Central Bank launches ASP Sanctions Guidance

The Central Bank of Ireland (the “CBI”) has launched “ASP Sanctions Guidance” (the ”Guidance”) giving further detail on the sanctioning factors which it takes into account when imposing sanctions in enforcement cases under its Administrative Sanctions Procedure (“ASP”): Link

Under the ASP the CBI can impose various sanctions, including monetary penalties of up to €10 million or 10% of turnover on a regulated financial service provider – whichever is the greater – and fines of up to €1 million on individuals who are concerned in a firm’s management, for certain regulatory breaches, known as “prescribed contraventions.”

What factors will be taken into account?

The CBI first published the “Outline of the Administrative Sanctions Procedure” (the “Outline”) several years ago. Among other things, the Outline lists various sanctioning factors which will be considered by the CBI at a settlement or Inquiry under the ASP under the headings of: (i) the nature, seriousness and impact of the breach; (ii) the conduct of the regulated entity after the breach; (iii) the previous record of the regulated entity; and (iv) other general considerations.

The Guidance gives further colour to the list of sanctioning factors set out in the Outline by giving examples of matters which will be considered by the CBI to have a “neutral”, “aggravating” or “mitigating” impact on the sanction to be applied. According to the Guidance, “neutral” factors will have no impact on the sanction i.e. they will not aggravate or mitigate the relevant conduct.

Below we have given examples of some matters set out in the Guidance, which the CBI says it will take into account when coming up with a sanction.

Cooperation

The CBI has made it clear that it expects firms to cooperate with its investigations and that credit will only be given for cooperation where it goes “above and beyond” the standard expected by the CBI. The CBI’s “expected level of cooperation” is quite extensive, including its expectation that the regulated entity will share the output of internal investigations and/or third party reviews and that it will assist in the identification and location of current and former employees for interview. These are all considered “neutral” factors.

Some examples of where cooperation will be treated as a mitigating factor are:

• where the firm proactively and voluntarily provides the CBI with output of any pre-existing internal investigation and/or third party review;

• where the firm seeks to “assist the Central Bank wherever possible” and is proactive in identifying previously undetected issues and bringing them to the attention of the CBI; and

• where the firm provides information about individuals potentially involved in the breach(es).

Remediation

The Guidance states that it expects firms to immediately and voluntarily take steps to remediate any issue identified, so “exemplary remediation” is required in order for this to be treated as a mitigating factor.

Some examples of mitigating factors concerning remediation in the Guidance are:

• where the firm seeks to identify whether consumers, customers or investors have suffered loss or detriment and puts in place an appropriate redress and compensation plan which “goes above and beyond” the minimum expected by the CBI;

• where a firm conducts an internal/independent third party investigation which goes beyond the breaches identified and seeks to remediate broader governance, control and risk management issues within a particular business area or within the firm generally; and

• where the firm seeks to recruit new staff to improve standards of compliance and culture within the business, seeking to establish itself as “ best in class” from a management and governance perspective.

Individual Accountability

The manner in which the regulated entity attempts to hold individuals to account is also an aggravating or mitigating factor depending on the circumstances. For example the Guidance states that providing information to the CBI about individuals potentially involved in the breach(es) will be a mitigating factor, as will engaging an independent third party to report on individual wrongdoing “including…at the most senior levels of the organisation.” However, a failure to take appropriate disciplinary action for those responsible for wrongdoing will be an aggravating factor for the firm.

Commentary

The fact that the CBI has given further guidance on the factors which will be taken into account when determining sanctions in an ASP is to be welcomed. Notably cooperation will only be considered as a mitigating factor where the firm goes “above and beyond” the CBI’s expectations.

It is clear that the CBI is also sharpening its focus on individual accountability. As noted above, several of the sanctioning factors relate to attempts made by the firm to hold individuals to account. This focus on individual accountability is no surprise with the Government currently working on the CBI’s proposals for an individual accountability framework to be introduced in the Central Bank (Amendment) Bill 2019 (for further information on individual accountability, please see this article: Link)

This year the CBI imposed its largest fine to date of €21 million, on a regulated entity for failings concerning certain customers who were on tracker mortgages. We can expect to see further large fines arising from other ongoing investigations arising from the Tracker Mortgage Examination. It will be interesting to see how the above sanctioning factors are applied in those investigations.

Contact information

If you have any queries about the information contained in this article, please contact Muireann Reedy of our Regulatory Investigations Unit at mailto:Muireann.Reedy@dilloneustace.ie or at 01-674 1002.