| Burden of increased regulation puts onus on risk management |
Back |
| The volume of recent and pending developments in domestic regulation and the apparent trend in these developments towards strict compliance will have a significant practical impact on those responsible for risk management in Irish financial institutions says Orla Brennan. |
The level of regulation in the Irish financial services industry has been increasing in recent times. The new regulations which have been introduced primarily affect banks and insurance companies. There are also a number of new regulatory developments in the pipeline. Moreover, there is an increased focus on corporate governance for all Irish companies irrespective of the industry sector in which they operate. As a result of this, financial institutions, whether they be banks, insurance companies or fund administrators, are having to devote more resources to managing their exposure to operational risk.
Operational risk includes the risks associated with a failure to comply with applicable regulation. This type of failure can expose an institution to fines and penalties but, perhaps more critically, to a loss of reputation in the eyes of the public, its counterparties and the regulatory authorities. The nature of the business of financial institutions requires that they maintain the confidence of depositors, counterparties and/or policy holders. Furthermore, the confidence of the regulator is also crucial to ensure that the business is permitted to operate under the terms of its original authorisation.
Banking
In October 2001, the Basel Committee on Banking Supervision published its approach to Know Your Client (‘KYC’) policies for banks. Whilst the principles underlying KYC are generally associated with the fight against money laundering, the Basel Committee’s interest is from a wider prudential/risk management, not just a money laundering, perspective.
The KYC safeguards recommended by the Basel Committee go beyond simple account opening and record-keeping. They require banks to formulate a customer acceptance policy and a tiered customer identification programme which involves more extensive diligence for higher risk accounts. It also includes proactive account monitoring for suspicious activities.
Irish bankers will also be aware of a number of codes of practice introduced in 2001 by the Irish Bankers’ Federation (the ‘IBF’), the Irish Mortgage and Savings Association (the ‘IMSA’) and the Central Bank.
In January 2001, the IBF and the IMSA issued a joint code of ethics and practice which contains a set of principles in respect of the standard of personal and professional conduct expected from its members and their employees. Whilst this is a voluntary code of ethics, it is interesting to note the industry’s initiative to codify personal and professional standards.
In June 2001, the Central Bank issued:
- the Code of Conduct for the Investment Business Services of Credit Institutions
- the Code of Practice for Credit Institutions
- Advertising Requirements Applicable to Credit Institutions
In contrast to the IBF and IMSA’s code of ethics and practice, these requirements are issued in accordance with the Central Bank Act, 1989 and, as such, credit institutions are required to comply with them.
In November 2001, the Money Laundering Steering Committee issued its amended guidance notes on anti-money laundering for credit institutions. These guidance notes are used by the Central Bank as criteria against which it assesses the adequacy of internal controls, policies and procedures to combat money laundering and as a consequence, credit institutions will need to review their anti-money laundering procedures to ensure that they meet the new requirements.
Another significant development last year was the establishment, in August, by the Central Bank of its Regulatory Enforcement and Development Department. This department provides the Central Bank with resources dedicated to the enforcement of compliance with regulations over which the Central Bank has a supervisory role, where breaches of those regulations have been identified.
Insurance Industry
In July 2000 the Monetary and Exchange Affairs Department of the International Monetary Fund (the ‘IMF’), in conjunction with the World Bank, completed an assessment of the regulation of the financial services market in Ireland. The IMF team highlighted a number of areas in the regulation of insurance companies in Ireland which could be strengthened.
As a result of their findings the Department of Enterprise, Trade and Employment (the ‘DETE’) introduced seven new guidelines on a range of areas for insurance companies in July 2001. The requirements imposed by the guidelines include a requirement to appoint a compliance officer with responsibility for monitoring the company’s compliance policy statement and the introduction of a requirement for a directors’ compliance certificate.
In practical terms, legal compliance is going to become more of an issue for the board of directors of insurance companies because the guidelines expand the directors’ compliance certificate currently required for life companies and introduce a requirement for a similar certificate to be provided by non-life companies. The compliance certificate must be signed by all of the directors of the company.
For the 2002 annual returns, the directors will be required to certify that the company’s business has been carried out in compliance with applicable legislation and with the written guidelines issued by the insurance supervisory authority.
As a transitional measure the directors will have to certify in the 2001 annual returns that:-
• the company’s business has been carried out in compliance with applicable regulation; and
• in relation to the written guidelines issued in July 2001, the company is taking steps to comply with the relevant guidelines.
The guidelines do not define the expression ‘applicable legislation’. However, the DETE has indicated that it refers to any legislation with which an insurance company must comply in order to represent a true and fair reflection of its financial performance for that year. It is likely that this introduces a financial materiality concept to the evaluation of what the ‘applicable legislation’ is to be in each case.
Company Law Enforcement Act, 2001
The Director of Corporate Enforcement was appointed with effect from 28 November 2001 to improve the compliance environment for corporate activity in Ireland by encouraging adherence to the requirements of the companies acts and prosecuting those who breach the acts.
The team working with the Director of Corporate Enforcement includes accountants, administrators, lawyers and a number of Garda S?och?na.
In the Pipeline
• Money Laundering: In November 2001, the Council of Ministers approved a proposal to update and expand the money laundering directive. The amended directive will oblige Member States to combat the laundering of the proceeds of all serious crime. The directive currently in force only applies to the proceeds of drug offences. The amended directive will also extend the ambit of the current directive (limited to the financial sector) to a series of non-financial activities and professions which are vulnerable to money launderers. The deadline for implementation is 15 June 2003.
The Money Laundering Steering Committee in Ireland is also due to issue its amended guidance notes for financial institutions (excluding credit institutions) shortly.
• Draft Audit and Accounting Bill: On 25 February 2002, the Government published the text of the draft scheme of the Companies (Audit and Accountancy) (Amendment) Bill. At the time of writing this article, the final text of the Bill is being drafted by the Attorney General’s Office.
If enacted in the terms outlined in the current draft scheme, the directors of all Irish companies (other than private companies which qualify for an exemption from having their accounts audited) will be required to make a statement in the company’s annual accounts as to the company’s compliance with company law, tax law and other relevant statutory requirements. The draft scheme does not list the ‘other relevant statutory requirements’ but describes these as ‘other enactments or instruments which provide a legal framework within which the company operates and are central to the company and which may materially affect the company’s financial statements’. Therefore, what will be relevant for each company will depend on its particular business.
The company’s auditor will be required to review the directors’ compliance statement and the annual evaluation by the directors. If, in the auditor’s opinion, either of these is not reasonable based on any information which has come to the auditor’s attention during the course of the audit or any other work that the audit firm has undertaken for the company, there will be an obligation on the auditor to report this to the directors and to make a report to this effect in its audit report in the annual accounts.
The draft scheme of the bill is indicative of a strict compliance trend which is developing in the regulatory environment but it remains to be seen whether the ultimate legislation will contain these provisions as currently proposed.
Conclusion
The regulatory environment is still evolving. Indeed, the financial services industry awaits publication of the first draft of the bill providing for the establishment of the Central Bank of Ireland and Financial Services Authority. What effect the creation of this authority will have on the implementation of regulation remains to be seen. In the meantime, the volume of recent and pending developments and the apparent trend in these developments towards strict compliance will have a significant practical impact on those responsible for risk management in Irish financial institutions. The extent of this impact on the institutions’ risk management resources will only become apparent as the institutions themselves begin to focus on meeting the new requirements. |
Orla Brennan is a partner in Landwell Solicitors.
|
| Article appeared in the March 2002 issue.
|
|
|
