Description
Ireland has significantly enhanced the legal framework to support banking supervision and implemented a risk-based supervisory approach, and compliance with the Basel Core Principles for Effective Banking Supervision (BCPs) is satisfactory.
©2014 International Monetary Fund
IMF Country Report No. 14/135
IRELAND
DETAILED ASSESSMENT OF OBSERVANCE OF BASEL CORE
PRINCIPLES FOR EFFECTIVE BANKING SUPERVISION
This Detailed Assessment of Observance of Basel Core Principles for Effective Banking
Supervision on Ireland was prepared by a staff team of the International Monetary Fund. It is
based on the information available at the time it was completed in April 2014.
Copies of this report are available to the public from
International Monetary Fund ? Publication Services
PO Box 92780 ? Washington, D.C. 20090
Telephone: (202) 623-7430 ? Fax: (202) 623-7201
E-mail: [email protected] Web:http://www.imf.org
Price: $18.00 per printed copy
International Monetary Fund
Washington, D.C.
May 2014
IRELAND
DETAILED ASSESSMENT OF OBSERVANCE
BASEL CORE PRINCIPLES FOR EFFECTIVE
BANKING SUPERVISION
Prepared By
Monetary and Capital
Markets Department
This Detailed Assessment Report was prepared in the
context of an IMF stand-alone Reports on the
Observance of Standards and Codes (ROSCs)
mission in Ireland during September-October, 2013,
led by Antonio Pancorbo, IMF, and overseen by the
Monetary and Capital Markets Department, IMF.
Further information on ROSCs can be found athttp://www.imf.org/external/NP/rosc/rosc.aspx
April 2014
IRELAND
2 INTERNATIONAL MONETARY FUND
CONTENTS
GLOSSARY _________________________________________________________________________________________ 3
INTRODUCTION __________________________________________________________________________________ 4
INFORMATION AND METHODOLOGY USED FOR ASSESSMENT _______________________________ 6
INSTITUTIONAL AND MARKET STRUCTURE - OVERVIEW _____________________________________ 9
PRECONDITIONS FOR EFFECTIVE BANKING SUPERVISION __________________________________ 10
A. Macroeconomic Overview _____________________________________________________________________ 10
B. Overview of the Banking Sector _______________________________________________________________ 12
C. Bank Resolution _______________________________________________________________________________ 14
D. Accounting and Auditing _____________________________________________________________________ 15
E. Payment Systems Framework in Ireland _______________________________________________________ 15
F. Trade in Irish Securities ________________________________________________________________________ 16
G. Financial Safety Net (Deposit Insurance) ______________________________________________________ 16
H. Exceptional Liquidity Assistance (ELA) _________________________________________________________ 17
I. Recovery and Resolution _______________________________________________________________________ 17
SUMMARY OF THE RESULTS ___________________________________________________________________ 18
A. Summary Compliance with the Basel Core Principles _________________________________________ 23
DETAILED ASSESSMENT ________________________________________________________________________ 28
A. Detailed Assessment of Compliance with the Basel Core Principles ___________________________ 29
B. Prudential regulations and requirements _____________________________________________________ 119
RECOMMENDED ACTIONS ____________________________________________________________________ 279
A. Recommended Actions to Improve Compliance with the Basel Core Principles _____________ 279
AUTHORITIES' RESPONSE TO THE ASSESSMENT ____________________________________________ 280
BOX
1. The 2012 Revised Core Principle ................................................................................................ 7
IRELAND
INTERNATIONAL MONETARY FUND 3
GLOSSARY
AML Anti-Money Laundering
ASB Accounting Standards Board
ASP Administrative Sanctions Procedure
BCBS Basel Committee for Banking Supervision
BCP Business Continuity Plan
BCPs Basel Principles for Effective Banking Supervision
CBCIR Central Bank and Credit Institutions (Resolution) Act 2011
CDD Customer Due Diligence
CBI Central Bank of Ireland
CJA 2010 Criminal Justice Act 2010
COREP Common Reporting
CP Core Principle
CRD Capital Requirement Directive
CRR Capital Requirement Regulation
CT1 Core Tier 1 Capital
CTF Counter Terrorist Finance
DGS Deposit Guarantee Scheme
DOF Department of Finance
DTA Deferred Tax Asset
EBA European Banking Authority
EC Essential Criteria
ECB European Central Bank
FATF Financial Action Task Force
FMP Financial Measures Program
FRA Full Risk Assessment
FRR Financial Risk Review
FSB Financial Stability Board
ICAAP Internal Capital Adequacy Assessment Process
KRI Key Risk Indicator
PRISM Probability Risk and Impact System
RABs Recognized Accountancy Bodies
RMP Risk Mitigation Program
RPL Related Party Lending
S.I. Statutory Instrument
SRC Supervisory Risk Committee
SREP Supervisory Review and Evaluation Process
SRU Special Resolutions Unit
IRELAND
4 INTERNATIONAL MONETARY FUND
Introduction
1. Ireland has significantly enhanced the legal framework to support banking supervision
and implemented a risk-based supervisory approach, and compliance with the Basel Core
Principles for Effective Banking Supervision (BCPs) is satisfactory. This reflects the continued
strengthening of the supervisory process undertaken by the authorities, which have been achieved
in a challenging environment. The financial crisis and subsequent state intervention has transformed
the Irish banking system and while acute crisis conditions have abated there is continued elevated
stress within the system and vulnerabilities persist. Added to this is the continued pressure on
industry to meet forthcoming higher regulatory standards, most notably the new Capital
Requirements Directive and Regulations (CRD IV/CRR). In addition to substantial regulatory and
legislative changes, the supervisory authorities have also had to adjust to the challenges of
transition brought by re-design of the regulatory architecture.
2. The Central Bank of Ireland (the Central Bank) has implemented the foundation for a
risk-based supervisory approach. In 2011 the Central Bank implemented a new framework for
banking supervision called Probability Risk and Impact System (PRISM) to provide a structured
framework for banking supervision. PRISM is the tool the Central Bank utilizes to employ resources
based on the risk profile of the bank and its systemic significance. PRISM is based on: (i) a multi-step
process to identify, measure and grade the banks’ risk profile and risk management processes, (ii) a
blend of onsite and offsite activities supported, and (iii) a follow-up system to track corrective action.
3. The authorities have made significant progress in strengthening the legal framework
and supervisory structure to support banking supervision. The Central Bank Reform Act 2010
combined the functions of the Financial Services Authority of Ireland into the Central Bank. The
Central Bank has responsibility for licensing, regulating and supervising banks in Ireland. The Central
Bank (Supervision and Enforcement) Act 2013 was enacted in July 2013 (with a commencement date
of August 1, 2013) and it enhances the Central Bank’s enforcement authority by harmonizing the
requirements across all the financial sectors supervised by the Central Bank. The Enforcement Act
also provides the Central Bank regulation-making powers on conduct of business and corporate
governance and also increases the amount of administrative sanction fines for an individual and a
firm. The Central Bank Credit Institution Resolution Act (CBCIR) was enacted in 2011. The Act
establishes a resolution regime and the Central Bank established a Special Resolution Unit to make
the legislation operational. The Central Bank was designated as the competent authority under the
Criminal Justice (Money Laundering and Terrorist Financing) Act (CJA) 2010 for supervising
compliance with the act by banks. In 2010 the Central Bank issued the Code of Practice on Lending
to Related Parties (RPL) and the Corporate Governance Code.
4. A risk–based supervisory approach has been implemented based on consolidated
supervision, and PRISM, a process to profile banks by risk. Within PRISM, banks are assigned
one of four Impact ratings: High, Medium High, Medium Low, and Low. PRISM allows the Central
Bank a framework to adopt a consistent way of thinking about risk across supervised institutions
and to allocate resources based on impact and probability.
IRELAND
INTERNATIONAL MONETARY FUND 5
5. The Central Bank has increased resourcing with a more intrusive approach to
supervision. The PRISM framework allows for a structured approach to resource allocation and
planning of supervisory activities. Built into PRISM is an ongoing monitoring capability that will pick
up changes in risk profile through the use of financial ratios that, if triggered, will prompt
supervisory attention/intervention. The risk rating in PRISM is updated after a supervisory activity is
completed and in this way it is an ongoing measure of risk. Impact in PRISM measures the impact to
the system of an individual bank failing. Banks that maintain a predominantly retail banking
footprint are viewed as representing the greatest risk to the system and are assigned High Impact
ratings. Resources, supervisory attention and intrusiveness are increased where the impact rating is
higher and resources are prioritized for the High Impact banks. High Impact banks receive ongoing
monitoring through offsite supervision, frequent onsite reviews, and ongoing engagement with
bank senior management. As the Impact rating decreases, the level of supervision also decreases.
6. However, some issues require continued attention. The issues include: reviewing the
provisioning requirements to determine whether they accurately reflect the current market
conditions, continued implementation of the Criminal Justice (Money Laundering and Terrorist
Financing) Act 2010 (as amended) (CJA 2010), strengthening the monitoring of compliance with the
related party lending code, and amending legislation to codify the operational independence of the
Central Bank.
7. While there is no observed political interference, the Central Bank is encouraged to
seek legislative changes to codify and foster the independence of the Central Bank. This could
be achieved by stipulating in the Central Bank Act the exact conditions under which the Commission
can be dismissed or removed by the Minister for Finance. Other legislative changes that would
ensure independence include: (i) providing the Central Bank the authority to revoke a license or
deny a licensing application without having to seek approval by the Minister, (ii) not including the
Secretary General of the Department of Finance on the Central Bank commission, and (iii) eliminate
the need for the Minister to approve the levy schedule.
8. There is a need to expand the coverage of related party transactions covered by the
RPL Code and strengthen the Central Bank monitoring of compliance with the code. The RPL
Code is comprehensive but only covers lending transactions and not, for example, asset purchases
or deposits. Additionally, the Central Bank monitoring of compliance relies to a large extent on
offsite review of reports filed by the banks. However, the reports do not provide information on the
terms of the loans or dates of approval by the Board.
9. Supervision of AML/CFT compliance in banks should be strengthened. The CJA 2010 is
comprehensive, and with the implementation of the Criminal Justice Act 2013 it was further
strengthened. The Central Bank has enhanced its supervisory approach to AML/CFT compliance and
has conducted in-depth onsite inspections and offsite analysis through the collection of risk
assessment questionnaires. The CJA 2010 is comprehensive but the Central Bank’s position would be
strengthened if statutory guidelines, approved as envisaged by Section 107 of the CJA 2010, were
issued. The extent of onsite reviews and the supervisory action following the reviews to enforce
compliance should be reviewed to ensure that an appropriate base line, premised on sufficient
IRELAND
6 INTERNATIONAL MONETARY FUND
onsite testing, is established and that strong corrective action requirements are implemented.
Additionally, branches of member state banks should be subject to AML monitoring.
10. Currently the Central Bank Banking Supervision Divisions are operating below
approved staffing level. The Central Bank operates under Civil Service pay scales and hiring rules
which makes the salaries un-competitive with industry. Civil Service provides job security and other
benefits that may offset the pay differential but increasingly bank supervision requires highly skilled
staff as bank products and risk measurement techniques become more complex. The Central Bank is
encouraged to review its turnover rates in skilled staff and determine reasons for turnover, consult
other central banks to gauge how they attract skilled staff and determine how they achieved
exemption from Civil Service pay limitations. It is also important to review advancement
opportunities tailored to technical experts.
11. This assessment of the Basel Core Principles (BCP) was conducted
1
from September 25
to October 10, 2013 as part of the ROSC of the financial system of Ireland undertaken by the
International Monetary Fund (IMF)
1
. It reflects the regulatory and supervisory framework in place
as of the date of the assessment. It is not intended to represent an analysis of the state of the
banking sector or crisis management framework.
Information and Methodology Used for Assessment
12. This assessment has been prepared according to the Revised Core Principles (BCP)
Methodology issued by the BCBS (Basel Committee of Banking Supervision). The current
assessment was thus performed according to a revised content and methodological basis as
compared with the previous BCP assessment carried out in 2006. It is important to note that the two
assessments will not be directly comparable, as the revised BCP have a heightened focus on risk
management and its practice by supervised institutions and its assessment by the supervisory
authority, and is therefore a more demanding measure of the effectiveness of a supervisory
framework (see box for more information on the Revised BCP).
13. The Irish authorities chose to be assessed against the Essential and Additional Criteria
but to be graded against only the Essential Criteria. To assess compliance, the BCP Methodology
uses a set of essential and additional assessment criteria for each principle. The smaller number of
additional criteria (AC) are recommended best practices against which the Irish authorities chose to
be assessed but not graded, as provided for in the assessment methodology. The assessment of
compliance with each principle is made on a qualitative basis. A five-part grading system is used:
compliant; largely compliant; materially noncompliant; noncompliant; and non-applicable. This is
explained below in the detailed assessment section. The assessment of compliance with each Core
Principle (CP) is made on a qualitative basis to allow a judgment on whether the criteria are fulfilled
1
The assessment was conducted by Christopher Wilson, IMF and José Tuya, Consultant.
