What is the Individual Accountability Framework (IAF)?
On 9 March 2023, the Central Bank (Individual Accountability Framework) Act 2023 (the “Act”) was enacted. The Act provides for the introduction of the IAF which, the Central Bank of Ireland (the “CBI”) states, is designed to improve governance, performance and accountability in Firms.
The new Framework is intended to confer powers on the CBI to strengthen and enhance individual accountability in the management and operation of Regulated Financial Service Providers (each an “RFSP”).
The Guidance provides clarity regarding the CBI’s expectations for the implementation of three aspects of the framework: the Senior Executive Accountability Framework (“SEAR”), the Conduct Standards and certain aspects of the enhancements to the Fitness & Probity regime.
What is an RFSP?
This term broadly covers all financial services providers who are regulated by the CBI and in certain circumstances those that are regulated by European Regulators such as the European Central Bank.
What does this mean?
The new Framework will comprise four pillars:
SEAR will be implemented on a phased basis and will not initially apply to Credit Unions. However, there are some important points to note including:
- Every in-scope RFSP must clearly set out and document where the decision making responsibility sits within the organisation – these roles will be known as Senior Executive Functions (“SEF”)
- SEF’s will be individually accountable and therefore will be required to take reasonable steps to avoid their organisations from committing or continuing to commit a “prescribed contravention” in the business line for which they are individually responsible.
- There will be a duty on the SEF to inform the CBI of anything of which the CBI would reasonably expect notice of.
- The new conduct standards will apply to SEF’s along with an annual certification requirement.
New Individual and Business Conduct Rules:
These comprise of three parts:
- “Standards for Business” which will apply to the RFSP itself and sets out how the business in managed and the governance arrangements in place.
- “Additional Conduct Standards” apply to every Pre-approval Controlled Function in every RFSP irrespective of whether or not that RFSP is within the scope of SEAR or not.
The key themes under the obligations are to:
- Act with honesty and integrity in an ethical way.
- Act with due skill, care and diligence.
- Act in the best interests of the consumer.
- Avoid conflicts of interest.
- Maintain and follow controls and procedures.
- Engage with the regulator and in good faith.
- Disclose to the regulator any information of which the regulator would reasonably expect notice.
Enhancements to the Fitness & Probity Regime:
- RFSP’s will be required to periodically certify and confirm the fitness and probity of persons in CF and Pre-approval Controlled Function roles. All RFSPs must be satisfied that the proposed CF function holder is appropriately ‘Fit and Proper’ to undertake the function prior to being appointed to the role. See our article linked below for a summary of the Enhanced Fitness & Probity Regime:
How are Credit Unions Impacted?
There has been a lot of discussion around how the above changes will impact Credit Unions. The Fitness & Probity Regime and the IAF can be thought of as two aspects of one overall framework of sound governance – with the Fitness & Probity Regime being about suitability of individuals and the IAF about their ongoing conduct. Despite the fact that SEAR is currently not applicable to the sector there are a number of changes that are required and Credit Unions should begin the process of implementing these now:
- Governance arrangements – while Credit Unions do not have an obligation to identify and appoint SEF’s, there is an opportunity to review the governance arrangements in place which includes the functions of the Board, the operation of committees and delegated authority of executive functions to ensure that these are fit for purpose and serve the Credit Union well.
- Conduct standards – these are broader in scope than SEAR and will apply to individuals performing CFs in all firms, irrespective of which sector a firm is in. This is a time when Credit Unions should review their overall Fitness and Probity Framework and ensure that it is sufficiently robust in relation to the completion of due diligence for all new CF and Pre-approval Controlled Function holders. This review should include a mechanism for the regular and at least annual recertification process.
The following are the timelines for implementation:
|Timeframe: Next Steps
|The timeline below sets out details of the key next steps relating to the CBI's proposals for the IAF.
|Date from which the Conduct Standards (except the business standards (see Business Standards)) and changes to the F&P regime apply.
|Date from which SEAR applies.
|Date from which SEAR applies to (independent) non-executive directors (NEDs).
Next Steps for Credit Unions
Credit Unions should undertake a project to prepare for the implementation of IAF. This project should be based on the nature, scale and complexity of your own Credit Unions operations but broadly this should include the following steps:
- Develop an internal project implementation plan and communication strategy.
- Identify all employees and volunteers who will be impacted by the change.
- Conduct gap analysis and assess resources, timing, support and stakeholder requirements.
- Plan the provision of appropriate training to all CFs to ensure that they have an adequate understanding of the Conduct Standards and the applicable legal and regulatory framework in which the Credit Union operates.
- Consider any changes that may be required to the annual training plan and factor these in.
- Review existing policies and procedures related to Governance and Fitness and Probity to capture any updates or enhancements that may be required.
- Review the process for recertification of Fitness & Probity requirements and consider if these need augmentation.
- Review director and officer insurance policies.
For more advice and support on Individual Accountability Framework, or to discuss our Risk Management Services, please contact a member of the RBK Risk Management team on (090) 648 0600.