1. The Central Bank of Ireland publishes the Review of the Fitness and Probity Regime
On 11 July 2024, the Central Bank of Ireland ("Central Bank") published the independent review ("Review") of its Fitness and Probity ("F&P") regime. The Review was carried out by the former Chair of ECB Supervisory Board, Mr Andrea Enria at the request of Governor George Makhlouf.
The Review was considered necessary as the implementation of the F&P framework is over a decade old and it was considered timely to review it to ensure, as the regulatory landscape evolves, that the existing gatekeeping process remains relevant, effective and in line with international supervisory and industry best practices. The F&P framework plays an important role in promoting sound governance, effective risk management and public trust in the financial sector.
The recent decision of the Irish Financial Appeals Tribunal ("IFSAT") in the AB case was also referenced as having been an element of the impetus for the Review.
The Review recognises the importance of the F&P regime as a fundamental element of the supervisory toolbox, ensuring that individuals operating in key roles within regulated entities in the financial sector are carrying out their responsibilities effectively and in accordance with high ethical standards. From the year 2020 until 2023, the Central Bank approved over 11,000 individual roles, illustrating the centrality of the F&P process in the supervision of the financial sector in Ireland.
As part of the preparatory work for the Review, Mr Enria engaged in a thorough consultation process with key stakeholders to include all relevant industry associations, individual firms, legislative and policymaking bodies, staff in the Central Bank and other Irish authorities. Mr Enria also examined good practice prevailing in other supervisory authorities in the EU, the UK and Australia, which was an essential component of the Review.
The Review found that the F&P regime at the Central Bank is broadly in line with supervisory authorities in other jurisdictions across a number of areas, namely:
- required standards are comparable;
- statistics on approvals, withdrawals of applications and refusals correlate with those published by peer regulators. Further, these outcomes did not show a particular stringency or leniency of the process in Ireland as against those employed in the other comparable jurisdictions; and
- timelines are well aligned with the target service standards of the Central Bank and are generally faster than in other countries.
Overall, it was found that over the 13 years that the F&P regime has been operative, it has been successful in raising the bar for entry into key positions in the financial industry. This has positively served the interest of consumers and the stability of the financial system.
The review of the F&P process also highlighted the potential for targeted improvements in the areas of consistency of the process across firms of different size and operating in different financial sectors.
The Review acknowledges that the practices adopted by the Central Bank are already to a large extent aligned with the recommendations set out in the Review and so not all recommendations are seeking change. Rather, taking into account that there may have been some divergences from those good practices at times, it is seen as important that those matters are reiterated and clarified in official documents and embedded in Central Bank culture. Specifically, the recommendations in the Review concentrate on three areas:
- clarity as to the expectations of supervisory authorities;
- internal governance of the process; and
- the effectiveness, transparency and fairness of the process.
Appendix 1 of the Review sets out the recommendations of Mr. Enria. The following is a high level overview of each recommendation:
1. Fostering industry role in gatekeeping
The Central Bank should, as part of an overall enhancement on process guidance, provide greater clarity and guidance to industry on the important role of regulated entities in the gatekeeper phase;
2. Clear fitness and probity standards
It is recommended that the Central Bank consolidate standards in a single location which would enable regulated entities, individuals and the staff of the Central Bank to access and understand the expectations more easily, promoting consistency in their application;
3. Governance
The establishment of a single F&P gatekeeping unit with responsibility for the entire gatekeeping process together with enhanced implementation of a risk-based approach for F&P gatekeeping, with a reconsideration of the overall number of PCF roles. It is recommended that this unit be organisationally segregated from the enforcement function to ensure a clear distinction between the two processes.
4. Decision making
Some of the recommendations under this heading include:
- the establishment of a significant decisions committee within the Central Bank; and
- where legal advice is required at the decision making stage, it should be provided by the General Counsel to the Central Bank;
5. Communication and IT platform
It is recommended that the Central Bank should organise an annual information session open to both firms and potential candidates to assist with their understanding of the practicalities of the F&P process;
6. Interview stage
- as regards interview notifications, it is recommended that the Central Bank should provide a minimum of 5 working days' notice of an interview to the relevant individual; and
- the Central Bank should commit to keep interviews within a certain time limit (e.g., 90 minutes, as it is good practice at other authorities); and
- the Central Bank should adopt as a principle that it will provide feedback in all cases where an interview has been conducted (whether an assessment interview or a specific interview) and that such feedback should be provided to both the individual and the regulated entity.
7. Efficiency of interview process
The Central Bank should aim to conduct a single comprehensive interview. This approach reduces the potential for unnecessary duplication, such as conducting an initial assessment interview followed by a specific interview.