IRELAND
INTERNATIONAL MONETARY FUND 7
in practice. Effective application of relevant laws and regulations is essential to provide indication
that the criteria are met.
Box 1. The 2012 Revised Core Principles
The revised BCPs reflect market and regulatory developments since the last revision, taking account of
the lessons learnt from the financial crisis in 2008-2009. These have also been informed by the experiences
gained from FSAP assessments as well as recommendations issued by the G-20 and FSB, and take into account
the importance now attached to: (i) greater supervisory intensity and allocation of adequate resources to deal
effectively with systemically important banks; (ii) application of a system-wide, macro perspective to the micro-
prudential supervision of banks to assist in identifying, analyzing and taking pre-emptive action to address
systemic risk; (iii) the increasing focus on effective crisis preparation and management, recovery and resolution
measures for reducing both the probability and impact of a bank failure; and (iv) fostering robust market
discipline through sound supervisory practices in the areas of corporate governance, disclosure and
transparency.
The revised BCPs strengthen the requirements for supervisors, the approaches to supervision, and
supervisors’ expectations of banks. The supervisors are now required to assess the risk profile of the banks
not only in terms of the risks they run and the efficacy of their risk management, but also the risks they pose to
the banking and the financial systems. In addition, supervisors need to consider how the macroeconomic
environment, business trends, and the build-up and concentration of risk inside and outside the banking sector
may affect the risk to which individual banks are exposed. While the BCP set out the powers that supervisors
should have to address safety and soundness concerns, there is a heightened focus on the actual use of the
powers, in a forward-looking approach through early intervention.
The number of principles has increased from 25 to 29. The number of essential criteria has expanded from
196 to 231. This includes the amalgamation of previous criteria (which means the contents are the same), and
the introduction of 35 new essential criteria. In addition, for countries that may choose to be assessed against
the additional criteria, there are 16 additional criteria.
While raising the bar for banking supervision, the Core Principles must be capable of application to a
wide range of jurisdictions. The new methodology reinforces the concept of proportionality, both in terms of
the expectations on supervisors and in terms of the standards that supervisors impose on banks. The
proportionate approach allows assessments of banking supervision that are commensurate with the risk profile
and systemic importance of a wide range of banks and banking systems
14. The assessment was carried out on the basis of the legal framework governing the
regulation and supervision of banks, principally the Central Banking Acts, the CJA 2010 and
other relevant regulations and guidelines. A review of prudential returns, licensing
IRELAND
8 INTERNATIONAL MONETARY FUND
documentation, and supervisory analysis records was also performed. The Team also examined on-
site supervision reports and off-site analysis documentation. In addition, BCP assessors held
extensive meetings with officials of the Central Bank, the Department of Finance, Financial
Intelligence Unit, and additional meetings with auditing firms and sector participants from domestic
and international banks. The authorities provided a self-assessment of the CPs rich in quality and
comprehensiveness, as well as detailed responses to additional questionnaires, and facilitated access
to supervisory documents and files, staff and systems.
15. The standards were evaluated in the context of the Irish financial system’s structure
and complexity. The CPs must be capable of application to a wide range of jurisdictions whose
banking sectors will inevitably include a broad spectrum of banks. To accommodate this breadth of
application, a proportionate approach is adopted within the CP, both in terms of the expectations
on supervisors for the discharge of their own functions and in terms of the standards that
supervisors impose on banks. An assessment of a country against the CPs must, therefore, recognize
that its supervisory practices should be commensurate with the complexity, interconnectedness, size,
and risk profile and cross-border operation of the banks being supervised. In other words, the
assessment must consider the context in which the supervisory practices are applied. The concept of
proportionality underpins all assessment criteria. For these reasons, an assessment of one
jurisdiction will not be directly comparable to that of another.
16. The assessment does not include the Irish Credit Union Sector. The Central Bank
considered that it was not appropriate at the time of the mission to conduct an assessment due to
the significant amount of legislative and regulatory developments which have been recently
implemented as part of Ireland’s financial sector reform commitments under the EU-IMF financial
support program for Ireland.
17. The BCPs are an independent benchmark and compliance determinations are not
adjusted for local legislation. The EU has implemented a number of rules and supervisory
practices that member states must follow, some of these practices may not meet the BCP
requirements. The authorities highlighted some of these discrepancies, particularly as they relate to
the supervision of EU banking branches that require less host involvement than required by the
BCPs.
18. The mission appreciated the very high quality of cooperation received from the
authorities. The mission extends its thanks to staff of the Central Bank who provided excellent
cooperation, including extensive provision of documentation and access.
IRELAND
INTERNATIONAL MONETARY FUND 9
INSTITUTIONAL AND MARKET STRUCTURE -
OVERVIEW
19. The Central Bank Reform Act, 2010, created a new single unitary body – the Central
Bank of Ireland - responsible for both central banking and financial regulation. The new
structure replaced the previous related entities, the Central Bank and the Financial Services Authority
of Ireland and the Irish Financial Services Regulatory Authority. The Central Bank of Ireland has
overall prudential responsibility for the authorization, regulation and supervision of Credit
Institutions operating in Ireland. Credit Institutions regulated by the Central Bank of Ireland include
Banks, Building Societies and Designated Credit Institutions. In addition, the Central Bank of Ireland
is responsible for oversight of liquidity, Anti-Money Laundering and conduct of business for
branches of non-Irish licensed banks operating in Ireland.
20. The Central Bank of Ireland is an economic and sectoral regulatory authority charged
with the regulation and supervision of financial services in the State; and, as such, a public
body subject to administrative law. In particular, the Central Bank exercises a number of key
functions in relation to financial regulation: first, the function of making rules or setting standards;
second, the function of licensing persons who wish to engage in regulated financial services activity;
and thirdly, the disciplinary or enforcement function.
21. The objectives in supervising Credit Institutions are twofold: (i) to foster a stable
banking system; and (ii) to provide a degree of protection to depositors with individual credit
institutions. As set out in the Central Bank Act 1942 (as amended) the Bank shall perform its
functions and exercise its powers in a way that is consistent with-
a. The orderly and proper functioning of financial markets,
b. The prudential supervision of providers of financial services, and
c. The public interest and the interest of consumers.
22. In relation to the prudential supervision of providers of financial services the Central
Bank of Ireland operates a risk based approach to supervision. In 2011 the Central Bank of
Ireland introduced a new framework for the supervision of regulated firms called Probability Risk
and Impact System (PRISM) to provide a structured framework for credit institution supervision.
23. The Constitution of Ireland vests the sole and exclusive power of making laws for the
State in the Oireachtas (the National Parliament: consisting of the President, a House of
Representatives called Dáil Éireann and a Senate called Seanad Éireann). Primary legislation
consists of Acts of the Oireachtas, also called statutes, which are enacted by the Oireachtas in a
particular manner. Acts of the Oireachtas are passed by both Houses of the Oireachtas, and signed
into law by the President. Primary legislation which concerns the financial services market in the
State, and in particular the securities market or industry, is invariably initiated by the Minister for
IRELAND
10 INTERNATIONAL MONETARY FUND
Finance. The Central Bank cannot itself initiate primary legislation which is an aspect of the
constitutional and parliamentary system.
PRECONDITIONS FOR EFFECTIVE BANKING
SUPERVISION
A. Macroeconomic Overview
24. Ireland has pulled back from a severe banking crisis with the support of the EU-IMF
program. The program that began in December 2010 followed an exceptionally deep banking crisis
at a public cost of €64.1 billion (some 40 percent of GDP). Policy implementation has generally been
strong, the fiscal framework has been strengthened, the financial sector has been stabilized, and
spreads on Irish sovereign bonds have fallen to their lowest level since early 2010. However, risks to
economic recovery remain large: Public debt is high and still growing; the banking system is not yet
serving financing needs, including of the job-intensive SME sector; households must contend with
heavy debts and depleted net wealth; high unemployment compounds the financial distress,
undermines skills, and drives emigration; the euro area crisis creates uncertainty for exports, financial
markets, and fixed investment.
25. Credit risk remains high as a result of weak profitability and revenue. Overall financing
conditions for non-financial corporations (NFCs) have weakened. The volume of new lending by Irish
banks to NFCs has remained below 12 percent of GDP since 2011, below the pre-bubble level of
around 20 per cent in 2003-05. Nominal interest rates on NFC loans up to €1 million are higher
suggesting higher real interest rates for small and medium enterprises (SMEs), which are particularly
sensitive to bank lending conditions because they have few other sources of finance. Developments
in the commercial property market are relevant to NFCs as real estate provides an important asset
and source of collateral for them.
26. NFC debt levels are high, but debt owed to Irish banks is falling. This is due to net loan
repayments, write-downs of bad debts and transfers of loans to the state-run National Asset
Management Agency (NAMA). NAMA was created in 2009 to acquire nonperforming, property-
related loans from the domestic banking sector. NFC sector’s net debt remained stable because of
corresponding acquisitions of debt instrument assets. Given that bonds and other debt securities are
not a significant component of Irish corporate finance, a wider range of financing sources than Irish
banks could potentially mitigate the effects of domestic financial sector risks on firms. High
indebtedness raises the sensitivity of Irish firms to interest rate shocks. Interest rate changes are
transmitted rapidly to NFCs because of the prevalence of floating-rate loans and short-term lending.
27. Mortgage arrears remain a key risk to financial stability. The overall level of mortgage
arrears on both owner occupier and buy-to-let mortgages is a cause for concern and is high relative
to other developed-country banking crises. Unemployment is a significant driver of mortgage
arrears. Changes to employment conditions are likely to be modest and may relieve arrears only
marginally.
IRELAND
INTERNATIONAL MONETARY FUND 11
28. In early 2013, the Central Bank of Ireland announced measures, including the
publication of performance targets for the main mortgage banks, to address the mortgage
arrears problem. Additionally, new legislation alters the personal insolvency arrangements in
Ireland substantially. Changes include a reduced bankruptcy term, from twelve years to three, and
the introduction of non-judicial insolvency procedures for dealing with both secured and unsecured
debt. Preliminary estimates suggest 15,000 people could avail of the main non-judicial settlement
arrangements within 12 months, with a further 3,000 applying for bankruptcy.
29. Mortgage arrears have increased significantly since 2009. The total outstanding
balance on all mortgage loans in arrears of more than 90 days was €27.3 billion at end-June
2013. The acceleration in longer-term arrears is of particular concern from a financial stability
perspective. Overall, recent data show that while there has been a decline in the formation of new
arrears in recent months, the number of longer-term arrears cases has increased significantly.
30. At end-June 2013, 12.7 percent of accounts of principal dwelling houses (PDH) were
90 days or more in arrears, an increase of 9.4 percentage points since the data were first
collected at end-September 2009. At end-June 2013, 7.4 per cent of the total stock of PDH
accounts was more than 360 days in arrears, and just over half of these were more than 720 days in
arrears. In relation to buy-to-let (BTL) accounts, the 90-days arrears rate was 20.4 per cent at end-
June, while more than 12.9 per cent of all BTL accounts were 360 days or more in arrears.
31. Banks thus far have concentrated on altering the repayment terms of a mortgage loan
on either a temporary or permanent basis. At end-June 2013 there were almost 80,000 PDH
accounts classified as restructured, of which 53 per cent were not in arrears. The large number of
restructured accounts not in arrears suggests that mortgage lenders have been proactive in
managing ‘pre-arrears’ cases, in an effort to slow early arrears formation. Of the total stock of
142,892 PDH accounts 90 days or more in arrears at end-June, 37,048 or 26 per cent were classified
as restructured.
32. Overall, conditions in the residential property market remain fragile. Despite house
price increases in recent months, mortgage lending remains at low levels and residential property
construction remains at long-term lows. Furthermore, the national figures hide the fact that a two-
tier property market has emerged. The market in the metropolitan area of Dublin, where supply is
reported to be at its lowest level since early 2007, appears to be stabilizing. Prices in Dublin have
registered year-on-year growth each month since the start of 2013 and rents are increasing at a
greater pace than in other areas. However, prices outside of Dublin continue to decline. Commercial
property is of additional relevance from a financial stability perspective at present, given, for
instance, the exposure of NAMA to the market.
33. Irish households’ balance sheets remain vulnerable due to high levels of debt and the
challenges in servicing it. Financial accounts data show a decrease in household net worth during
the first three months of 2013, following consecutive quarters of growth in the latter half of 2012.
