Banking on cultural change: individual accountability in the financial services sector in Ireland

ABSTRACT

Modelled on the Senior Managers and Certification Regime (SMCR) in the UK, the new individual accountability framework (IAF) in Ireland aims to drive positive cultural change and restore trust in financial institutions. This article analyses the potential strengths and weaknesses of the IAF and explores how it might achieve its aim of improving behaviours and culture. Whilst sanctioning individuals to deter future misconduct is an important part of any successful regulatory strategy, it is argued that the focus should be on ensuring that individuals in the financial services industry internalise the norms of behaviour expected under the new IAF. This article is relevant to audiences in various jurisdictions, including the UK and Australia, which operate comparable individual accountability regimes. In particular, it is relevant to researchers and policy-makers in the UK, in light of the Call for Evidence from HM Treasury ‘to consider future reforms to the regime’.

KEYWORDS:

• Banking culture
• accountability
• financial regulation

A. Introduction

On 9 March 2023, the Central Bank (Individual Accountability Framework) Act 2023 (‘Act’) was signed into law.¹ The various provisions of the Act are expected progressively to come into operation during 2023 and 2024.² On 13 March 2023, the Central Bank of Ireland (‘CBI’) published a consultation paper (‘CP153’), which included draft implementing regulations and detailed guidance under the Act, for public consultation.³ The main aim of the new individual accountability framework (‘IAF’) under the Act is, ‘to drive a culture of positive behaviour among those who work in financial institutions and is part of the ongoing work to restore trust in these institutions’.⁴

A key question is whether the IAF in Ireland is likely to achieve the intended aim of improving behaviours and culture in the financial services industry.⁵ It is, of course, far too early to reach any authoritative conclusions on this question at this point in time, although early indications from reviews of similar individual accountability regimes in the UK and Australia, discussed further in this article, are positive. Reviews from these other jurisdictions indicate that these types of individual accountability regimes serve to have an empowering effect on individuals who are responsible for decision-making and they serve to focus the minds of individuals on the ethical and regulatory implications of their decision-making. On the other hand, the allocation of responsibilities to senior individuals in large and complex firms may not be as straightforward as might first appear, including for example in relation to the roles of each of the three lines of defence (front line, Compliance and Risk, Audit). Furthermore, the increased focus on putting the onus on firms to ensure that their senior staff are fit and proper for their roles is both a strength and weakness – whilst it may be a practical approach to a complex regulatory problem, there is always the risk that the firms (whose commercial interests are not wholly aligned with the public interest objectives of regulators) might treat the requirements largely as an elaborate procedural ‘box-ticking’ exercise, rather than as an important means of ensuring higher ethical standards within the firm. More generally, an inherent weakness in the IAF, together with equivalent regimes in other jurisdictions, is that it rests on a partial view of the factors influencing individual decision-making, as it focuses on individuals and their role within firms. In order to influence individual decision-making effectively, not only must the context of the individual and the individual’s firm be considered, but also wider industry and societal factors.

This article analyses the aims of the IAF in the context of regulatory theory and wider social science research on ethical decision-making by individuals. It argues that, whilst sanctioning individuals in order to hold them to account and to deter future misconduct is an important part of any successful regulatory strategy, the focus should be on ensuring that individuals in the financial services industry internalise the norms of behaviour expected under the new IAF. In order to achieve the goal of improving behaviours and culture in financial services, this article also argues that, in addition to the IAF, there an should be increased focus on a ‘trajectory towards professionalisation’⁶ of the financial services industry, and banking in particular. In the view of the authors this would be an important means of positively influencing industry-wide norms of behaviour, which have a key influence on firms and individuals’ behaviours.

Such a ‘trajectory towards professionalisation’ would, it is argued, serve to encourage and develop a professional identity for individuals in financial services that places greater emphasis on the need for them to take account of social responsibilities going beyond short-term profit-maximisation. It would also facilitate the internalisation of ethical norms by the industry, through a process in which the industry itself engages with and articulates relevant norms that are expected of peers in the industry. This is particularly important because, as the Dutch financial regulator, the DNB, has noted, ‘peer pressure regulates behaviour’.⁷ Apart from the development of industry norms, through for example, industry codes of conduct and guidance, such a ‘trajectory towards professionalisation’ could also involve further development of industry expectations for staff at all levels across the financial services industry, regarding the completion of continuing professional development (‘CPD’) courses and further development of courses that include modules on ethical decision-making.⁸

The IAF under the Act is modelled on the UK Senior Managers and Certification Regime (‘SMCR’), which came into force in the UK from March 2016. A similar regime, known as the Banking Executive Accountability Regime (‘BEAR’, which is expected to be replaced by a wider regime, known as the Financial Accountability Regime, or ‘FAR’) was also introduced in Australia, from July 2018. Somewhat similar individual accountability regimes in the financial services sector have also recently been introduced in Hong Kong and Singapore and one is expected to be introduced in Malaysia.⁹ This article is, therefore, relevant to a range of audiences in these jurisdictions. Though the regime in Ireland is both similar and distinguishable from those in these jurisdictions, many comparative efforts to examine international best practice in individual accountability regimes, including that recently conducted by the Bank of International Settlements, have not considered or analysed the Irish regime which was very recently signed into law.¹⁰ In this regard, the article notes a number of divergences between the IAF and the SMCR that may be relevant in the context of the on-going review of the SMCR in the UK. The article also notes that potential divergences in approach by the respective regulators in the UK and Ireland may arise as a result of the new, post-Brexit, statutory objective imposed on the UK regulators to advance the ‘competitiveness and growth’ of the UK economy and financial services sector. The salutary experience of imposing a somewhat similar statutory objective on the Irish regulator prior to the financial crash in 2007–2008 may well be of interest in the UK – the Irish statutory objective was removed in 2010, following severe criticism of its impacts, including that it gave raise to ‘a rather accommodating stance vis-à-vis credit institutions’.¹¹ The article is also relevant to these audiences and more widely as it analyses a question that arises in various regulated industries in all jurisdictions, namely, how to influence ethical decision-making by individuals in a regulated industry.

B. The background to the emergence of the individual accountability framework (IAF) in Ireland

In this section, the nature and extent of misconduct in the financial services industry which precipitated the IAF in Ireland is briefly outlined. This is followed by an overview of the development of regulatory powers to address this misconduct and the limitations of these powers.

I. The nature and extent of misconduct in the industry

Widespread misconduct and the resulting loss of trust is a particular challenge for the banking sector.¹² It has been a pervasive issue, both before and since the global financial crisis (‘GFC’) in 2007–2008. In 2016, then Deputy Director of the Bank of England, Minouche Shafik, described an ‘ethical drift’ in the financial services industry internationally. She stated that, whilst misconduct in financial services has always been a feature for as long as commerce has existed, ‘[n]ever before has misconduct occurred so systematically, in such a large scale and across multiple jurisdictions. Clearly it was not a case of a few bad apples, but something was rotten in the entire barrel’.¹³ The then Governor of the Bank of England, Mark Carney, noted that misconduct in the financial services sector had the potential to create systemic risks by undermining trust in both financial institutions and markets.¹⁴ The size of the fines imposed on financial services firms is one useful indicator of the extent of the problem. A 2019 European Central Bank (‘ECB’) report estimated that the total costs for 26 global banks for their misconduct over the previous decade, in terms of damages, fines, settlements and litigation, amounted to over $350 billion.¹⁵

Arguably the most significant instance of financial wrongdoing in Ireland, since the GFC, was the tracker mortgages scandal. Tracker mortgages are so called because the interest rate charged under these mortgages directly ‘tracked’ the ECB interest rate by a margin. They were offered to Irish customers in a period of intense competition among banks, in particular between 2003 and 2008. During the period 2006–2008, when interest rates rose, many customers chose to switch their mortgages from their tracker rate to a fixed rate of interest for a period (and were encouraged to do so by the banks). Once the interest rates subsequently decreased, however, the banks (which had stopped offering tracker mortgages from 2008 as they had become too costly for them) often chose not to enable their customers to revert to the lower tracker rate or otherwise benefit from a tracker rate. This was despite the terms of the relevant mortgage contracts, which appeared to permit customers to benefit from a tracker rate. This resulted in significant overcharging of customers. In response, in 2015, the Central Bank of Ireland (CBI) launched ‘the largest, most complex and significant consumer protection review’ in its history.¹⁶ The CBI found that the scandal affected over 40,000 customers, 99 of whom lost their homes as a result of over-charging.¹⁷ The wrongdoing cost the lenders €683 million, as at May 2019, in redress and compensation to affected customers.¹⁸ The CBI also imposed fines on a number of the lenders involved, including a fine of just over €100 million on one of the lenders, the highest single fine the CBI has imposed to date under its administrative sanctions procedure.¹⁹

The tracker mortgage scandal generated considerable public disquiet in relation to the banking industry in Ireland.²⁰ The behaviour of the Irish banks was described by the Irish Minister of Finance in a press statement in 2017 as ‘disgraceful’ and ‘the legalistic approach taken by some banks to avoid doing the right thing is simply unacceptable’.²¹ He argued that ‘it is now time that all banks seek to regain the trust of the Irish people by actions, not words’ and mandated the CBI to carry out a review of the behaviour and culture of the retail banks.²² The resultant CBI report found that the Irish retail banks had ‘a distance to travel’ to establish a consumer-focused organisational structure and that they ‘need to overcome obstructive patterns of behaviour in order to transition to maturity’.²³

Concerns regarding the general behaviours of the banks in Ireland had, however, emerged some time prior to the tracker mortgage scandal. In 2005, for example, an Oireachtas (i.e. Parliament) Committee report into the behaviours of the banks found that ‘the basic conclusion … is that the banking and finance sector in Ireland is not sufficiently competitive. As a result, consumers are paying too much for credit and money payment services’.²⁴ The Committee report also stated that it was ‘concerned at the number of incidents in recent years in which banks have failed to comply with acceptable standards of behaviour with respect to prudential, consumer and fiscal obligations’.²⁵ The 2010 Honohan Report (‘Honohan Report’) into the financial collapse and its causes in Ireland also found that ‘the major responsibility lies with the directors and senior managements of the banks that got into trouble’.²⁶ In particular, there was evidence of ‘a comprehensive failure of bank management and direction to maintain safe and sound banking practices, instead incurring huge external liabilities in order to support a credit-fuelled property market and construction frenzy’.²⁷

II. Limitations of existing regulatory powers to address misconduct by individuals

In the post-GFC era, the CBI and other financial services regulators internationally moved to a significantly more intrusive supervisory approach to regulated firms and ‘credible deterrence’, following criticisms of their ‘light-touch’ approach to regulation prior to the GFC.²⁸ In Ireland, the Honohan Report, for example, strongly criticised the unwillingness of the CBI to escalate from compliance-oriented approaches to implementing sanctions against regulated firms, noting that the CBI would ‘walk softly and carry no stick’.²⁹

The post-GFC regulatory approach manifested in new laws and new enforcement practices. In particular, new laws were introduced to make it easier to detect, investigate and harshly punish financial misconduct.³⁰ Thus, for example, the Central Bank (Supervision and Enforcement) Act 2013 gave the CBI new powers of investigation and supervision. It also further amended the Central Bank Act 1942 (which sets out the CBI’s Administrative Sanctions Procedure) by significantly increasing the CBI’s fining powers under the Administrative Sanctions Procedure. Pursuant to the amendments, the CBI can now impose fines on firms of up to €10 million or 10% of annual turnover, whichever is greater, and up to €1 million on individuals for prescribed contraventions.