8. Withdrawals/feedback
As well as providing feedback after an interview, it should also be provided in cases where a withdrawal occurs.
9. Management information
There are quite a number of recommendations under this heading some of which address the following:
- clear and comprehensive service standards;
- time limits; and
- various different reporting categories.
10. Quality assurance
It is recommended that a robust quality assurance mechanisms should be set in place. The output from this process should be conveyed on at least an annual basis to a senior committee.
11. Complaints procedure
A complaints process should be established specifically for the F&P gatekeeping process. This procedure should be led by an externally appointed risk advisor.
12. Training
The development of a comprehensive training programme for the F&P gatekeeping process, including the nature of the gatekeeping role and its significance, the process to be adopted including any risk framework overlay, conduct of interviews and provision of feedback, is recommended in the Review.
Governor Makhlouf, speaking at the publication of the Review, said the following:
"I accept all of the recommendations in the review. They will help us to ensure that the F&P regime continues to perform its key role into the future. In particular, I very much welcome the emphasis on the critical role of supervisory judgement in promoting good governance within the financial sector and the necessity to uphold procedural fairness as its foundation. In this respect there are clearly improvements we can make in the way we manage applications and come to a judgement on them. As we introduce these improvements, it is paramount that our supervisory judgement is consistently grounded in a fair and impartial evaluation process, ensuring equity and transparency for all parties involved. We are immediately looking to our implementation approach, including the creation of a new unit to bring together F&P activities that are currently dispersed across the Central Bank."
Next Steps
As set out above, the Review introduced a number of recommendations that would improve the operation of the F&P regime including the introduction of a new unit with responsibility for the entire gatekeeping process. The recommendations of the Review will be implemented over the coming months and are expected to be in place by the end of the year.
2. ESAs consult on Guidelines under the Markets in Crypto-Assets Regulation
On 12 July 2024, the three European Supervisory Authorities ("ESAs") published a consultation paper on Guidelines ("Guidelines") under the Markets in Crypto–Assets Regulation ("MiCA"). These draft Guidelines are the only joint ESA policy mandate under MiCA.
The Guidelines set out a standardised test to encourage a common approach to classification. The Guidelines also set out templates for legal explanations and opinions, which provide descriptions of the regulatory classification of crypto assets in the following situations:
- Asset – referenced tokens ("ARTs"):
The white paper for the issuance of ARTs, which includes
extensive information about the crypto asset, is required to be
accompanied by a legal opinion describing the classification of the
crypto asset, specifically, the fact it is not an electronic money
token ("EMT") or a crypto-asset that
could be considered excluded from the scope of MiCA; and
- Crypto assets that are not ARTs or EMTs under MiCAR:
The white paper for the crypto asset must be accompanied by an explanation of the classification of the crypto asset, specifically that it is not an EMT, ART or crypto asset excluded from the scope of MiCA.
The guidelines set out:
- templates establishing the content and form of the explanation accompanying the crypto asset white paper;
- templates establishing the content and form of the legal opinion on the qualification of ARTs; and
- a standardised test that recognises that MiCA applies to crypto assets that are not:
- unique and non-fungible with other crypto-assets;
- in scope of relevant sectoral measures by virtue of their qualification as financial instruments, deposits, insurance and pensions products and other relevant financial
- products;
- issued by excluded persons..
The ESAs have provided a useful flow chart of the standardised test which is available on page 34 of the Consultation paper. This standardised test recognises that the regulatory classification of crypto assets requires examination on a case–by–case basis, considering applicable EU and national law, decisions of the Court of Justice of the European Union, decisions of the national court, and any guidance applicable at national level.
Next Steps
On 23 September 2024 from 10:00 to 12:00 CEST, the ESAs will
hold a virtual public hearing on the consultation paper. Interested
stakeholders may attend by registering through this link by 19 September 2024 at
16:00 CEST.
Comments on the consultation paper can be submitted through the
consultation page. There will be no submissions accepted after 12
October 2024. Any comments will be released following the end of
the consultation period, unless specified otherwise.
3. MiFIR review: ESMA launches new consultations
On 10 July 2024, the European Securities and Markets Authority ("ESMA") published a new package of public consultations. The aim of this package is to enhance transparency and system resilience within financial markets, decreasing reporting burden and encouraging collaboration in the supervisory approach.
Reasons for publication
A review of the Markets in Financial Instruments Regulation ("MiFIR") and of the second Markets in Financial Instruments Directive ("MiFID II") was carried out which resulted in an amending regulation and amending directive being published in the Official Journal of the European Union on 8 March 2024. Following this, ESMA has been authorised to establish various technical standards identifying certain provisions.