The household sector remains highly indebted. In absolute terms, household debt is in the region of
IRELAND
12 INTERNATIONAL MONETARY FUND
€172 billion, which equates to over 200 per cent of disposable income and over 100 per cent of
GDP. This makes the household sector in Ireland among the most indebted in Europe.
34. Personal consumer expenditure has declined in recent years, contributing to the drag
on domestic economic activity. Despite emerging signs of recovery since, the exceptionally weak
level of consumer demand in the first quarter of the year means a drop in consumer spending
seems likely for the year as a whole. The latest forecasts indicate modest growth in consumption for
2014, on the back of an improving labour market, which should help reduce the drag on economic
activity.
35. The Department of Finance projects the government deficit to narrow from 7.3 per
cent of GDP in 2013 to 2.9 per cent in 2015 (meeting the three per cent deficit target required
under the external assistance program and EU fiscal framework). The recent liquidation of IBRC
and replacement of government-issued Promissory Notes with a portfolio of longer-term non-
amortizing Irish government bonds should help return the public finances to a sustainable position.
The Department of Finance forecasts average nominal GDP growth of 2.6 per cent per annum over
the years 2013 to 2015. The path of output growth falling below forecast constitutes a risk of not
meeting the three per cent deficit target set for 2015. Lower growth would worsen the state of the
public finances given the size of the debt ratio.
B. Overview of the Banking Sector
36. Irish banks’ balance sheets have continued to reduce across the industry, driven by on-
going deleveraging by the retail banks and repayments levels exceeding the volume of new
business written. There has been a slight increase in net interest income for domestic retail banks
in the 2013 interim reports although they are yet to return to profitability. International banks report
reduced net interest income in the past year. The only sector to record a profit in March 2013 is
international wholesale.
37. In terms of banks’ solvency position, while the core tier 1 ratios for the domestic banks
continue to deteriorate, they remain above the 7% target level under Basel III. The Irish
domestic banks also remain above the 10.5% target imposed under Ireland external support
program with the EU and IMF. The majority of the international retail banks received capital
injections from their parents in 2013 in line with Central Bank requirements. The international
wholesale banks average CT1 ratio is skewed significantly (due to two institutions with considerably
larger CT1 ratios), however, they still hold a very healthy ratio (30.07%) when these institutions are
excluded. On aggregate, both domestic and international institutions are meeting their minimum
CRD capital requirements (8%).
38. The stock of impaired mortgages and SME loans has continued to rise and is the main
short-term risk. Mortgage arrears have been driven by the fall in property prices, the elevated
unemployment rate and the extensive output loss associated with the crisis since 2008. Data show
12.7 per cent of the total stock of primary dwelling loans were in arrears for more than 90 days in
June 2013, compared with 12.3 per cent in March 2013. A second challenge involves the domestic
IRELAND
INTERNATIONAL MONETARY FUND 13
banking sector reconfiguring its business models to focus on the core business of lending to the real
economy. After nearly a decade of decline, Irish bank margins remain very narrow and banks are still
reliant on central-bank funding.
39. Cost-to-income ratios continue to remain under pressure. Costs associated with
restructuring and the establishment of loan workout units has been considerable. In an environment
of balance sheet consolidation and a lower income base, domestic banks need to rationalize
operations further in order to return to a stable, profitable business model.
40. Domestic banks benefited from a decline in the flow of impaired loans, which,
however, remain the single biggest determinant of overall losses. The gains from debt buybacks
and revaluations on NAMA transfers realised in 2011 were not as significant in 2012. Anaemic
income prospects and the unresolved mortgage arrears problem mean that the short-term outlook
for bank profitability remains weak.
41. The deleveraging of banks’ balance sheets under the Financial Measures Program
(FMP) remains on track and at a lower cost than initially foreseen. The focus on the sale of
overseas assets, together with previous transfers of commercial property type assets to NAMA, has
resulted in smaller and more concentrated loan books. Irish loans now account for more than two
thirds of the total, while the relative share of mortgage lending has increased to over 58 per cent.
42. The ratio of provisions to nonperforming loans increased marginally in the second
quarter of 2013. Differences persist between individual institutions reflecting varying sectoral and
geographic exposures. High cover ratios are necessary given the scale of the Irish nonperforming
loan problem in order to meet potential losses.
43. Progress in tackling mortgage arrears has been slow. The focus of lending institutions
has often been on forbearance measures. The number of accounts over two years in arrears
increased by 43 per cent between Q3 2012 and Q2 2013 to 4.3 per cent of outstanding mortgage
accounts. In this regard, the Central Bank of Ireland outlined new measures to address mortgage
arrears on 13 March 2013, including the publication of performance targets for the main mortgage
lenders. Banks will be required to meet specific targets for proposing and concluding sustainable
solutions for borrowers in arrears over 90 days.
44. A review of the Code of Conduct on Mortgage Arrears has been completed with the
new code coming into effect since July 1st 2013. Among the issues dealt with are the restrictions
placed on contacting borrowers, the definition of a non-cooperative borrower and the
circumstances under which lenders can offer distressed borrowers an arrangement which provides
for the removal of tracker interest rates, but only as a last resort, where the only alternative option is
repossession of the home. Other initiatives which have been implemented to facilitate resolutions
include the introduction of legislation to address the Dunne judgment and the establishment of the
Insolvency Service of Ireland to administer the new debt settlement arrangements outlined in the
Personal Insolvency Act.
IRELAND
14 INTERNATIONAL MONETARY FUND
45. Basel III will be phased in on a gradual basis in the EU until 2019 and is expected to
reduce the banks’ headline capital ratios. The regulatory changes that contribute most to the
reduction are the treatment of deferred tax assets, pension-fund deficits, and shortfalls on
provisions for expected losses. anks’ published pro-forma ratios show an average common equity
tier 1 ratio of around nine per cent for the domestic banks. This ratio includes €5.3 billion in
Government preference shares which remain eligible until December 2017.
C. Bank Resolution
46. IBRC was formed in 2011 through the merger of Anglo Irish Bank and Irish Nationwide
Building Society, both of which had been taken fully into public ownership. Promissory Notes
were issued by the Irish State to Anglo Irish Bank and Irish Nationwide Building Society in 2010 to
ensure compliance with regulatory capital requirements. The Promissory Notes were obligations
with a non-standard amortising structure and represented Irish sovereign debt. IBRC subsequently
used the Promissory Notes (combined with other assets) to access exceptional liquidity assistance
(ELA) lending from the Central Bank of Ireland.
47. On February 7th 2013, the Irish Bank Resolution Corporation Act 2013 was passed by
the Parliament of Ireland, the Oireachtas, and signed into law by the President, providing for
the winding up of IBRC under a special liquidation regime. As a result, the Central Bank of
Ireland took ownership of the collateral held against exceptional liquidity assistance lending to IBRC
of €39.45 billion, consisting of Promissory Notes, National Asset Management Agency (NAMA)
bonds and other assets.
48. NAMA, through a newly established special purpose vehicle, acquired the floating
charge over IBRC’s assets from the Central Bank of Ireland, and issued government
guaranteed NAMA bonds to the Central Bank of Ireland in exchange. In addition, a
consequence of the liquidation was the termination of IBRC’s market repo of the 5.4 per cent Irish
2025 bond, which was also acquired by the Central Bank of Ireland. The liquidation resulted in the
Central Bank of Ireland acquiring, on behalf of the Eurosystem, the assets it held as collateral against
standard Eurosystem borrowing by IBRC of €333 million. The excess value of this collateral over the
amount of lending extended to IBRC was returned to the special liquidator. The Central Bank did not
suffer any loss on its lending to IBRC under exceptional assistance lending.
49. The Central Bank of Ireland will sell the bonds as soon as possible providing that
conditions of financial stability permit. The disposal strategy will maintain full compliance with
the prohibition on monetary financing enshrined in the EU's Treaty on the Functioning of the
European Union. The transaction contributes to financial stability by allowing IBRC to be resolved in
a definitive manner, ending its reliance on exceptional liquidity arrangements, and replacing the
related non-standard Promissory Notes with standard government bonds.
IRELAND
INTERNATIONAL MONETARY FUND 15
D. Accounting and Auditing
50. Company law requires listed entities to prepare their group financial statements in
accordance with International Financial Reporting Standards (IFRS) as endorsed by the
European Union. All other entities have the option to adopt either local Generally Accepted
Accounting Principles (GAAP) or IFRS. Accordingly listed Irish licensed credit institutions prepare
their group financial statements in accordance with IFRS. They have the option to adopt local GAAP
or IFRS at the entity level. However please note that, in the main, local GAAP has converged with
IFRS.
51. Company law requires auditors in Ireland (including auditors of Irish licensed credit
institutions) to apply International Standards of Auditing (UK and Ireland) as issued by the
FRC. These standards are based on the International Standards on Auditing as issued by the
International Auditing and Assurance Standards Board (‘IAASB’), supplemented with additional
standards and guidance to address specific UK and Irish legal and regulatory requirements; and
additional guidance that is appropriate in the UK and Irish national legislative, cultural and business
context. In addition auditors are required to comply with Ethical Standards published by the FRC,
professional ethics requirements in legislation and any standards of professional conduct issued by
the auditor’s own Recognized Accountancy Body. Failure to apply these standards may result in
disciplinary actions from the auditor’s applicable oversight bodies.
52. The Irish Auditing and Accounting Supervisory Authority (‘IAASA’) oversees how the
‘Prescribed Accountancy Bodies’ (‘PABs’) exercise supervision of all their members (auditors,
accountants and students), including inspecting audit firms and audit work, as well as
investigation of complaints and disciplining where appropriate. Members of the PABs are
regulated by the PABs themselves subject to the Bye-Laws of the institutions to which they belong.
Thus the PABs are the primary supervisors of members of the Accountancy Bodies with IAASA
having a secondary, less active, ‘oversight’ role. This is a model of State supervised regulation rather
than direct regulation.
E. Payment Systems Framework in Ireland
53. The clearing and settlement of retail payments in Ireland is conducted through two
companies, namely The Irish Retail Electronic Payments Clearing Company Limited (IRECC)
and the Irish Paper Clearing Company Limited (IPCC), each of which constitutes a payment
system for the purposes of Part 11 of the Central Bank Act, 1972. IPCC clears paper payment
instruments, mainly cheques, while IRECC clears retail electronic payment instruments (both debit
and credit). Settlement takes place in TARGET2. IRECC and the IPCC operate under the auspices of
the Irish Payment Services Organization Limited (IPSO), the representative body of the Irish
payments industry. Regular contact is maintained by the Central Bank of Ireland with IPSO and with
each of the two clearing companies in order to promote sound co-operation and communication
IRELAND
16 INTERNATIONAL MONETARY FUND
within the industry generally and to deal with any issues requiring the attention of the Central Bank,
as overseer. The Central Bank is also represented on the Board of IPSO and on the Boards of each of
the clearing companies, primarily in an observer capacity.
54. The Central Bank is directly engaged in the oversight of the domestic retail payments
system. The oversight process involves the regular monitoring of developments and planned
changes in payment systems, assessing them against applicable oversight principles/standards and,
where necessary, fostering change. The focus of the Central Bank is on promoting payment and
settlement systems that are safe and efficient, and that can be assessed on a fair and equitable basis
by all credit institutions with a requirement to do so. As regards the oversight of cross-border
payment and securities settlement systems, the Central Bank is engaged in cooperative oversight
arrangements (mainly pertaining to oversight assessments and the development of oversight
standards).
F. Trade in Irish Securities
55. Trade in Irish securities––Government Bonds, equities and other securities–– are all
settled in infrastructures physically located outside Ireland. Irish Government Bonds are settled
in Euroclear Bank in Belgium while equities and other securities are settled in the Euroclear UK and
Ireland Crest system in the United Kingdom. The Central Bank provides euro settlement services for
securities settled in the CREST system. There are no central counterparties (CCPs), Central Securities
Depositories (CSDs) or Trade Repositories (TRs) located in Ireland.
G. Financial Safety Net (Deposit Insurance)
56. Deposits held with banks, building societies and credit unions authorised in Ireland are
protected by the Deposit Guarantee Scheme (DGS) in the event of a credit institution being
unable to repay deposits. All eligible deposits up to a limit of €100,000 per person per institution
are guaranteed to be repaid by the DGS. DGS protection includes deposits held at branches of
authorised Irish institutions operating in other EU member states. In general the DGS protects
deposits belonging to individuals, small companies, partnerships, clubs, associations, schools etc. It
excludes deposits belonging to large and medium sized companies, public authorities, insurers,
pension funds, collective investment schemes, banks and certain other financial institutions.
