1. Central Bank (Individual Accountability Framework) Act 2023 - Updates
Commencement of the Central Bank (Individual Accountability Framework) Act 2023
On 7 July 2023, the Central Bank (Individual Accountability Framework) Act 2023 (Commencement of Certain Provisions) (No.2) Order 2023 (the "Commencement Order") commencing the remaining sections of Central Bank (Individual Accountability Framework) Act 2023 (the "IAF Act") was published in Iris Oifigiúil .
The Commencement Order notes that sections 3 – 6 and 10 of the IAF Act, which deal with the Senior Executive Accountability Regime ("SEAR"), the conduct standards and the certification process will be commenced from 29 December 2023.
As outlined in the FIG Top 5 at 5 update from 16 March 2023 these sections were to be commenced following completion of the Central Bank of Ireland's public consultation on the draft regulations and supporting draft guidance on the operation of the Individual Accountability Framework ("IAF") as contained in the IAF Act. The consultation closed for feedback on 13 June 2023.
Following the receipt and review of feedback to CP153, the Central Bank will publish the final regulations and guidance together with a feedback statement on the responses received to the consultation. No date has been set yet by the Central Bank for this, however, we expect it to be after the summer
As noted in the FIG Top 5 at 5 of 20 April 2023, the Central Bank intends to allow for a transitional period for firms and holding companies to implement the changes introduced by the IAF, as follows:
- Conduct Standards to apply from 31 December 2023;
- Fitness & Probity Regime – Certification and inclusion of Holding Companies to apply from 31 December 2023; and
- Regulations prescribing responsibilities of different roles and requirements on firms to clearly set out allocation of those responsibilities and decision making to apply to in-scope firms from 1 July 2024.
Central Bank of Ireland Speech on Enhancements to the Administrative Sanctions Procedure
On 5 July 2023, Seána Cunningham, Director of Enforcement & Anti-Money Laundering ("AML") at the Central Bank of Ireland ("Central Bank") gave a speech at a Law Society event on the enhancements to the Central Bank's Administrative Sanctions Procedure ("ASP") as a result of the enactment of the Central Bank (Individual Accountability Framework) Act, 2023 ("IAF Act").
At the outset, Ms Cunningham noted that the Central Bank takes a "targeted and proportionate approach" to enforcement and only takes enforcement action "where such significant action is merited, following a consideration of all of the facts of the case".
Enhancements to the ASP
Ms Cunningham advised that the aim of the Central Bank's recently published consultation on the implementation of the enhancements to the ASP ("CP154") (see FIG Top 5 at 5 of 29 June 2023 for detail) is to ensure that the proposed guidelines ("ASP Guidelines") are "practical and clear and that they will support a smooth transition to the operation of the enhanced ASP procedures and processes".
She noted that while there are a number of enhancements to the ASP process, "much will remain the same". Part of the changes in the draft ASP Guidelines include a consolidation of the Central Bank's existing published guidance documents on the ASP in an effort to ease understanding of the ASP process and its practical operation.
Ms Cunningham noted that the Central Bank's aim in drafting the guidance on ASP investigations was to "provide sufficient clarity to investigation subjects and practitioners" on the investigative procedures and to set out its expectations on their engagement with an investigation. She advised that:
- The IAF Act places the investigation phase of the ASP on an express statutory footing for the first time. However, as the legislation was modelled on the Central Bank's existing investigative procedures, much of the process will look familiar, with some changes in terminology;
- Notices of Investigation (formerly Investigation Letters) will set out the breaches of financial services legislation under investigation;
- Investigations will be run by Responsible Authorised Officers ("RAOs") who will gather and analyse relevant information and documents for the purposes of the preparation of an investigation report;
- RAOs will share investigation reports with investigation subjects at the completion of an investigation and prior to any decision on whether or not to hold an inquiry; and
- Investigation subjects will be able to make submissions in response to the report and there will be engagement on disclosure.
There have been a number of procedural changes to the inquiry process including:
- Designating the Regulatory Decisions Panel as a panel established by the Minister for Finance to enhance independence.
- Procedural enhancements and greater detail and clarity on the inquiry process (based on the Central Bank's experience of the operation of Inquiries). This includes setting out the roles of participants at an inquiry hearing and providing that the Central Bank's Enforcement Division (or its legal representatives) will now present the case at inquiry.