Included in the consultation paper ("CP"), are various mandates with a 12 month deadline and one with a 9 month deadline. The objective of these mandates is to gain an insight into the views, comments and opinions of stakeholders and market participants on the proposals for:
- the modification of the L2 provisions, identifying the obligations on equity transparency, covering technical advice to the Commission as well as amendments to the Commission Delegated Regulation ("RTS") on equity transparency;
- a contemporary implementing technical standard ("ITS") for notification of investment firms acting as Systematic Internalisers ("SIs") to competent authorities;
- the amendment of RTS specifying the volume cap;
- the amendments of the RTS identifying organisational obligations for trading venues to allow for the integration of the new empowerment on circuit breakers as well as highlighting the changes resulting from the Digital Operational Resilience Act ("DORA"); and
- a new RTS on the input / output data for the equity Consolidated Tape Provider ("CTP").
This CP also proposed flags for post-trade transparency for the transparency requirements for non-equity instruments, notably bonds.
Contents
The CP introduced the following:
- the changes to the L2 provisions on equity transparency cover;
- the changes to the MiFiR review which amend the definition of a 'liquid market';
- the specification of information to be disclosed in the area of pre-trade transparency for trading venues, which is also of relevance for the equity consolidated tape;
- the review of pre-trade transparency requirements for Sis;
- A new Commission Implementing Regulation on the content and format of the Systematic Internaliser Notification. The aim of the mandate is to establish a standard template to be used by firms for the notification to their NCA when they meet the definition of an SI.;
- some largely technical amendments to the RTS, aiming to
simplify the use of cap volume in particular:
- a shift from double volume cap ("DVC") to single volume cap ("SVC");
- removal from the scope of the volume cap of transactions completed under the negotiated trade waiver;
- application of suspensions by trading venues based on the publication by ESMA of trading data; and
- a shift from monthly to quarterly publication by ESMA of trading data.
- the proposed recast of the RTS, highlighting the organisational requirements for trading venues, concentrating on the new mandate on circuit breakers and highlighting the changes resulting from DORA;
- the scope of data to be contributed to the equity CTP along with the data to be published by the equity CTP. This was established in correspondence with the proposed amendments to the RTS on equity transparency to ensure full alignment; and
- the range of flags to be used for post-trade transparency for non-equity instruments.
The Annexes to the CP provide the legal drafting of the L2 amendments and the ITS / RTS mandates in significant detail.
Upon approval, these standards will facilitate the implementation of the CTP in the European Union. The objective of these standards is to encourage efficiency and competitiveness in the European financial markets.
Next Steps
For the technical advice, RTS 1, the RTS on input / output data for shares and ETFs CTP and the flags under RTS 2, ESMA will consider all comments received by 15 September 2024 and aim to submit a final report to the European Commission by December 2024.
For the SI ITS, RTS 3 and RTS 7, ESMA will consider all applications by 15 October 2024 and aim to submit a final report to the European Commission by March 2025.
4. ECB publishes report on bank digitalisation assessment criteria and sound practices
On 11 July 2024 the European Central Bank ("ECB") published a report ("Report") on the digitalisation activities of banks in the single supervisory mechanism ("SSM").
The Report sets out the main assessment criteria used by the ECB to assess the digitalisation activities of banks and the related risks. In addition, the Report give examples of sound practices employed by banks that the ECB considers to, in the main, meet the assessment criteria.
The ECB's assessment framework was mainly based on the CRD IV Directive and relevant EBA guidelines, particularly those on supervisory review and evaluation process ("SREP"), outsourcing and internal governance. The ECB also considered the publications of international and European standard-setting bodies on digitalisation and technology-related risks.
The Report groups the assessment criteria and sound practices are grouped together according to three themes as follows:
- business model impact;
- governance; and
- risk management.
It is stated in the Report that these criteria and practices may change in the future based on upcoming supervisory activities, including future targeted reviews, on-site inspections and deep dives.
Business model impact
Under the heading there are a number of assessment criteria set out including:
- whether the institution understands the impact of digital trends on the business environment in which it operates, in the short, medium and long term, enabling it to make informed commercial and strategic decisions;
- whether the institution identifies, assesses and documents, in a comprehensive and systematic manner, the digital-related external factors impacting its business environment;
- whether the institution performs a digital readiness assessment to understand its digital positioning;
- whether the institution understands how digitalisation affects its business environment in the short, medium and long term and does this awareness inform its business strategy process; and
- does the institution have in place adequate financial and non-financial execution capabilities for the proper implementation of any relevant digital strategy
Allied with each assessment criterion are examples of corresponding sound practices, for example:
- clients' behaviours, expectations (monitored for instance through specialised regular market benchmarks or continuous client feedback) and the demographic implications of the institution's client base, which help tailor its offer to specific audiences;
- regulatory requirements and their implications, to ensure due compliance, to force reprioritisation dynamics into the original roadmap and scan for opportunities for innovation;
- data and artificial intelligence (AI) capabilities, to spot opportunities for automating internal processes and improving customer services; and
- the top-level strategy is translated into business lines and teams collaborate to i) define a plan with the required budget, resources and expected deliverables, and ii) deliver on the plan, flagging adjustments or reprioritisations when needed.
