What you need to know about Ireland’s Individual Accountability Framework (IAF) Bill
What is IAF?
By now, every regulated entity in Ireland knows what the Individual Accountability Framework (IAF) Bill is and has been preparing their implementation plans for months. Influenced by a global move towards greater accountability in banks, investment entities, asset managers, and other financial services organisations, IAF is the Central Bank of Ireland’s (CBI) regulatory answer to addressing the reduced level of trust of consumers, markets and the broader industry following the banking crisis in 2008.
Get summary of key IAF points
Download our digestible summary of all the key points included in CBI’s Consultation Paper and two annexes.
Trailight for IAF
Download our IAF Solution guide to get key considerations and tools for implementation from Trailight.
When did IAF come into effect?
The Central Bank of Ireland’s (CBI) Individual Accountability Framework (IAF) Bill, which includes the Senior Executive Accountability Regime (SEAR), was first announced in 2018 but it wasn’t until August 2021 that the Irish Government presented the Bill.
On March 9th, this plan was officially enacted after years of updating guidance and months of implementation planning from the Regulated Financial Services Providers (RFSPs) in question.
The Consultation Paper for the bill, alongside two annexes, have now been released and state the following implementation periods:
- Conduct Standards including accountability of senior individuals for running their parts of the business effectively to apply from 31 December 2023;
- Fitness & Probity Regime – Certification and inclusion of Holding Companies to apply from 31 December 2023;
- Regulations prescribing responsibilities of different roles and requirements on firms to clearly set out allocation of those responsibilities and decision making to apply to in-scope firms from 1 July 2024.
Most importantly, all Regulated Financial Services Providers (“RFSPs”) are expected to be in compliance with the Conduct Standards and the enhancements to the F&P Regime by 31 December 2023, irrespective of whether the firm is in-scope for the initial phase of SEAR.
The latest IAF updates for 2023
Much of the final consultation paper reflects preceding guidance, holding firm the heart of positive outcomes and economic wellbeing, but there are a few highlights that are important for financial service organisations to integrate into implementation plans.
- Senior manager certification: Senior managers will now be required to provide a certificate annually.
- NED responsibilities: NEDs have been deemed “essential roles in the effective governance of firms”, and therefore have been brought under the scope of SEAR with additional prescribed responsibilities.
- Prescribed responsibilities: A reduced number of general Prescribed Responsibilities will apply to both Low PRISM impact rated in-scope investment firms and incoming third country branches of entities.
- PCFs: In-scope RFSPs must also identify and subsequently allocate Other Responsibilities to individuals within a PCF role.
- Mapping: In-scope firms must create a Management Responsibilities Map (MRM) and a statement of Responsibilities map
- Duty of responsibilities: Individuals performing PCFs must take “reasonable steps” to ensure that the areas of the firm for which they are responsible are compliant.
- Additional Conduct Standards: This will apply to both PCF and Controlled Function 1 (“CF1”) role holders, plus the Standards for Business will apply to all firms already established in the Consumer Protection Code (“CPC”).
Who will be affected?
The Individual Accountability Framework applies to financial entities in Ireland, specifically Regulated Financial Services Providers (RSFPs), and focuses on senior executive roles.
SEAR has been introduced in phases, starting with credit institutions, insurance undertakings (excluding reinsurance, captive (re)insurance, and insurance special purpose vehicles), investment firms and third country branches of these organisations.
The firms and roles in scope have now been confirmed in the Consultation Paper, but the scope of SEAR is still planned to be expanded.
- Firm Types in Scope
All firms within the initial scope of SEAR:
- Credit institutions (excluding credit unions)
- Insurance undertakings (excluding reinsurance undertakings, captive (re)insurance undertakings and Insurance Special Purpose Vehicles);
- Investment firms which underwrite on a firm commitment basis and/or deal on own account and/or are authorised to hold client assets; and
- Credit Institution Third country branch
- Insurer Third Country Branch
- Investment Firm Third Country Branch
- Low PRISM impact rated in-scope investment firms (a reduced number of Prescribed Responsibilities are applicable to such firms)
- Low PRISM impact rated in-scope investment firms incoming third country branches. (a reduced number of Prescribed Responsibilities are applicable to such firms)
Holding Companies may have PCF and CF role holders and thus will be subject to F&P rules pending the outcome of the Consultation Process. The Central Bank also has power under the IAF Act to extend the SEAR to other regulated financial service providers by way of Central Bank regulations.
2. Roles in Scope
- Pre-Approved Controlled Functions (PCF). These are senior manager roles requiring approval by the regulator, the CBI, and which also require assessment as fit and proper by the firm.
- NEDs and Independent NEDs. These are roles treated as PCFs and which also require assessment as fit and proper by the firm.
- Controlled Functions (CF). These are predefined roles that do not require regulatory approval, but which also require assessment as fit and proper by the firm.
What motivated the IAF?