Nevertheless, difficulties remain with enforcement in practice because law alone is a limited instrument in changing behaviour. Sanctions alone may not always generate accountability, do not necessarily deter misconduct, and may not generate meaningful, lasting, cultural change.³¹ As observed by the Financial Conduct Authority (‘FCA’) in the UK, ‘The evidence that we have suggests that there are limitations on the extent to which greater compliance can be achieved by increasing fines and the probability of detection’.³²

One important aspect of the changes introduced in Ireland in the post-GFC era was a new fitness and probity regime, as set out in the Central Bank Reform Act 2010 and relevant implementing regulations.³³ There are three pillars to this fitness and probity regime.³⁴ First, there are on-going obligations on firms to ensure that all of their employees in a so-called controlled function (‘CF’) role comply with fitness and probity standards. CF roles are those designated as such by the CBI. They are roles that would enable an individual in the role to exercise a significant influence within the regulated firm and include customer-facing roles. Firms must not permit a person to perform a CF role unless they are ‘satisfied on reasonable grounds’ that the person complies with standards of fitness and probity set out in a CBI code.³⁵ The second pillar is the CBI’s role as a gatekeeper. The CBI has powers to specify CF functions (such as board member, CEO, head of control function) as a pre-controlled function (‘PCF’). Prior written approval from the CBI is required before an individual can be appointed to any of these functions.³⁶ The third pillar is the CBI’s powers to investigate the fitness and probity of individuals in a CF role, where it has reason to suspect their fitness and probity and to prohibit the individual from holding a CF role(s).³⁷ To date, the CBI has exercised this power to issued so-called Prohibition Notices to nine individuals.³⁸ This third pillar co-exists with the CBI’s separate powers to sanction individuals (and firms) under its Administrative Sanctions Procedure. The CBI’s sanctioning powers under the Administrative Sanctions Procedure includes the power to disqualify an individual, as well as the power to impose fines. The CBI has, since the introduction of the Administrative Sanctions Procedure in 2004,³⁹ issued seventeen such disqualifications.⁴⁰

In 2017, in light of the above-mentioned tracker mortgage scandal, the Irish Minister for Finance mandated the CBI to carry out a review of behaviour and culture in the Irish retail banks.⁴¹ The resultant CBI report set out in some detail its recommendation that a new Individual Accountability Framework be introduced.⁴² The CBI stated that, despite the powers then available to it, ‘without a strengthened Individual Accountability Framework, the likelihood of profound cultural change in the regulated financial services sector is reduced’.⁴³

Why are the CBI’s existing powers considered insufficient to give rise to positive behavioural and cultural change in financial services? A key concern is that the fitness and probity regime in place prior to the Act did not adequately address the problem of ‘wilful blindness’ to misconduct at senior levels of a financial services firm, in particular where there was a lack of clarity regarding who was responsible for what. Also, the CBI would be unlikely to be able to sanction an individual for ‘wilful blindness’ under the above-mentioned Administrative Sanctions Procedure (prior to the amendments under the Act described below), as it would have to demonstrate that the individual ‘participated’ in a regulatory breach by their firm.

This issue of ‘wilful blindness’ was examined in a 2013 UK Parliamentary Commission on Banking Standards report (‘PCBS Report’), entitled ‘Changing banking for good’, which considered in detail the issues of misconduct in banking in the UK and made recommendations for reform.⁴⁴ The PCBS Report found that one of the core features giving rise to misconduct in the banking industry had been a ‘striking limitation on the sense of personal responsibility and accountability of the leaders within the industry for the widespread failings and abuses over which they presided. Ignorance was offered as the main excuse. It was not always accidental’.⁴⁵ It elaborated:

Senior executives were aware that they could not be punished for what they could not see and promptly donned the blindfolds. Where they could not claim ignorance, they fell back on the claim that everyone was party to a decision, so that no individual could be held squarely to blame – the Murder on the Orient Express Defence.⁴⁶

The PCBS Report recommendations led to the introduction of the SMCR in the UK. Ireland’s new IAF, discussed further below, is broadly similar to the SMCR.

C. The new IAF

The new IAF under the Act has the following main elements. First, the IAF includes a Senior Executive Accountability Regime (SEAR). This has been introduced in the Act by way of amendments to the Central Bank (Supervision and Enforcement) Act 2013 (‘2013 Act’). These amendments give the CBI powers to put in place the detail of the SEAR.

The CBI’s draft SEAR regulations, included in CP153, provide that the regulated firms that will fall within scope of SEAR will be credit institutions, insurance firms (excluding reinsurance firms, captive (re)insurers and special purpose vehicles), certain types of investment firms and third country branches in Ireland of these types of firms.⁴⁷ The CBI states, in CP153, that this will bring approximately 150 firms within scope of the SEAR and this approach is in line with international precedent where equivalent regimes have been introduced on a limited basis ‘before expanding that scope over time as experience developed’.⁴⁸

Under the SEAR, in-scope regulated firms will be required to ensure that each person in a PCF role has in place an up-to-date Statement of Responsibilities, clearly setting out their individual role and areas of responsibility. Each PCF-holder will have allocated to them the ‘inherent responsibilities’ of their particular PCF role. These inherent responsibilities are described in a table set out in the draft SEAR regulations in CP153. The CBI has also provided a list of ‘prescribed responsibilities’ that must be allocated appropriately amongst the various PCF-holders in the firm. Schedule 2 of the draft SEAR regulations in CP153 identifies some 29 prescribed responsibilities that must be allocated to a PCF-holder (there are some further sector- and circumstance-specific prescribed responsibilities; also, the list of prescribed responsibilities that applies to investment firms and to incoming third country branches is shorter). This SEAR list of ‘prescribed responsibilities’ is longer than the equivalent list under the SMCR. Examples of SEAR ‘prescribed responsibilities’ include responsibility for the firm’s performance of its obligations under the SEAR; responsibility for the firm’s performance of its obligations under the Fitness and Probity Regime (including certification); responsibility for embedding the conduct standards throughout the firm. Under the SEAR, in-scope firms must identify the various business areas and management functions of the firm and, where an area or function is not covered in an inherent responsibility or prescribed responsibility, responsibility for it must be allocated to a PCF-holder as an ‘other’ individual responsibility. Firms within scope of SEAR will also be required to prepare and maintain an up-to-date Management Responsibilities Map, documenting key management and governance arrangements in a comprehensive, accessible and clear single source of reference.

The SEAR also specifies that individuals in a PCF role in in-scope firms are subject to a ‘duty of responsibility’, to take ‘any steps that it is reasonable in the circumstances for the person to take’ to avoid their firm committing regulatory breaches in an area of the business for which they are individually responsible.⁴⁹ If an individual infringes this duty of responsibility and there is a breach of regulatory requirements by the firm, the CBI could sanction the individual under the Administrative Sanctions Procedure.⁵⁰ In accordance with the ASP, the CBI may fine individuals up to €1 million and disqualify them from their position.⁵¹ CP153 states that the SEAR is intended to come into operation from 1 July 2024.

The SEAR is broadly similar to the SMCR regime in the UK and the BEAR regime in Australia. Interestingly, however, whereas only certain board director roles fall within the scope of the SMCR, all board directors (i.e. including all non-executives) of within-scope firms fall within the scope of BEAR and within the scope of the SEAR.⁵²

A second element of the IAF is the codification of conduct standards. The Act provides that the CBI may prescribe standards for regulated firms, for the purposes of ensuring that regulated firms act in the best interests of customers and the integrity of the market; act honestly, fairly and professionally; act with due skill, care and diligence.⁵³ The Act also sets out so-called ‘common conduct standards’ applicable to all individuals performing a CF role. These are obligations to act ‘with honesty and integrity’, act ‘with due skill, care and diligence’, co-operate ‘in good faith and without delay’ with the CBI and equivalent authorities in other jurisdictions and act ‘in the best interests of customers and treats them fairly and professionally’.⁵⁴ There are so-called ‘additional conduct standards’ applicable to all individuals in a PCF role or any other significant influence role (i.e. a CF1 role), in any regulated firm. The additional conduct standards are that the firm’s business is controlled effectively; the firm’s business is conducted in accordance with financial services legislative requirements; any delegated tasks are assigned to an appropriate person with effective oversight; ‘any information of which the [CBI] would reasonably expect notice in respect of the business of the regulated financial services provider is disclosed promptly and appropriately to the [CBI]’.⁵⁵ The common conduct standards and additional conduct standards are very similar to the equivalent conduct rules under the SMCR.

Individuals are required to take ‘any steps that it is reasonable in the circumstances for the person to take’ to ensure compliance with the above applicable conduct standards.⁵⁶ Any individual who fails to comply with this reasonable steps requirement will be liable to sanctions under the CBI’s Administrative Sanctions Procedure. It can be expected that these conduct standards and the reasonable steps requirement will lead to a significant increase in documenting decision-making processes and the positions taken by individual senior executives within firms in relation to commercial decisions.

Prior to the Act, the CBI could only impose sanctions on individuals under the Administrative Sanctions Procedure if they were a person concerned in the management of a firm that has infringed relevant requirements and participated in the breach. Thus, a breach by the firm first needed to be established before the individual could be sanctioned. Under the Act, however, the CBI can sanction an individual for breach of the above conduct standards, without the necessity of any prior finding against the individual’s firm. The Act also provides that the CBI may sanction an individual under the Administrative Sanctions Procedure where the individual is in a CF role, the firm breaches regulatory requirements and the individual participates in the breach. The CBI’s sanctioning powers under the Administrative Sanctions Procedure are separate to the powers the CBI has under the fitness and probity regime not to grant approval for the appointment of an individual to a PCF role, or to prevent an individual from continuing in a CF role if the CBI is not satisfied as to the individual’s fitness and propriety for the role.⁵⁷

The third main element to the proposed new IAF relates to the requirement on firms to satisfy themselves as to the fitness and probity of persons in a CF role in their firm. Under Section 21 of the Central Bank Reform Act 2010, which sets out the fitness and probity regime, regulated firms may not permit an individual to perform a CF role in their firm unless they are ‘satisfied on reasonable grounds’ that the individual in question meets the CBI’s fitness and probity standards, as set out in a relevant CBI Code.⁵⁸ The CBI has been critical of the due diligence firms have typically carried out to address this requirement, most recently in a November 2020 ‘Dear CEO’ letter on compliance with fitness and probity requirements.⁵⁹ The Act amends Section 21 of the Central Bank Reform Act 2010, to require firms not to permit an individual to perform a CF role unless it issues a certificate that the individual in question complies with applicable standards of fitness and probity, as set out in a relevant CBI Code. The draft implementing regulations in CP153 provide that any such certificate is valid for 12 months. This certification requirement will involve an increase in the due diligence required of firms, going beyond the current practice of many firms relying on self-certification by individuals. As stated in the General Scheme of the proposed IAF, ‘this would serve to intensify the focus of firms on the fitness and probity of their key personnel and their procedures’.⁶⁰ CP153 states that the above individual conduct standards and fitness and probity changes are intended to come into force from 31 December 2023.

I. Comparing the Irish IAF and the SMCR

Whilst the IAF is modelled on the SMCR, there are a number of differences that are useful to note, including for the purposes of the on-going review of the SMCR in the UK. Thus, for example, whereas the SMCR covers only certain types of non-executive director roles, the SEAR includes all non-executive directors. Under SEAR, all non-executive directors in within-scope firms are obliged to have in place individual Statements of Responsibility, although these statements may be limited to describing the ‘inherent responsibilities’ of their role, which are specified as ‘overseeing and monitoring the strategy and management of the firm’. CP153 notes that independent non-executive directors that have specified responsibilities (Chair of the Board; Chair of the audit, risk, remuneration or nomination committee of the Board) may have additional non-executive prescribed responsibilities.⁶¹ This approach, of including all non-executives within the scope of SEAR recognises that they ‘play an essential role as members of the board in respect of the oversight of the firm and in safeguarding a firm’s governance framework’.⁶² Also, according to the CBI, non-executives are already subject to responsibilities under existing regulatory corporate governance frameworks and ‘the SEAR is fully consistent with those existing responsibilities and should not impose increased obligations in that regard’.⁶³

Another area of divergence relates to the system of regulatory references i.e. the requirement under the SMCR that, as part of the process for hiring senior managers or persons covered by the certification regime, regulatory references covering the previous six years of employment must be sought from all relevant former employees. A template for the regulatory reference is provided by the regulator and must include details of any disciplinary action taken against the individual in question in respect of breaches of the conduct rules.⁶⁴ A 2020 PRA review of the operation of the SMCR noted that the regulatory reference system was seen by respondents to the PRA survey as helpful, but ‘one of the most operationally difficult parts of the approval process’.⁶⁵ An equivalent regulatory reference scheme is not included in the Irish IAF, in particular in light of the employment law and constitutional rights of individuals (including rights relating to fair procedures and due process). As stated in the Regulatory Impact Analysis of the General Scheme of the IAF, at an early stage in the legislative process leading to the IAF:

Feedback from industry in the UK in relation to the SMCR has been broadly positive, with reservations focused on elements that are not replicated in the Irish legislation, particularly the operation of Regulatory References. The Central Bank’s proposals have been adapted to take full account of the constitutional rights of all persons concerned.⁶⁶

On the other hand, the CBI has stated that it expects regulated firms to make all reasonable efforts to obtain references from former employers or other relevant persons in respect of persons they propose to employ in a CF role.⁶⁷

A further interesting point to note is that whilst the respective lists of prescribed responsibilities under the SEAR and the SMCR are broadly similar, they do differ in a number of respects. For example, the list of prescribed responsibilities under the SEAR is longer and includes prescribed responsibilities that are not in the SMCR, including ‘Responsibility for ensuring that action is taken to prevent further harm or detriment to customers where the firm becomes aware that a decision or action taken or failure to act has caused harm or detriment to customers’; ‘Responsibility for managing the firm’s approach to identifying, assessing and managing climate-related and environmental risks across the firm’ and ‘Responsibility for overseeing the adoption of the firm’s policy on diversity and inclusion’.

