Welcome to our Banking Update (October 2013). This Update highlights a selection of financial services regulatory and administrative law developments as well as considering topical issues for the financial services industry which have been the subject of media attention during over the past few months. We hope you find this update to be informative and useful and if you have any queries or require additional information please contact the authors listed below.

FINANCIAL SERVICES INQUIRY – HOUSES OF THE OIREACHTAS (INQUIRIES PRIVILEGES AND PROCEDURES) ACT 2013

The Houses of the Oireachtas (Inquiries Privileges and Procedures) Act 2013 came into force on 25 September 2013 and paves the way for a banking inquiry. The Act provides a statutory framework for the Oireachtas to conduct inquiries within the current constitutional framework on parliamentary inquiries as set down by the Supreme Court in Maguire v Ardagh [2002] IR 387.

The Act allows for inquiries into the conduct of members of the Oireachtas in their capacity as officeholders, and also provides powers to hold to account the government of the day or any person who has consented to Dáil scrutiny in their contract or through a statutory appointment. The Act will facilitate a banking inquiry to go ahead, and the Minister for Public Expenditure and Reform, Mr. Brendan Howlin T.D., has said conducting a parliamentary inquiry into the circumstances of the bank collapse was the best way forward as "no other possible models have been successful at meeting the public demand for a full account of this issue".

For further information, please see our recent article on The Inquiries Act.

"ANGLO" TAPES – ACCESS & DISCLOSURE IMPLICATIONS

The 'Anglo' tapes issue has brought some of the more dramatic consequences of 'call-recording' to the fore. Most banks, as well as some other financial services providers, operate automated telephone recording systems for customer service desks and when transacting customer business by phone.

Access to telephone records may arise in a number of ways, which financial services organisations should be aware of so that they can structure their systems with this in mind to comply with all applicable laws and regulations.

Below is an overview of the requirements relating to call-recording as well as some other implications financial services providers should bear in mind.

Customer Protection Code

Call-recording has become accepted practice over the years and this practice has been acknowledged by the Central Bank of Ireland (the "Central Bank") in the Consumer Protection Code, 2012 (the "CPC").

For financial services providers interacting with consumers1, telephone contact must only be made in accordance with the CPC and when doing so, the relevant entity must, amongst other things, immediately inform the consumer that the call is being recorded, if this is the case.

Financial Services Ombudsman (the "FSO")

Where regulated financial services providers do not record telephone calls with customers, they may be at a disadvantage where a customer makes a complaint to the FSO2 relating to a product or service sold over the telephone.

The 2007 Annual Report of the FSO encourages call-recording by financial services providers with the then Financial Services Ombudsman, Joe Meade, noting that when:

"dealing with a complaint that hinges on contractual commitments entered into by telephone, [he] would be disposed to find in favour of a Complainant where the Provider could not provide the necessary evidence to rebut the claim being made. It would therefore be in the interests of the Providers to consider retaining appropriate records - including, where necessary, 'phone recordings relating to such contractual commitments - for the period within which a person can complain to me i.e. six years."

The 2007 Annual Report of the FSO also states that the Data Protection Commissioner (the "DPC") was consulted by the FSO and that the DPC did not see any difficulty with financial services providers retaining personal data including telephone records in such circumstances. The DPC pointed out that it would be important that financial services providers comply with their other obligations under data protection legislation as discussed below.

Data Protection Rights

Under the Data Protection Acts 1998 and 2003 (the "DPA"), it is accepted that there can be a legitimate business interest basis for call-recording in business critical areas, provided that callers be clearly informed that the recording is taking place. The caller can then choose to continue or terminate the call.

The DPA (s.4) entitles individuals to access his/her personal data held by a data controller, i.e. financial services providers. An individual could, for example, be a bank employee or customer. On request, the individual is entitled to receive 'in an intelligible form' (i.e. a form that is capable of being understood) his/her "personal data".

Data controllers are obliged to search all of their electronic systems including audio recordings and relevant paper-based filing systems for his/her personal data.

"Personal data" means any data relating to a living individual who is identifiable from the data or from the data in conjunction with other information that is in, or is likely to come into, the data controller's possession. This encompasses a wide range of information, such as name, address, date of birth, passport number, credit card number, last time/place credit card used, geographical location and bank account details.

In 2002, the DPC considered a complaint by an individual who stated that, in the course of her employment for a particular company, she received a call from one of the major international banking organisations based in Ireland. During the call, she heard 'pips' on the line and, on enquiring, was informed that the call was being recorded but no explanation for the recording was given by the person representing the bank.

