Legal Updates

 Financial RegulationNovember 18, 2020

CBI issues second “Dear CEO” letter on fitness and probity

Share this

Download PDF

For further information on any of the issues discussed in this publication please contact the related contact(s) on this page.

On 17 November, 2020, the Central Bank of Ireland (the CBI) issued a second "Dear CEO" letter on fitness and probity, following thematic on-site inspections which it conducted on a sample of firms in the insurance and banking sectors. The CBI's first "Dear CEO" letter on the topic was issued in April 2019.

The CBI has highlighted that it expects all firms to take appropriate action to deal with the issues addressed in the letter, and that the letter should be read in conjunction with its prior “Dear CEO” letter, the Fitness and Probity Standards and associated fitness and probity guidance. Below we have looked at some of the CBI’s key findings.

Key Findings

  • Lack of scrutiny over board appointments – The CBI found that in some firms there was a lack of scrutiny and formality in relation to board appointments (such as lack of interview notes and suitability assessments to support board appointments) and succession plans did not meet expectations, or were not used in practice. The CBI was also critical of the fact that in a number of cases there was no evidence of board approval, discussion or challenge of proposed pre-approval controlled function (PCF) appointments, and that in many firms, directors had a poor level of knowledge of the fitness and probity obligations.

  • Due Diligence – The area which was found to be the most consistently weak across the majority of firms was the due diligence undertaken by firms to show compliance with the Fitness and Probity Standards. As regards initial due diligence, many firms were not able to evidence qualifications, reference checks or suitability searches. The CBI requires firms to highlight any adverse information as regards a proposed PCF when an Individual Questionnaire is being submitted, and explain why this information does not affect the individual’s suitability to perform the proposed role. The CBI reminded firms that it takes a lack of disclosure seriously. The CBI noted that if there was any attempt to mislead, this may call into question not only the proposed PCF’s suitability, but also the firm’s decision to propose the relevant individual. In terms of ongoing due diligence, the CBI said that an annual self-declaration by PCF controlled function (“CF”) holders is the minimum expected and that firms must undertake ongoing due diligence screening to check if a change in circumstances has impacted an individual’s fitness and probity.

  • Lack of oversight where outsourcing to unregulated financial service providers – The CBI found that where firms had outsourced PCF or CF role to outsourced service providers (OSPs), a lot of firms had not, as part of their due diligence, obtained the required documentation, or made any inquiries into the OSP’s processes for assessing fitness and probity, or analysed whether PCF or CF roles were being performed. The CBI reminded firms that where a CF/PCF role is outsourced to an unregulated OSP - notwithstanding the outsourcing arrangement - the firm remains responsible for ensuring compliance with the fitness and probity requirements, and for having appropriate policies and procedures in place to ensure compliance with those requirements.

  • Lack of engagement with the CBI – The CBI observed that in the majority of firms the processes for engaging with the CBI as regards fitness and probity issues had not been adequately developed, documented or embedded. In particular, it noted that a lot of firms did not have processes in place to identify, escalate and notify the CBI in a timely manner of potential concerns regarding the fitness and probity of a CF or PCF holder.

  • Role of Compliance Function – The CBI found that many firms were not undertaking robust compliance testing of their fitness and probity processes and procedures. The CBI said that the fitness and probity process should be subject to comprehensive oversight by the Compliance Function and should be independently reviewed periodically by the Internal Audit Function, to make sure it is fit for purpose.


This is the second lengthy “Dear CEO” letter to be issued by the CBI on fitness and probity in a relatively short timeframe, highlighting the importance which the CBI attaches to the regime. The CBI states in the letter that it considers fitness and probity to be the “cornerstone” of the regulatory framework in Ireland. In addition, the CBI expressed concern that a number of firms did not take action, on being prompted by its earlier “Dear CEO” letter, to perform a formal gap analysis of their policies, processes and procedures.

The CBI reminded firms that a failure to comply with fitness and probity obligations can result in investigations – and ultimately sanctions – under its Administrative Sanctions Procedure (“ASP”). Three firms have been sanctioned by the CBI for fitness and probity related failures under the ASP regime in the last three years.

All firms should review their fitness and probity policies and procedures in light of this letter and the CBI’s previous “Dear CEO” letter, as it is clear that a failure to do so will be viewed poorly by the CBI in the context of any fitness and probity breaches which may arise.

Contact information

If you have any queries about the information contained in this article, please contact the authors or your usual Dillon Eustace contact.

Dillon Eustace
November 2020

DISCLAIMER: This document is for information purposes only and does not purport to represent legal advice. If you have any queries or would like further information relating to any of the above matters, please refer to the contacts above or your usual contact in Dillon Eustace.

Copyright Notice: © 2020 Dillon Eustace. All rights reserved.