Ireland
Answer ... Banks authorised by the CBI are required to comply the prudential reporting requirements set out under the CRR and Implementing Technical Standard 680/2014 on supervisory reporting (as amended). The data collected under these reports relates to own funds, financial information, losses from property collateralised lending, large exposures, leverage ratio, liquidity ratios, asset encumbrance, additional liquidity monitoring metrics, supervisory benchmarking and funding plans.
The Central Credit Register is a secure system for collecting personal and credit information on loans of €500 or more. It is operated by the CBI under the CRA. This obliges all lenders in scope to submit personal and credit information on applicable loans to the Central Credit Register.
Banks must submit details on new customers (or the resignation of existing customers) in the context of monitoring large exposures. This reporting is to ensure that risks arising from large exposures to individual clients or groups of connected clients are kept to an acceptable level as part of the CBI’s prudential supervision.
Pursuant to the Code of Practice on Lending to Related Parties 2013 (the RP Code), banks must also submit reports regarding related-party lending to the CBI. This reporting must, among other things, ensure that the limits provided in the RP Code are adhered to.
In addition to the above, banks must report on:
- exposures to various industry sectors, including agriculture, manufacturing, utilities, construction, retail, hospitality, education, private households and public administration and defence; and
- details of the amount of non-performing loans held by a bank.
Ireland
Answer ... The registered office and head office of Irish banks must be located within the jurisdiction. The minimum initial capital is €5 million. The management and ‘decision-making unit’ of the bank must be located in Ireland. The minimum key functions that must be located in Ireland include chief executive officer, chief financial officer, financial control, risk, credit, treasury and compliance.
Every bank authorised by the CBI must have comprehensive strategies, policies and processes to assess and maintain the amounts, types and distribution of internal capital required to cover the risk exposure of the bank. Banks’ governance arrangements must also include:
- a clear organisational structure with well-defined, transparent and consistent lines of responsibility;
- effective processes to identify, manage, monitor and report the risks to which they are, or might be, exposed; and
- adequate internal control mechanisms, including:
-
- sound administration and accounting procedures; and
- remuneration policies and practices that are consistent with and promote sound and effective risk management.
The CBI’s Corporate Governance Requirements for Credit Institutions 2015 (the Governance Requirements)set out minimum governance standards for all banks authorised by the CBI and include augmented requirements for institutions that may be deemed high impact by the CBI. The governance arrangements must be sufficiently sophisticated to ensure effective oversight of the activities of the bank taking into account the nature, scale and complexity of the bank’s business.
The board of a bank must be of sufficient size and expertise to oversee the operations of the bank and must have a minimum of five directors, with a majority of the board being independent non-executive directors (‘ineds’). For banks that are subsidiaries, there must be at least two ineds.
The Governance Requirements also provide that directors must have sufficient time to devote to the role and cannot be a director of more than five other banks or insurance undertakings. The Governance Requirements further set out the requirements and roles of the chairperson, the chief executive officer, the ineds, the chief risk officer (CRO), the board generally and board committees.
In addition, the CBI’s Fitness and Probity Standards set out minimum standards of competence and knowledge/experience (fitness) and good character and financial soundness (probity) that must be met by anyone who performs a controlled function (CF) role. There are also approximately 41 senior positions designated as pre-approval controlled functions (PCFs). A PCF/CF must be competent and capable, honest and ethical; must act with integrity; and must be financially sound. A person must have a level of fitness and probity appropriate to the performance of his or her particular function. CFs and PCFs must agree to abide by the minimum standards.
Ireland
Answer ... Banks must have a risk committee and a designated CRO. The risk management must operate on a solo and a consolidated basis and promote an appropriate risk culture at all levels of the bank, subject to regular internal review. Banks must have a clear policy and organisational chart in place to have clear responsibilities, lines of reporting and persons accountable for respective areas.
A bank must have procedures and guidelines which identify, measure, monitor, control and mitigate each area of risk (in relation to each of its business lines). A bank’s risk management systems must be commensurate with the nature, scale and complexity of its activities, and associated risks must be enforced and in place – whether through ongoing monitoring and controlling of risk, reliable information systems or effective audit and control procedures.
The CRO is responsible for the risk management function and for maintaining and monitoring the bank’s risk management system. If a bank is not designated as high impact and its operations do not justify a dedicated CRO function, another PCF may fulfil that role. The CRO must have relevant expertise, qualifications and background, or undertake relevant and timely training. The responsibilities of the CRO are set out in detail in the Governance Requirements.
In addition to the CRO, banks must have a separate risk committee of at least three members with relevant expertise with responsibility for risk oversight and advice to the board, and the strategy for addressing such risks.
Ireland
Answer ... A bank must have an appropriate and properly staffed internal audit function in place, which has direct access to the board of directors, or an appropriate sub-committee of the board that reports to the board. The bank’s internal audit team should report and present quarterly reports to the board. A bank must submit to the CBI, on the internal audit team’s behalf, its internal audit charter, risk assessment methodology, internal audit plan, organisational chart of risk functions and the profile of the head of internal risk.
The Companies Act 2014 specifies certain requirements regarding persons that can be appointed as auditors which oblige companies (including banks) to appoint an external auditor. External auditors provide the annual financial statements. Auditors have a duty to submit a written report to the CBI within one month of the date of the auditor’s report on the bank’s financial statements. This report is sent directly to the CBI and is a statement to the CBI that there is no matter, not already reported in writing to the CBI by the auditor, that has come to the attention of the auditor during the ordinary course of the audit that gives rise to a duty to report to the CBI. Where matters have already been reported to the CBI, such matters should be referred to in the statutory duty confirmation.
Under Section 47 of the Central Bank Act 1989 (as amended), a bank’s auditor must notify the CBI without delay of any matters going to the financial soundness of the bank being audited and any material deficiencies in the financial reporting and accounting systems and controls within the bank; it must also notify the CBI without delay if it decides to resign as the bank’s auditor.