57. The DGS is obliged to issue compensation to depositors duly verified as eligible within
20 working days of a credit institution failing. The DGS is administered by the Central Bank of
Ireland and is funded by the credit institutions covered by the scheme. Each credit institution is
required to maintain a Deposit Protection Account (DPA) equivalent to 0.2 per cent of their total
deposits, in order to fund the DGS. The DGS was established under the terms of the European
Communities (Deposit Guarantee Schemes) Regulations, 1995 (S.I. No.168 of 95) and amended by
European Communities (Deposit Guarantee Schemes) (Amendment) Regulations, 2009 (S.I. No. 228
of 2009).
IRELAND
INTERNATIONAL MONETARY FUND 17
H. Exceptional Liquidity Assistance (ELA)
58. One of the functions of the Central Bank, similar to other central banks, is to grant
Exceptional Liquidity Assistance to a credit institution when this is deemed necessary for
financial stability purposes. ELA is one of the ways that the Central Bank of Ireland has responded
to the financial crisis. This is distinct and separate from regular funding operations carried out for
monetary policy implementation purposes through the ECB. The Central Bank Act 1942 provides the
statutory basis for the Bank to provide emergency liquidity assistance. Section 5B(d) provides the
Bank with a general power to lend against security to credit institutions, which may be exercised in
pursuit of the Bank’s financial stability objective provided by Section 6A(2)(a) of the 1942 Act.
59. In recent years the Bank has provided Exceptional Liquidity Assistance (ELA) to the
banking system for financial stability purposes. At end-December 2012, the Bank had extended
ELA of €40 billion (€11.5bn in 2009, €49.5bn in 2010 and €42bn in 2011). In February 2013, on the
liquidation of IBRC, the Bank’s ELA operations ceased.
I. Recovery and Resolution
60. The Central Bank Credit Institution Resolution Act (CBCIR) was enacted in 2011 and
establishes the resolution regime. The Special Resolution Unit (SRU) was established within the
Central Bank to operationalize this legislation. An essential aspect of the legislation is the
requirement for the SRU to be operationally separate from the supervisory areas. The CBCIR does
not apply to institutions covered by the Credit Institutions (Stabilization) Act 2010 (‘CISA’) – this
emergency legislation was introduced during the banking crisis to deal with domestic banks
requiring State support. While this Act remains in place, the CBCIR will not apply to those banks
covered by CISA. CBCIR does apply to credit unions, IFSC licensed banks and foreign owned banks
licensed to operate in the jurisdiction.
61. The CBCIR permits the Central Bank to request recovery plans from institutions. In
addition it confers powers on the Bank to resolve credit institutions where recovery is deemed not
to be likely. Resolution action is taken by the Central Bank under powers vested in the Governor. The
Governor instructs the SRU team to lead any such action on the Bank’s behalf, with support from the
supervisory functions. The CBCIR is relatively new legislation and has not yet been used to resolve
an authorised credit institution in this jurisdiction. The recovery plan aspect of the legislation has yet
to be fully implemented. It should be noted that the Central Bank implementation may be deferred
pending a review of the proposed arrangements under an EU proposed Directive on Crisis
Management and Bank Resolution.
IRELAND
18 INTERNATIONAL MONETARY FUND
SUMMARY OF THE RESULTS
Responsibility, Objectives, Powers, Independence, Accountability and Cooperation (CPs 1-3)
62. The Central Bank is the sole authority responsible for the supervision of the banking
system. The legislation describes the Central Bank objective as “the proper and effective regulation
of financial services and markets.” In addition to safety and soundness of prudential supervision, the
Central Bank is responsible for monitoring bank compliance with consumer protection regulation
and AML/CFT legislation.
63. The Central Bank is vested with discretionary powers to address areas of weaknesses
or non-compliance that are buttressed by a recently enhanced regulatory framework. The
legislative enhancements include the Central Bank Reform Act 2010 and the Central Bank
(Supervision and Enforcement) Act 2013 which strengthen the fit and proper monitoring regime, the
Central Bank information gathering authority and broaden the range of matters subject to
enforcement such as corporate governance, systems and control and minimum competency
requirements. Another significant piece of legislation is the Criminal Justice (Money Laundering and
Terrorist Financing) Act 2010 (CJA2010) that establishes requirements for banks and makes the
Central Bank the competent authority for monitoring compliance.
64. The Central Bank is currently operating below its approved staffing levels. The prompt
staffing of vacancies would enhance the Central Bank ability to conduct its activities.
65. The Central Bank has authority to issue enforceable policies and codes to regulate the
banking system; in addition, it can directly impose license conditions through existing
legislation. For example, the Central Bank has, inter alia, issued a code on related party lending,
placed requirements on banks to address operational risk, established an approval/notification
process for significant acquisitions, and increased requirements on banks to monitor country risk. In
the area of AML/CFT the CJA 2010 is comprehensive but the Central Bank’s position would be
strengthened if statutory guidelines, approved as envisaged by Section 107 of the CJA 2010, were
issued.
66. Although there is no observed interference, certain legal provisions in relation to the
role of the Minister for Finance raise concerns over independence. The Minister for Finance may
remove a member of the Central Bank Commission “if in the Minister’s opinion it is necessary or
desirable to do so to enable the Commission to function effectively.” The legislation does not
establish a concrete definition of conditions that must be met before the Minister may evoke this
option. Other areas of concern include the need to obtain Ministerial approval to increase industry
levies to fund banking supervision. Although the Central Bank is the licensing authority it must seek
Ministerial approval to deny an application for a banking license or to revoke a license.
IRELAND
INTERNATIONAL MONETARY FUND 19
Ownership, Licensing, and Structure (CPs 4-7)
67. The Central Bank grants banking licenses to entities which may have unregulated
corporate parents, domestically and cross-border. As a result, the newly licensed bank operates
under a ring-fence regime from the time it opens due to the lack of supervisory authority by the
Central Bank over the parent. The Central Bank lacks authority to perform fit-and-proper reviews on
management of the unregulated parent and to take enforcement action on parent. Until the
enactment of the Central Bank (Supervision and Enforcement) Act 2013, almost at the time of the
BCP assessment, the Central Bank also lacked authority to require submission by the parent of
information needed for supervision. Options to address the lack of access to parent may include at
time of licensing imposing restrictions on the license and require agreement from parent company
and management to provide the Central Bank the information and to comply with fit-and-proper
requirements.
Methods of Ongoing Supervision (CPs 8-10)
68. The PRISM model is the centerpiece of the supervisory framework which is used to
assign bank risk ratings and allocate supervisory resources and determines supervisory
intensity and frequency. Activities such as onsite reviews and intrusive supervision techniques are
mainly allocated to High Impact banks. The supervisory approach for banks that fall into the two
lower impact categories (Medium-Low and Low) relies heavily on reactive processes. A primary
concern is whether the calibration of PRISM is appropriate. Offsite supervision processes are largely
automated, where there is a reliance on triggers of financial ratios rather than analysis of regulatory
returns. In addition, the quality, frequency and depth of qualitative data to assess risk are limited (as
is onsite activity). In the case of Low Impact banks, no minimum frequency of onsite reviews and
engagement with banks are prescribed by PRISM. A reactive approach to supervision for this cohort
of banks and a reliance on exception reporting does not allow for sufficient opportunity to
accurately identify, assess and mitigate risk in a bank. A build up of risks across a number of lower
impact banks in aggregate could create vulnerabilities in the banking system and, moreover, could
create reputational risk for the Central Bank and a threat to the integrity of banking system. A more
proactive approach would mitigate this risk.
69. Focusing the supervisory process primarily on the impact of a failure will distort the
allocation of resources since the supervisory approach is supposed to be
preventive/corrective to maintain safety and soundness and not on the impact of resolution.
Supervisory activities to identify risk insufficient for banks with an impact rating below High,
particularly the two lower impact ratings. More attention needs to be paid to verification of self-
assessment of compliance with regulations and assessment of risk profile. Setting up the supervisory
scope should focus on bank-specific risks, so even between high risk banks there should be a
difference in activities being performed and greater flexibility in the suite of supervisory activities.
70. The Central Bank employs a mix of off- and on-site supervisory activities. Built into
PRISM is an ongoing monitoring capability that will pick up changes in risk profile through the use
of financial ratios and key risk indicators (KRIs) that, if triggered, will prompt supervisory
IRELAND
20 INTERNATIONAL MONETARY FUND
attention/intervention. KRIs are categorized into five risk areas: capital, liquidity, credit, business
model/strategy and market risk. There are, however, no KRIs for and interest rate risk in the banking
book and only a single indicator for market risk. The KRIs form a key feature of exception reporting
framework designed for lower impact rated banks where analysis of regulatory returns is automated.
The KRIs should be expanded to ensure all material risks are monitored to detect changes in risk
profile.
Corrective and Sanctioning Powers of Supervisors (CP 11)
71. The Central Bank is equipped with sufficient discretionary enforcement powers to
address areas of weaknesses in banks or their non-compliance with applicable laws,
regulations or supervisory instructions. The Central Bank (Supervision and Enforcement) Act 2013
provides the Central Bank with expanded authority to require preventive and corrective action over
a broad range of activities.
72. A well designed enforcement process is in place and it is linked to PRISM to ensure
supervisory action is initiated promptly when a situation is identified. A risk mitigation program
(RMP) is utilized when the Central Bank identifies an issue that the bank must remediate. The RMP
sets out the basis of the issue, the prescribed action, the required outcome and sets the timeline to
achieve correction.
73. The Central Bank follows an Administrative Sanctions Procedure (ASP) when bringing
possible enforcement action. The Central Bank may issue a supervisory warning and the ASP
permits the Central Bank to enter into settlements with firms and persons concerned in the
management of the firm and following an Inquiry to impose a range of sanctions, from a caution or
reprimand to fines and the disqualification of individuals from being concerned in the management
of a regulated financial service provider.
Consolidated and Cross-Border Banking Supervision (CPs 12- 13)
74. The Central Bank applies prudential standards on a group wide basis where it is
responsible for consolidated supervision. The Central Bank undertakes supervisory activities to
understand the overall structure of the banking group for which it is ultimately responsible and
supervises and monitors material activities, including nonbanking activities conducted by entities in
the wider group, both domestic and cross-border. The Central Bank collects and analyses financial
and other information which it considers adequate to ensure effective consolidated supervision of
banking groups. The central bank takes action when risks arising from the banking group and other
entities in the wider group are identified as potentially jeopardizing the safety and soundness of the
bank and banking group. Home-Host relationships are working well particularly supervisory
colleges.
Corporate Governance (CP 14)
IRELAND
INTERNATIONAL MONETARY FUND 21
75. The Central Bank has issued a Corporate Governance Code which goes beyond the
minimum requirements of the CRD and sets out the corporate governance obligations which
must be adhered to by all financial institutions. The Code provides detailed guidance across a
number of elements of corporate governance such as the role of the Board, role of senior
management and requirement for an annual compliance statement. The Central Bank also has
extensive powers as regards the fitness and probity of the directors and holders of certain senior
management positions.
Prudential Requirements, Regulatory Framework, Accounting and Disclosure (CPs 15-29)
76. Supervisors evaluate the adequacy of risk management strategies, policies, processes
and limits established by a bank through periodic risk assessments and engagement with
bank senior personnel. For onsite risk reviews, the Central Bank has dedicated Credit, Treasury, Risk
Analytics (Quantitative Models Unit & Portfolio Analytics and Stress testing Unit) and Business
Model Analytics teams which analyze credit institution’s risk management processes. These teams
are also used in assessing offsite reporting by banks. Under the Central Bank’s risk-based approach
to supervision, the level of monitoring and frequency of analysis performed by the specialist teams
varies according to the size, scale and complexity of the institution according to its PRISM impact
rating. For the highest impact banks, frequency of these engagements is on-going and actions are
updated in the risk mitigation programs within PRISM which is an effective system for tracking the
status of issues and remediation. Where onsite activities are not performed, unless an event occurs,
considerable reliance is placed on self assessments to make ongoing assessments of risk
management. The range of qualitative and quantitative information to assess the status of risk
management such as business continuity was not sufficient to reliably monitor the robustness of
arrangements on an ongoing basis.
77. To assess asset soundness and credit risk management, resources are heavily weighted
towards the High Impact banks which are the banks of greatest systemic importance and the
largest exposure to credit risk. Routine supervisory activities for High Impact banks provide the
supervisor with a variety of inputs to assess credit risk management processes against changes in
market and macroeconomic conditions. Analysis of regulatory data and enhanced reporting
requirements enable the supervisor to detect changes in risk profile on an ongoing basis. Equally,
for High Impact banks, the routine supervisory activities are adequate to make an assessment of the
Board’s involvement in developing and regularly approving the credit risk management strategy and
significant policies and processes. It was evidenced that supervisors are going beyond routine tasks
and minimum activities prescribed by PRISM.
