New regulation is coming to the financial services sector in Ireland.
The proposed Central Bank (Individual Accountability Framework (IAF)) Bill, introduces the Senior Executive Management Regime (SEAR) into Irish law, and should be welcomed by internal auditors.
First announced in 2018, the long-awaited framework is based on the Senior Managers and Certification Regime (SM&CR) in the UK which has been in place since 2016. It was introduced to reduce consumer harm and strengthen market integrity by making individuals accountable for their conduct and competence.
SEAR and SM&CR provide financial institutions the opportunity to establish healthy cultures and effective governance by encouraging individual accountability and setting standards for personal conduct.
SEAR builds on and enhances the existing Fitness and Probity regime which has suffered from awareness and compliance issues causing the Central Bank of Ireland to write open letters in 2019 and 2020 demanding action of CEOs.
Much of the focus of the Bill has been on the induction of SEAR, however, for some financial services firms there may also be challenges in implementing new and revised the Conduct and Business Conduct Standards. For example, at an individual level there will a requirement to assess how staff are trained and supported, principles are embedded within the organisation and also to navigate the interaction between these regulatory standards for individuals, the Fitness and Probity regime, employment obligations and HR processes.
In August 2021, the Irish Government presented the Bill and the Minister for Finance said he hoped to have the new regime fully implemented within 12 to 18 months.
Once the Bill has been enacted the Central Bank intends to publicly consult on the implementation of the IAF and SEAR.
As anticipated, the Bill contains four elements: The Senior Executive Accountability Regime (SEAR); Conduct Standards; Fitness and Probity Regime; and Enforcement, Investigations and Sanctions.
Internal auditors should welcome SEAR. Firms will be required to review and overhaul their senior management arrangements, governance and HR processes. The reform provides firms with an opportunity to assess these frameworks and improve the clarity, understanding and operation of individuals, committees and teams roles and responsibilities within the organisation.
It will bring clarity and heighten the relevance of risk management. It will establish expectations in relation to accountabilities, conduct, integrity and competence together with sanctions for those who breach the rules. Personal liability is key to drive positive behaviours and build trust. SEAR will make it possible to disqualify and fine senior persons convicted of carrying out their professional responsibilities in a reckless manner. While CAEs do not hold a decision-making role, as a senior person they have professional responsibilities and influence.
As with any new regime there will be activity to ensure the appropriate design of policies and processes and ongoing assurance to ensure compliance.
The comparable SM&CR has 19 senior management functions which include the chief risk function, the head of internal audit function and the chair of risk committee function and the chair of audit committee function. It is commonplace in the UK for CAEs to have SMF5 designation.
Familiarise yourself with the SM&CR and network with peers in the UK who are SMF5 designated (check out LinkedIn profiles). Fundamentally, the requirements are not onerous for CAEs operating in accordance with the Institute’s Code of Ethics, Core Principles, Standards and the FS Code of Practice. Consideration should be given to the formality of reporting in relation to Standard 2600 when management is perceived to be operating outside of risk appetite.
In the unlikely event that this is new news to your firm, get the conversation started!
Be clear on the assurance requirements and maintain regular dialogue with the chair of the audit committee.
Ahead of the CBIs implementation guidance, firms can take practical steps to identify key roles, map out responsibilities and decision-making, and where necessary amend job profiles.
Going forward, as with any new legislation, internal audit should look to provide implementation assurance, monitoring and effectiveness testing.
Also, don’t forget to look at learnings from the various similar regimes around the world such as SM&CR in the UK.