The respective conduct rules under the SMCR and IAF are very similar. It is useful to note that, under the SMCR, the individual conduct rule 4, to ‘pay due regard to the interests of customers and treat them fairly’ is supplemented by a new individual conduct rule 6 from July 2023, requiring individuals to ‘act to deliver good outcomes for retail customers’ as part of a significant new Consumer Duty, aimed at ‘reducing harm to consumers and ensuring firms deliver good outcomes for consumers’.⁶⁸ The equivalent individual conduct rule under the IAF requires that the individual ‘acts in the best interests of customers and treats them fairly and professionally’. We will have to await the experience of operating the new Consumer Duty regime in the UK to see to what extent, if at all, the respective regulators’ expectations on individuals under the SMCR and the IAF regarding their treatment of their retail customers differs.

On the other hand, the CBI has taken account of the UK experience of SMCR and aimed to reduce unnecessary bureaucracy in the implementation of the IAF, on the basis of an approach that is explicitly based on ‘the principles of proportionality, predictability and reasonable expectations’.⁶⁹ Thus, for example, apart from the above-mentioned divergence between the IAF and SMCR in relation to regulatory references, the CBI’s template Statement of Responsibilities is noticeably shorter and less demanding to complete than the SMCR equivalent document.⁷⁰ Also, the CBI does not intend to require firms to provide to the CBI a copy of each Statement of Responsibilities whenever it is updated, whereas under SMCR firms must provide to their regulator each significantly updated version of the Statement of Responsibilities.⁷¹

Also, as discussed further below, with regard to enforcement, whilst there have been some criticisms of the perceived relative failure of the UK regulators to use their enforcement powers under the SMCR to sanction individuals, the CBI has clearly indicated that its focus is intended to be on generating improvements in governance ‘without material increases in enforcement activity’.⁷²

In December 2022, the UK Treasury announced a number of reforms, the so-called ‘Edinburgh reforms’, to ‘drive growth and competitiveness in the financial services sector’; these included a review into reforming the SMCR.⁷³ In March 2023, HM Treasury published a Call for Evidence (‘Call for Evidence’) on legislative aspects of reforming the SMCR.⁷⁴ On the same day, the PRA and FCA issued a joint Discussion Paper (‘DP’) to review the SMCR, inviting public comments by 1 June 2023.⁷⁵ It is, as yet, unclear what the likely outcome of this consultation process may be.⁷⁶

Both the Call for Evidence and DP refer to reviewing the SMCR in the context of the international competitiveness objective set out in the Financial Services and Markets Bill (now, Financial Services and Markets Act 2023). This new Act, according to the UK Government announcement on the day it received royal assent, on 29 June 2023, ‘seizes the opportunities of Brexit’ and provides a ‘rocket boost for UK economy’.⁷⁷ Section 25 of this 2023 Act amends the Financial Services and Markets Act 2000 to provide that the PRA and FCA must, ‘so far as reasonably possible’ when discharging their functions, act in a way to advance as a secondary objective ‘the competitiveness and growth objective’ i.e. ‘the international competitiveness of the economy of the United Kingdom (including in particular the financial services sector)’ and ‘its growth in the medium to long term’. Furthermore, the PRA and FCA are required to make two reports each year to the Treasury on how they have complied with this ‘competitiveness and growth objective’; these reports must explain how the objective is embedded in their ‘operations, processes and decision-making’.⁷⁸

Interestingly, this ‘competitiveness and growth’ objective is somewhat reminiscent of a statutory objective of the CBI that was introduced in 2003 but removed in 2010 as it was considered to have been a contributory factor in the failures of financial services regulation in the lead-up to the financial crisis in Ireland in 2007–2008. The statutory objective in question in Ireland required the CBI to ‘promote the development within the State of the financial services industry (but in such a way as not to affect the objective of the Bank in contributing to the stability of the State’s financial system)’.⁷⁹ The 2010 Honohan Report, a report by the Governor of the CBI (who had been appointed in 2009), which was scathing on regulatory and other failures that contributed to the Irish financial crisis, noted that the statutory objective of promoting financial services meant that ‘the situation was ripe for the emergence of a rather accommodating stance vis-à-vis credit institutions. Indeed, early indications of such an approach can be seen from the experience with respect to efforts to codify principles and establish appropriate enforcement procedures’.⁸⁰ Stakeholders in the UK may wish to reflect on the salutary experience in Ireland of requiring regulators to promote the financial services industry when considering how UK regulators should act to advance the post-Brexit ‘competitiveness and growth’ objective. In any event, specifically in the context of comparing the Irish Individual Accountability Framework and UK SMCR, it will be interesting to consider the extent to which these respective regimes diverge in their operation over time as a result of this ‘competitiveness and growth’ objective.

D. Is the IAF likely to achieve its aim of behaviour and culture change in the financial services industry in Ireland?

The IAF has not yet fully commenced, so it would not be realistic at this stage to opine authoritatively on its likelihood of success in bringing about positive changes in behaviour and culture in financial services in Ireland. Nevertheless, the equivalent regimes that have already been introduced in the UK and Australia in particular provide very useful indicators of the potential strengths (and weaknesses) of the IAF in Ireland.

Recent surveys carried out in the UK and Australia suggest that there have been positive changes as a result of the implementation of equivalent regimes in these jurisdictions. A December 2020 UK Prudential Regulation Authority evaluation of the SMCR, for example, based on surveys of regulated firms, concluded that the SMCR ‘is widely considered to have had a positive impact on culture and behaviour’.⁸¹ Also, the UK industry body, UK Finance,⁸² published a report in 2019 on the impact of the SMCR since its introduction in 2016.⁸³ This was also based on interviews with senior managers in the industry. Although UK Finance is an industry representative body and therefore not ‘neutral’, it is interesting that it found that, since the introduction of the SMCR

there has been a meaningful and tangible change in culture, behaviour and attitudes towards risk within firms. For senior managers, the evidence shows that the SMCR has focused minds, with a clear emphasis on what each person is individually responsible for, and how they could be held accountable.⁸⁴

In Australia, Sheedy and Canestrari-Soh reviewed the implementation of BEAR, based on industry surveys and interviews, and concluded that BEAR has given rise to improvements in governance culture. They determined that:

[A]ccountability has an empowering effect so decisions get made, problems get resolved and there is greater care and diligence. Risk/compliance functions are getting a bigger say as their line one colleagues consult them more. Directors and assurance teams also find it easier to do their jobs because they can ascertain who is accountable when things go awry.⁸⁵

Nevertheless, the process of culture and behaviour change in the financial services industry is a long-term process and assessing success will be difficult. The following paragraphs identify and discuss a number of factors that will likely impact on the future success of the new IAF in Ireland.

I. The significance of allocating accountability to individuals under SEAR for specific areas of a firm’s business

In principle, as indicated in the above-mentioned UK and Australian surveys, the allocation of accountabilities to specified individuals should focus the minds of these individuals on the behaviours expected of them. Sheedy and Canestrari-Soh, for example, hypothesise that the heightened individual accountability under the Australian BEAR will cause senior executives to engage in more deliberative, ‘system 2’ thinking,⁸⁶ rather than more instinctive ‘system 1’ thinking, and thereby ‘mitigate behavioural biases that contribute to risk management failure, promoting greater care and diligence in senior executives’.⁸⁷ Senior individuals who fail to take appropriate care in their area of individual accountability risk being subject to some form of disciplinary action by their firm and/or regulatory sanctions. In the case of BEAR, executive accountability is anticipated to be achieved primarily through financial consequences imposed by the board.⁸⁸

Regulated firms also have a commercial interest in ensuring that their firm is well governed, which includes ensuring that there is clarity within the firm as to who is accountable for particular aspects of the firm’s business. Accordingly, at least to some extent, there is an alignment of interests as between regulated firms and their regulator in ensuring clarity regarding individual accountabilities within the firm, although it will primarily be a matter for firms, rather than regulators, to ensure the firm’s internal lines of accountability are clear. As noted in a recent UK FCA stock-take report on the implementation of the SMCR in the banking industry, which was based on interviews with industry representatives, ‘[f]irms described the initial stages of implementation as challenging but came to see clear definition of accountability as beneficial’.⁸⁹

It should be noted, however, that the issue of allocating accountabilities to individuals can sometimes raise governance and HR issues, particularly in larger financial services firms, with various forms of matrix management structures and where responsibilities of individuals have not been sufficiently demarcated (or there has not been a perceived need to have a sufficiently clear demarcation in a pre-SEAR era).⁹⁰

Also, the issue of allocating accountability to individuals for managing risks can be more complex than might seem to be the case on the basis of job titles. For example, the standard framework for allocating responsibilities for risk governance is the ‘three lines of defence’ (3LoD) or ‘three lines model’.⁹¹ The 2015 Basel Corporate Governance Principles for Banks endorsed the 3LoD model as the appropriate risk governance model for banks.⁹² Under this model, the customer-facing business units are the first line of defence; they ‘own’ the risks and are accountable for them, as they take on the risks as part of their functions in carrying on the business. The second line of defence includes the internal Risk function, which monitors and reports on risks, and the internal Compliance function, which advises on and monitors compliance with regulatory requirements. The third line of defence is Internal Audit, which is intended to provide internal review and assurance on the quality and effectiveness of the internal control systems and practices.

In principle, this demarcation of respective roles should enable each of the individual role-holders to be sufficiently clear on their respective roles and accountability for any failures in risk governance. In practice, however, the demarcation of respective roles is not so clear-cut. As noted by Brener, ‘[t]he theory sounds conceptually attractive but it is difficult to operate successfully’.⁹³ A number of commentators have noted that there is still some disagreement over where the boundaries between the three lines should be drawn and considerable divergence in the manner of its operationalisation within firms.⁹⁴ Often, for example, it can be unclear to what extent the compliance function’s role extends beyond assisting the first line functions to manage compliance, to also involve overseeing the first line functions. Also, the model can lead to rigid operational silos which can give rise to issues of inadequate information flows between the silos about risks.⁹⁵

On the other hand, the obligation to have in place Statements of Responsibilities for all PCFs, including the Head of Compliance, Chief Risk Officer, and Head of Internal Audit, in all firms within scope of SEAR may serve to improve the level of clarity around the respective roles of each of the three lines of defence. It might also assist the individuals in second and third line control functions to increase their status and impact within their firm, as indicated above in the Australian survey. Furthermore, as noted by Sheedy and Canestrari-Soh in respect of the Australian BEAR regime, they anticipate that BEAR ‘will improve risk management outcomes by clarifying accountabilities that have become blurred under the three lines model and emphasising the primacy of the first line’.⁹⁶

II. Relying on firms to ensure individuals meet fitness and probity standards: a potential “Achilles heel” of the individual accountability framework?

An important feature of the IAF is the emphasis it places on the role of firms to satisfy themselves as to the fitness and probity of their staff, both prior to taking them on for a role (whether or not pre-approval from the regulator is also required) and on an on-going basis. A potential benefit of this approach is that it might encourage firms to ‘internalise’ the required standards of fitness and probity, in particular through devoting internal resources to further developing appropriate internal processes, procedures, and practices to vet their internal staff appropriately. On the other hand, there is always the risk that at least some firms might treat the requirements as an elaborate procedural ‘box-ticking’ exercise.

Relying on regulated firms to develop their own systems for ensuring and demonstrating compliance with regulatory requirements is a well-established approach, that has been described in the regulatory literature as ‘management-based regulation’ or ‘meta-regulation’⁹⁷ and has evolved from the scholarship of Ayres & Braithwaite in particular.⁹⁸ Ayres & Braithwaite advocated that the most effective regulatory strategy to achieve regulatory objectives was a ‘responsive regulation’ approach, according to which the intensity of regulatory intervention should depend on the behaviour of the regulated.⁹⁹ They suggested that regulators work best when they are ‘benign big guns’ who ‘speak softly’ and ‘carry a big stick’¹⁰⁰ and are ‘contingently provoking and forgiving’.¹⁰¹ According to this approach, regulators should adopt a pyramidal or tiered approach to enforcement, in which they first address wrongdoing with compliance-oriented approaches and only have recourse to sanctioning approaches when wrongdoers continue to fail to comply with the law or remediate their wrongdoing. They noted that this approach is of mutual benefit to both the regulator and the regulated because corporate actors, like other persons, are a mix of contradictory values and motivations. Sometimes, corporate executives will engage in conduct which is unethical or illegal because they are motivated, for example, by profit-maximising norms. On other occasions, they are their law-abiding selves. Thus, the theory of meta-regulation argued in favour of providing greater flexibility to businesses themselves to determine the appropriate systems of internal control to achieve regulatory objectives, albeit with appropriate oversight by the regulator.

