On 17 November, 2020, the Central Bank of Ireland (the CBI) issued a second "Dear CEO" letter on fitness and probity, following thematic on-site inspections which it conducted on a sample of firms in the insurance and banking sectors. The CBI's first "Dear CEO" letter on the topic was issued in April 2019.
The CBI has highlighted that it expects all firms to take appropriate action to deal with the issues addressed in the letter, and that the letter should be read in conjunction with its prior "Dear CEO" letter, the Fitness and Probity Standards and associated fitness and probity guidance. Below we have looked at some of the CBI's key findings.
Key Findings
- Lack of scrutiny over board
appointments – The CBI found that in some firms there
was a lack of scrutiny and formality in relation to board
appointments (such as lack of interview notes and suitability
assessments to support board appointments) and succession plans did
not meet expectations, or were not used in practice. The CBI was
also critical of the fact that in a number of cases there was no
evidence of board approval, discussion or challenge of proposed
pre-approval controlled function (PCF)
appointments, and that in many firms, directors had a poor level of
knowledge of the fitness and probity obligations.
- Due Diligence – The
area which was found to be the most consistently weak across the
majority of firms was the due diligence undertaken by firms to show
compliance with the Fitness and Probity Standards. As regards
initial due diligence, many firms were not able to evidence
qualifications, reference checks or suitability searches. The CBI
requires firms to highlight any adverse information as regards a
proposed PCF when an Individual Questionnaire is being submitted,
and explain why this information does not affect the
individual's suitability to perform the proposed role. The CBI
reminded firms that it takes a lack of disclosure seriously. The
CBI noted that if there was any attempt to mislead, this may call
into question not only the proposed PCF's suitability, but also
the firm's decision to propose the relevant individual. In
terms of ongoing due diligence, the CBI said that an annual
self-declaration by PCF controlled function
("CF") holders is the minimum expected
and that firms must undertake ongoing due diligence screening to
check if a change in circumstances has impacted an individual's
fitness and probity.
- Lack of oversight where
outsourcing to unregulated financial service providers –
The CBI found that where firms had outsourced PCF or CF role to
outsourced service providers (OSPs), a lot of
firms had not, as part of their due diligence, obtained the
required documentation, or made any inquiries into the OSP's
processes for assessing fitness and probity, or analysed whether
PCF or CF roles were being performed. The CBI reminded firms that
where a CF/PCF role is outsourced to an unregulated OSP -
notwithstanding the outsourcing arrangement - the firm remains
responsible for ensuring compliance with the fitness and probity
requirements, and for having appropriate policies and procedures in
place to ensure compliance with those requirements.
- Lack of engagement with the
CBI – The CBI observed that in the majority of firms the
processes for engaging with the CBI as regards fitness and probity
issues had not been adequately developed, documented or embedded.
In particular, it noted that a lot of firms did not have processes
in place to identify, escalate and notify the CBI in a timely
manner of potential concerns regarding the fitness and probity of a
CF or PCF holder.
- Role of Compliance Function – The CBI found that many firms were not undertaking robust compliance testing of their fitness and probity processes and procedures. The CBI said that the fitness and probity process should be subject to comprehensive oversight by the Compliance Function and should be independently reviewed periodically by the Internal Audit Function, to make sure it is fit for purpose.
Comment
This is the second lengthy "Dear CEO" letter to be issued by the CBI on fitness and probity in a relatively short timeframe, highlighting the importance which the CBI attaches to the regime. The CBI states in the letter that it considers fitness and probity to be the "cornerstone" of the regulatory framework in Ireland. In addition, the CBI expressed concern that a number of firms did not take action, on being prompted by its earlier "Dear CEO" letter, to perform a formal gap analysis of their policies, processes and procedures.
The CBI reminded firms that a failure to comply with fitness and probity obligations can result in investigations – and ultimately sanctions – under its Administrative Sanctions Procedure ("ASP"). Three firms have been sanctioned by the CBI for fitness and probity related failures under the ASP regime in the last three years.
All firms should review their fitness and probity policies and procedures in light of this letter and the CBI's previous "Dear CEO" letter, as it is clear that a failure to do so will be viewed poorly by the CBI in the context of any fitness and probity breaches which may arise.
Originally Published by Dillon Eustace, November 2020
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.