With the Central Bank of Ireland’s consultation on the Individual Accountability Framework drawing to a close later this month, Níall Fitzgerald reviews the scope and effectiveness of similar regimes already in place in other parts of the world
Following the 2008 financial crisis, global governance and regulatory reforms in the financial services sector have had a significant impact on how financial institutions, such as banks, insurance companies and investment firms, are run.
The EU has been at the forefront of regulatory change in financial services in Ireland since the creation of the Banking Union, which includes the European Supervisory Mechanism, and significant regulatory developments from rule-setters such as the European Banking Authority.
The Central Bank of Ireland has also put in place governance requirements for all financial institutions and implemented fitness and probity standards.
These have included regulations requiring minimum competencies for individuals working in certain roles and, in some cases, regulatory pre-approval before individuals can be appointed to certain management positions, such as – to name just a few – board director, head of compliance, head of internal audit and chief risk officer.
The proposed Central Bank of Ireland Individual Accountability Framework (IAF) is an extension of the current suite of regulations and efforts to address cultural failings and ensure better governance, performance and accountability among financial services firms.
The IAF is not the first of its kind, however, and while it has some unique features, it also shares similarities with regimes of this nature operating in other parts of the world.
UK: Senior Managers and Certification Regime
The UK introduced the Senior Managers and Certification Regime (SM&CR) in 2016. Following a three-phase roll-out over three years, the SM&CR now applies to banks, insurance companies and a large portion of the remaining regulated financial services firms in the UK. This regime introduced:
- Prescribed responsibilities for certain roles;
- Requirements for firms to follow when allocating those roles to individuals, including:
- applying a certification process (up to obtaining pre-approval from the Regulator for an appointment to a role); and
- the introduction of individual conduct rules.
Hong Kong: Manager-in-Charge Regime
In Hong Kong, The Securities and Futures Commission introduced the Manager-in-Charge (MIC) Regime for licensed corporations in 2017.
The regime did not bring in any new sanctions and was implemented by way of circular, rather than legislation, but it provided the regulator with additional powers of enforcement and the ability to hold individuals to account.
A key objective of the MIC regime is to enable Hong Kong’s Securities and Futures Commission to assess culture within the licensed organisation.
The regulator attributes non-compliance with elements of the regime – e.g. failure to assess whether individuals have discharged their responsibilities appropriately, as evidence of cultural failings.
Australia: Banking Executive Accountability Regime
Australia’s Banking Executive Accountability Regime (BEAR) came into effect in 2018, applying to the directors of, and the most senior and influential executives within, banks and authorised deposit-taking institutions (ADIs).
The regime introduced prescribed responsibilities for certain roles, an accountability framework, and a list of accountability obligations, which look a lot like conduct rules.
The regime also introduced a requirement for relevant firms to defer a portion of the variable remuneration of any person found to be non-compliant with the regime until an investigation concludes, whether or not any or all of the remuneration is subject to clawback.
Singapore: Individual Accountability and Conduct Guidelines
The Individual Accountability and Conduct (IAC) Guidelines were introduced in Singapore in 2021. Like the MIC regime in Hong Kong, Singapore’s IAC Guidelines are not supported by underlying legislation and are described as “best practice standards”.
The level of adherence to IAC Guidelines among the financial institutions will impact the Monetary Authority of Singapore’s overall risk assessment of the relevant organisation or individual.
These guidelines focus on embedding a strong culture of responsibility and ethical behaviour by ensuring individual accountability and a supportive governance framework within regulated organisations.
Prevention is better than cure
While there are similarities between the accountability regimes outlined above, none is the same.
The instances of enforcement action taken under these regimes are very low and, if prevention is better than cure, this may be a good measure of success.
Just one enforcement action was taken against an individual for non-compliance during the first four years of the UK’s SM&CR, for example.
Following a review of Australia’s Banking Executive Accountability Regime, and amid public criticism citing the lack of enforcement action, the Australian government is currently proposing the wider reaching Financial Accountability Regime (FAR).
The FAR contains additional requirements and extends the regime beyond banks to other financial service providers regulated by the Australian Prudential Regulation Authority.
Elsewhere, the United Arab Emirates does not have a specific accountability regime. However, its laws and regulations, which pre-date 2016, give financial services regulators enforcement powers to hold individuals to account and apply sanctions.
Looking at just one member of the United Arab Emirates, Dubai, the Dubai Financial Services Authority has taken enforcement action against 32 individuals since 2016. The majority of these cases have related to individuals providing investment services.
Perhaps it is still too early to reliably judge the effectiveness of these various models of individual accountability regimes.
Sometimes, there is a benefit in not being first past the post in introducing a regime of this nature and being able to stand back and learn from global experiences.
With our Individual Accountability Framework, Ireland is building on a solid foundation of banking regulations and governance requirements.
The IAF is only one of many regulatory changes impacting financial services providers. Other requirements on the way include the EU’s Digital Operational Resilience Act (DORA) and the inevitable evolution of governance codes, and other regulations, addressing sustainability and other emerging risks.
World-class standards are laudable, but their true outcome is only evident when we have a high level of public trust and a financial services sector that is efficient and competitive, driving a better future for society and a prosperous economy.
Níall Fitzgerald, FCA, is Head of Ethics and Governance at Chartered Accountants Ireland
Impact of individual accountability on organisational culture
Chartered Accountants Ireland welcomes the timely publication by the Central Bank of Ireland (CBI) of the Individual Accountability Framework (IAF) draft regulations and guidance, and the certainty of action required for Irish financial services firms, writes Níall Fitzgerald.
The framework contains measures, including conduct standards and prescribed responsibilities, designed to enhance customer-focused cultures and embed responsibility and ethical behaviour across financial services in Ireland.
While it promotes the necessity for cultural change, the CBI agrees that more is required to achieve this. Insights from the introduction of similar measures in other jurisdictions show that an individual accountability regime better impacts on organisational culture when supported by:
Promoting individual accountability but emphasising collective decision-making
Being accountable as individuals for actions and behaviour is not new. Professionals are accountable to codes of ethics. There are also many laws and regulations that hold individuals accountable for their roles in an organisation, such as fiduciary duties of directors. However, many organisations thrive on collaboration, teamwork and diversity, which improve collective decision-making. Individual accountability is not designed to override this, and emphasising other positive behaviours, such as these, supports the objectives of the IAF.
Promoting a ‘just culture’ and avoiding a ‘blame culture’
A blame culture focuses on identifying culprit/s, penalising them, and moving forward on the assumption that the same issue/s won’t happen again, because an example has been set.
A just culture acknowledges that mistakes and underperformance can occur, but that both are better addressed by reflecting on what went wrong and focusing on what can be learned to improve future outcomes.
Individual accountability exists in both scenarios, but the latter will have a more positive impact amongst the workforce, helping to achieve the objectives of the IAF.
Promoting trust and integrity
Certain informal reactions to a regime such as the Individual Accountability Framework can undermine its objectives.
In some jurisdictions individuals with prescribed responsibilities prepare personal compliance files, for example, privately maintained outside of the firm’s documentation system.
A ‘cover your actions’ (CYA) approach has developed in these jurisdictions, whereby there is a tendency to give advice formally (e.g. in writing), which would differ if given informally (e.g. verbally).
Notwithstanding the risk of breaching privacy and confidentiality rules, these informal practices are indicative of low levels of trust and integrity within a firm.
Embedding a culture of psychological safety can deter this risk and foster greater trust within the organisation.