To a certain extent, meta-regulation is a necessary and practical approach to achieving regulatory objectives, given that the resources of the regulator are limited and there are practical reasons for firms to develop systems and processes to vet the fitness and probity of their staff and directors that fit within their already-established human resources and other internal processes. This type of regulatory approach, however, as with any regulatory approach, has its Achilles heel. Firms’ internal systems and controls are designed to achieve their own goals; not necessarily those of the regulator.¹⁰² As Black has argued, the fundamental weakness of meta-regulation, the extent of reliance on firms, is also, paradoxically, its source of strength.¹⁰³

Black has argued that a successful management-based regulatory strategy is fundamentally reliant on the simultaneous presence of four elements: (i) firms have to have the appropriate culture and organisational capacity to support the compliance systems which are put in place; (ii) firms need to have the right incentives to pursue public objectives as well as private profits; (iii) regulators need to possess sufficient skills and industry experience to evaluate firms; and (iv) regulators need to have sufficient courage and political support to challenge firms.¹⁰⁴ It may be difficult in practice to ensure the simultaneous presence of each of these four elements. In some cases, for example, whilst firms may have the relevant formal compliance mechanisms in place, they might not have the appropriate culture and organisational capacity to ensure that these are effectively implemented. In this regard, regulators ‘are inextricably dependent for their success on the behaviour of individuals and organizations’, who may not always have sufficient incentives to align their behaviours with the public policy objectives of the regulator.¹⁰⁵

Furthermore, in implementing the new conduct standards described above, regulators and regulated firms will also need to have a sufficiently clear mutual understanding of, for example, what ‘reasonable’ steps senior individuals are expected to take to ensure compliance. As noted by MacNeil, the SMCR conduct requirements relating to taking reasonable steps, ‘rely considerably on the discretion and risk tolerance of the regulator, which can be expected to vary over time and to be influenced by the economic cycle as well as political pressure’.¹⁰⁶ In the absence of comprehensive guidance for the industry, there is a risk that at least some firms will focus on procedural compliance with the required minimum legal requirements, rather than internalising good governance and applying evolving best industry practice. The issues are potentially complex in the context of the individual’s employment law rights and, in Ireland, constitutional rights.¹⁰⁷ Complex issues may, for example, arise in relation to assessing an individual’s non-financial misconduct (such as bullying, harassment and discrimination) and the individual’s conduct outside of work.¹⁰⁸

III. Individual accountability and ‘credible deterrence’

Whilst the CBI’s sanctioning powers are an essential part of its tool-kit, and firms and individuals need to be held to account for regulatory failures, there is a potential concern that an over-focus on the use of sanctioning powers might tend in the direction of an overly-stringent and potentially unfair ‘heads-on-spikes’ regulatory approach to dealing with breaches by individuals. This approach might not be effective in deterring poor behaviours. As argued by Hodges and Steinholtz, ‘[t]he deterrence policy can only go in the direction of increasing penalties, whether on firms or individuals, which will ultimately be seen as unfair and ineffective in achieving behavioural change’.¹⁰⁹

Furthermore, Ayres & Braithwaite, in their seminal book on regulatory theory, recognised the limitations of sanctions as a tool for achieving behavioural change in regulated firms:

What may be best for short-term compliance might also be counterproductive for long-term internalisation of a desire to comply. And this long-term internalisation is the more important matter in almost any domain of social control because it is usually impossible for society to organize its resources so that rewards and punishments await every act of compliance or non-compliance.¹¹⁰

How likely is it that the potential concern of a counter-productive overly-aggressive sanctioning practice might emerge in the enforcement of the IAF? It is interesting to note that, since the initial coming into force of the SMCR in March 2016, the UK regulatory authorities have imposed sanctions for breach of the SMCR individual conduct requirements in only two cases. In the first case, the FCA and PRA imposed fines totalling £642,430 on Mr. Jes Staley, Chief Executive of the Barclays Group, for breach of the conduct rule requiring him to ‘act with due skill, care and diligence’.¹¹¹ In the second case (the first involving breach of the senior manager conduct rules), the PRA fined the former Chief Information Officer of TSB Bank plc just over £81,000 for breaching the senior manager conduct rule to ‘take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system’.¹¹² Accordingly, there is no clear evidence of zealous over-enforcement and excessive punitiveness, at least in the context of the SMCR. This relative lack of sanctioning activity has been the subject of criticism from some stakeholders.¹¹³

In an Irish context, whilst we cannot predict the likely level of enforcement actions that might be concluded against individuals under the IAF, it is useful to note that the CBI has imposed fines on individuals in very few cases under the Administrative Sanctions Procedure.¹¹⁴ The CBI has, however, indicated that the IAF will make it easier for the CBI to take cases to sanction individuals:

The Central Bank’s Administrative Sanctions Procedure will be strengthened [by the IAF] to ensure that individuals can be pursued directly for their misconduct rather than only where they have participated in a firm’s wrongdoing. The reforms will also provide for greater process efficiency, clarity, and administrative consistency to all involved, including those who may be the subject of enforcement action.¹¹⁵

On the other hand, in CP153, the CBI noted that its approach to enforcement of the IAF will be consistent with the approach to enforcement of similar individual accountability regimes in other jurisdictions, where improvements in governance within firms has occurred ‘without material increases in enforcement activity’.¹¹⁶

It should also be noted that enforcement cases against individuals can be far more complex, resource-intensive for regulators and adversarial in nature than enforcement cases against firms.¹¹⁷ The various cases that have gone to inquiry under the Administrative Sanctions Procedure illustrate this. Thus, for example, in the case of the Inquiry process relating to activities at Irish Nationwide Building Society and alleged regulatory breaches of policies and procedures for processing loans, the events that are the subject of the Inquiry took place between 2004 and 2008, a Notice of Inquiry (i.e. commencing an Inquiry under the Administrative Sanctions Procedure) was issued in 2015 in respect of the firm and five individuals.¹¹⁸ This Inquiry is on-going in respect of one of the individuals.

Whereas firms may be inclined to settle a case in order to maintain a constructive strategic relationship with their regulator, individuals may be much more inclined to consider that a sanction from the regulator may be career limiting or ending for them and, therefore, be more inclined to vigorously defend their position (subject to available financial resources, including relevant insurance such as directors and officers liability insurance, to cover the costs of potentially lengthy litigation). This suggests that the new IAF will not necessarily lead to a high volume of sanctions cases against individuals, so that the CBI’s use of its sanctioning powers may form only a limited role in its overall regulatory strategy to improve behaviours in the industry.

On the other hand, the IAF may further bolster the CBI’s approach of not approving applicants for PCF positions, where it considers that the individual does not meet the required standards of fitness and probity. The IAF serves to codify more clearly the standards of conduct expected of senior individuals in the industry and applicants for PCF roles will need to be in a position to demonstrate to the CBI that they meet these standards. Thus, for example, pursuant to the additional conduct standards for persons in senior roles, individuals applying for CBI approval for a PCF role should be in a position to demonstrate to the CBI that, in their career in financial services to date where they have held a relevant senior position they have met the specific conduct requirements, such as the requirements ‘to disclose promptly, proactively and appropriately’ to the CBI ‘any information of which the Central Bank would reasonably expect notice’.

The CBI has stated, for example, that in 2020 some 20 applications under the current fitness and probity regime for PCF roles had been withdrawn following referral of the application to the CBI’s specialist fitness and probity team in its Enforcement Division.¹¹⁹ It is likely that individuals would generally prefer to withdraw their application, rather than have the CBI adopt a formal negative decision in respect of their fitness and probity. It can be expected that this trend will continue and that the CBI will make the PCF application process increasingly rigorous, including through the individual interview process, in which the CBI can, at a minimum, convey its expectations regarding conduct standards, and can refuse or ‘discourage’ the progression of applications (including through the issuing of a ‘minded to refuse’ letter, leading to a likely withdrawal of the application) where there is evidence that these high standards have not been met.

IV. Individual accountability and influencing ethical decision-making

A key aim of the IAF is to achieve positive behavioural and culture change in the financial services industry. Whilst more intrusive regulatory supervision by the CBI and a regulatory strategy focusing on deterring poor behaviours may go some way to achieving this aim, it is unlikely to be adequately achieved in the absence of an internalisation of ethical norms within the industry. In order to achieve an internalisation of ethical norms by individuals and generate positive cultural change in the financial services industry, it will be critical for regulators, regulated firms (in particular, those who wish to go beyond formulaic ‘box-ticking’ to meet minimum regulatory requirements) and other stakeholders intent on pursuing this aim to understand and address how norms are internalised by individuals. Increasingly, scholars recognise that these norms are shaped by individual decision-making contexts, the organisational cultures within which individuals are immersed, and broader structural factors.¹²⁰ As stated by Black:

behaviour, including responses to regulation, are shaped by the complex interplay of factors at the individual level (incentive structures and interests of key individuals); the level of internal organisational systems, processes and cultures; and at the macro-level: not only the organisation’s immediate field but also the deeper normative and cognitive environment.¹²¹

Similarly, Omarova refers to the metaphor of the Russian nesting doll, the Matryoshka, to describe the multiple layers of the dynamics influencing individual behaviours in the financial services industry. She notes, in particular, that ‘[a] critically important source of firms’ internal systems of norms, incentives, and behavioural patterns is the market in which these firms compete and the industry which they collectively compose’.¹²²

An inherent limitation of the IAF is that it rests on a partial view of the factors influencing individual decision-making. In order to influence individual decision-making effectively, not only must the context of the individual and the individual’s firm be considered, but also wider industry and societal factors. In the language of organisational psychologists, the IAF targets bad apples and the barrels in which those apples are formed.¹²³ The on-going debate about whether poor behaviours result from ‘bad apples’ or ‘bad barrels’, however, does not take sufficient account of the wider market, political and social context in which ‘barrels’ are formed. Often ‘[e]thical problems in organizations originate not with “a few bad apples” but with the “barrel makers”’.¹²⁴

The financial services industry, as with most other industries, is governed by the wider ‘morals of the marketplace’, in which it is broadly expected and considered legitimate in the commercial world that an individual’s firm pursue profits on the basis of freely-negotiated and, importantly, self-interested, exchange.¹²⁵ These morals are linked, to an important extent, to the shareholder value norm. As articulated by Friedman, the sole duty of managers of firms is to maximise profits for shareholders, so long as they stay within the rules,¹²⁶ a view which still holds currency despite being criticised for insufficiently considering other important stakeholders.¹²⁷

Individuals may also be strongly influenced by the normalisation of poor behaviours in the industry, which some scholars refer to as a what is ‘common is moral’ heuristic.¹²⁸ Significantly, individuals who seek to go against the tide of the ‘morals of the marketplace’ will face difficulties. As Akerlof pointed out in his famous 1970 article on the impact of information asymmetry and the ‘market for lemons’,¹²⁹ where there is information asymmetry between buyers and sellers and where buyers cannot adequately distinguish between higher-quality goods and lower-quality goods (‘lemons’), this information asymmetry is likely to drive down the quality of goods on the market. The problem of information asymmetry is particularly prevalent in retail financial services markets.¹³⁰ Ethical firms may struggle to compete with their less ethical competitors, who mislead customers as to the quality of their products or services in situations where customers are not in a position to effectively compare the respective products or services of the various competitors. Over time, this may lead to overall levels of ethical conduct in the market deteriorating. As Akerlof and Shiller argue, competitive pressures mean that ‘even firms guided by those with real moral integrity will usually have to [exploit buyers’ psychological weaknesses and ignorance] in order to compete and survive’.¹³¹

Nevertheless, there are various means to positively influence the industry-wide norms of behaviour that significantly influence the culture of individual firms and, in turn, the behaviours of individuals within the firms. One such mechanism, the ‘trajectory towards professionalisation’ of banking, is considered in the following section.

