Individual Accountability Framework Update 2023

Azariah Nukajam (fscom) provides an outline of the IAF, highlighting its key components, the impact of similar governance and oversight regimes around the world, and what the introduction of the IAF regime means for Irish regulated financial services businesses.

The Central Bank (Individual Accountability Framework) Act 2023 (the “Act”), introduces, for the first time, a framework for individual accountability within the Irish regulated financial services industry. The purpose of the Individual Accountability Framework (“IAF”) is to promote sound governance throughout the industry, and its ethos is in keeping with the key themes of the Central Bank of Ireland’s strategy; namely, safeguarding, being future focused and transforming. The rules will drive a permanent uplift in governance standards.

Understanding the IAF

The IAF is designed to achieve better outcomes for consumers and the financial system's ongoing stability and integrity. It revolves around three pivotal components that impact regulated financial service providers:

1. Senior Executive Accountability Regime (SEAR): SEAR seeks to enhance individual accountability, particularly among senior executives. Its primary aim is to nurture a culture of ownership, responsibility, and transparency in decision-making. SEAR lays the foundation for a robust IAF framework, focusing on executive level ownership and accountability.

2. Conduct Standards: These standards are the bedrock of ethical behaviour. They encompass principles such as acting with honesty, integrity, skill, care, diligence, and in the best interests of customers. Conduct Standards apply to individuals across all regulated firms, setting a high bar for conduct and ethics.

3. Enhanced Fitness and Probity (F&P) Regime: This regime further clarifies firms' obligations to proactively assess fitness and propriety of the staff that they appoint. It requires firms to certify that individuals carrying out specified functions are fit and proper. It seeks to tackle some of the challenges found within the existing regime by streamlining the process of assessing fitness and probity, reducing ambiguity and ensuring compliance with the latest requirements.

The IAF also guides the way in improvements to the Administrative Sanctions Procedure (ASP), giving the regulator greater enforcement, scope and powers which will allow them to take action directly against individuals found to be in breach of their obligations under the IAF regime. This is a key tool for preserving market integrity and enhancing consumer protection.

What you can expect

SEAR: The regime will apply initially to approximately 150 firms operating within the following sectors:

• Credit Institutions (excluding Credit Unions)

• Insurance Undertakings (excluding reinsurance undertakings, captive (re)insurance undertakings and insurance SPVs)

• Investment firms which underwrite on a firm commitment basis and/or deal on own account and/or are permitted to hold client assets; and

• Incoming third country branches of the above (with a proportionate approach to apply to low PRISM impact rated in-scope investment firms and incoming third-party branches).

The Central Bank will have the power to extend SEAR to other regulated sectors in due course, following a phased approach, and taking lessons from the initial implementation to inform the Central Bank’s view as to the phasing and timing of that. The Central Bank has recommended that firms not falling within the initial scope of SEAR should be observing and adopting the spirit of the requirements as it aligns with good governance.

For firms in scope of SEAR, the Central Bank has indicated that there will be a necessary, but proportionate increase in the administrative burden during the initial implementation phase as firms will be expected to prepare their Statements of Responsibilities and Management Responsibilities Map. Individuals occupying the Pre-approval Controlled Function functions (‘PCF’) will owe a Duty of Responsibility to take reasonable steps to ensure that their area of responsibility conform to regulatory and legislative requirements.

As firms become more familiar with their obligations and the regulator’s expectations post-implementation, such burden is likely to decrease, and the benefits of the regime will become more apparent.

Conduct Standards and Enhanced Fitness and Probity: The Conduct Standards (including Common Conduct and Additional Conduct Standards), and the Enhanced Fitness and Probity Regime, together with the Administrative Sanctions Procedures will apply to all regulated firms. For all other firms, including those not subject to the SEAR regime, there will be a broader requirement to notify and train individuals in respect of the Conduct Standards. The Enhanced Fitness and Probity regime will focus on the suitability of an individual to perform their role. Firms will be required to assess individuals prior to their appointment and on an ongoing basis, and to provide an annual confirmation in respect of the certification of Controlled Function (‘CF’), ‘PCF’ holders. That notification will be to the Central Bank of Ireland.  

It should be noted that firms would not be required to create new roles. Therefore, the regime is expected to bring clarity, but not significantly alter the existing governance and internal organisational structures of firms.

Implementation timeline

The Act was signed into law on 9 March 2023, and was partially commenced on 19 April 2023. The remaining provisions will be rolled out as follows:

• Conduct Standards and Additional Conduct Standards – from 31 December 2023

• F&P regime enhancements including certification requirements – from 31 December 2023

• SEAR - from 1 July 2024.

The Implementation Journey: A High-Level Outline

The IAF applies proportionally to both in-scope firms and individuals, depending on the material risk their actions and operations pose to market integrity and consumer protection. The core components of the regime, along with the accompanying guidance from the Central Bank of Ireland, offer a strong foundation for firms embarking on the path to compliance.

The IAF compliance deadline of 31 December 2023 is rapidly approaching and it is important to consider the following preparation in advance of the deadline:

• Setting up an Implementation Team/Focus Group

• Undertaking a Data Gathering Exercise

• Preparing an Implementation Roadmap

• Developing a Project Plan

• Delivering the Implementation Plan and Contingency Plan

• Delivering training across the business

To get more information or for a detailed report on IAF implementation, contact Azariah Nukajam (Azariah.Nukajam@fscom.co).