78. Where an onsite review of loans files is performed, the supervisor (with the assistance
of credit risk specialists) has the opportunity to assess whether senior management has
implemented the credit risk strategy approved by the Board and whether underwriting
practices are consistent with policy and prudent for market conditions and the economic
environment. The frequency and depth of onsite credit risk reviews for lower risk institutions and
the allocation of credit risk specialists to assist in the assessment process could be enhanced to form
an accurate and timely assessment of the credit risk environment. For the banks assigned PRISM
IRELAND
22 INTERNATIONAL MONETARY FUND
Impact ratings of below High (especially Medium Low and Low), the variance analysis might not
necessarily provide insight into the application of credit risk management processes until after risks
have begun to crystallize resulting in breaching Central Bank triggers for supervisory attention.
79. The Central Bank has updated and expanded its guidance regarding provisioning and
valuation practices and performed more frequent and in-depth onsite assessments. Over the
course of the last several years, the Central Bank has allocated considerable resources in an effort to
encourage prudent provisioning practices with a significant focus on the covered banks. The update
guidance by the Central Bank goes beyond that of other authorities in the region where IFRS is
applied. The banking sector has also been subject to various externally led balance sheet exercises.
There are a number of examples demonstrating the impact of the various activities in increasing the
conservatism of banks’ loan loss provisioning practices.
80. Supervisory activities should place greater reliance on onsite verification of bank
processes, particularly in terms of: assessing processes for the early identification of problem
assets; application of prudent valuations for collateral; and, testing assumptions that feed
into provisioning models. There was evidence to suggest this process had commenced with the
covered banks but was yet to be extended across the sector (with due regard to proportionality).
Greater frequency and depth of analysis though onsite reviews will allow the supervisor an ability to
more accurately verify bank provisioning practices by loan sampling and testing of assumptions to
ensure they remain consistent with actual experience and are adjusted in a timely fashion to reflect
changes in market conditions and the economy. Through this process, the supervisor will be better
able to deem whether provisions are adequate for prudential purposes.
81. In 2010 the Central Bank issued a Code of Practice on Lending to Related Parties. The
code establishes requirements for transactions with affiliates to be at arms’ length and has a broad
definition of related parties. However, only lending transactions are covered by the Code and items
such as asset purchases and deposit terms are excluded.
82. A country risk policy was issued in August 2013 and is in the process of
implementation. The policy is comprehensive and the Central Bank is in the process of developing
monitoring procedures and conducting reviews. One bank examination has been conducted (with
another examination ongoing) to test compliance and another was in-process at time of the BCP
assessment. Monitoring compliance with the policy will require improved reporting by the banks,
incorporation into the PRISM process and reviews of bank compliance. Additionally banks will need
to implement the internal processes to meet the policy requirements.
83. A detailed operational risk policy has been implemented and a number of onsite
reviews conducted. A report to be filed by banks has been implemented and the first reports are to
be filed as of September 30, 2013.
84. Anti-Money Laundering legislation was implemented in 2010. The scope of the
legislation is comprehensive and the Central Bank is in the process of implementing its
monitoring and enforcement program. While the Central Bank has a strategy in place to deliver
IRELAND
INTERNATIONAL MONETARY FUND 23
supervisory coverage, elements of this strategy remain to be implemented to accomplish effective
supervision in this area including analysis of data from risk assessments and in-depth inspections to
(a) underpin the publication of the findings from the in-depth inspections, (b) inform sector wide
risk mitigation actions and (c) identify targets for thematic inspections. While the CJA 2010 is
comprehensive the Central Bank’s position would be strengthened if statutory guidelines, approved
as envisaged by Section 107 of the CJA 2010, were issued. In addition, to the onsite inspections
carried out, compliance assessments, in the form of risk assessment questionnaires have been
carried out on 21banks.
A. Summary Compliance with the Basel Core Principles
Core Principle Grade Comments
1. Responsibilities, objectives and powers C
The CBI is the primary regulator of the Irish financial
system. Its objectives include proper and effective
regulation of financial institutions and markets,
while ensuring that consumers of financial services
are protected.
2. Independence, accountability, resourcing
and legal protection for supervisors
MNC Although there is no observed interference, the
legislation provides for the approval of the Minister
for Finance for: setting the levy structure to fund
supervision, denying a license application,
involuntary revocation of a banking license.
The CBI is the licensing authority but must receive
Minister for Finance consent to deny a license
application or revoke a license approved based on
false information.
The Minister may remove Commission members for
specified reasons which are broad in nature and
interpretation. The Secretary General of the
Department of Finance sits on the CBI Commission
in an ex-officio capacity.
3. Cooperation and collaboration C The CBI is responsible for the regulation of financial
service providers and markets in Ireland, and
ensuring financial stability.
4. Permissible activities C No additional comments.
5. Licensing criteria C The CBI issues licenses to banks owned by
unregulated entities. These banks are ring-fenced
since the CBI lacks authority to perform fit and
proper reviews on senior management in the
unregulated parent, or take enforcement action
against the unregulated parent.
6. Transfer of significant ownership C No additional comments.
7. Major acquisitions LC Requirement for major acquisition reviews was
implemented in August 2013. Too early for a record
of compliance and enforcement to be reviewed.
IRELAND
24 INTERNATIONAL MONETARY FUND
Core Principle Grade Comments
8. Supervisory approach C The CBI employs a mix of off- and on-site
supervisory activities. The PRISM model is the
centerpiece of the supervisory framework which is
used to assign bank risk ratings and allocate
supervisory resources and determines supervisory
intensity and frequency of supervisory activities.
9. Supervisory techniques and tools MNC A primary concern is whether the calibration of
PRISM is appropriate for the mix of onsite and
offsite supervision for Medium Low and Low Impact
banks. Analysis of regulatory returns should be
strengthened as well as greater focus on testing and
sampling of risk management processes.
10. Supervisory reporting C No additional comments.
11. Corrective and sanctioning powers of
supervisors
C
The CBI has an adequate range of supervisory tools
to bring about timely corrective actions. Its
enforcement powers were recently enhanced by the
introduction of the Central Bank (Supervision and
Enforcement) Act 2013. This gives the Central Bank
greater information gathering powers and also
provides for new sanctions and increased monetary
penalties under the Administrative Sanctions
Procedure.
12. Consolidated supervision C
The CBI undertakes supervisory activities to
understand the overall structure of the banking
group for which it is ultimately responsible and
supervises and monitors material activities
(including nonbanking activities conducted by
entities in the wider group, both domestic and
cross-border.
13. Home-host relationships C
14. Corporate governance LC
For those banks assigned a rating of Medium-low
and Low, the range and frequency of supervisory
activities to assess governance is not adequate to
assess the robustness of governance (EC2). Does not
appear to be an adequate level of attention to a
board’s stewardship and understanding of risk and
corporate governance (EC8).
15. Risk management process LC
The range of qualitative and quantitative
information to assess the status of business
continuity was not sufficient to reliably monitor the
robustness of arrangements on an ongoing basis
(EC12).
The frequency of onsite testing and verification of
model validation results needs to be enhanced
IRELAND
INTERNATIONAL MONETARY FUND 25
Core Principle Grade Comments
(EC6).
16. Capital adequacy C
No additional comments.
17. Credit risk LC
The frequency and depth of onsite credit risk
reviews for lower risk institutions and the allocation
of credit risk specialists to perform file reviews is not
sufficient to maintain an accurate assessment of
credit risk for these credit institutions (EC3). For the
banks assigned PRISM Impact ratings of Medium
Low and Low, the variance analysis might not
necessarily provide insight into the application of
credit risk management processes until after risks
have begun to crystallize resulting in breaching
Central Bank triggers for supervisory attention (EC1).
18. Problem assets, provisions, and reserves LC
Greater frequency and depth of onsite reviews of
loan loss provisioning practices (e.g. testing of
assumptions against experience, recognition of
default, prudent valuations)
19. Concentration risk and large exposure
limits
C
No additional comments.
20. Transactions with related parties MNC
Only credit transactions are covered by the
regulation. Compliance monitoring is mainly offsite
(with some onsite testing) but reports filed by banks
lack information to monitor terms, rates and other
requirements of the RPL Code.
21. Country and transfer risks LC
Requirements issued in August 2013. The CBI has
developed a monitoring process and is conducting
initial reviews to determine compliance.
22. Market risk LC
In terms of onsite examinations of market risk,
coverage by the Treasury Team has been limited,
though proportional based on either the complete
absence or very low level of traded market risk in
most banks supervised. Insufficient testing of
implementation of policies and procedures onsite to
accurately assess the effective implementation of
controls, especially in regard to verify that marked-
to-market positions are prudently valued and
revalued frequently. CBI’s oversight of internal
models on an ongoing basis is inadequate to ensure
models are fit for purpose and calculating capital
accurately (EC4).
IRELAND
26 INTERNATIONAL MONETARY FUND
Core Principle Grade Comments
23. Interest rate risk in the banking book LC
While detailed reviews are conducted by the
treasury team on High Impact banks, treasury team
support is provided to lower impact banks as part of
their Full Risk Assessments. As these are less
frequent they are supplemented by the use of the
quarterly risk dashboards and the twice yearly
meetings with the head of the treasury team at
which the main findings of the reviews conducted
on the High Impact Banks are shared. A less
intensive process is used for lower Impact banks
with a reliance on a self assessment.
24. Liquidity risk C
The Bank requires each credit institution to
establish and maintain a liquidity strategy and
liquidity policy. Central Bank requires each credit
institution to establish a contingency funding plan,
developed by management and approved by the
Board.
25. Operational risk LC
First monitoring reports filed by banks as at
September 30, 2013. Effectiveness of monitoring
and enforcement cannot be assessed at this time.
26. Internal control and audit LC
No requirement in regulations for the Board to take
responsibility for establishing the internal control
environment, although the regulations do require
banks to maintain internal controls. For banks with
an Impact rating below High, the supervisory
activities to assess the effectiveness of the internal
control function will rely upon desk based review of
exception reporting without a sufficient suite of
supporting documentation to make an accurate
assessment of the effectiveness of the control
environment required by EC4 and EC5.
27. Financial reporting and external audit LC
The Central Bank does not have the power to reject
and rescind the external auditor as required by EC6.
Existing legislation does not provide the Central
Bank with the power to influence the scope of the
external audit or establish the standards for such an
audit.
28. Disclosure and transparency C
The Central Bank will ensure that the financial
statements have an auditor’s opinion expressing the
opinion that they give a true and fair view.
29. Abuse of financial services MNC
Branches of foreign banks have not been
incorporated in AML compliance reviews.
Additionally, most reviews of compliance have been
through the review of risk assessment
questionnaires sent to banks with limited onsite
testing. While the CJA 2010 is comprehensive the
IRELAND
INTERNATIONAL MONETARY FUND 27
Core Principle Grade Comments
CBI’s position would be strengthened if statutory
guidelines, approved as envisaged by Section 107 of
the CJA 2010, were issued.
The CBI has not issued specific requirements for
internal audit and/or external experts to
independently evaluate the relevant risk
management policies, processes and controls for
AML.
There is no requirement to appoint a relevant
dedicated officer to whom potential abuses of the
banks’ financial services are reported. The CBI is
planning to issue communications following its
inspections setting out principal findings and its
expectations as to how compliance with the CJA
2010 can be demonstrated.
IRELAND
28 INTERNATIONAL MONETARY FUND
Detailed Assessment
85. To determine the observation of each principle, the assessment has made use of five
categories: compliant; largely compliant, materially noncompliant, noncompliant, and non-
applicable. An assessment of “compliant” is given when all EC and ACs are met without any
significant deficiencies, including instances where the principle has been achieved by other means. A
“largely compliant” assessment is given when there are only minor shortcomings, which do not raise
serious concerns about the authority’s ability to achieve the objective of the principle and there is
clear intent to achieve full compliance with the principle within a prescribed period of time (for
instance, the regulatory framework is agreed but has not yet been fully implemented). A principle is
considered to be “materially noncompliant” in case of severe shortcomings, despite the existence of
formal rules and procedures and there is evidence that supervision has clearly not been effective,
the practical implementation is weak or that the shortcomings are sufficient to raise doubts about
the authority’s ability to achieve compliance. A principle is assessed “noncompliant” if it is not
substantially implemented, several ECs are not complied with, or supervision is manifestly
ineffective. Finally, a category of “non-applicable” is reserved for those cases that the criteria would
not relate the country’s circumstances. In addition, a Principle would be considered not applicable
when, in the view of the assessor, the Principle does not apply given the structural, legal and
institutional features of a country.
86. Table 2 below provides a detailed principle-by-principle assessment of the BCP. The
Table is structured as follows:
? The “description and findings” sections provide information on the legal and regulatory
framework, and evidence of implementation and enforcement.
? The “assessment” sections contain only one line, stating whether the system is “compliant,”
“largely compliant,” “materially non-compliant,” “non-compliant” or “not applicable” as
described before.