E. A ‘trajectory towards professionalisation’?

Professions developed in the middle ages and involved mastery of a subject-area and an obligation on members of the profession to use their knowledge wisely and honestly. By the 1960s, however, as Ariely notes, there was a strong move to deregulate ‘elitist’ professions and the ethos of professionalism. Much of this was beneficial, but ‘strict professionalism was replaced by flexibility, individual judgement, the laws of commerce, and the urge for wealth, and with it disappeared the bedrock of ethics and values on which the professions had been built’.¹³²

The question of whether banking is a profession and whether it should ‘professionalise’ was considered in some detail in the UK PCBS Report. The PCBS Report did not consider banking to possess the core characteristics of a profession, as it covered too wide a range of activities, lacked a common core of learning, and responsibilities to clients did not trump self-interest. It recommended, nevertheless, that bankers should embark on a ‘trajectory towards professionalisation’.¹³³ Specifically, it recommended that the banking community should itself demonstrate its willingness to develop its own professional body and set standards and expectations of its members that exceeded existing regulatory standards.¹³⁴

This recommendation in the PCBS Report was followed by the Lambert Review,¹³⁵ which in turn prompted the creation of the UK Banking Standards Board in 2015, which was subsequently expanded into the Financial Services Culture Board in 2021 to encompass non-banking members. It is a non-statutory, industry-funded body, and is governed by an independent board with a majority of non-practitioner members. Its aim is to help raise standards of behaviour and competence across the industry.¹³⁶ In January 2023, however, it announced that it would be wound-up that year, as it is ‘not viable as a going concern over the medium term’.¹³⁷ A broadly similar body, the Irish Banking Culture Board, whose membership is composed of the retail banks in Ireland, was launched in 2019.

A ‘trajectory towards professionalisation’ should be further pursued in financial services, and banking in particular, in Ireland. An effective trajectory towards professionalisation would likely involve the industry itself providing an in-depth articulation of ethical norms of behaviour going beyond minimum regulatory requirements expected of its members. This could include, for example, providing guidance on issues such as the ‘reasonable steps’ senior managers should take for the purposes of compliance with the individual conduct standards. In this regard, the above-mentioned UK Finance report on the impact of the SMCR indicated in one of its recommendations that further guidance should be provided on issues such as this and that it is ‘unlikely to be provided by the regulators and may be an action for industry to pursue itself’.¹³⁸ Industry-generated codes of conduct might also valuably serve as a potential ‘safe harbour’ for individuals, where the individuals can demonstrate that they have acted in accordance with such codes (as in the UK),¹³⁹ or could be legally enforceable via legislation by the regulator (as in Australia).¹⁴⁰

A trajectory towards professionalisation could also, for example, involve further development of expectations, applicable to staff at all levels across the financial services industry, regarding attending continuing professional development (‘CPD’) courses and further development of courses that include modules on ethical decision-making. In Ireland, there are already well-developed CPD requirements imposed by various financial services professional institutions on their members (such as the Institute of Banking and the Compliance Institute).¹⁴¹ The minimum regulatory requirements relating to CPD tend to focus on requirements for customer-facing staff. The PCBS Report stated very bluntly on this issue: ‘A set of expected qualifications which forces bank clerks to night school for years to come, but gives a free pass to those working in wholesale banking or at more senior levels – the groups which most conspicuously failed in recent years – would ignore the lessons of the crisis’.¹⁴²

A trajectory towards professionalisation would be beneficial for several reasons. First, it would encourage and develop a professional identity for bankers that places greater emphasis on the need for them to take account of social responsibilities going beyond short-term profit-maximisation. Second, it would facilitate the internalisation of ethical norms by the industry, through a process in which the industry itself engages with and articulates norms that are likely to be more detailed and go beyond the minimum legal standards articulated by the regulator. This is particularly important because, as the Dutch financial regulator, the DNB, has noted, ‘peer pressure regulates behaviour’.¹⁴³ Also, regulators can be reticent about developing detailed codes of conduct because they risk providing firms with an opportunity to ‘game’ the detailed rules. This approach, however, leaves gaps in terms of industry understanding of appropriate norms of behaviour in particular circumstances, which could be addressed by the industry itself. A third, related, reason for encouraging a trajectory towards professionalisation in banking is that the process of active engagement by the industry in the articulation of its own norms of behaviour is more likely to make such norms salient to individuals in the industry on a day-to-day basis and, therefore, more likely to have an influence on their behaviours.¹⁴⁴

Furthermore, whilst industry participants may recognise that it is in the interests of the industry as a whole for behaviours and culture within the industry to improve, it is more difficult to achieve this in the absence of some level of industry-wide co-ordination to raise standards. In particular, whilst it may well be in the interests of all to raise standards, it may not be in the interests of individual financial services providers to raise their own standards on a voluntary basis when they cannot be certain that others would follow suit. The difficulty for individual firms is that if they invest significantly in addressing misconduct issues within their firm, prohibiting ‘sharp’ practices, for example, they may be less profitable than others in the wider industry where such practices are more common. Accordingly, they risk putting themselves at a competitive disadvantage in the market. This was described in a Federal Reserve Bank of New York staff article as a ‘co-ordination failure’ problem, whereby firms fail to reach a common objective that is in the collective best interests of the industry as a whole.¹⁴⁵ This can be addressed through a ‘trajectory towards professionalisation’.

Ultimately, the aim of a trajectory towards professionalisation would be to generate peer pressure within the banking industry for members to meet high standards of behaviour. Groups, as Ellemers argues, are our moral anchors; individuals define what is right and wrong by what others around them consider to be right and wrong.¹⁴⁶ Individuals typically wish to fit in with and belong to the group with which they identify.¹⁴⁷ As social beings, the influence of others can shape our moral climate, affect our judgments, and influence our behaviours.¹⁴⁸ Individuals belong by conforming to the norms of that group. In the long run, as noted by O’Neill, the realities of earning, or losing, professional respect, or ultimately being expelled or ostracised from the profession can have a greater impact on securing trustworthy performance than other means, including criminal sanctions.¹⁴⁹

Specifically in an Irish context, the work of the Irish Banking Culture Board (IBCB) may be of particular interest and relevance in terms of developing a ‘trajectory towards professionalisation’. The IBCB is an industry-funded body, composed of the retail banks in Ireland, which has the aim of ‘rebuilding trust in the sector through demonstrating a change in behaviour and overall culture’.¹⁵⁰ To date, it has largely focused on conducting surveys of stakeholders and bank employees,¹⁵¹ but more recently has also launched a potentially promising initiative, the DECIDE ethical decision-making model, which provides a framework for individuals to consider the ethical implications of their decision.¹⁵² This organisation would be well-placed to develop industry-wide guidance on ethical standards and, potentially, industry codes of conduct, to assist in the ‘trajectory towards professionalism’ of the banking sector in particular.

Any such industry guidance from a body such as the IBCB could include, for example, guidance on issues such as the ‘reasonable’ steps senior managers should take for the purposes of compliance with the individual conduct standards, or industry codes of conduct.

F. Conclusions

The introduction of the IAF in Ireland is an important step towards developing a culture in financial services in which senior individuals take responsibility for their actions (or failures to act). It should assist in raising the standards of compliance with regulatory requirements and ethical norms in the industry. This view is supported by recent industry feedback, together with academic research, following the introduction of equivalent regimes in the UK and Australia in recent years. There is always the risk, however, that the implementation of the IAF for at least some firms may involve formal implementation (the equivalent of an elaborate ‘box-ticking’ exercise) but inadequate substantive implementation, by way of the internalisation of governance and ethical norms underpinning the IAF.

For the IAF to be successfully implemented across the financial services sector, it will be essential for comprehensive and continuous engagement between the CBI and industry to take place on the detail of what is expected by the CBI from the industry. It will also be important for the financial services industry itself as a whole to take on a more significant role in articulating expected norms in the industry, that go beyond minimum regulatory standards, to encourage and facilitate the industry as a whole to meet these standards. Such a ‘trajectory towards professionalisation’ could go a considerable way towards further improving trust in financial services in Ireland, which would benefit the financial services industry as well as its customers.

The development of the IAF in Ireland will be relevant to stakeholders in various jurisdictions that have, or are considering introducing, an equivalent individual accountability regime. It will be relevant, for example, in the context of the on-going review of the SMCR in the UK, given that the IAF diverges in a number of respects from the SMCR, as outlined above. One notable difference in the respective regimes is that SEAR in Ireland explicitly applies to all non-executive directors, an extension of liability which is also reflected in the equivalent regimes in Australia and Hong Kong. Some had suggested, prior to enactment, that this approach in Ireland may muddy the distinction between executive directors (who have a day-to-day role in managing the firm) and non-executive directors (whose inherent responsibilities under SEAR are ‘overseeing and monitoring the strategy and management of the firm’); that it may be misguided and limited in effect, given the constrained operational influence exercised by NEDs; that it may disincentivise NEDs to take up such positions; and that it may undermine collective decision making.¹⁵³

Given, however, that the individual conduct rules (and the senior manager conduct rule requiring appropriate disclosure of information of which the regulator should reasonably expect notice) apply to all non-executive directors under the SMCR, and that the SMCR does apply to particular non-executives, like the Chair of the Board and the Chairs of Committees,¹⁵⁴ so that SEAR only extends in new ways to NEDs who are not the Chair of the Board or to Chair of Sub-Committees to the Board,¹⁵⁵ it remains to be seen whether the difference between the Irish and UK regimes is significant in practice.

It is also useful to note that the detailed and ‘operationally difficult’¹⁵⁶ regulatory references regime under the SMCR, which has been the subject of some criticism, has not been replicated in the IAF in Ireland, although firms are expected to seek to obtain references from prior employers.

While the impact of the Irish regime is still uncertain, given that it is not yet fully operational, it is clear that these distinctions, among others, may be of interest to HM Treasury and others in the context of the review of SMCR, given that HM Treasury has noted that stakeholders have indicated that ‘government should ensure it is learning the lessons of others’ experiences’.¹⁵⁷ Stakeholders in the UK may also be interested in the recent salutary Irish experience of imposing a statutory objective on the financial services regulator to promote the growth of the financial services sector in Ireland, given that this is analogous to the recently-introduced statutory requirement on the FCA and PRA to advance the ‘competitiveness and growth’ of the UK economy and financial services sector. In Ireland, an official report into the financial crisis in 2007-2008 found that this statutory objective facilitated an excessively deferential and accommodating regulatory culture towards the banks and was identified as a factor in the financial crisis in Ireland.

Disclosure statement

No potential conflict of interest was reported by the author(s).

Additional information

Notes on contributors

Ciaran Walker

Ciaran Walker is a Consultant in the Financial Services Regulation & Governance group at the Dublin, Ireland, office of the global law firm Eversheds Sutherland. He also lectures and publishes in the leading international journals in his fields. He is the co-author, with Joe McGrath, of New Accountability in Financial Services: Changing Individual Behaviour and Culture (Palgrave Macmillan, 2022). Prior to joining Eversheds Sutherland, he was the Deputy Head of Enforcement at the Central Bank of Ireland.

Joe McGrath

Joe McGrath is an Irish Research Council Scholar, a Fulbright Scholar, an Assistant Professor of Law at the Sutherland School of Law, and the Vice Principal for Equality, Diversity and Inclusion of the College of Social Sciences at University College Dublin, Ireland. He teaches banking law, corporate governance, white-collar crime, and financial regulation. He is the author of three books and publishes in a variety of leading international peer-reviewed journals.

Notes

1 Central Bank (Individual Accountability Framework) Act 2023<https://www.irishstatutebook.ie/eli/2023/act/5/enacted/en/html>

2 Pursuant to the Central Bank (Individual Accountability Framework) Act 2023 (Commencement of Certain Provisions) Order 2023 (S.I. No. 176/2023), certain provisions of the Act came into operation on 19 April 2023.

3 Central Bank of Ireland, Enhanced governance, performance and accountability in financial services, Consultation Paper 153 (2023) <https://www.centralbank.ie/publication/consultation-papers/consultation-paper-detail/cp153-enhanced-governance-performance-and-accountability-in-financial-services-regulation-and-guidance-under-the-central-bank>

4 Press release, Minister Paschal Donohoe, 27 July 2021, on the publication of the General Scheme of the Bill which was the foundation of the Act <http://paschaldonohoe.ie/minister-donohoe-secures-agreement-to-draft-central-bank-individual-accountability-framework-bill/>

5 Central Bank of Ireland, ‘Behaviour and culture of the Irish retail banks’ (Central Bank of Ireland, 2018) <www.centralbank.ie/docs/default-source/publications/corporatereports/behaviour-and-culture-of-the-irish-retail-banks.pdf?sfvrsn=2>. For further background on Irish banking culture, see: Joe McGrath, ‘Walk Softly and Carry No Stick’: Culture, Opportunity and Irresponsible Risk-Taking in the Irish Banking Sector’ (2020) 17(1) European Journal of Criminology 86–105.