The bank stated that, in line with industry practice, it operated an automated call recording system. The recording system listed details of particular calls made at a particular time, to or from a particular telephone number. The bank initially disputed whether the recordings contained data relating to an 'identifiable individual'. However, the DPC found that the bank could identify the individual by accessing the recording system and using this in conjunction with other data it held.

Accordingly, where a financial services provider uses a call-recording system and can identify individual callers, such recordings will fall within the scope of the DPA and be accessible under s.4. Access to the recordings can be provided in audio or transcript format, subject to certain limited exceptions, in particular, the need to protect third party personal data from disclosure without consent e.g. by redacting the transcript appropriately.

Discovery

The right of access to information in litigation is far more extensive than that under the DPA; it is not restricted solely to the requester's own personal data.

Discovery can be ordered by the court of any documents that are in the possession, power or procurement of a party "relating to any matter in question therein". Discovery is also available for "electronically stored information" ('ESI'). ESI includes data held on computer, voicemail, SMS text message, email, Blackberry-type devices, mobile telephones, CDs, DVDs, back-up tapes and other digital media. Therefore, financial services organisations should be aware that call-recordings could become important evidence in litigation disputes. A few examples have been highlighted by the media in criminal trials.

The costs of discovering ESI in commercial litigation are invariably substantial, which can pose a threat to the viability of the litigation. In order to help defray such costs in advance, organisations should consider managing their ESI, bearing possible future litigation in mind. For further advice in this regard, please contact us.

Criminal Investigations and State Investigations/Inquiries

A wide range of regulatory and other authorities are empowered to investigate and prosecute corporate conduct in Ireland, including An Garda Síochána, the Garda Bureau of Fraud Investigation, the Central Bank, the Director of Public Prosecutions (the "DPP"), the Director of Corporate Enforcement (the "DCE"), the Revenue Commissioners and the Competition Authority.

The DCE is responsible for investigating company law offences with wide investigative powers under the Company Law Enforcement Act 2001, including, by search warrant, to enter and search premises, compel the production of information and seize and retain anything of material importance.

Similarly, the Competition Authority has extensive investigative powers under Competition Acts 2002-2012, including, in particular, to carry out dawn raids on any premises where it has reasonable grounds to believe that records relating to a competition law offence are being kept.

The Central Bank can also carry out inspections of regulated financial services providers. It has broad powers to enter premises, take documents, and compel the production of information and documents pursuant to various pieces of legislation, as well as the power to issue sanctions pursuant to its Administrative Sanctions Procedure.

Clearly, the above powers could encompass the seizure, retention and examination of call-recordings by the DCE, the Competition Authority and the Central Bank.

Furthermore, the Commissions of Investigation Act 2004 contains extensive provisions in relation to discovery, which allow the Commission to obtain access to documentation held by "any person" which is of relevance to its investigation. This could include call-recordings.

The new Houses of the Oireachtas (Inquiries, Privileges and Procedures) Act, 2013 also includes powers allowing committees established pursuant to this act to request documents and records as necessary for an inquiry. The definition of "document" is very broad and includes call-recordings.

Freedom of Information ("FOI")

Finally, it may be useful to add a word about FOI. Generally, financial services providers do not fall under the FOI regime, as they are not "public bodies" under the Freedom of Information Acts 1997-2003 (the "FOI Acts"). However, it is not completely irrelevant.

First, any records, including audio recordings, of a financial services provider which are held by a public body that is subject to FOI could fall to be released if they come within the scope of an FOI request. The Revenue Commissioners, the DCE and the Competition Authority are all subject to FOI to varying degrees. Public bodies are not always under an obligation to consult with third parties where they propose to release information relating to those third parties under FOI. Therefore, financial services providers should always take care to mark confidential and/or commercially sensitive information as such before submitting it to an 'FOI-able' body, in order to increase the possibility of consultation prior to releasing the information concerned.

Currently, the Central Bank is not subject to the FOI Acts. However, the Freedom of Information Bill 2013, published in July 2013, proposes to include the Central Bank as a "partially included" agency, meaning that it will be subject to FOI, other than in relation to certain specified records. These include records which are prohibited from disclosure under the Rome Treaty, the ECSB Statute or any of the Supervisory Directives within the meaning of the Central Bank Act 1942, certain personal information and confidential financial, commercial or regulatory information of persons regulated by the Central Bank.