? The “comments” sections explain why a particular grading is given. These sections are
judgmental and also reflect the assessment team’s views regarding strengths and areas for
further improvement in each principle.
IRELAND
INTERNATIONAL MONETARY FUND 29
A. Detailed Assessment of Compliance with the Basel Core Principles
Supervisory Powers, Responsibilities and Functions
Principle 1 Responsibilities, objectives and powers. An effective system of banking supervision has
clear responsibilities and objectives for each authority involved in the supervision of
banks and banking groups.
3
A suitable legal framework for banking supervision is in place
to provide each responsible authority with the necessary legal powers to authorize banks,
conduct ongoing supervision, address compliance with laws and undertake timely
corrective actions to address safety and soundness concerns.
4
Essential criteria
EC1 The responsibilities and objectives of each of the authorities involved in banking
supervision
5
are clearly defined in legislation and publicly disclosed. Where more than one
authority is responsible for supervising the banking system, a credible and publicly
available framework is in place to avoid regulatory and supervisory gaps.
Description and
findings re EC1
The CBI is the single authority responsible for prudential banking supervision. The CBI’s
responsibilities are defined in Section 6 A (2) (b) of the CBI Act as: “the proper and effective
regulation of financial service providers and markets,” and as such are publicly disclosed.
The Central Bank Act 1942 (CBI Act) states that the CBI has the following objectives: the
stability of the financial system overall; the proper and effective regulation of financial
institutions and markets, while ensuring that the best interests of consumers of financial
services are protected; the efficient and effective operation of payment and settlement
systems; the provision of analysis and comment to support national economic policy
development; and, the discharge of such other functions and powers as are conferred on it
by law. The CBI is responsible for licensing and monitoring anti-money laundering
regulation compliance in banks.
EC 2 The primary objective of banking supervision is to promote the safety and soundness of
banks and the banking system. If the banking supervisor is assigned broader
responsibilities, these are subordinate to the primary objective and do not conflict with it.
Description and
findings re EC2
The responsibilities and objectives of the CBI regarding banking supervision are clearly set
out in legislation and are also published in the CBI’s Annual Report and Strategic Plan. The
stated objectives in supervising Credit Institutions are: (i) to foster a stable banking system
and (ii) to provide a degree of protection to depositors with individual credit institutions.
As a central bank the CBI also has broader responsibilities, including inter alia: monetary
policy (as part of the ESCB): financial market operations; payments and settlements; and
other financial services supervision. Banking supervision is not subordinate to any of these
3
In this document, “banking group” includes the holding company, the bank and its offices, subsidiaries,
affiliates and joint ventures, both domestic and foreign. Risks from other entities in the wider group, for
example nonbank (including non-financial) entities, may also be relevant. This group-wide approach to
supervision goes beyond accounting consolidation.
4
The activities of authorising banks, ongoing supervision and corrective actions are elaborated in the
subsequent Principles.
5
Such authority is called “the supervisor” throughout this paper, except where the longer form “the
banking supervisor” has been necessary for clarification.
IRELAND
30 INTERNATIONAL MONETARY FUND
or to the other responsibilities of the CBI. Banking supervision is adequately funded and
represented by a Deputy Governor. The primary function of the Banking Supervision
Divisions is the onsite and off-site supervisions of all Irish licensed credit institutions.
EC3 Laws and regulations provide a framework for the supervisor to set and enforce minimum
prudential standards for banks and banking groups. The supervisor has the power to
increase the prudential requirements for individual banks and banking groups based on
their risk profile
6
and systemic importance.
7
Description and
findings re EC3
Minimum prudential standards are established through primary legislation (e.g. Central
Bank Acts), secondary legislation (e.g. Statutory Instruments (SI) implementing Directives
such as the CRD) or through regulatory requirements issued by the CBI. Regulatory
requirements may be attached as a condition on the license of an individual bank or of all
banks. The CBI, under Section 10 of the CBI Act 1971, issues regulatory requirements. The
CBI also issues “policy” and “Codes” which are enforceable.
The CBI has powers to impose requirements on banks primarily under regulation 70 of SI
661 of 2006, under Section 10 of the CBI Act 1971 and the CBI (Supervision and
Enforcement) Act 2013. The CBI also notifies appropriate authorities (e.g. Irish police) for
possible criminal sanctions where contraventions of the Central Bank Acts are designated
as a criminal offense. The CBI pursues corrective/enforcement action through an
Administrative Sanctions Procedure (ASP). The CBI may require the bank to implement a
risk mitigation program (RMP) to address more routine issues. For more serious issues a
supervisory warning or direction may be issued. Under Part IIIC of the CBI Act 1942, an
inquiry may be held that may lead to the imposition of sanctions/fines.
The CBI has the ability to increase individual prudential requirements for banks. This
includes powers under the Statutory Instruments implementing the CRD (including inter
alia the ability of the supervisor: to impose additional capital requirements; to impose a
specific provisioning methodology; or to reduce risk profile) and powers under the Central
Bank Act 1971 (to increase minimum prudential standards by imposing additional license
requirements on a bank or banking group under Section 10 of the Act). Regulation 70
enables the CBI to require any credit institution “that does not meet the requirements of any
law of the State giving effect to take the necessary actions or steps at an early stage to
address the situation.”
Regulation 70 has been used to impose additional capital requirements in the case of the
banks subject to the Central Bank’s Prudential Capital Assessment Review (PCAR), most
recently in March 2011 and to re-issue a RMP to an institution that did not
comprehensively address the program in the first instance.
The CBI has imposed additional prudential requirements on individual banks, such as
limiting deposit-taking activities (i.e. no deposits of less than €500,000). In addition, the
CBI’s liquidity requirements, as set out in the “Requirements for the Management of
Liquidity Risk,” were imposed as an additional license requirement on all banks.
6
In this document, “risk profile” refers to the nature and scale of the risk exposures undertaken by a bank.
7
In this document, “systemic importance” is determined by the size, interconnectedness, substitutability, global or
cross-jurisdictional activity (if any), and complexity of the bank, as set out in the BCBS paper on Global systemically
important banks: assessment methodology and the additional loss absorbency requirement, November 2011.
IRELAND
INTERNATIONAL MONETARY FUND 31
EC4 Banking laws, regulations and prudential standards are updated as necessary to ensure that
they remain effective and relevant to changing industry and regulatory practices. These are
subject to public consultation, as appropriate.
Description and
findings re EC4
Banking laws in the EU are continuously updated and generally implemented at European
level by way of Directives. Irish laws are also updated as necessary and EU directives must
be transposed into national law by EU Member States. Member States may choose the
transposition methodology but are subject to review for completeness. As a result, banking
laws are generally developed at EU level and consulted on a trans-European level (e.g. by
the EU Commission) as Directives are developed and passed. As such, they are updated as
necessary in a European context. For example, the Basel Committee for Banking
Supervision (BCBS) Basel II text was implemented via the CRD in the EU. This directive
updated the previously implemented Codified Banking Directive and consolidated banking
capital and prudential requirements. Since 2010 there have been significant revisions to CBI
legislation, including enhancements to enforcement authority in 2013.
EC5 The supervisor has the power to:
(a) have full access to banks’ and banking groups’ Boards, management, staff and
records in order to review compliance with internal rules and limits as well as external
laws and regulations;
(b) review the overall activities of a banking group, both domestic and cross-border; and
(c) Supervise the activities of foreign banks incorporated in its jurisdiction.
Description and
findings re EC5
Section 17A and section 18 of the Central Bank Act 1971 give powers to the CBI to inspect
the books, records and provides access to the management and boards of banks.
The primary legislative powers apply at a consolidated, sub-consolidated or solo level. This
means that authorized CBI officers can inspect the books and records of group
consolidated entities or subsidiaries of foreign-owned banks. The legal provisions are
detailed in S.I. 475 of 2009, in that it sets out when consolidated supervision is applicable.
Part 3 of the CBI (Supervision and Enforcement) Act 2013 has extensive authorized officer
powers and general information gathering powers to “associated enterprises” when the CBI
is the consolidated supervisor. Part 3 of the Act also provides powers, which can be used
outside the State and in relation to “related undertakings” of a regulated financial service
provider.
Supervisory authority extends to all banks operating in Ireland regardless of home country.
EC6 When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is
or is likely to be engaging in unsafe or unsound practices or actions that have the potential
to jeopardize the bank or the banking system, the supervisor has the power to:
(a) take (and/or require a bank to take) timely corrective action;
(b) impose a range of sanctions;
(c) revoke the bank’s license; and
(d) cooperate and collaborate with relevant authorities to achieve an orderly resolution
of the bank, including triggering resolution where appropriate.
Description and
findings re EC6
The CBI may require under regulation 70 of S.I. 661 that, when it has determined that a
bank does not meet the requirements of the CRD, that bank must take the necessary
actions or steps at an early stage to address the situation.
IRELAND
32 INTERNATIONAL MONETARY FUND
(a) As well as enforcement capability (including ASP actions), the measures available to
the CBI under the CRD include the following:
(i) obliging credit institutions to hold own funds in excess of the minimum
level set out in the CRD;
(ii) requiring the reinforcement of the arrangements, processes,
mechanisms and strategies implemented to comply with the CRD
(namely the systems and processes of internal control);
(iii) requiring credit institutions to apply a specific provisioning policy or
treatment of assets, in terms of own funds requirements;
(iv) restricting or limiting the business, operations or network of credit
institutions; and
(v) requiring the reduction of the risk inherent in the activities, products and
systems of credit institutions.
(i) The CBI may, with the consent of the Minister, revoke a license.
(b) Section 45 of the Central Bank (Supervision and Enforcement) Act 2013 provides the
authority of the CBI to issue “directions” requiring the bank to effect corrective
action. A CBI direction may require the bank to dispose of assets, suspend a certain
activity for a period not to exceed 12 months, raise capital, make changes to internal
systems and controls and address violations of law.
(c) The Credit Institutions (Resolution) Act 2011 (CBCIR) establishes the process to deal
with resolution of failed or failing banks. The CBI must apply to court before
resolving a bank. The liquidation is governed by company law and the liquidator is
appointed by the CBI. The CBI and the Minister for Finance are represented on the
liquidation committee.
EC7 The supervisor has the power to review the activities of parent companies and of
companies affiliated with parent companies to determine their impact on the safety and
soundness of the bank and the banking group.
Description and
findings re EC7
The CBI supervises ”Home” banks on a consolidated basis (including all bank and nonbank
subsidiaries), up to and including financial holding companies, and the prudential and
regulatory requirements are imposed at financial holding company or parental level under
the CRD. S.I. 475 of 2009 deals with the ability to review the activities of parent companies
to determine the safety and soundness of the bank concerned, and the overall banking
group.
Foreign-owned subsidiaries are subject to solo supervision, in that they are required to
comply with minimum prudential requirements on a subsidiary basis. EU banking groups
are also subject to home-host cooperation and supervision. Consolidated supervision takes
account of all group companies (including unregulated subsidiaries) and all regulated
entities must comply with the minimum regulatory requirements on a solo basis. Discretion
from this requirement is only available where the subsidiaries are unregulated. For
unregulated parents, the CBI monitors the financial condition through information
obtained from the Irish operation and publicly available financial statements and applies fit
and proper requirements to controlling owners but not to senior management when the
licensing application is reviewed. Additionally, the Irish operation is ring-fenced from the
unregulated parent.
IRELAND
INTERNATIONAL MONETARY FUND 33
S.I. 475 of 2009 deals with the ability to review the activities of parent companies to
determine the safety and soundness of the bank concerned and the overall banking group.
S.I. 475 of 2009 transposes the relevant parts of the CRD in this regard. Furthermore, the
CBI (Supervision and Enforcement) Act 2013 enhances the CBI’s powers in relation to
getting information (general information-gathering power and authorized officer powers)
not just from banks themselves but also from “related persons.” These powers can be
exercised outside the State (subject to appropriate liaison with the appropriate authorities
in the relevant jurisdiction). Also, section 18 of the CBI Act 1971 can be exercised against an
“associated company” or “related body.”
In terms of consolidated position, Regulation 15(a) of S.I. 661 of 2006 provides that parent
credit institutions in the State shall comply with the CRD on the basis of their consolidated
financial situation.
Assessment of
Principle 1
Compliant
Comments
Principle 2 Independence, accountability, resourcing and legal protection for supervisors. The
supervisor possesses operational independence, transparent processes, sound governance,
budgetary processes that do not undermine autonomy and adequate resources, and is
accountable for the discharge of its duties and use of its resources. The legal framework for
banking supervision includes legal protection for the supervisor.