6 This term derives from a 2013 UK Parliamentary Commission on Banking Standards report. See: UK Parliamentary Commission on Banking Standards, Changing Banking for Good (Vol I) (The Stationery Office Limited, 2013 <https://publications.parliament.uk/pa/jt201314/jtselect/jtpcbs/27/27.pdf>. It is discussed further in Section E of this paper.

7 ‘Supervision of Behaviour and Culture: Foundations, Practice & Future Developments’, De Nederlandsche Bank, 50 <https://www.dnb.nl/media/1gmkp1vk/supervision-of-behaviour-and-culture_tcm46-380398-1.pdf>

8 J McGrath and C Walker, ‘Regulating Ethics in Financial Services: Engaging Industry to Achieve Regulatory Objectives’ (2023) 17 Regulation & Governance 791–809.

9 The Hong Kong Manager in Charge Regime was introduced by way of regulatory circular from the Hong Kong Securities and Futures Commission in December 2016; see: ‘Circular to Licensed Corporations Regarding Measures for Augmenting the Accountability of Senior Management’, 16 December 2016 <https://apps.sfc.hk/edistributionWeb/gateway/EN/circular/intermediaries/licensing/doc?refNo=16EC68>. In September 2020, the Monetary Authority of Singapore (‘MAS’) issued Guidelines on individual accountability and conduct (https://www.mas.gov.sg/-/media/MAS/MPI/Guidelines/Guidelines-on-Individual-Accountability-and-Conduct.pdf), together with a set of FAQs (https://www.mas.gov.sg/-/media/MAS/MPI/Guidelines/FAQs-on-Guidelines-on-Individual-Accountability-and-Conduct.pdf). In December 2019, the Central Bank of Malaysia, Bank Nagara Malaysia (‘BNM’), issued a draft ‘Responsibility Mapping’ document (‘Proposals’), setting out proposed requirements and expectations to be introduced by the BNM in relation to individual accountability. The proposals have not yet been adopted; they are intended to come into force one year after formal adoption. The proposals are available at: ‘Responsibility Mapping’, Exposure Draft, 26 December 2019, BNM <https://www.bnm.gov.my/documents/20124/52006/ed_responsibility+mapping_dec2019.pdf/73187c28-8465-fdd2-7fcf-0ddefa2e8bb2?t=1578645662143>.

10 R Oliveira, R Walters and R Zamil, ‘FSI Insights on Policy Implementation No 48: When the Music Stops – Holding Bank Executives Accountable for Misconduct’ Bank for International Settlements (2023) <https://www.bis.org/fsi/publ/insights48.pdf>

11 A report to the Minister for Finance by the Governor of the Central Bank, The Irish Banking Crisis: Regulatory and Financial Stability Policy 2003–2008, 43 <https://www.socialjustice.ie/system/files/file-uploads/2021-09/2010-06-08-thehonohanreport-theirishbankingcrisisregulatoryandfinancialstabilitypolicy2003-2008.pdf>

12 Ciaran Walker, ‘The Role of the Board of Financial Services Firms in Improving Their Firm’s Culture’ (2019) 43 Seattle UL Rev. 723; Ciaran Walker, ‘The Role of the Regulator in Supervising Culture in Financial Services Firms’ in Joe McGrath (ed.), White Collar Crime in Ireland: Law and Policy (Clarus Press 2019) 1–12.

13 Minouche Shafik, From ethical drift’ to ethical lift’: reversing the tide of misconduct in global financial markets, speech, 20 October 2016 <https://www.bankofengland.co.uk/-/media/boe/files/speech/2016/from-ethical-drift-to-ethical-lift-reversing-the-tide-of.pdf?la=en&hash=C120FF0FF7E00FB7DE07858D2CD7DE95CC1BA695>

14 Letter from Mark Carney, Chairman Financial Stability Board to G20 leaders, 30 August 2016 <https://www.fsb.org/wp-content/uploads/P20160831.pdf>

15 ECB, Implications of bank misconduct costs for bank equity returns and valuations, 19 November 2019 <https://www.ecb.europa.eu/pub/financial-stability/fsr/focus/2019/html/ecb.fsrbox201911_03~511ae02cc5.en.html>

16 ‘The tracker mortgage examination: Final report’, Central Bank of Ireland, July 2019, 4 <https://www.centralbank.ie/docs/default-source/consumer-hub-library/tracker-issues/update-on-tracker-mortgage-examination---july-2019.pdf?sfvrsn=6>

17 ibid 6.

18 ibid. Some reports indicate that the overall cost of the scandal to the banks has been around €1.5 billion; see e.g.: <https://www.rte.ie/news/business/2021/0326/1206353-ulster-bank-tracker-mortgage-fine/>

19 CBI announcement of fine imposed on The Governor and Company of the Bank of Ireland, 29 September 2022; available at: Ulster Bank Ireland DAC, 25 March 2021 <https://www.centralbank.ie/docs/default-source/news-and-media/enforcement-action-against-governor-and-company-of-the-bank-of-ireland.pdf?sfvrsn=954e951d_12>

20 Daniel McConnell, Banks engaged in a ‘reign of terror’ on tracker mortgages, committee to hear (Irish Examiner, 21 June 2021) <https://www.irishexaminer.com/news/arid-40318232.html>; The Irish Times view on individual accountability in the financial services sector (Irish Times, 2 August 2021) <https://www.irishtimes.com/opinion/editorial/the-irish-times-view-on-individual-accountability-in-the-financial-services-sector-1.4637016>

21 Statement by Minister Paschal Donohoe, 25 October 2017 <https://merrionstreet.ie/en/news-room/releases/statement_by_the_minister_for_finance_paschal_donohoe_on_the_tracker_mortgage_examination.html>

22 ibid.

23 CBI, Behaviour and culture of the Irish retail banks, 2018, 4, 5. <https://www.centralbank.ie/docs/default-source/publications/corporate-reports/behaviour-and-culture-of-the-irish-retail-banks.pdf?sfvrsn=2>

24 Joint Committee on Finance and the Public Service (2005) Interim Report on the Policy of Commercial Banks concerning Customer Charges and Interest Rates, 9 <https://opac.oireachtas.ie/knowvation/app/consolidatedSearch/#search/v=grid,c=1,q=qs%3D%5BInterim%20Report%20%5D%2Ccreator%3D%5B%22Joint%20Committee%20on%20Finance%20and%20the%20Public%20Service%22%5D%2Ctitle%3D%5B%22Interim%20Report%22%5D%2CqueryType%3D%5B16%5D,sm=s,sb=0%3Atitle%3AASC,l=library3_lib,a=t>

25 ibid, 9.

26 Patrick Honohan, ‘The Irish banking crisis: Regulatory and financial stability policy 2003–2008’, May 2010, at para. 1.6 <https://www.socialjustice.ie/sites/default/files/attach/policy-issue-article/3077/2010-06-08-thehonohanreport-theirishbankingcrisisregulatoryandfinancialstabilitypolicy2003-2008.pdf>. Also, the Irish banking crisis: Causes of the systemic banking crisis in Ireland (Nyberg Report) (2011): ‘Bank loans [in the pre-GFC era] seem to have expanded so rapidly because neither banks nor borrowers apparently really understood the risks they were taking. Many banks were increasingly led and managed by people with less practical experience of credit and risk management than before’, p. ii <https://assets.gov.ie/42234/b40d2827610943fbb78e9120fa70e719.pdf>. See also, the Oireachtas Joint Committee Report into the banking crisis (2016) <https://inquiries.oireachtas.ie/banking/wp-content/uploads/2016/01/02106-HOI-BE-Report-Volume1.pdf>.

27 Honohan (n 26) para. 1.30.

28 J McGrath and C Walker, New Accountability in Financial Services: Changing Individual Behaviour and Culture (Springer Nature 2022).

29 Honohan (n 26) 55. See further: Joe McGrath, Corporate and White-Collar Crime in Ireland: A New Architecture of Regulatory Enforcement (Manchester University Press, 2015) and Joe McGrath (ed), White Collar Crime in Ireland: Law and Policy (Clarus Press, 2019).

30 Joe McGrath, Corporate and White-Collar Crime in Ireland: A New Architecture of Regulatory Enforcement (Manchester University Press, 2015) and Joe McGrath (ed), White Collar Crime in Ireland: Law and Policy (Clarus Press, 2019). See also: Joe McGrath, ‘Twenty Years Since the McDowell Report: A Reflection on the Powers and Performance of the Office of the Director of Corporate Enforcement’ (2018) 60(60) Irish Jurist 33–66.

31 D Awrey, W Blair and D Kershaw, Between Law and Markets: Is there a Role for Culture and Ethics in Financial Regulation (2013) Del. J. Corp. L. 38, 191.

32 Zanna Iscenko, Chris Pickard, Laura Smart and Zita Vasas, Behaviour and Compliance in Organisations. FCA Occasional Paper 24 (FCA, 2016) 15.

33 See further: Blanaid Clarke, ‘Individual Accountability in Irish Credit Institutions – Lessons to be Learned from the UK’s Senior Managers Regime’ (2018) 47(1) Common Law World Review 35–52.

34 Joe McGrath, ‘From Responsive to Meta-Regulation: A Critical Review of the Enforcement Powers and Performance of the Central Bank of Ireland’ (2021) 66(1) Irish Jurist 1–35.

35 Central Bank Reform Act 2010, s 21.

36 Central Bank Reform Act 2010, ss 22, 23. The CBI’s list of PCF roles <https://www.centralbank.ie/docs/default-source/regulation/how-we-regulate/authorisation/fitness-probity/regulated-financial-service-providers/regulatory-requirements/gns-4-1-1-3-1-1-list-of-pre-approval-controlled-functions.pdf?sfvrsn=6>. Since 2014, the ECB is exclusively competent for fitness and probity assessments of the management board and key function holders of significant credit institutions and those of all credit institutions seeking authorisation.

37 Central Bank Reform Act 2010, ss 25, 43.

38 See, CBI website: <https://www.centralbank.ie/news-media/legal-notices/prohibition-notices>.

39 The Central Bank and Financial Services Authority of Ireland Act 2004 amended the Central Bank Act 1942 by introducing a new Part IIIC of that Act, which set out the Administrative Sanctions Procedure.

40 See, CBI Public Statement relating to enforcement action against Gary McCollum (2021) <https://www.centralbank.ie/docs/default-source/news-and-media/legal-notices/settlement-agreements/public-statement-relating-to-enforcement-action-against-gary-mccollum.pdf?sfvrsn=4>.

41 Statement by Minister Paschal Donohoe, 25 October 2017 <https://merrionstreet.ie/en/news-room/releases/statement_by_the_minister_for_finance_paschal_donohoe_on_the_tracker_mortgage_examination.html>.

42 CBI, Behaviour and culture of the Irish retail banks, 2018 <https://www.centralbank.ie/docs/default-source/publications/corporate-reports/behaviour-and-culture-of-the-irish-retail-banks.pdf?sfvrsn=2>. The CBI had also, in a December 2017 submission to the Law Reform Commission, recommended, albeit in less detailed terms, the introduction of an Individual Accountability Framework in Ireland, modelled on the UK SMCR (see: <https://www.centralbank.ie/docs/default-source/publications/correspondence/general-correspondence/central-bank-of-ireland-response-to-the-law-reform-commission-issues-paper-%27regulatory-enforcement-and-corporate-offences%27.pdf> para. 24).

43 CBI, ‘Behaviour and culture of the Irish retail banks’ (CBI, 2018) 32 <https://www.centralbank.ie/docs/default-source/publications/corporate-reports/behaviour-and-culture-of-the-irish-retail-banks.pdf?sfvrsn=2>

44 UK Parliamentary Commission on Banking Standards, Changing Banking for Good (Vol I) (The Stationery Office Limited, 2013) <https://publications.parliament.uk/pa/jt201314/jtselect/jtpcbs/27/27.pdf> (Vol II) <https://www.parliament.uk/globalassets/documents/banking-commission/Banking-final-report-vol-ii.pdf>

45 PCBS Report, Vol I, para. 14.

46 Ibid., para. 14.

47 CP153, Annex 1, 5 <https://www.centralbank.ie/docs/default-source/publications/consultation-papers/cp153/annex-1-to-the-consultation-paper-153-draft-regulations.pdf?sfvrsn=502a991d_4>

48 CP153, 17.

49 Section 6 of the Act, which inserts a section 53B(2) into the Central Bank Reform Act 2010.

50 Section 79 of the Act.

51 Central Bank of Ireland, ‘Outline of the Administrative Sanctions Procedure’ (CBI, 2018) <www.centralbank.ie/docs/default-source/regulation/how-we-regulate/enforcement/administrative-sanctions-procedure/legislation-and-guidance/outline-of-theadministrative-sanctions-procedure.pdf?sfvrsn=8>

52 For a discussion of exclusion of certain non-executives from the presumption of responsibility in the SMCR, see: Blanaid Clarke, Individual Accountability in Irish Credit Institutions – Lessons to be Learned from the UK’s Senior Managers Regime (2018) 47(1) Common Law World Review 35–52. See also: Blanaid Clarke, Senior Executive Accountability and Responsibility in Financial Institutions, (2021) 66(66) Irish Jurist 74–100.