“The role of financial regulation in building resilience, anticipating risk, and protecting citizens – in steady times and through shocks” – Director General, Financial Conduct, Derville Rowland
Similar to the SM&CR regulation put in place in the UK, the IAF Bill aligns with an international movement to strengthen corporate culture and conduct, driving better, more resilient outcomes for these organisations and their customers. This is approached as an integrated effort to drive positive behaviour, promote individual accountability, promote the right individual conduct and competence, and heighten risk management practices within individual financial firms across the country.
This is also in part inspired by feedback from the public after a report from Edelman revealed that trust levels in banking remain low after recent challenges such as Brexit and the Covid pandemic. This isn’t helped by the lack of awareness and existing compliance issues surrounding the current Fitness and Probity regime.
In response, the Central Bank of Ireland have released the IAF to expand and enhance on this regulation, giving financial institutions the opportunity to recover from this perception and common challenges with governance. Primarily, this will be achieved by improving the clarity of individual, committee, and team roles and responsibilities, as well as understanding how to implement this operationally within an organisation.
SEAR specifically draws on the UK’s successful SM&CR implementation in its aim to build effective governance frameworks. SEAR focuses on encouraging senior managers to do this based on assessing risk management and identifying any potential gaps.
What does the bill introduce?
As mentioned, the IAF Bill is based on SM&CR in the UK and the regulation it introduces will be similar.
The Bill contains four primary elements:
- The Senior Executive Accountability Regime (SEAR): This focuses on the need for firms to clearly and comprehensively evidence where responsibility and decision-making lies in order to build transparency over accountability (See below for more).
- Conduct Standards: This sets out the expected behaviour of firms and individuals including issues of integrity, honesty, skill, care, diligence and consumer interest.
- Fitness & Probity Regime: This section enhances existing regulation in this area, with the biggest change being a larger focus on proactively certifying staff to ensure they are fit and proper to perform their roles.
- Enforcement, Investigations and Sanctions: The Administrative Sanctions Procedure is being strengthened to ensure there is protocol for individual accountability against misconduct. This will instil greater clarity, efficiency, and consistency for the firm, individuals and enforcement agents.Senior Executive Accountability Regime (SEAR)
Within the IAF, SEAR has been put into effect to ensure greater transparency and clear accountability. It ultimately gives the Central Bank the power to impose obligations onto Regulated Financial Service Providers (RFSPs) in respect to their management, monitoring and reporting of governance and management arrangements.
One of the core challenges that has led to this was proving a causal link between responsibilities and outcomes at large and often complex organisations. SEAR rectifies this by ensuring there is a clear statement of responsibilities for all senior executives within a bank or financial organisation, with an individual tied to all key business and operational functions.
In context, this means they can oblige RSFPs to lay out their responsibility and decision-making infrastructures by making provisions for the following:
- Responsibilities that are inherent to each Senior Executive Function (SEF)
- Prescribing responsibilities which RFSPs must allocate to individuals carrying out SEFs
- The identification and allocation of other responsibilities by RFSPs to relevant SEFs
- Imposing requirements on RFSPs to provide a statement of responsibilities to the Central Bank for SEFs which clearly sets out their role and areas of responsibility
- Imposing requirements on RFSPs to produce a management responsibility map documenting key management and governance arrangements in a comprehensive and accessible way within a single source of reference
What are the key changes you should expect for your business?
Responsibilities
New expectations have been established in relation to accountabilities, roles and responsibilities, particularly senior staff members. Firms will be required, based on specific regulation, to review and enhance their senior management and governance structures.
For example, Chief Audit Executives (CAEs) will now have responsibilities and influence as a senior person that may not have had previously.
Documentation will also be a key element of individual accountability within firms going forwards. For example, SEAR will require regulated firms to identify and document the responsibilities of senior individuals performing “senior executive functions” within them.
Training
The IAF has outlined three types of conduct standards for RSFPs which should affect training practices and performance standards, as a breach will be considered an enforceable “prescribed contravention” against the organisation or individual in the relevant controlled function (CF).
The Standards of Businesses cover expectations for RSFP conduct including honesty, fairness, skill and consumer treatment amongst others. The Common Conduct Standards outlines similar themes relating to CFs, aiming to provide clarity about behaviour and compliance standards by providing a non-exhaustive list of practical examples to demonstrate what’s expected and guide further training. Finally, the Additional Conduct Standards introduce more obligations for all persons in senior roles to secure accountability and responsibility within roles, decision-making and throughout delegation action.
To support these changes in conduct and integrity from the ground up, as well as those outlined in the Fitness and Probity section of the regime, there will be new requirements on how to assess staff training methods and support after training. These principles are expected to be embedded into the organisational culture and so organisations will need to rethink their HR processes, such as their assessment processes for individual certification.
Sanctions
Another key part of these changes involves enabling sanctions when an individual breaches conduct rules. For example, it will be possible to disqualify and fine senior persons convicted of carrying out their professional responsibilities in a reckless manner.