The Bill also proposes that the NTMA, NAMA, the National Pensions Reserve Fund Commission and the National Development Finance Agency will be "partially included agencies" subject to FOI other than in relation to certain specified records.

Financial services organisations will therefore wish to monitor developments in relation to the Bill in this regard. The Bill is available here.

Investment Firms

In 2009, the Central Bank issued a consultation paper proposing to introduce mandatory call-recording of client orders for investment firms authorised pursuant to Regulation 40(6) of the European Communities (Markets in Financial Instruments Directive) Regulations, S.I 60 of 2007 (the "MiFID Regulations"). The MiFID Regulations also apply to banks when providing investment services. The Central Bank postponed its consideration of this proposal pending a European Commission review of MiFID and consideration by the Committee of European Securities Regulator ("CESR") of new unified regulations on call-recordings and electronic communications.

As part of its findings, CESR (which is now ESMA) recommended to the European Commission that MiFID firms record all telephone conversations, including those on mobile phones, and electronic communications when:

  • receiving orders;
  • transmitting orders to entities that are not subject to the MiFID recording requirement; and
  • concluding a transaction either by executing a client's order or dealing on own account.

The changes have yet to be approved by the European Commission or the Parliament and accordingly, the Central Bank has not issued any formal requirements or recommendations in respect of telephone conversation recording.

However, it is currently proposed that MiFID II will introduce mandatory recording. The draft text of MiFID II introduces a requirement to record client orders covering the services of receipt and transmission of orders and execution of orders and transactions concluded when dealing on own account in all financial instruments. The obligation applies to all forms of telephone conversation and electronic communications and the draft directive proposes a minimum retention period of 3 years. MiFID II is not expected to be implemented by Member States until 2015.

Conclusion

Currently, financial services providers are not required by law to record telephone conversations. This may change for investment firms in the future.

In the meantime, in line with industry practice in Ireland, most financial services providers do record calls. Such recordings will be a valuable asset when dealing with consumer complaints to the FSO.

However, as highlighted in this article, the practice of call-recording triggers many compliance requirements and (unexpected) legal implications, such as the right of access, which financial service providers must bear in mind.

THE REVISED CODE OF CONDUCT ON MORTGAGE ARREARS

A revised Code of Conduct on Mortgage Arrears (the "CCMA") came into effect on 1 July 2013. The revised CCMA was published against the backdrop of measures introduced by the Central Bank to address mortgage arrears, including the publication of performance targets for the main mortgage banks in Ireland.

In March 2013, the Central Bank announced targets (end June, end September and end December) for banks offering sustainable long term solutions for mortgage arrears customers. The Central Bank also said at the time that specific and more detailed targets would be set for banks, based on their capacity, systems, and processes, principally focusing on the handling of early arrears.

The Central Bank, in agreement with the Troika, has now set its expectations of the banks in this regard and requires banks to have concluded arrangements with 15 per cent of their over 90-day mortgage arrears customers by end of December 2013.

Furthermore, the Central Bank is now also setting expectations, for end March 2014, for sustainable solutions offered to customers to reach 70 per cent of over 90-day arrears and for concluded solutions to reach 25 per cent. The overall aim of the revised CCMA and the performance targets is to ensure banks offer and conclude sustainable solutions to borrowers in arrears and to facilitate and promote the resolution of such cases.

Some of the main changes and new features of the revised CCMA include:

  • An amendment to the definition of "Non-Cooperating Borrower" to include a number of clarifications as well as the introduction of safeguards to ensure that borrowers are given advance warning before being classified as not co-operating and the opportunity to avoid being treated as such.
  • The 12 month moratorium on legal proceedings for repossession no longer exists.
  • Under the revised CCMA, once a lender has made every reasonable effort to agree an alternative arrangement with a borrower, and where an alternative arrangement is deemed to be unsustainable or the borrower refuses to enter into the alternative arrangement, legal proceedings for repossession may commence three months from the date the alternative arrangement is deemed to be unsustainable or refused by the borrower, or eight months from the date the arrears arose, whichever date is later.
  • The limit of three unsolicited contacts a month has been removed and now contact with borrowers must be "proportionate". Also, a lender may make an unsolicited personal visit to a borrowers primary residence where all other attempts at contact have failed and just prior to a borrower being classified as non-cooperating.
  • Borrowers may be switched from tracker mortgages but only where none of the options that would allow the borrower to retain a tracker interest rate are appropriate and sustainable for the borrower's individual circumstances. In such instances where the lender offers the borrower an alternative repayment arrangement which requires the borrower to change from an existing tracker mortgage to another mortgage type, it must be affordable for the borrower and be a long-term sustainable solution which is consistent with Central Bank's policy on sustainability. In order to be able to offer such a solution, however, lenders must engage with the Central Bank in advance.
  • An Industry Standard Financial Statement has also been included in the revised CCMA.