53 Section 5 of the Act, inserting a Section 17A into the Central Bank Reform Act 2010.

54 Section 6 of the Act, inserting a Section 53E into the Central Bank Reform Act 2010.

55 Section 6 of the Act, inserting a Section 53F into the Central bank Reform Act 2010.

56 Section 6 of the Act, inserting a Section 53C into the Central Bank Reform Act 2010.

57 Central Bank Reform Act 2010, which has been amended by the Act.

58 See, the CBI’s Fitness and Probity Standards (Code issued under Section 50 Central Bank Reform Act 2010) 2014 <https://www.centralbank.ie/docs/default-source/regulation/how-we-regulate/authorisation/fitness-probity/regulated-financial-service-providers/regulatory-crequirements/gns-4-1-1-3-1-1-fitness-and-probity-standards.pdf?sfvrsn=6>

59 CBI ‘Dear CEO’ letter, 17 November 2020 <https://www.centralbank.ie/docs/default-source/regulation/how-we-regulate/fitness-probity/news/dear-ceo-letter---thematic-inspections-of-compliance-with-obligations-under-the-fitness-and-probity-regime.pdf>

60 The General Scheme of the Central Bank (Individual Accountability Framework) Bill 2021, 17.

61 CP153, Table 1, 26.

62 ibid, para. 2.4.11.

63 D Rowland, Speech, ‘Enhanced governance, performance and accountability in financial services: The Individual Accountability Framework’ 2023 <https://www.centralbank.ie/news/article/speech-derville-rowland-enhanced-governance-performance-and-accountability-in-financial-services-18-april-2023>

64 See, e.g. Chapter 22 of the FCA’s Handbook on ‘Regulatory references’ <https://www.handbook.fca.org.uk/handbook/SYSC/22.pdf>

65 ‘Evaluation of the Senior Managers and Certification Regime’ PRA, December 2020, 28 <https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/report/evaluation-of-smcr-2020.pdf?la=en&hash=151E78315E5C50E70A6B8B08AE3D5E93563D0168>

66 Central Bank (Individual Accountability Framework) Bill 2021 – Regulatory Impact Analysis, 4 <https://www.gov.ie/en/publication/ed2ba-regulatory-impact-assessment-central-bank-individual-accountability-framework-bill/>

67 See, CBI, Guidance on Fitness and Probity Standards, 2018, 34 <https://www.centralbank.ie/docs/default-source/regulation/how-we-regulate/fitness-probity/guidance-on-fitness-and-probity-standards.pdf?sfvrsn=a5bcdb1d_10>

68 FCA, A new Consumer Duty: Feedback to CP21/36 and final rules, July 2022 <https://www.fca.org.uk/publication/policy/ps22-9.pdf>. See also, Sheldon Mills, FCA, Countdown to the Consumer Duty, speech, 10 May 2023 <https://www.fca.org.uk/news/speeches/countdown-consumer-duty>

69 CP153, 4.

70 The IAF template Statement of Responsibilities is set out in Table 10 of the draft Guidance in CP153. It is a 1-page template. Also, the CBI considers that a word-count of 100–200 words to be appropriate for purposes of providing information on prescribed and/or other responsibilities (Guidance, 33). By contrast, the FCA’s template Statement of Responsibilities for dual-regulated firms (https://www.handbook.fca.org.uk/form/sup/SUP_10C_ann_10_SOR_dual_regulated.pdf) is some 26 pages; this template also indicates that a word count to describe each allocated responsibility of up to 300 words per allocated responsibility would be appropriate.

71 CP153 states ‘To reflect the enhanced approach to supervision reflected in the IAF, it is proposed not to impose initial or regular/periodic reporting requirement on firms in respect of Statements of Responsibilities and the Management Responsibilities Map’ (CP153, 31). By contrast, under the SMCR, significant changes to the Statement of Responsibilities must be reported to the regulator (see, template Statement of Responsibilities, 1 <https://www.handbook.fca.org.uk/form/sup/SUP_10C_ann_10_SOR_dual_regulated.pdf>).

72 CP153, 36.

73 HM Treasury, Financial Services: The Edinburgh Reforms, December 2022 <https://www.gov.uk/government/collections/financial-services-the-edinburgh-reforms>

74 HM Treasury, Senior Managers & Certification Regime: Call for Evidence, March 2023 <https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1147932/SMCR_Call_for_Evidence.pdf>

75 PRA and FCA, Review of the Senior Managers and Certification Regime, DP1/23, March 2023 <https://www.bankofengland.co.uk/prudential-regulation/publication/2023/march/review-of-the-senior-managers-and-certification-regime>

76 The industry responses to the DP that are currently publicly available indicate that there is general support for the principal aims of the SMCR. Thus, for example, the joint response of the industry bodies UK Finance and the Association for Financial Markets in Europe notes that, ‘overall, our members’ experience of the SMCR has been broadly positive, with benefits seen in executive accountability and firm-wide conduct standards’, whilst recommending a number of operational changes (see, Finance UK and AFME Consultation Response <https://www.ukfinance.org.uk/system/files/2023-05/UK%20Finance%20response%20to%20PRA-FCA%20DP1.23%20SMCR.pdf>). See also, e.g. response of the Building Societies Association <https://www.bsa.org.uk/BSA/files/64/64238f1f-a457-4269-8522-aa206d85efcd.pdf>

77 UK Government press release, Rocket boost for UK economy as Financial Services and Markets Bill received Royal Assent, 29 June 2023 <https://www.gov.uk/government/news/rocket-boost-for-uk-economy-as-financial-services-and-markets-bill-receives-royal-assent>

78 Section 26 of the Financial Services and Markets Act 2023.

79 Section 5 of the Central Bank and Financial Services Authority of Ireland Act 2003. This ‘promotion’ objective was removed by the Central Bank Reform Act 2010, Schedule 1, Part 1.

80 A report to the Minister for Finance by the Governor of the Central Bank, The Irish Banking Crisis: Regulatory and Financial Stability Policy 2003-2008, 44 <https://www.socialjustice.ie/system/files/file-uploads/2021-09/2010-06-08-thehonohanreport-theirishbankingcrisisregulatoryandfinancialstabilitypolicy2003-2008.pdf>

81 Evaluation of the Senior Managers and Certification Regime, PRA, December 2020, 25.

82 UK Finance describes itself, on its website, as ‘the collective voice for the banking and finance industry’ in the UK (see: https://www.ukfinance.org.uk/about-us).

83 SMCR: Evolution and reform, September 2019, UK Finance <https://www.ukfinance.org.uk/system/files/SMCR%20-%20Evolution%20and%20Reform.pdf>

84 ibid, 8.

85 Elizabeth Sheedy and Dominic Canestrari-Soh, Regulating Accountability: An Early Look at the Banking Executive Accountability Regime (Bear), (2020) SSRN 6, <https://doi.org/10.2139/ssrn.3775275>.

86 See, Daniel Kahneman, Thinking, Fast and Slow (Penguin 2012).

87 Elizabeth Sheedy and Dominic Canestrari-Soh, ‘Does Executive Accountability Enhance Risk Management and Culture?’ (2023) Accounting & Finance 3, online version <https://onlinelibrary.wiley.com/doi/epdf/10.1111/acfi.13087>.

88 ibid 6.

89 FCA, ‘Senior Managers and Certification Regime banking stocktake report’, 5 August 2019, <https://www.fca.org.uk/publications/multi-firm-reviews/senior-managers-and-certification-regime-banking-stocktake-report>

90 See, e.g., Alan Brener, ‘Developing the Senior Managers Regime’ in Costanza A Russo, Rosa Maria Lastra and William Blair (eds), Research Handbook on Law and Ethics in Banking and Finance (Edward Elgar Publishing, 2019) 274–301, 284.

91 See, e.g., UK Chartered Institute of Internal Auditors: <https://www.iia.org.uk/resources/corporate-governance/application-of-the-three-lines-model/>

92 Basel Committee on Banking Supervision, ‘Corporate governance principles for banks’, 2015, paras. 13, 38, 39. The Basel Committee on Banking Supervision is comprised of representatives of national financial services regulators and the European Union. It is a global standard setter for the prudential regulation of banks and provides a forum for co-operation on banking supervisory matters. It does so through e.g. exchanges of information and establishing and promoting global standards. It does not, however, possess any formal supranational authority and its decisions do not have any legal force (see, Basel Committee Charter <https://www.bis.org/bcbs/charter.htm>). It is a matter for national and/or regional (e.g. European Union) authorities to determine the nature and extent of implementation of standards adopted by the Basel Committee on Banking Supervision. In this regard, see, e.g., within the European Union, European Banking Authority Guidelines on internal governance under Directive 2013/36/EU, which adopts the three lines of defence model (https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Guidelines/2021/1016721/Final%20report%20on%20Guidelines%20on%20internal%20governance%20under%20CRD.pdf).

93 Alan Brener, ‘Developing the Senior Managers Regime’ in Costanza A Russo, Rosa Maria Lastra and William Blair (eds), Research Handbook on Law and Ethics in Banking and Finance (Edward Elgar Publishing 2019) 274–301, 276.

94 See, e.g. H Davies and M Zhivitskaya, ‘Three Lines of Defence: A Robust Organising Framework, or Just Lines in the Sand?’ (2018) 9 Global Policy 34–42.

95 See further: Institute of Internal Auditors, ‘The three lines of defence’, 2019 <https://fna.theiia.org/about-ia/PublicDocuments/3LOD-IIA-Exposure-Document.pdf>

96 Elizabeth Sheedy and Dominic Canestrari-Soh, ‘Does Executive Accountability Enhance Risk Management and Culture?’ 2023 Accounting & Finance 7, online version <https://onlinelibrary.wiley.com/doi/epdf/10.1111/acfi.13087>.

97 Peter Grabosky, ‘Meta-Regulation’ in Peter Drahos (ed), Regulatory Theory: Foundations and Applications (ANU Press 2017) 149–62; Colin Scott, ‘The Regulatory State and Beyond’ in Peter Drahos (ed), Regulatory Theory: Foundations and Applications (ANU Press, 2017) 265–88; Julia Black, ‘Regulatory Styles and Supervisory Strategies’ in Niamh Moloney, Eilis Ferran and Jennifer Payne (eds), The Oxford Handbook of Financial Regulation (Oxford University Press, 2015) 218–48.

98 Ian Ayres, and John Braithwaite, Responsive Regulation: Transcending the Deregulation Debate (Oxford University Press, 1992).

99 Ayres and Braithwaite (n 98).

100 ibid 19.

101 ibid.

102 Julia Black, ‘Regulatory Styles and Supervisory Strategies’ in Niamh Moloney, Eilis Ferran and Jennifer Payne (eds), The Oxford Handbook of Financial Regulation (Oxford University Press, 2015) 218–48, 227.

103 Julia Black, ‘Paradoxes and Failures: ‘New Governance’ Techniques and the Financial Crisis’ (2012) 75(6) The Modern Law Review 1037–63, 1048.

104 Black (n 102) 218–53, 228.

105 ibid 247.

106 Iain MacNeil, ‘Regulating Instead of Punishing: The Senior Managers Regime in the UK’ in Katalin Ligeti and Stanislaw Tosza (eds) White Collar Crime: A Comparative Perspective (Bloomsbury Publishing 2018) 238.

107 See: Blanaid Clarke, ‘Senior Executive Accountability and Responsibility in Financial Institutions (2021) 66(66) Irish Jurist 74–100.

108 See, e.g. FCA ‘Dear CEO’ letter regarding non-financial misconduct in wholesale general insurance firms, 6 January 2020 <https://www.fca.org.uk/publication/correspondence/dear-ceo-letter-non-financial-misconduct-wholesale-general-insurance-firms.pdf>.

109 Chris Hodges and Ruth Steinholtz, Ethical Business Practice and Regulation: A Behavioural and Values-Based Approach to Compliance and Enforcement (Bloomsbury Publishing 2018) 184.

110 Ian Ayres and John Braithwaite, Responsive Regulation: Transcending the Deregulation Debate (Oxford University Press, 1992) 49.

111 FCA Press Release, 11 May 2018 <https://www.fca.org.uk/news/press-releases/fca-and-pra-jointly-fine-mr-james-staley-announce-special-requirements>.