In addition, addressing the new statutory sanctioning factors for individuals introduced by the IAF Act, Ms Cunningham advised that the ASP Guidance provides further guidance in relation to the Central Bank's general approach to the determination of sanctions and, for the first time, the determination of monetary penalties to "assist investigation and inquiry subjects, legal practitioners and decision makers in their understanding of the ASP sanctioning process".
The IAF Act provides for three distinct settlement processes, an Undisputed Facts Settlement, an Investigation Report Settlement and a No Admissions Settlement. Ms Cunningham advised that there will be different statutory procedures for settlement which will be dependent on the stage of the process and whether there has been an admission.
The Central Bank will continue to operate a settlement scheme for admissions settlements, where the settlement occurs prior to an inquiry:
- Discounts of up to 30% may be available for an Undisputed Facts Settlement that occurs prior to completing an investigation; and
- Discounts of up to 10% may be available for an Investigation Report Settlement that occurs prior to an inquiry.
Ms Cunningham highlighted that discounts apply to "monetary penalties only and not to any other sanction".
The Central Bank will continue to require admissions from firms and individuals for settlement in almost all cases and, while no admissions settlements may be considered, this is "only on an exceptional basis and by reference to the non-exhaustive suitability factors set out in the ASP Guidelines".
Ms Cunningham advised that, for the first time, all sanctions in Undisputed Facts Settlements and Investigation Report settlements will be subject to High Court confirmation. The Central Bank will continue to publish public statements immediately following the conclusion of a settlement, however, it will be noted that the sanction is subject to confirmation by the High Court.
Ms Cunningham concluded by reiterating her comments at the beginning on the Central Bank's approach to enforcement and highlighting that the Central Bank is keen to receive feedback to CP154 from all stakeholders. She advised that the Central Bank intends to publish the final ASP Guidelines and related feedback statement following receipt and review of the feedback received to CP154.
2. Central Bank Act 1942 (Section 32D) (National Claims Information Database Levy) Regulations 2023
On 7 July 2023, Central Bank Act 1942 (Section 32D) (National Claims Information Database Levy) Regulations 2023 (S.I. No. 348 of 2023) (the "NCID Regulations") were published in Iris Oifigiúil.
Section 11 of the Central Bank (National Claims Information Database) Act 2018 (the "Act") requires the Central Bank of Ireland (the "Central Bank") to make regulations to recoup the cost of the National Claims Information Database ("NCID") by prescribing levies to be paid by insurance undertakings. In essence, Section 11 responds to the European Central Bank ("ECB") opinion issued in 2018 which noted that the NCID is not deemed as a “central bank task” under European law. As such, the Central Bank is not permitted to pay for the cost of establishing and running the NCID from its own resources.
Basis of calculation for dedicated levy contribution
The amount of the levy for each relevant insurance undertaking for a specified category of relevant non-life insurance business comprises of a minimum amount of €500 and a variable amount.
The variable amount is calculated as follows: (A / B) * (C – D)
A = Gross earned premium of that insurance undertaking in the data reference period in respect of the specified category of relevant non-life insurance business, as confirmed to the Bank by the insurance undertaking as part of the data collection process.
B = Total gross earned premium for all relevant insurance undertakings in the data reference period in respect of the specified category of relevant nonlife insurance business, as confirmed to the Bank by relevant insurance undertakings as part of the data collection process.
C = Total levy expenses accrued by the Bank and attributed to the relevant levy period and specified category of relevant non-life insurance business.
D = Aggregated minimum amount for all relevant insurance undertakings for the relevant levy period in respect of the specified category of relevant non-life insurance business.
The NCID Regulations came into operation on 10 July 2023.
3. ESMA Statement on its CSA and mystery shopping exercise on costs and charges under MIFID II
On 6 July 2023, the European Securities and Markets Authority ("ESMA"), published a statement on its February 2022 Common Supervisory Action ("CSA") and mystery shopping exercise regarding compliance with disclosure requirements for costs and charges under MIFID II.
27 National Competent Authorities ("NCAs") participated in the CSA which assessed credit institutions and investment firms compliance with requirements on ex-post costs and charges information provided to retail clients.