Where a provision of the revised CCMA requires a lender to make changes to their systems, procedures, documents or to provide staff training, the Central Bank has said that it expects mortgage lenders to take immediate steps towards implementing the necessary changes. However, up until 31 December 2013, the Central Bank will be cognisant of issues relating to systems developments and staff training when monitoring compliance with the revised CCMA.

The importance of complying with codes issued by the Central Bank should not be underestimated.

On 31 May 2013, the High Court granted two borrowers, Anthony and Miriam Freeman, permission to challenge the validity of the appointment of a receiver by Bank of Scotland over several properties they owned on the basis that Bank of Scotland Ireland may have breached the Central Bank Code of Practice on the Transfer of Mortgages (the "Code"). The Code states that:

"A loan secured by the mortgage of residential property may not be transferred without the written consent of the borrower. When seeking consent from either an existing or a new borrower, the lender must provide a statement containing sufficient information to enable the borrower to make an informed decision."

At the moment, the High Court has only granted the Freemans leave to challenge the appointment of a receiver, however, if this case is successful and credit institutions are deemed to have not complied with the Code, some loan management companies to whom mortgages have been transferred may not have legitimate grounds to bring cases against defaulting borrowers.

The relevant challenge is expected to be brought by the Freemans against Bank of Scotland the coming weeks.

IRELAND - ANTI-MONEY LAUNDERING, CRIMINAL JUSTICE ACT 2013

The Criminal Justice Bill first appeared in February last as the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Bill, 2013 and on 12 June 2013, this Bill was signed into law by way of the Criminal Justice Act, 2013 (the "Act").

The Act includes minor changes to the anti-money laundering rules in the Criminal Justice (Money Laundering and Terrorist Financing) Act, 2010 (the "2010 Act"). Part 2 of the Act, other than Sections 5, 15 and 16 came into force on 14 June 2013 and therefore, the changes listed below are now in effect.

Amendment to the Definition of "Occasional Transaction"

The Act amends the definition of "occasional transaction" in the 2010 Act with the result that for customers of private members' gaming clubs, the financial thresholds prescribed for an "occasional transaction", which is one of the triggers for customer due diligence, is set at not less than €2,000, and, in the case of certain wire fund transfers, at not less than €1,000. There is also a technical amendment to clarify that the definition of "occasional transaction" which applies in all cases, other than for private members' gaming clubs and wire transfers, is when an amount is not less than €15,000, rather than exceeds €15,000.

Simplified Due Diligence Rules Updated

There are some changes to sections 34 and 36 of the 2010 Act. Simplified Customer Due Diligence ("SCDD") applies to "specified customers" and "specified products". The changes mean that SCDD should only apply under Section 34 of the Act where the designated person has taken steps to satisfy itself that the customer or product is actually a "specified customer" or "specified product".

Similarly, the Act provides that the exemption in Section 36 of the 2010 Act from the requirement to obtain information on the purpose and intended nature of a business relationship, should only apply where the designated person has confirmed the customer's status as a "specified customer" or "specified product".

Amendment of Rules Relating to Politically Exposed Persons ("PEP's")

Now enhanced Customer Due Diligence ("CDD") measures must also be applied to an existing customer who subsequently becomes a PEP and enhanced on-going monitoring must be applied to business relationships with a customer who is a PEP.

Mandatory Enhanced CDD for High Risk Customers

Section 39 of the 2010 Act has been updated to apply enhanced due diligence in circumstances where there is a heightened risk of money laundering or terrorist financing so that it is a mandatory requirement to apply enhanced CDD measures where the designated person has reasonable grounds to believe that there is a higher risk of money laundering or terrorist financing.

Internal Policies and Procedures

Designated person's policies and procedures to prevent and detect money laundering and terrorist financing are now required to address the following:

  1. measures taken to keep documents and information relating to the customers of that designated person up to date;
  2. additional measures taken to give effect to enhanced CDD rules; and
  3. steps to manage the risk of money laundering or terrorist financing which may arise in technological developments, including the use of new products and new practices, and the manner in which services relating to such developments are delivered.

