Introduction

On 17 November 2020, the CBI issued a “Dear CEO” letter, in which it set out key findings from a thematic inspection it carried out on compliance by a number of banks and insurance companies with their obligations under the fitness & probity (“F&P”) regime.

The CBI was highly critical of the firms it investigated for the purposes of the thematic review. Commenting on the findings, the CBI's Deputy Governor, Ed Sibley, stated that the findings “indicate that many firms do not have due regard to their obligations under the F&P Regime”; he also stated that “it is wholly unacceptable that such shortcomings continue to exist in circumstances where the F&P Regime was introduced almost ten years ago.”

Key findings

- The CBI had issued a “Dear CEO” letter to firms in April 2019, setting out its expectations regarding firms' F&P obligations. Ed Sibley noted that it was “a matter of concern that a number of firms did not take action, on being prompted by our April 2019 letter, to perform a formal ‘gap analysis' of their policies, processes and procedures.”

Firms who have not done this should arrange to do so as soon as possible, given the clarity of the warning issued by the CBI.

- The CBI found that many firms were not undertaking robust compliance testing of their fitness and probity processes and procedures, and were not carrying out a periodic independent review to ensure it is fit for purpose.

- The CBI found that the area that was most consistently weak across the majority of firms was due diligence in relation to appointments, in particular for Pre-approval Controlled Function (“PCF”) roles, together with on-going due diligence. Firms are required, under section 21 of the Central Bank Reform Act 2010, to ensure they do not permit a person to carry out a Controlled Function (“CF”) role (which includes PCF roles) unless “satisfied on reasonable grounds” that the person continues to meet the applicable F&P standards and agrees to comply with these.

Prior to appointment (and engaging in the PCF pre-approval process with the CBI), firms are expected to carry out due diligence, covering, for example, qualifications, reference checks and suitability searches. With regard to on-going due diligence, the CBI stated that an annual self-declaration of compliance with the F&P standards by PCF and CF role holders is the minimum expected. Also, where any potential concerns about a person's F&P arises, the firm must investigate such concerns and take action as appropriate without delay. More generally, the CBI stated that firms should proactively conduct ongoing F&P screening of staff to ensure there has been no change in circumstances that may affect their F&P.

- The CBI was concerned that, for the majority of firms inspected, “the processes related to engagement with the Central Bank on fitness and probity issues, including the IQ submission process, have not been adequately developed, documented or embedded.” The CBI was critical of firms for being too “passive” in their engagements with the CBI and stated that it expects firms to be “proactive” in identifying any F&P issues and reporting as appropriate to the Central Bank without delay.

- The CBI noted with concern that the level of awareness of board members in many firms of their F&P obligations was “poor”. For example, board appointments were not generally subjected to the same level of internal F&P scrutiny as other PCF appointments (eg no evidence of any interview notes or suitability assessment); also, there were indications that in a number of cases there was no evidence of board discussion of proposed PCF appointments. Furthermore, there were instances of CEOs screening candidates for board membership, despite the conflict of interest that this presented.

- With regard to outsourcing of CF roles to unregulated providers, the CBI found that the majority of firms had not, as part of their due diligence in appointing CF role-holders, obtained the required documentation or made any inquiries as to the external provider's process for assessing fitness and probity. Also many firms did not have a process whereby outsourcing arrangements were analysed to verify whether PCF or CF roles were being performed.

Overall, “The Central Bank expects that all firms take appropriate action to address the significant issues outlined in this letter and can evidence this to the Central Bank, if requested.”

Next steps

It is clear that all regulated firms should heed this very clear warning from the CBI and review their internal F&P processes as a matter of urgency.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.