ESMA's statement notes that the CSA shows:
- an adequate level of compliance with most elements of the ex-post costs and charges requirements under MiFID II (although this varied across Member States);
- in general, firms provide the ex-post costs and charges information to clients and have relevant controls in place; and
- in most instances, firms also provide itemised breakdowns of the costs and charges to clients if requested.
The CSA also identified the following shortcomings/areas where there is a lack of convergence:
- Costs not always shown as a percentage: Some firms only provide disclosure documents showing the nominal amounts and not the corresponding percentages. Where the percentage information was provided, firms did not always explain to clients how this percentage was calculated. Methodologies to calculate percentages also differed among firms.
- Cost allocation between service and product costs varies: On occasion, the allocation by firms of certain costs and charges items to one or the other category varied, leading to differences in the disclosures provided to clients and hampering their comparability.
- Inducements: differing practices and sometimes lack of disclosure: Inducements are not always shown in a consistent manner by firms (e.g. aggregated figures, itemised lists) and some firms did not disclose inducements at all to clients.
- Implicit costs not always shown: Implicit costs are sometimes not disclosed to clients. Firms that do disclose such costs often apply different methodologies to calculate them. Firms tend to rely heavily on third-party data without being able to check the validity of such data.
- Illustration showing cumulative effect of costs on return: differing and not always compliant practices: Firms that make use of narratives only (as opposed to additional graphs, tables etc.) for the purpose of providing clients with an illustration of the cumulative impact of the costs and charges on the return of the investment, sometimes just included a generic statement that the costs had a negative effect on the client’s return, without specifying the actual cumulative effect on the client’s return.
- Format and content of ex-post disclosures differ widely: The disclosure of ex-post costs and charges (both in terms of the aggregated information and the itemised breakdown) differs widely between Member States and sometimes even from firm to firm within the same Member State. In this context, NCAs stressed the need for having a standardised format for the disclosure of costs and charges information.
Mystery shopping exercise
The mystery shopping exercise, focused on the ex-ante costs and charges information given to retail clients with the goal of getting a better picture of how the ex-ante MiFID II requirements are perceived by the investor and to a lesser extent to assess whether firms comply with the applicable requirements.
Ten NCAs participated the mystery shopping exercise which involved both onsite visits to physical branches where a retail investor was looking for investment advice and remote visits where a retail investor was looking to trade on investment products without advice and on his/her own initiative.
The exercise found that in most cases, mystery shoppers were provided with some information about costs and charges prior the provision of the investment service, however, the following was also noted:
- only in approximately half of the cases, proper MiFID II ex-ante information about costs and charges was provided, in a durable medium;
- ex-ante costs and charges were at times only disclosed late in the client’s decision process;.
- when providing investment advice, firms did not always disclose in an adequate manner whether their investment advice was independent or not; and
- Firms were not always forthcoming with respect to the disclosure of inducements.
ESMA noted as a caveat on the findings that that there are some reservations on the results obtained, given some factors that may have conditioned the interpretation of responses submitted by mystery shoppers (e.g. limited use of real accounts/transactions, technicality of some aspects related to costs and charges disclosure, difficulty to compare results from different outsourced providers).
Based on the above findings, ESMA will focus its convergence efforts on:
- Developing a limited number of new Q&As, or reviewing existing ones, to address some issues identified;
- Preparatory work on a possible standardised EU format for the provision of information about costs and charges to clients.
NCAs will undertake follow-up actions on individual cases where necessary.
ESMA reminds market participants that they should ensure compliance with all relevant MiFID II regulatory requirements at all times.
4. EBA speech FinTech and the future of financial intermediation
On 4 July 2023, the European Banking Authority ("EBA") published a speech by Jose Manuel Campa, Chair of the EBA, at the Central Bank of Cyprus on FinTech and the future of financial intermediation.
At the outset, Mr Campa noted that there are three different dimensions of technology-enabled transformation, the emergence of new products and services, new ways of performing front and back-office processes and new distribution models.