Essential criteria
EC1 The operational independence, accountability and governance of the supervisor are
prescribed in legislation and publicly disclosed. There is no government or industry
interference that compromises the operational independence of the supervisor. The
supervisor has full discretion to take any supervisory actions or decisions on banks and
banking groups under its supervision.
Description and
findings re EC1
The CBI is an independent statutory body that must act in accordance with the Treaty on
the Functioning of the European Union and the ESCB Statute and within the confines of the
statutory regime of Irish financial services law (primarily the Central Bank Act 1942 and the
designated enactments and statutory instruments listed in Schedule 2 of that Act). The CBI
has full regulatory and supervisory powers to supervise the banking system and take
enforcement action without consultation or interference. However, as set out below, there
are situations where the CBI is required to consult with, or in specific circumstances receive
approval from, the Minister for Finance e.g. involuntary revocation of license, application of
levies, and denial of a license application. In relation to industry interference, while the CBI
consults with industry participants or industry representative bodies, such participants do
not have any legislative basis upon which to interfere in the decision-making process of the
Central Bank.
The Governor/Deputy Governor and senior Central Bank Management appear before the
Joint Oireachtas Committee on the performance and discharge of its duties.
The process for the appointment and dismissal of the Governor and Commission of the CBI
is set out in the CBI Act 1942. However, the internal governance structures are not set out
in legislation and are determined by the CBI itself. The Governance Structures of the CBI are
explained in public documents.
The framework by which the CBI establishes and enforces minimum prudential standards
IRELAND
34 INTERNATIONAL MONETARY FUND
for banks is set down in legislation and regulations which are updated when required.
Where deemed necessary, the CBI has the power to take action against a bank, including
imposing financial penalties and ultimately revoking a banking license (the latter can only
be done with the consent of the Minister for Finance). The CBI's decisions can be appealed
to the Irish Financial Services Appeals Tribunal and can also be judicially reviewed.
The CBI must also prepare and submit to the Minister for Finance a strategic plan every
three years which is also laid before the Houses of the Oireachtas (section 32B of the
Central Bank Act 1942).
The CBI is required to prepare a statement relating to the CBI’s performance in regulating
financial services under chapter 2A Article 32L of the Central Bank Act 1942 (inserted by the
Central Bank Reform Act 2010).
EC2 The process for the appointment and removal of the head(s) of the supervisory authority
and members of its governing body is transparent. The head(s) of the supervisory authority
is (are) appointed for a minimum term and is removed from office during his/her term only
for reasons specified in law or if (s)he is not physically or mentally capable of carrying out
the role or has been found guilty of misconduct. The reason(s) for removal is publicly
disclosed.
Description and
findings re EC2
The appointment of the Central Bank Commission (Board), Governor and Deputy Governors
(which include the Deputy Governor for Financial Regulation) are transparent and set out in
the Central Bank Act 1942. This Act also stipulates the circumstances in which the above
can be removed.
Commission Member:
In relation to the appointment of Commission members:
(1) The Commission comprises-
(a) the persons for the time being holding or performing the duties of the
following offices:
(i) Governor;
(ii) Head of Central Banking;
(iii) Head of Financial Regulation;
(iv) Secretary General of the Department of Finance, and
(b) at least 6, but no more than 8, other members appointed by the
Minister.
Section 24B of the Central Bank Act 1942 limits a Commission member to holding the
position for a period of 5 years unless he or she previously ceases to hold that office in
accordance with a provision of this Part. May be renewed once.
Section 25 of the Central Bank Act 1942 provides that the Minister may remove an
appointed member of the Commission from office:
(a) for proven misconduct or incompetence, or
(b) if in the Minister’s opinion it is necessary or desirable to do so to enable the Commission
to function effectively.
Governor
Section 19 of the Central Bank Act 1942 states:
IRELAND
INTERNATIONAL MONETARY FUND 35
The Governor shall be appointed by the President on the advice of the Government. A
person appointed as Governor holds office for 7 years from the date of the person’s
appointment. The President, on the advice of the Government, may appoint a person
holding office as Governor for a further period of seven years to take effect at the end of
the person’s current period of appointment.
Section 21 of the Central Bank Act 1942 states:
(1) The President may, on the advice of the Government, remove the Governor from office
on the ground that the Governor has, because of ill-health, become permanently
incapacitated from carrying out the responsibilities of Governor.
(2) The President may, on the advice of the Government, remove the Governor from office
on one or more specified grounds of serious misconduct.
The current Governor is a number of years into his 7 year contract while the previous
Governor served longer than the 7 year term. The current Governor is the first not to come
from the Secretary General position at The Department of Finance. The recently appointed
Deputy Governor for Financial Regulation and the prior one were from other member EU
states.
EC3 The supervisor publishes its objectives and is accountable through a transparent framework
for the discharge of its duties in relation to those objectives.
8
Description and
findings re EC3
The CBI annually publishes its objectives and the extent of achievement of those objectives.
The CBI must also prepare and submit to the Minister for Finance a strategic plan every
three years. This plan is also laid before the Houses of the Oireachtas (section 32B of the
Central Bank Act 1942).
The CBI is required to prepare a statement relating to the CBI’s performance in regulating
financial services under chapter 2A Article 32L of the Central Bank Act 1942 (inserted by the
Central Bank Reform Act 2010).
Within one month after receiving a performance statement from the CBI, the Minister will
lay it before each House of the Oireachtas.
The Governor or a Head of Function may be requested by a Committee of the Oireachtas to-
(a) attend before the Committee, and
(b) provide that Committee with information relating to the Bank’s
performance statement, the Governor or Head of Function shall-
(i) appear before the Committee, and
(ii) subject to section 33AK(1A), provide the Committee with such
information relating to the performance statement as the
Committee requires.
The CBI published its Annual Performance Statement on its financial regulatory activities for
2012 in April 2013. The Governor/Deputy Governor and senior management have appeared
before the Joint Oireachtas Committee on the performance and discharge of their duties.
EC4 The supervisor has effective internal governance and communication processes that enable
8
Please refer to Principle 1, Essential Criterion 1.
IRELAND
36 INTERNATIONAL MONETARY FUND
supervisory decisions to be taken at a level appropriate to the significance of the issue and
timely decisions to be taken in the case of an emergency. The governing body is structured
to avoid any real or perceived conflicts of interest.
Description and
findings re EC4
The governance of the CBI is structured to ensure that decisions are taken at the
appropriate level and in a timely manner. This is reflected in a number of ways:
The Commission has approved a ‘delegation of powers’ framework together with an
extensive assignment of responsibilities pursuant to section 32A of the Central Bank Act
1942. This framework clearly sets out the decisions that are permitted to be taken by
specified staff, thus ensuring that decisions are taken at the appropriate level. In addition,
the delegation of power should allow for timelier decision-making.
In terms of the decision-making process, two significant committees have been established
by the Central Bank: the Policy Committee and the Supervisory Risk Committee.
The CBI Act 1942 sets out requirements in relation to avoiding conflicts of interest for
specific positions: Commission member (Section 24), Governor (Section 19 & 20), Deputy
Governor (Section 23).
Conflict of Interest
All staff of the Central Bank of Ireland is subject to the Staff Code of Ethics and Behavior
and the Employee Trading Rules. The code of ethics requires that staff do not put
themselves in the position that might give rise to an actual or apparent conflict between
the discharge of their official duties and their personal, financial or other interests. In
addition the code requires that staff, in particular senior officers, should not be active
members of any political party or organization.
The employee trading rules requires staff to abstain from being a party to any economic or
financial transactions that may hinder their independence and impartiality and should
avoid any situation liable to give rise to a conflict of interest. The purpose of the trading
rules is to:
? Maintain standards of conduct within the Central Bank at the highest level of
integrity; and
? Avoid any potential insinuation of insider trading, conflict of interest or other
abuses of confidential information.
EC5 The supervisor and its staff have credibility based on their professionalism and integrity.
There are rules on how to avoid conflicts of interest and on the appropriate use of
information obtained through work, with sanctions in place if these are not followed.
Description and
findings re EC5
The CBI staff is qualified with both supervisory and industry experience. Since the onset of
the financial crisis the CBI has significantly increased its specialist-staff complement in the
areas of risk analytics, credit and treasury.
The CBI ensures that conflict of interest issues do not arise through a number of means
including legislation and internal codes.
In addition to the legislative requirements detailed in EC 4, all staff of the CBI is subject to
the Staff Code of Ethics and Behavior and the Employee Trading Rules. The code of ethics
requires that staff do not put themselves in the position that might give rise to an actual or
apparent conflict between the discharge of their official duties and their personal, financial
or other interests. In addition the code requires that staff, in particular senior officers,
should not be active members of any political party or organization.
IRELAND
INTERNATIONAL MONETARY FUND 37
The employee trading rules requires staff to abstain from being a party to any economic or
financial transactions that may hinder their independence and impartiality and should
avoid any situation liable to give rise to a conflict of interest.
Staff is also required to disclose any shareholdings that they have to ensure transparency
and highlight potential conflicts of interest.
The CBI takes steps to ensure that information which it has provided and which it receives
remains confidential. Staff is required by legislation (the Central Bank Act, 1942 section
33AK) to preserve the confidentiality of information. In addition, internal information
security policies are in place within the Central Bank.
Discussions with industry by the mission disclosed the consensus that CBI staff is
professional, that the CBI has increased its skills base and adds value through the
supervisory process.
EC6 The supervisor has adequate resources for the conduct of effective supervision and
oversight. It is financed in a manner that does not undermine its autonomy or operational
independence. This includes:
(a) a budget that provides for staff in sufficient numbers and with skills commensurate
with the risk profile and systemic importance of the banks and banking groups
supervised;
(b) salary scales that allow it to attract and retain qualified staff;
(c) the ability to commission external experts with the necessary professional skills and
independence, and subject to necessary confidentiality restrictions to conduct
supervisory tasks;
(d) a budget and program for the regular training of staff;
(e) a technology budget sufficient to equip its staff with the tools needed to supervise
the banking industry and assess individual banks and banking groups; and
(f) a travel budget that allows appropriate on-site work, effective cross-border
cooperation and participation in domestic and international meetings of significant
relevance (e.g., supervisory colleges).
Description and
findings re EC6
The CBI applies levies on the banks to fund its regulatory duties/activities. The amount of
the levy must be approved by the Minister. The ability to charge these levies is set out in
the CBI Act 1942. These supervisory activities include both supervisory staff costs and non-
staff costs such as external experts, training etc. The CBI considers that the Banking
Supervision Divisions are adequately resourced to perform their supervisory functions.
The Staffing
(a) The CBI constantly evaluates both the level of staff and the skillsets of these staff to
ensure that the requisite level of resources is available to carry out its duties.
(b) As a Public Sector entity the CBI cannot offer the same level of remuneration and
benefits as is available in the private sector. However, as the CBI operates within a
hierarchical grading structure it has flexibility in relation to the entry point of new
staff within this structure, and therefore has some ability to compete with the private
IRELAND
38 INTERNATIONAL MONETARY FUND
sector. In addition, greater certainty of tenure than the private sector and a defined
benefit pension scheme are tools that can be used to attract staff.
(c) The CBI can, where required, commission external experts to conduct supervisory
tasks. Under the Central Bank (Supervisory and Enforcement) Act 2013 the cost of
these external experts can be applied directly to the banks. The Central Bank
(Supervision and Enforcement) Act 2013 provides extensive new powers in relation
to third-party skilled persons reports (Part 2) and enables the CBI to appoint non-
employees as authorized officers who will be able to use the extensive new
authorized officer powers under this act.
(d) The CBI as an organization has a significant training budget which staff in Banking
Supervision can avail of. In addition, Banking Supervision has its own training budget
which is utilized for specific supervisory training identified as part of its Training
Needs Analysis. Banking Supervision has a training policy and curriculum which set
out Banking Supervision management’s commitment to training, an individual’s
personal responsibility for training, sources of training available and the core
curriculum. This curriculum is kept under ongoing assessment, as are the providers
of such training. Each member of the banking divisions are required to undertake
the core curriculum and can then build on this with more advanced/specialized
training to suit their own personal learning needs and the requirements of their role.
(e) The CBI operates a centralized technology budget. Divisions that wish to implement
new technology projects present a business case to senior management for
assessment.
(f) Banking Supervision has a significant travel budget which facilitates staff
undertaking travel that is relevant to their roles.
Staffing
Category 2010 2012
Front line supervisor 66 49
Projects 4 6
Risk specialists – Supervision Support (credit, treasury,
business model, risk model)
26 24
Stress testing 2 5
Divisional Operations (admin, reporting, policy) 15 12
Special resolutions
Grand Total 113 96
Turnover rate
Category 2011 2012
Front line supervisor 4.5% 1.8%
Projects 0.0% 0.0%
Risk specialists (credit, treasury, business model, risk model) 7.7% 16.7%
Stress testing 0.0% 12.5%
Support (admin, reporting, policy) 13.3% 0.0%
Special resolutions 0.0% 0.0%
IRELAND
INTERNATIONAL MONETARY FUND 39
Grand Total 6.2% 5.6%
There has been a doubling of banking supervision resources since the beginning of the
current financial crisis (i.e. July 2007) with a consequential increase in levies to reflect this.