How can you prepare your business?
Previously, Gerry Cross has emphasised the importance of the CBI taking a future-focused approach, and Irish entities should do the same. The financial landscape has proven to be fast-changing, with regulation following suit closely behind. Digitisation and systemisation are key in the upcoming months as organisations draw closer to the final implementation dates.
Systemising (before it’s too late) allows organisations to embed the right resources, guidance, and infrastructure to support their individuals in their roles and to establish a culture of compliance early on.
Now the guidance has been confirmed, organisations should waste no time in integrating the development of digital frameworks and processes to support their implementation plans. This will both build transparency and reduce risk as entities proceed with compliance.
IAF and SEAR FAQs
Why is individual accountability important?
A firm’s governance is supported by infrastructure and carried out by individuals. This is why it’s important for organisations to ensure they are instilling accountability in their staff while also centring their processes around the people who are responsible for meeting their governance requirements.
Building effective individual accountability ensures not only that the individuals entrusted with certain roles and responsibilities are capable of fulfilling them, but that these responsibilities are clear, recorded, and systemised. Digital fingerprinting or versioning tools, for example, support this process by providing an unequivocal paper trail tracking individual accountability; including an individual’s actions and when they took place.
This gives people the tools they need while creating a culture where compliance is incorporated into everyday workflows and processes.
What is an SEF and what will their duties be?
SEF stands for Senior Executive Function, which, according to the IAF Bill refers to “a pre-approval controlled function carried on by, for, or on behalf of a regulated financial service provider to whom the senior executive accountability regime applies”.
Their duty is “to take reasonable steps to avoid their firm committing, or continuing to commit, a ‘prescribed convention’ in relation to the areas of the business for which they are individually responsible.” SEFs will therefore be considered in breach of their duties in the following circumstances:
If when the individual was performing that SEF role, the RFSP committed or continued to commit a prescribed contravention
If they were, at that time, responsible for the business area relevant to that prescribed contravention
And if the individual did not take reasonable steps to avoid the prescribed contravention occurring or continuing
What are the standards for business outlined by IAF?
The obligations imposed for standards of business describe that a RFSP should:
- Conduct its business professionally, honestly, ethically and with integrity
- Conduct its business with due skill, care and diligence, and take appropriate steps to prevent or effectively manage conflicts of interest
- Act in the best interests of its customers and treat them fairly and professionally
- Maintain adequate financial resources and control and manage its affairs and systems sustainably, responsibly, and in a sound and prudent manner
- Arrange adequate protection for clients’ assets when it is responsible for them
- Deal with its regulators in good faith and in an open and cooperative way and shall disclose to the Central Bank promptly, proactively and appropriately anything relating to the firm of which the Central Bank would reasonably expect notice
What changes have been made to the Fitness and Probity (“F&P”) Regime?
The changes made to the F&P regime serve to strengthen the existing obligations of firms in relation to the Fitness and Probity of their key personnel under the CBI’s Fitness and Probity Regime. Primarily, an RSFP will now be required to certify that anyone in a controlled function is meeting the required standards.
In addition, the Central Bank may now investigate individuals that are a suspected danger to consumers or the financial system, whether or not they are currently in a controlled function role.
Who does the Fitness and Probity Regime now apply to?
The fitness and probity regime has been amended to include directors or staff within holding companies established in Ireland. The previous regulation did not include unregulated entities in this regime, but now organisations that fall under the following umbrellas, according to the relevant regulations, must adhere to this regime:
- A financial holding company
- A mixed financial holding company (as defined by the Capital Requirements Regulation)
- An insurance holding company
- A mixed financial holding company (as defined by Directive 2002/87/EC)
What constitutes a RFSP?
A Regulated Financial Service Provider can be defined as either:
(a) a financial service provider whose business is subject to regulation by the Bank under the Central Bank Acts or under a designated enactment or a designated statutory instrument,
(b) a financial service provider whose business is subject to regulation by an authority that performs functions in an EEA country that are comparable to the functions performed by the Bank under the Central Bank Acts or under a designated enactment or designated statutory instrument, or
(c) a financial service provider whose business is subject to supervision by the ECB under a designated enactment.
What are the next steps for implementing IAF?
Before taking any action, here are a few important questions you can ask to assess your organisation’s position:
- Do you have an effective steering committee set up?
- Do you have a widespread communications plan in place?
- To what extent does your organisation meet the F&P expectations?
- Are there any outstanding concerns or issues that need addressed?
- Do you have a defined governance structure? Or, is this in review?
- What is your third party risk management system? Is it robust?
- Does your current approach to compliance integrate with company culture?
- Do you have a shared definition for ‘reasonableness’?
If you would like guidance on implementing the IAF with transparency, our experts at Trailight can discuss how our platform supports human-centric regulatory compliance for financial organisations. Just get in touch.