He advised that to-date, the emergence of novel types of products and services has been limited (although an uptick in crypto-assets is expected as a result of the Markets in Crypto-assets Regulation ("MICA")). However, new front and back-office processes and distribution channels are having a "rapid and significant transformative impact" which has increased as a result of the pandemic for example contactless payments, remote customer-onboarding, credit scoring and the use of cloud technology.
Regarding opportunities, Mr Campa noted that Fintech:
- has a competitive impact, as many incumbent financial institutions view technology investments as necessary to maintain market share;
- can play a positive role in shaping financial intermediation e.g. facilitating access to financial services ‘anytime anywhere’;
- can facilitate access to more tailored products and services, and speed up the processing of account opening and credit provision;
- can improve efficiencies in internal processes for financial institutions, including for the purposes of compliance and regulatory reporting ("RegTech"); and
- can be of benefit to supervisors through supervisory technologies ("SupTech") as a complement to RegTech.
However, stressed that for these "opportunities to be leveraged responsibly industry, supervisors and regulators need to be proactive in identifying, monitoring and mitigating risks".
He highlighted the following risks to consumers:
- ineffective disclosures of product features when using digital channels to market and provide access to financial products and services;
- unclear or opaque channels of communication between service providers and users which may be exploited by criminals masquerading as the service provider;
- the sale of unsuitable or unduly costly products and services to consumers when product or service bundling;
- financial exclusion or bias when utilising digital channels over more traditional distribution channels;
- exploitation of consumer data in the event of poor standards of digital data security, cyber-attacks or lack of opportunities for informed consumer consent;
- unintended discrimination and opacity in the decision-making driven by the use of ‘black boxes’ of models;
Regarding financial institutions, Mr Campa noted that the use of FinTech may give rise to governance and risk management challenges, including:
- Operational risk: through increased dependencies on technologies, including those provided by third parties.
- Reputational risk: some examples include ineffective disclosure of product features a partner comparison website or data breaches of a third party data storage provider.
- Prudential risks: crypto-assets are example of prudential risk, Mr Campa notes that while EU banks’ exposures to crypto-assets are de minimis to-date, crypto-assets should be subject to conservative prudential treatment pending the implementation of the December 2022 Basel Committee on Banking Supervision standard on banks’ exposures on crypto-assets.
The EBA notes its expectation that financial institutions who are increasing their reliance on innovative technologies, "implement a commensurate ‘skilling up’ on technology, risks, and risk mitigation techniques at the level of the management body and throughout institutions" and have "updated and robust" risk management frameworks.
With regard to system-wide risks, Mr Campa highlighted concentration risk and money laundering and terrorist financing risks as areas of concerned. He noted the importance of the new Digital Operational Resilience Act ("DORA") framework and collective dialogue and information sharing in tackling these risks and as "we grapple with the impact of new frontiers of innovation".
EBA’s work in 2023/2024
Mr Campa outlined the EBA's work for the remainder of 2023 and into 2024 including:
- DORA: Together with the other European Supervisory Authorities ("ESAs") work has commenced on the policy mandates and on the broad parameters of the oversight framework for critical ICT third party service providers.
- MiCA: The consultation phase on the vast majority of the MiCA technical standards and guidelines is anticipated to begin in October 2023, however, several consultations papers in the areas of authorisations and governance can also be expected between now and the end of September. The EBA is also expanding its market monitoring and supervisory capacities to prepare for its supervision tasks in relation to significant issuers and a publication is expected shortly on the EBA's work to promote convergence in supervisory expectations toward asset-referenced token and e-money token issuance activities in the transition phase to the application of MiCA.
- Anti-Money Laundering and Countering the Financing of Terrorism ("AML/CFT"): The EBA will revise the existing AML/CFT guidelines to set common regulatory expectations on the management of financial crime risk in the context of crypto-asset services.
- Prudential standard on banks’ exposures on crypto-assets: The EBA is continuing to engage in the work of the Basel Committee on Banking Supervision to ensure a prompt and consistent implementation of the prudential standard on banks’ exposures on crypto-assets.
- Map innovation trends: The EBA's focusing this year will be on mapping artificial intelligence ("AI") use cases in the financial sector, tokenisation in relation to new financial products and services, digital identity management, decentralised finance and crypto-asset staking and lending as these activities fall outside the scope of MiCA.
