The Central Bank (Individual Accountability Framework) Bill July 2022: Prepare for the operational impacts!
The introduction of the Individual Accountability Framework (IAF) builds on the regulatory reforms that have taken place in the financial sector in Ireland since the financial crisis, and introduces new financial regulation, with an emphasis on individual and personal accountability and responsibility.
The Framework comprises of the following 4 key components:
- The Senior Executive Accountability Regime (SEAR), which places obligations on certain customer facing firms and senior individuals within them to set out clearly where responsibility and decision-making lies.
- Conduct Standards for individuals and firms to impose binding and enforceable obligations on all Regulated Financial Service Providers (RFSPs) and individuals working within them with respect to expected standards of conduct.
- Enhancements to the existing Fitness & Probity Regime to ensure a more effective operation of the regime and its ability to support the IAF.
- IAF breaks the “Participation Link” which requires the Central Bank to first prove a contravention of financial services legislation against an RFSP before it can take enforcement action against an individual.
Whilst many firms impacted by the regime will have already started to determine who their Senior Executive Functions (SEF) will be and what they will each be accountable for, this is just one challenge firms are faced with. Based on significant experience of implementing the Senior Managers and Certification Regime (SMCR) across the financial industry in the UK (a regime which the CBI has heavily leveraged in the creation of IAF), we have observed a clear correlation between those that were best prepared and the time and effort they allocated to design and mobilise a business as usual (BAU) operating model to support the regime ahead of the go-live. This enabled them to manage unforeseen changes to in-scope populations, allowed time for processes and tools to be refined and properly embedded, and gave those responsible time to develop hands-on experience of their new responsibilities, thereby increasing the likelihood of ongoing compliance with the rules. Unfortunately, this is something that can be, and was often overlooked.
Based on lessons learnt from across a wide range of firms, there are a number of key operating model focus areas and associated complexities that need to be considered. Each one introduces significant process change and additional responsibilities, many of which will fall on HR functions:
Identification and ongoing monitoring of people and structural changes, preventing them from happening unless the correct IAF processes have been followed. Where a Senior Manager change occurs, firms must ensure that they reallocate the outgoing Senior Manager’s accountabilities to the most appropriate They must also ensure complete accuracy of and alignment between multiple mandatory regulatory artefacts, including Statements of Responsibilities and Management Responsibilities Maps (handover arrangements should also be leveraged as best practice). Although these changes may seem infrequent, in our experience they happen more regularly than firms expect and have often resulted in knock-on impacts to the population below, which can be a sizeable challenge for firms to identify and control. Furthermore, given the greater population within Controlled Functions, it will be subject to more frequent and significant change. New processes and controls must be designed and implemented wherever a change could bring an individual into scope, which could be as unnoticeable as a management line change at a lower operational level in the organisation.
IAF introduces amendments to the Central Bank Reform Act 2010 (Fitness and Probity Regime) to strengthen the obligations on firms in relation to the fitness and probity of key personnel. The firm must assess and certify in writing that all individuals who will perform Senior Executive Function (including Non-Executive Directors) or Controlled Function roles as fit and proper before they can commence in role. Under the enhancements of the Fitness and Probity Regime, the firm will have to:
- Update the fitness and probity policies and procedures to ensure persons in controlled function roles meet the appropriate standards
- Carry out specific due diligence checks on persons in controlled function roles
- Re-certify the in-scope population on an annual basis
- Report fitness and probity activities to the Central Bank
- Apply fitness and probity to Holding Companies, who will be formally brought into the scope of the Bill.
Conduct Rules have proven to be one of the most contentious areas of the UK regime, which is understandable given that they can give rise to personal implications and sanctions. RFSPs within Ireland must spend adequate time developing and delivering suitable training for impacted individuals and updating the supporting processes and artefacts. This includes disciplinary investigations, regulator notifications and remuneration decisions. In addition to process change and operational control points, new committees may need to be established to bring together specialist knowledge, ensure consistency when determining whether a Conduct Standard breach has occurred (a prescribed contravention), and to provide formal evidence of the decision-making process.
Whilst HR have always been the central location of personnel files and documentation, the function is likely to be best placed to become the golden source for IAF regulatory artefacts, and it will play a vital role in ensuring ongoing compliance with the rules. This includes capturing clear audit trails of decision making in relation to the upfront SEF allocations and ensuring ongoing alignment between a wide range of related documentation, including employment contracts, employee handbooks, new IAF offer letters, interview notes, fitness and probity attestations, and Conduct Standard breach investigation findings. This is in addition to the more clearly prescribed regulatory artefacts such as Statements of Responsibilities and Management Responsibilities Maps (as well as Handover documentation as best practice). For each artefact, records must be kept to ensure adherence with the rules, whilst maintaining compliance with other record-keeping legislation and internal policies, which can create substantial administrative burden on HR teams.
These are just some of the operational complexities and consequences of the regime that must be considered, and so it is vital that firms impacted by the IAF do not get overly distracted by debating the allocation of SEFs and their accountabilities.
Instead, they must allocate sufficient time and resources to ensure the operating model changes required to support the regime in BAU are clearly defined and embedded. An acceleration of the implementation ahead of official regulatory go-live will allow more time for training individuals and testing the changes. This is much more likely to result in the firm achieving the right design for their organisation and full compliance with the rules.
The volume of operating model change (including processes, systems, controls and management information) must not be underestimated. Instead, it must be prioritised and urgently progressed, learning lessons from counterparts in the UK under the SMCR. Allocating SEFs and their accountabilities is just the tip of the IAF iceberg.
BCS Consulting, part of Accenture, has a sophisticated approach to ensuring regulatory compliance and readiness with the IAF, developed both in Ireland and in the UK over the past 8 years. Please get in touch with Connor Mason or Dan Ridler for further guidance.