On 9 February 2015 the Central Bank published its annual statement of enforcement priorities for 2015. This statement falls under the Strategic Plan published on 20 November 2012 which set out the key strategic priorities of Supervision and Enforcement for 2013-2015. Certain topics remain in focus since 2013, such as prudential requirements and systems and controls, however this year’s statement introduces new priorities such as the governance of outsourced functions.
While the Central Bank is not confined to these specific pre-defined areas, the publication of the enforcement priorities gives regulated entities a sense of where the supervisory team within the Central Bank will focus their efforts. The statement contains cross-sector and sector specific priorities highlighting the Central Bank’s perceived areas of particular importance.
Cross-Sector Enforcement Priorities
Significant emphasis is placed on continued adherence to prudential requirements as a priority for all sectors. The Central Bank imposes general financial reporting requirements, supervisory, organisation and management requirements on regulated entities and expects strict adherence to those requirements. It will focus on prudential requirements for credit unions, large exposure rules for credit institutions and markets, those applying to retail intermediaries, reserving and capital adequacy and insurance.
The focus on large exposures rules is to be expected given a number of recent enforcement actions taken by the Central Bank. These resulted in financial penalties for not adhering to the set limits on the level of financial exposure which a firm can have to any person or entity or group of connected persons/entities.
Systems and controls
The Central Bank will ensure that strong systems and controls and risk management systems are in place to safeguard consumers as well as defend against deliberate acts of misconduct.
A clear organisational structure must be in place with effective processes to identify, manage, monitor and report any risks. In 2014, the Central Bank imposed penalties on firms who did not have adequate controls to identify and manage potential risk at an early stage and which would have enabled them to mitigate their potential exposure at an earlier stage.
Provision of timely, complete and accurate information to the Central Bank
This remains a cross-sector area of focus.
The Central Bank requires mandatory reporting of certain capital adequacy and financial information and has highlighted that in 2014 a number of enforcement actions were taken relating to incomplete/inaccurate information being provided to it.
Appropriate governance and oversight of outsourced activities
The Central Bank recognises that the financial services industry is becoming more reliant on outsourcing internal functions. In 2014 it imposed a fine of €490,000 on a regulated entity for various breaches of the Consumer Protection Code 2006 which included a failure to ensure that regulated activities outsourced to other entities were in compliance with the Code. The Code has been replaced (with effect from 1 January 2012) by the Consumer Protection Code 2012. The statement emphasises that the Central Bank expects full compliance with all applicable regulatory requirements, including the Code and appropriate oversight and supervision by firms of any such outsourced activity.
Anti-Money Laundering (AML) /Counter Terrorism Financing (CFT) compliance
The Central Bank expects full compliance by all credit and financial firms with regulatory requirements in relation to anti-money laundering and counter terrorism financing compliance. It identified a number of issues which it has observed in relation to AML and CFT compliance by financial institutions in Ireland in a separate report dated 17 February 2015.
These issues include:
- Incomplete risk assessments that do not effectively consider the inherent Money Laundering/Terrorist Financing risks relevant to the institution;
- High level risk assessments which lack thorough analysis of key risks;
- Failure to include AML/CFT reviews in annual monitoring and internal audit plans;
- Non-adherence to internal AML/CFT policies;
- Failure to ensure the provision of appropriate and comprehensive training to Board and committee members; and
- Failure to provide enhanced training for staff in key AML/CFT roles.
With increasing focus on AML and CFT, it is necessary for all entities to not only review their AML/CFT procedures but to ensure that those policies and procedures are being implemented across all levels of staff within their organisation.
Fitness and Probity
With the implementation of the Single Supervisory Mechanism (SSM), it is not surprising that fitness and probity obligations remain high on the Central Bank’s agenda. As of 4 November 2014, the ECB has taken up its role under the SSM as the competent authority to assess the fitness and probity of:
- The management board of significant credit institutions (consisting of well-known domestic Banks); and
- The management board of all credit institutions applying for authorisation.
Sector Specific Enforcement Priorities
The Central Bank has also set out its sector specific priority areas. It will focus on MiFID Conduct of Business Rules and Client Asset Requirements for regulated Markets and Governance in Credit Unions.
The statement also places importance on Consumer Protection highlighting the Code of Conduct on Mortgage Arrears, suitability of sales and fair treatment of customers as the core areas for supervision in 2015. Financial institutions must provide consumers with clear, relevant and accurate information for example on cost, during the sales process and any product recommended to a consumer must be appropriate for their needs.
The Central Bank has also allocated resources for enforcement against firms with a low impact PRISM rating on its risk assessment framework. Historically under PRISM, firms with the lowest potential adverse impact on financial stability and the consumer have been supervised reactively. This shift of focus for 2015 from a reactive to a proactive risk assessment framework highlights the fact that although a firm may carry on business below the radar of the Central Bank’s usual supervisory remit, irrespective of a firm’s size, any breaches of applicable regulations will be taken very seriously.
All regulated entities should know the cross sector and where relevant sector specific highlighted areas, to review their internal regulatory/compliance procedures and to ensure that they can demonstrate full compliance. Failure to demonstrate full compliance can result in Enforcement Action being taken by the Central Bank which can lead to the imposition of significant fines, disqualification of directors and prohibition notices being issued. Regulated entities should also be aware that under the SSM the ECB will be able to take direct enforcement and sanctions proceedings against significant institutions under the framework set down by the SSM Framework Regulation.
This publication is for guidance purposes only. It does not constitute legal or professional advice. No liability is accepted by Ogier Leman for any action taken or not taken in reliance on the information set out in this publication. Professional or legal advice should be obtained before taking or refraining from any action as a result of the contents of this publication. Any and all information is subject to change.