Framework Act could not be considered materially different to the other substantive requirements that have been in place under various Irish and European regulatory requirements since 2010, why would the implementation of the regime in 2024 be seen as significant?
The reason is that this new regime, coupled with the recent decision handed down by the Irish Financial Services Appeals Tribunal (“IFSAT”) in A.B. v. The Central Bank of Ireland (“AB”), taken individually and collectively have enshrined the importance of process when it comes to the exercise of the gatekeeper function.
From an Individual Accountability Framework perspective, PCFs have to be demonstrably aware of which individuals are conducting which specified roles in the firm, and of what that means in respect of the level and degree of accountability that that individual has to the firm.
In addition, they also have to be demonstrably aware of how said individuals engage with each other in the delivery of the firm’s objectives against the strategy of the firm set by its Board.
Furthermore, the Individual Accountability Framework delineates a clear requirement that Controlled Functions need to have a full understanding as to how the actions, decisions and conduct of individuals has an impact on the compliance of the regulated firm with its regulatory universe.
So, a key change is the explicit and implicit requirement that the people performing the pre-approval-controlled functions can demonstrate ‘how’ compliance is achieved and how accountability standards are employed to the satisfaction of individual pre-approval controlled functions, the Regulated firm and the Central Bank. There are more onerous requirements placed on PCFs, in the form of Additional Conduct Standards, which can only be complied with with this aforementioned level of understanding and demonstration.
The other side of this gatekeeping equation is the requirement that the Central Bank adheres to and applies the requirements “of Constitutional and natural justice; including the necessity for fair notice; the duty to give reasons; and the observance of the principle of audi alterem partem” (hear the other side).
The IFSAT decision referred to above details that the Central Bank’s decision-making process was flawed in this case, and that the Appellant was denied fair procedures at each stage of the process. The Tribunal also found that this was “not a situation where minor deviations from procedure can be ignored or where, in reply, the Central Bank can simply point to the substance of the interviews [conducted].”
The IFSAT decision, very clearly recognised that the persons, namely PCFs, who are to be the subject matter of the gatekeeping decisions (referred to as Pillar 2 above) potentially have an effect on the livelihood of those individuals and not simply on their right to a good name and who are, as such, entitled to fair procedures.
Also, the Applicant’s evidence of his inability to obtain other approvals or authorisations in relation to other PCF applications went uncontroverted. This highlights the fact that a binding decision by the Central Bank in respect of Fitness and Probity (and the process that it employs in arriving at a decision) may well have broader implications for a person’s right or interest to earn a living outside the regulated firm for which the PCF is undergoing a Fitness and Probity Assessment.
Framed against an explicit acknowledgment by the Tribunal that both the Central Bank and its officials have to fulfil the difficult statutory functions of investigator, regulator, and decision-maker and similar to the articulation of the ‘how’ question addressed to PCFs under the Individual Accountability Framework, the IFSAT decision specified that “Constitutional statutory compliance requires more than apparent adherence to statutory procedures. Actual compliance requires those procedures be applied fairly.”
It seems clear that in order for there to be an effective culture of individual accountability, the centrality of the roles of both sets of gatekeepers who ensure good conduct in the Irish financial system need to be recognised. It is therefore arguable that Pillar 2 of the Fitness and Probity regime should not be considered a per se adversarial process but rather a legitimate process of inquiry.
Further the Tribunal found that, in respect of the requirements placed on the Central Bank as a quasi-judicial body, the decision emphasised that in exercising the powers conferred on such a body, be they limited or extensive, the body, in this case the Central Bank, must be independent, impartial, dispassionate, apply the law and observe fair procedures.
When considering findings like these in the IFSAT Decision, it appears that there is almost a form of procedural contract in play which is on the one hand that the requirement of high standards or conduct and competence of individuals is rightly recognised as being a key pillar of the integrity of regulated firms and as a consequence the broader financial services system.
However, any individual being assessed against these criteria is also entitled to a clear statement of any case against them, as well as a discernible, objective and fair explanation of any finding against them. In addition, to the beginning and end of any gatekeeping process conducted by the Central Bank against an individual, the following procedural facets should also feature, including namely that:
▪ fair notice of the issues to be covered at interview(s);
▪ the matters that were outlined in the notice correlate to the subjects discussed in the interview;
▪ an interviewee would be questioned fairly and be afforded an opportunity to refer to pertinent materials in responding to questions; and
▪ the interviewers will consider all relevant matters in a fair and impartial manner.
Taking all of the above into consideration, it seems clear that in order for there to be an effective culture of individual accountability, the centrality of the roles of both sets of gatekeepers who ensure good conduct in the Irish financial system need to be recognised.
It is therefore arguable that Pillar 2 of the Fitness and Probity regime should not be considered a per se adversarial process but rather a legitimate process of inquiry, based on procedural fairness and transparency, where the aim is to achieve an objective understanding of the competence of a particular individual for a particular role with a particular financial services firm.
If such an individual is a ‘good fit’ for the firm and they can demonstrably comply with the knowledge and competence requirements then this is a welcome outcome for the firm in the pursuit of its commercial objectives, achieved in line with its regulatory requirements.
This is arguably also a good outcome for the Central Bank in its gatekeeping role as a coherent and cohesive cohort of competent and accountable individuals who will contribute to cultures of good governance and risk control.
Both of these over-arching positive outcomes are harder to achieve if there is a perception that individuals will not be treated fairly when submitting themselves to the scrutiny of the regulator.
As such, it is important that an appropriate level of consideration and a demonstration of due process and fair procedures is evident in the Central Bank’s gatekeeping function, if for no other reason than to enable a system-wide culture of substantive and procedural compliance by the entity level gatekeepers, as required of the PCFs in the Individual Accountability Framework Act.
Niamh Mulholland is a Partner at Matheson LLP.