Maintenance of Records Outside the State

The Act amends section 55 of the 2010 Act to allow records to be kept outside the State. However, where such records are kept outside the State the designated person must ensure that those records are produced in the State to:

  1. a member of the Gardaí Síochána;
  2. an authorised officer; and
  3. a person to whom the designated person is required to produce such records in relation to his or her business, trade or profession as soon as practicable after the records concerned are requested, and where the obligation to produce the records arises under an order of court, within such period specified by the court order.

Enforcement

There is a proposed extension of the enforcement powers of the state competent authorities established by the 2010 Act, for example, the Central Bank, so as to allow such authorities to issue directions to designated persons falling within their charge to take specific actions or to establish specific processes or procedures that, in the opinion of the authority, are reasonably necessary for the purposes of compliance with the Act. The timescales for complying with such directions must be clearly set out in the direction.

Part 3 of the Criminal Justice, Act 2013

Part 3 was inserted just prior to the enactment of the legislation. It makes provision for mobile phone networks to be shut down for a limited period in a limited area to prevent their use in remotely detonating a bomb. Part 3 of the Act provides that the Minister for Justice and Equality, following application from the Garda Siochana, may give such an authorisation in specified circumstance.

EU - 4TH ANTI-MONEY LAUNDERING ON THE WAY

On 5 February 2013, the European Commission adopted two proposals to reinforce the European Union's existing rules on anti-money laundering and fund transfers. These proposals, if implemented, will result in the strengthening of the existing AML regime in Europe.

The proposals include:

  • A draft directive on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing (the "4th AML Directive");
  • A regulation on information accompanying transfers of funds to secure "due traceability" of these transfers.

Both proposals take into account the latest recommendations of the Financial Action Task Force ("FATF"), the world anti-money laundering body, and go further in a number of fields to promote the highest standards for anti-money laundering and counter terrorism financing.

In particular, the 4th AML Directive provides for a more targeted and focussed risk-based approach to customer due diligence and includes proposals to:

  • improve clarity and consistency of the rules across the Member States by providing a clear mechanism for identification of beneficial owners. In particular, companies will be required to maintain records as to the identity of those who stand behind the company in reality;
  • improve clarity and transparency of the rules on customer due diligence in order to have in place adequate controls and procedures, which ensure a better knowledge of customers and a better understanding of the nature of their business. In particular, the Commission has said that it is important to make sure that simplified procedures are not wrongly perceived as full exemptions from customer due diligence. The provisions dealing with politically exposed persons, i.e. people who may represent higher risk by virtue of the political positions they hold, are also expanded to now also include "domestic" (those residing in EU Member States) (in addition to 'foreign') politically exposed persons and those in international organisations;
  • extend its scope to address new threats and vulnerabilities by including of the gambling sector, the former directive covered only casinos, and by including an explicit reference to tax crimes;
  • promote high standards for anti-money laundering by going beyond the FATF requirements in bringing within its scope all persons dealing in goods or providing services for cash payment of €7,500 or more, as there have been indications from certain stakeholders that the current €15,000 threshold was not sufficient; and
  • strengthen the cooperation between the different national Financial Intelligence Units ("FIUs") whose tasks are to receive, analyse and disseminate to competent authorities reports about suspicions of money laundering or terrorist financing.

The two proposals foresee a reinforcement of the sanctioning powers of the competent authorities by introducing a set of minimum principle-based rules to strengthen administrative sanctions and a requirement for them to coordinate actions when dealing with cross-border cases.

The European Commission organised a public hearing on 15 March 2013 where the main changes in the international framework as well as the 4th AML Directive were debated among various groups of stakeholders. The next steps will involve the two proposals being adopted by the European Parliament and the Council of Ministers under the ordinary legislative procedure.

Footnotes

1 "consumer" means any of the following:

a) a person or group of persons, but not an incorporated body with an annual turnover in excess of €3 million in the previous financial year (for the avoidance of doubt a group of persons includes partnerships and other unincorporated bodies such as clubs, charities and trusts, not consisting entirely of bodies corporate); or

b) incorporated bodies having an annual turnover of €3 million or less in the previous financial year (provided that such body shall not be a member of a group of companies having a combined turnover greater than the said €3 million);

and includes where appropriate, a potential 'consumer' (within the meaning above).

2 The FSO can deal with complaints from personal customers of financial services providers, Limited Companies with turnovers of less than €3 million as well as Charities, club trusts and partnerships.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.