Governance
Matters taken into account under this heading include the following:
- whether a bank has a clear allocation of responsibilities related to digital topics in the management body;
- whether its management body provides effective oversight of the digitalisation strategy and related risks;
- whether digitalisation is embedded in the bank's risk culture; and
- whether the bank monitors critical dependencies, interdependencies and third-party relationships.
Sound practices identified under the heading include:
- workforce planning, recognising different needs at different phases of the roll-out to feed the information into hiring (including external developers), training and reskilling plans;
- strategic alignment, with a focus on aligning business and IT strategies and / or the digital strategy specifically, in order to make sure that digitalisation aspects are consistently addressed; and
- the allocation of adequate human, financial and technical resources is discussed in relation to the strategic objectives, based on the progress monitoring reports.
Risk management
Matters highlighted as assessment criteria in terms of risk management include the following:
- whether the institution runs a detailed impact review of traditional and non-traditional risk dimensions during the digital strategy-setting process and the new product approval process ("NPAP") as well as during the execution of its digital strategy;
- whether the institution has in place a data governance process to support data-driven digitalisation initiatives; and
- whether the institution assesses and updates the risk map and relevant risk metrics in all risk dimensions, and reviews and adapt the suitability of existing risk models in view of digitalisation.
Sound practices identified under the heading include:
- a data governance framework that includes all the entity's relevant data, regardless of their origin, including digital-driven data or data relevant for digital initiatives;
- a dedicated data quality key risk indicators ("KRI") dashboard reported to and actively discussed in the management body with appropriate follow-up; and
- automated data quality checks for the detection, correction and removal of data inaccuracies/inconsistencies.
Next Steps
The Report states that the "sound practices" are being published at an early stage so as to inform the supervisory dialogue on those aspects with the banks making a strategic decision to develop their digital footprint. The Report also sets out that "as part of this supervisory dialogue, the ECB will discuss with institutions the ECB's assessment criteria in terms of any possible divergences in institutions' practices."
5. EBA publishes final report on ITS on supervisory reporting under CRR
On 9 July 2024 the European Banking Authority ("EBA") published its final report ("Report") on final draft Implementing Technical Standards ("ITS") amending Commission Implementing Regulation (EU) 2021/451 on supervisory reporting referred to in Article 430(7) of Regulation (EU) No 575/2013 concerning output floor, credit risk, market risk, operational risk, crypto assets and leverage ratio on the changes to the current reporting framework that stem from the implementation of Basel III reforms in the Capital Requirements Regulations III ("CRR 3").
The new ITS will repeal Commission Implementing Regulation (EU) 2021/451. These ITS reflect the single rulebook at the reporting level and form part of the single rulebook for banking in Europe and become directly applicable in all Member States once adopted by the European Commission ("Commission") and published in the Official Journal of the EU. The ITS will allow supervisors to have sufficient comparable information to monitor compliance by institutions with CRR 3 requirements, thus further promoting enhanced and consistent supervision.
In view of the fact that the Basel III reforms have an application date of 1 January 2025, the EBA published the "EBA Roadmap on Strengthening the Prudential Framework" (" Roadmap "). The Roadmap sets out the process that applies when developing reporting and disclosure requirements as follows:
- prioritising mandates and changes necessary to implement and monitor Basel III requirements in the EU; and
- implementation by the EBA of other reporting and disclosure requirements that are not directly linked to Basel III implementation.
Consequently, the new ITS are a result of step one of this process. The final draft ITS include the minimum reporting requirements on operational risk that will be applicable to institutions from the date of application of the CRR 3.
In addition to the final Report, the EBA has published an updated mapping tool between the revised disclosure templates and the reporting templates, together with a summary of all the Pillar 3 disclosure requirements and their respective frequency.
Next Steps
The application date for the ITS will be 1 January 2025 with the first reference date to be 31 March 2025. However, due to concerns raised by stakeholders about the tight timeframes, the reference date will be extended from 12 May to the end of June 2025 (6 weeks).
By the end of the year, together with the related policy products, the EBA will finalise the rest of the reporting requirements on operational risks, taking into account the relevant policy choices including more granular data.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.