112 PRA Press Release, 13 April 2023 <https://www.bankofengland.co.uk/news/2023/april/pra-fines-former-cio-of-tsb-bank-plc-for-breach-of-pra-senior-manager-conduct-rules>

113 For example, in April 2021, Baroness Kramer stated in the House of Lords that the SMCR has been ‘holed below the waterline by decisions of the FCA not to pursue senior executives’. Baroness Kramer had sat on the Parliamentary Commission on Banking Standards, whose 2013 report, ‘Changing banking for good’ (PCBS report) contained the recommendations that led to the adoption of the SMCR.

114 See, the following CBI public notices regarding enforcement action against individuals: June 2021 (disqualification for 15 years and fine of €200,000) imposed – see: <https://www.centralbank.ie/docs/default-source/news-and-media/legal-notices/settlement-agreements/public-statement-relating-to-enforcement-action-against-gary-mccollum.pdf?sfvrsn=4>). June 2020 (disqualification for 8 years 4 months, together with a fine of €70,000 imposed – see: <https://www.centralbank.ie/docs/default-source/news-and-media/legal-notices/settlement-agreements/public-statement-relating-to-enforcement-action-against-rory-o'connor-former-executive-director-and-chief-financial-officer-of-rsa-ireland-insurance-dac.pdf?sfvrsn=6>). December 2018 (disqualification for 18 years and fine of €23,000 imposed – see: <https://www.centralbank.ie/docs/default-source/news-and-media/legal-notices/settlement-agreements/public-statement-relating-to-an-enforcement-action-against-tom-mcmenamin.pdf?sfvrsn=6>). February 2018 (disqualification for 3 years and fine of €23,000 imposed – see: <https://www.centralbank.ie/docs/default-source/news-and-media/legal-notices/settlement-agreements/public-statement-relating-to-settlement-agreement-between-central-bank-of-ireland-and-michael-p--walsh.pdf?sfvrsn=6>). In May 2017, the CBI imposed disqualification for 10 years on an individual; the CBI’s public notice stated that its proposed fine of the individual was not imposed due to bankruptcy of individual (see: <https://www.centralbank.ie/docs/default-source/news-and-media/legal-notices/settlement-agreements/mr-tadhg-gunnell.pdf?sfvrsn=8>). October 2008 (fine of €200,000; the Chairman also stepped down as Chairman and Director – see: <https://www.centralbank.ie/docs/default-source/news-and-media/legal-notices/settlement-agreements/settlement-agreement-between-the-financial-regulator-and-quinn-insurance-limited-and-mr-sean-quinn-senior.pdf?sfvrsn=8>). July 2006 (disqualification for 18 months – see: <https://www.centralbank.ie/docs/default-source/news-and-media/legal-notices/settlement-agreements/public-statement-relating-to-settlement-agreement-between-the-financial-regulator-and-broadstone-fund-management-ltd-(in-voluntary-liquidation)-and-messrs-gerard-o-neill-and-david-murray.pdf?sfvrsn=4>).

115 D Rowland, Speech, ‘The Central Bank’s evolution of enforcement’ 2021 <https://www.centralbank.ie/news/article/speech-the-central-banks-evolution-of-enforcement-derville-rowland-13-october-2021>

116 CP153, 36.

117 Mathew E Fishbein, Why Individuals aren’t Prosecuted For Conduct Companies Admit (2014) New York Law Journal 4.

118 See, An Inquiry pursuant to Part IIIC of the Central Bank Act 1942 (as amended) concerning the Irish Nationwide Building Society, Michael Fingleton, William Garfield McCollum, Tom McMenamin, John S Purcell and Michael P Walsh (the ‘Inquiry’), Opening Statement of Inquiry Chairperson, 11 December 2017 <https://www.centralbank.ie/docs/default-source/news-and-media/legal-notices/inquiry-hearings/inbs-inquiry---opening-statement-of-ms-marian-shanley-inquiry-chairperson-11-december-2017.pdf?sfvrsn=4>. For an overview of the CBI’s Administrative Sanctions Procedure, including its Inquiry process, see, Outline of Administrative Sanctions Procedure (2018) <https://www.centralbank.ie/docs/default-source/regulation/how-we-regulate/enforcement/administrative-sanctions-procedure/legislation-and-guidance/outline-of-the-administrative-sanctions-procedure.pdf?sfvrsn=8>. Also, Inquiry Guidelines prescribed pursuant to section 33BD of the Central Bank Act 1942 (2014) <https://www.centralbank.ie/docs/default-source/regulation/how-we-regulate/enforcement/administrative-sanctions-procedure/legislation-and-guidance/inquiry-guidelines-2014.pdf?sfvrsn=6>.

119 ‘ … there were 4,486 PCF applications assessed in 2020. 36 of these PCF applications were referred to the Enforcement Division [of the CBI] for assistance and consideration. Arising from this, the Enforcement Division conducted 26 Specific Interviews of proposed applicants for PCF positions and 20 applications were withdrawn by firms following referral to the Enforcement Division’. CBI correspondence with Roisin Shorthall TD, 2021 <https://www.centralbank.ie/docs/default-source/publications/correspondence/oireachtas-correspondence/response-roisin-shortall-td-davy-stockbrokers-published-28-july-2021.pdf?sfvrsn=7>

120 Joe McGrath, ‘Why Do Good People Do Bad Things: A Multi-Level Analysis of Individual, Organizational, and Structural Causes of White-Collar Crime’ (2019) 43 Seattle UL Rev. 525–53; Joe McGrath, ‘The Making of a Mismarker: The Case of the Only Banker Jailed in the U.S. for His Role in the Financial Crash’ (2020) University of Chicago Law Review Online <https://lawreviewblog.uchicago.edu/2020/01/07/the-making-of-a-mismarker-the-case-of-the-only-banker-jailed-in-the-u-s-for-his-role-in-the-financial-crash-by-joe-mcgrath/>

121 Julia Black, ‘Paradoxes and Failures: New Governance’ Techniques and the Financial Crisis’ (2012) 75 Mod. L. Rev. 1037–63, 1058.

122 Saule T Omarova, ‘Ethical Finance as a Systemic Challenge: Risk, Culture, and Structure’ (2017) 27 Cornell JL & Public Policy 797–839, 825.

123 Wieke Scholten and Naoimi Ellemers, ‘Bad Apples or Corrupting Barrels? Preventing Traders’ Misconduct’ (2016) 24(4) Journal of Financial Regulation and Compliance 366–82.

124 James O’Toole and Warren Bennis, ‘A Culture of Candor’ (2009) 87(6) Harvard Business Review 54.

125 Saule T. Omarova, ‘Ethical Finance as a Systemic Challenge: Risk, Culture, and Structure’ (2017) 27 Cornell Journal of Law and Public Policy 797, 810.

126 Milton Friedman, Social Responsibility of Capital and Labor. Capital and Freedom (The University of Chicago Press 1962).

127 See, e.g. Lynn A Stout, The Shareholder Value Myth: How Putting Shareholders First Harms Investors, Corporations, and the Public (Berrett-Koehler Publishers 2012). See also: US Business Roundtable, Press release, 19 August 2019 <https://www.businessroundtable.org/business-roundtable-redefines-the-purpose-of-a-corporation-to-promote-an-economy-that-serves-all-americans>

128 Björn Lindström, Simon Jangard, Ida Selbing and Andreas Olsson, ‘The Role of a “Common is Moral” Heuristic in the Stability and Change of Moral Norms’ (2018) 147(2) Journal of Experimental Psychology: General 228.

129 George A Akerlof, ‘The Market for ‘Lemons’: Quality Uncertainty and the Market Mechanism’ (1970) 84 Quarterly Journal of Economics 235–51.

130 See, e.g., Speech by then CBI Governor Philip Lane, 23 February 2017 <https://www.centralbank.ie/news/article/financial-regulation-protecting-consumers-governor-lane>

131 George A Akerlof and Robert J Shiller, Phishing for Phools: The Economics of Manipulation and Deception (Princeton University Press 2015), xii.

132 Dan Ariely, Predictably Irrational, Revised and Expanded Edition: The Hidden Forces That Shape Our Decisions (Harper Collins 2009), 209.

133 PCBS Report, Vol I, para. 94.

134 PCBS Report, Vol II, paras. 599–611.

135 Richard Lambert, Banking Standards Review (2014), <https://financialservicescultureboard.org.uk/pdf/banking-standards-review.pdf>

136 See, <https://financialservicescultureboard.org.uk/who-we-are/>. For an evaluation of the work of the Financial Services Culture Board, see Daniel Beunza and Saeid Rahanjam, Understanding best practice in industry self-regulation: the case of the Financial Services Culture Board <https://openaccess.city.ac.uk/id/eprint/30416/8/Best%20Practices%20in%20Self-Regulation%20-%20the%20Case%20of%20the%20FSCB.pdf>

137 See, FSCB wind-up statement, 18 January 2023 <https://financialservicescultureboard.org.uk/fscb-wind-up-statement/>. As indicated on its website, the FSCB ceased operations in June 2023.

138 ‘SMCR: Evolution and reform’, September 2019, UK Finance, 5.

139 See, FCA Policy Statement PS 18/18, July 2018 <https://www.fca.org.uk/publication/policy/ps18-18.pdf>

140 See, Financial Sector Reform (Hayne Royal Commission Response) Act 2020.

141 See, <https://iob.ie/>; <https://www.compliance.ie/>

142 PCBS Report, Vol II., para.607.

143 ‘Supervision of behaviour and culture: Foundations, practice & future developments’, De Nederlandsche Bank, 50 <https://www.dnb.nl/media/1gmkp1vk/supervision-of-behaviour-and-culture_tcm46-380398-1.pdf>

144 For a discussion on the importance of salience and influencing choice architecture for purposes of achieving regulatory compliance, see, e.g, ‘Behaviour and compliance in organisations’, Occasional Paper 24, FCA, December 2016 <https://www.fca.org.uk/publication/occasional-papers/op16-24.pdf>

145 Stephanie Chaly, James Hennessy, Lev Menand, Kevin Stiroh, and Joseph Tracy, Misconduct Risk, Culture, and Supervision (Federal Reserve Bank of New York, 2017) <https://www.newyorkfed.org/medialibrary/media/governance-and-culture-reform/2017-whitepaper.pdf>

146 Naomi Ellemers, Morality and the Regulation of Social Behavior: Groups as Moral Anchors (Psychology Press 2017).

147 Naomi Ellemers, ‘The Group Self’ (2012) 336(6083) Science, 848–52.

148 Celia Moore and Francesca Gino, ‘Ethically Adrift: How Others Pull Our Moral Compass from True North, and How we Can Fix It’ (2013) 33 Research in Organizational Behavior 53–77.

149 Onora O’Neill, ‘Trust, Trustworthiness, and Accountability. Capital Failure: Rebuilding Trust in Financial Services’ in Nicholas Morris and David Vines (eds) Capital Failure: Rebuilding Trust in Financial Services (Oxford University Press 2014) 172–89, 187.

150 IBCB website <https://www.irishbankingcultureboard.ie/vision-and-purpose/>

151 See for example: IBCB, Public Trust in Banking Survey, 2021, 14 <https://603101-1952083-raikfcquaxqncofqfm.stackpathdns.com/wp-content/uploads/2021/05/IBCB-2021-eist-Public-Trust-in-Banking-Survey-ONLINE-v2.pdf>

152 IBCB (2020) DECIDE <https://www.irishbankingcultureboard.ie/wp-content/uploads/2021/02/67621-IBCB-Decide-framework-A5-WEB.pdf>

153 Blanaid Clarke, ‘Senior Executive Accountability and Responsibility in Financial Institutions’ (2022) 66(66) The Irish Jurist: 2021 74–100.

154 Financial Conduct Authority. COCON 1 Annex 1 Guidance on the role and responsibilities of non-executive directors of SMCR firms, 2018 <https://www.handbook.fca.org.uk/handbook/COCON/1/Annex1.html>

155 Central Bank of Ireland. Annex 2 to the Consultation Paper, Draft Guidance on the Individual Accountability Framework, 2013, 153 <https://www.centralbank.ie/docs/default-source/publications/consultation-papers/cp153/annex-2-to-the-consultation-paper-153-draft-guidance-on-the-individual-accountability-framework.pdf?sfvrsn=a32b991d_4>

156 Evaluation of the Senior Managers and Certification Regime, PRA, December 2020, 28.

157 HM Treasury, Senior Managers & Certification Regime Call for Evidence, 2023 <https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1147932/SMCR_Call_for_Evidence.pdf>, para. 3.9.