- The use of AI for creditworthiness assessments: The EBA is focusing enhance its understanding on the opportunities, risks and challenges brought by AI in the context of creditworthiness assessments as this is expected to be classified as a ‘high-risk’ AI system in the upcoming AI Act.
- Upcoming legislation: including in the legislative proposals for a digital euro, the third Payment Services Directive, the Payment Services Regulation and the framework for Open Financial Data.
5. European Insurance Updates
EIOPA consultation on measures to address demand for NatCat insurance
On 5 July 2023, EIOPA published a Staff Paper on measures to address demand side aspects of the natural catastrophe ("NatCat") insurance protection gap. The Paper explores the ‘demand-side’ barriers that can prevent consumers from buying NatCat insurance and proposes possible solutions.
The paper draws on EIOPA's consumer research and behavioural studies and identifies the following demand-side barriers:
- income levels and the perceived unaffordability of coverage;
- a lack of clarity in terms and conditions;
- previous negative experiences with insurance claims;
- the misperception of the risks of a NatCat event;
- high expectations about state intervention in case of a catastrophe; and
- the perception that the process of buying insurance is demanding.
Potential solutions identified:
- increasing risk awareness;
- better comparison and greater standardisation of products regarding coverage, exclusions and pricing structures,
- simpler and more consumer-friendly purchasing processes; and
- premium reductions for implementing risk mitigation measures.
The consultation is open for feedback until 5 October 2023. EIOPA notes that based on the feedback received, it may issue feedback and will consider which of the measures could be most effective in improving consumer resilience to NatCat events.
EIOPA consults on supervisory expectations regarding the supervision of reinsurance concluded with third-country reinsurers
On 10 July 2023, EIOPA launched a public consultation on its draft supervisory statement on the supervision of reinsurance concluded with third-country reinsurers.
The draft statement outlines the supervisory expectations for national competent authorities ("NCAs") and insurance undertakings in the event of using reinsurance from third countries including:
Assessment of the business rationale for using third-country reinsurance and early supervisory dialogue:
- Undertakings are expected to properly consider and NCAs to assess the trade-off between reinsurance premiums, additional risks and impact on Solvency Capital Requirement ("SCR") and other regulatory considerations from third-country reinsurance.
- NCAs are encouraged to engage in on-going supervisory dialogue with the undertaking starting sufficiently before the conclusion of the reinsurance agreement and maintained over time to account for changes. Particularly where a significant level of risk is being transferred.
Assessment of the insurance undertakings risk management system regarding the use of third-country reinsurers:
- Insurance undertakings are expected to demonstrate in the Own Risk and Solvency Assessment ("ORSA") that risks associated with third-country reinsurance arrangements are appropriately captured by the risk management framework and quantified while also including a list of the most material arrangements.
- NCAs following a risk-based supervision must perform an assessment of the risk management and internal control systems of the insurance undertakings using material reinsurance arrangements with third-country reinsurers. The statement outlines the factors to be taken into consideration for the assessment.
Assessment of the reinsurance agreement: Undertakings must assess the reinsurance agreement's compliance with Articles 209-211 of the Solvency II Delegated Regulation. The assessment should be documented and take into consideration whether the agreement is intragroup, short or long-term reinsurance, reinsurance of primary insurance or retrocession and consider at least, further retrocessions, side letter agreements, termination, claims’ hierarchy and collateral arrangements. If any of these are assessed as jeopardising the effective transfer of the risk and/or legality of contractual clauses, the insurance undertaking will need to provide evidence to the NCA justifying the recognition of the contract as a risk-mitigation techniques in the calculation of the SCR.
Tools to mitigate any additional risks: If, following assessment, the insurance undertaking has concerns or has identified increased material risks, different tools could be considered (or be requested by the NCA) including:
- Pre-emptively limiting exposures on certain third-country reinsurers;
- Mitigating counterparty default risk of the third country reinsurer with collateral agreements/pledge assets/premium and reserve deposits in cash or securities;
- Ensuring that undertakings have set out in the reinsurance agreement, a direct claim on that counterparty in the event of a default, insolvency or bankruptcy of a counterparty or other credit event; and
- Including in the agreements with third-country reinsurers clauses for regular commutations or exposure threshold-initiated execution of a commutation agreement.