EC7 As part of their annual resource planning exercise, supervisors regularly take stock of
existing skills and projected requirements over the short- and medium-term, taking into
account relevant emerging supervisory practices. Supervisors review and implement
measures to bridge any gaps in numbers and/or skill-sets identified.
Description and
findings re EC7
Banking Supervision Division management undertakes regular Training Needs Analysis. The
purpose of this exercise is to identify any gaps/weaknesses in the current complement of
staff and to identify future gaps based on the supervisory strategy/plan. The results of this
exercise are utilized to devise training plans and highlight recruitment requirements. The
identified gaps are factored into the individual Performance Management and
Development Plans of staff members. In addition, the Central Bank employs the PRISM
system to determine the impact rating of banks, which is then used to determine the
requisite allocation of staff. The actual level of staff is compared to the model allocation on
an ongoing basis.
EC8 In determining supervisory programmes and allocating resources, supervisors take into
account the risk profile and systemic importance of individual banks and banking groups,
and the different mitigation approaches available.
Description and
findings re EC8
PRISM is the framework through which the CBI determines supervisory programs and
allocates resources, taking into account the risk profile and systemic importance of
individual banks and banking groups, and the different mitigation approaches available.
PRISM assigns all supervised firms to one of four possible impact categories based on a
quantitative assessment of the impact of their failure upon (inter-alia) the
economy/financial stability, the taxpayer and the consumer. These impact categories are
High, Medium High, Medium Low and Low.
Supervisory resources are allocated to each firm on the basis of this impact assessment. A
program of minimum supervisory engagement has been developed for each of the four
impact categories. Resource buffers are in place to supervise above the minimum (i.e. to
take account of the fact that some banks pose a higher probability risk than others
notwithstanding that they may have the same impact categorization.
EC9 Laws provide protection to the supervisor and its staff against lawsuits for actions taken
and/or omissions made while discharging their duties in good faith. The supervisor and its
staff are adequately protected against the costs of defending their actions and/or
omissions made while discharging their duties in good faith.
Description and
findings re EC9
The CBI and its employees have statutory protection from being liable in damages for
actions carried out while performing the functions of the CBI provided that they have not
acted in bad faith. While the CBI does not currently have a formal policy in place in relation
to the provision of costs for staff defending their actions the practice to date has been that
the Central Bank does support it staff.
Section 33AJ of the Central Bank Act 1942 states:
(1) This section applies to the following persons:
(a) the Bank;
(b) the Governor;
IRELAND
40 INTERNATIONAL MONETARY FUND
(ba) the Heads of Function;
(bb) the Secretary General of the Department of Finance, in his or her
capacity as an ex-officio member of the Commission;
(bc) the appointed members of the Commission;
(b) the Registrar of Credit Unions;
(c) the Registrar of the Appeals Tribunal;
(d) employees of the Bank;
(e) agents of the Bank.
(1) A person to whom this section applies is not liable for damages for anything
done or omitted in the performance or purported performance or exercise of
any of its functions or powers, unless it is proved that the act or omission was in
bad faith.
In the past 5 years there have been no cases of litigation taken against the Central Bank of
Ireland arising from its supervisory functions, nor has it had to pay any compensation
arising from this role.
Assessment of
Principle 2
Materially Noncompliant
Comments The Minister may remove an appointed member of the Commission from office if, in the
Minister’s opinion, it is necessary or desirable to do so to enable the Commission to
function effectively. To date the Minister has not utilized this power. The CBI has requested
that this legislative provision be repealed, however the Department of Finance his indicated
that it will not be taking any action on the basis of this request.
The CBI can only revoke a banking license (i.e. where revocation is not being sought by the
license holder) with the prior consent of the Minister for Finance.
The CBI may not deny a license application or revoke a license granted based on false
information without the consent of the Minister of Finance.
The Secretary General of the Department of Finance is a member of the CBI commission.
The CBI must seek approval of the Minister to increase levies imposed on the industry
when it considers that current levels are insufficient to properly perform its function.
The CBI staff are held to equivalent civil/public service pay scale and conditions. Banking
Supervision is currently operating with vacancies and turnover in key skilled positions is
high.
The record shows that there has been no evidence of interference by the Minister for
Finance, through the relevant legislative provisions highlighted above, in the operational
independence of the Central Bank. The legal framework should be amended to document
the practice and ensure its continuity as players change.
Although, as a matter of practice, the CBI reimburses staff for legal expenses, this is done
ex-post.
Principle 3 Cooperation and collaboration. Laws, regulations or other arrangements provide a
framework for cooperation and collaboration with relevant domestic authorities and
foreign supervisors. These arrangements reflect the need to protect confidential
IRELAND
INTERNATIONAL MONETARY FUND 41
information.
9
Essential criteria
EC1 Arrangements, formal or informal, are in place for cooperation, including analysis and
sharing of information, and undertaking collaborative work, with all domestic authorities
with responsibility for the safety and soundness of banks, other financial institutions and/or
the stability of the financial system. There is evidence that these arrangements work in
practice, where necessary.
Description and
findings re EC1
The Central Bank is responsible for the supervision of financial service providers and
markets in Ireland in addition to having responsibility for financial stability. Other relevant
domestic authorities include the Garda Síochána (the Irish Police force), Revenue
Commissioners, Director of Corporate Enforcement, Competition Authority and National
Consumer Agency. In addition, liaising is required from time to time with the Department
of Finance and/or Minister for Finance. There is specific provision in European and
domestic legislation, in addition to agreed protocols with some of these agencies, to allow
for cooperation and sharing of confidential information.
There are formal gateways in domestic legislation to both mandatorily report to and share
information with the relevant authorities. There are informal, non-legal arrangements in
place for cooperation and the sharing of information (e.g. Department of Finance, Office of
the Director of Corporate Enforcement (ODCE)).
In 2008 an MoU was agreed between the Central Bank and the Irish Auditing and
Accounting Supervisory Authority (IAASA). IAASA is the regulatory body charged with
responsibility for oversight of the auditing profession in Ireland. It allows, inter alia, for
exchange of relevant information and cooperation in respect of investigation work of either
party.
An MoU between the Central Bank and the Department of Finance has been in place since
2011 in relation to oversight of the banking sector (this in addition to an MoU on Financial
Stability, in place since 2007), and the State supported credit institutions. It sets out the
respective responsibilities of the parties (and recognizes the statutory functions of the
Central Bank), the general principles for cooperation and information exchange, and
confirms in particular that the provisions of Section 33AK of the Central Bank Act 1942 and
of professional secrecy in the CRD apply.
Section 33AK of the Central Bank Act 1942 is the key piece of legislation regarding
coordination and collaboration between the domestic authorities involved in financial
sector regulation. Sections (3) and (5) are the main sections: Subsection (3) – Requires the
Central Bank to report certain matters to the bodies; and Subsection (5) – Enables the
Central Bank to disclose confidential information to relevant parties.
Section 33AK(3)states:
(a) Subject to subsection (1)(b) and paragraph (b), the Bank shall report, as
appropriate, to-
9
Principle 3 is developed further in the Principles dealing with “Consolidated supervision” (12), “Home-host
relationships” (13) and “Abuse of financial services” (29).
IRELAND
42 INTERNATIONAL MONETARY FUND
(i) the Garda Síochána, or
(ii) the Revenue Commissioners, or
(iii) the Director of Corporate Enforcement, or
(iv) the Competition Authority, or
(iva) the National Consumer Agency, or
(v) any other body, whether within the State or otherwise, charged
with the detection or investigation of a criminal offence, or
(vi) any other body charged with the detection or investigation of a
contravention of-
(I) the Companies Acts 1963 to 2001, or
(II) the Competition Act 2002, or in so far as any
commencement order under that Act does not relate to
the repeal of provisions of the Competition Acts 1991
and 1996, which would otherwise be subsisting those
Acts,
any information relevant to that body that leads the Bank to
suspect that-
(A) a criminal offence may have been committed by a
supervised entity, or
(B) a supervised entity may have contravened a provision
of an Act to which subparagraph (vi) relates.
In terms of EU law, Article 47 of the CRD is the most relevant:
Articles 44(1) and 45 shall not preclude the exchange of information within a
Member State, where there are two or more competent authorities in the same
Member State, or between Member States, between competent authorities and
the following:
(a) authorities entrusted with the public duty of supervising other
financial organisations and insurance companies and the authorities
responsible for the supervision of financial markets;
(b) bodies involved in the liquidation and bankruptcy of credit
institutions and in other similar procedures; and
(c) persons responsible for carrying out statutory audits of the accounts
of credit institutions and other financial institutions; in the discharge
of their supervisory functions.
Articles 44(1) and 45 shall not preclude the disclosure to bodies which
administer deposit-guarantee schemes of information necessary to the exercise
of their functions. In both cases, the information received shall be subject to the
conditions of professional secrecy specified in Article 44(1).
In addition, as regards financial crime, the Central Bank must report to the Gardaí and the
Revenue Commissioners any suspicion it forms of a contravention of Irish anti-money
laundering or terrorist financing laws (Criminal Justice (Anti-Money Laundering and
Terrorist) Financing Act 2010.
Given the Central Bank is responsible for the safety and soundness of banks and financial
stability, an internal framework has been established to facilitate cooperation and sharing
of information between the respective areas. Various committee structures have been
established to support the governance arrangements: the Governor’s Committee, the
Senior Leadership Committee, the Financial Stability Committee, the Supervisory Risk
Committee and the Policy Committee. Key supervision staff attends several Committees, i.e.
IRELAND
INTERNATIONAL MONETARY FUND 43
the Directors of Credit Institutions and Insurance Supervision attends both Supervisory Risk
Committee and Policy Committee.
The Supervisory process also formally takes account of financial stability considerations –
for example, the PRISM framework (see CP8) includes an assessment by the Financial
Stability Division of environmental risk (which includes macro-economic risks and sector-
specific risks. There was evidence to suggest that the feedback loop between financial
stability and bank supervision has been strengthened over the last several years.
In terms of the arrangements for environmental risk (which includes macro-economic risks
and sector-specific risks), there are other domestic authorities with which the Central Bank
collaborates and shares information. These authorities have (i) an interest in the overall
stability of the financial system (e.g. Department of Finance), and (ii) responsibility for
monitoring compliance with other relevant legislation (e.g. company law, data protection,
financial crime and fraud).
Evidence suggested that these arrangements worked in practice:
- Consultation on formal supervisory decisions (e.g. bank license applications,
material M&A activity requiring supervisory approval, responding to formal
Department of Finance Consultations with the Central Bank Governor). The PRISM
framework requires the assessment of Environmental Risk (with subcategories of
Macroeconomic and Sector Specific Environmental Risk). Ratings and rationales on
these are agreed centrally between Financial Stability, Risk division and supervisory
divisions. These assessments are available to supervisors to import (see CP8) and
amend as necessary.
- Reporting breaches of certain regulatory requirements to the Gardaí.
- Reporting suspicions of unlawful conduct, financial crime, and or fraud to the
Gardaí Síochána, Revenue Commissioners, ODCE as appropriate
- Formal consultations with the Minister for Finance where he intends to exercise his
powers in relation to the banking system (e.g. Direction/Transfer Orders provided
for in the CISA 2010).
- Quarterly reporting to the Minister on banks’ compliance with the Credit
Institutions (Financial Support) Scheme 2008.
EC2 Arrangements, formal or informal, are in place for cooperation, including analysis and
sharing of information, and undertaking collaborative work, with relevant foreign
supervisors of banks and banking groups. There is evidence that these arrangements work
in practice, where necessary.
Description and
findings re EC2
The Central Bank is responsible for supervision of banks which are at the head of, or part
of, banking groups which involve foreign supervisory authorities, located both within and
outside the EU. As both a Home and Host supervisory authority, the Central Bank co-
operates and shares relevant information on an ongoing basis with other foreign
supervisory authorities.
In the context of cooperation and sharing of confidential information with foreign
IRELAND
44 INTERNATIONAL MONETARY FUND
supervisors (from a banking supervision perspective), there is provision in European and
domestic legislation for cooperation and sharing of confidential information with
supervisors both within and outside the EU. These are supplemented with other non-legal
(informal) arrangements such as MoUs and ‘multilateral cooperation agreements’ made
with other competent authorities. Examples of Bilateral MoUs include: Bahrain, Belgium,
Canada, Denmark, Dubai, Malaysia and U.S. and examples of Multilateral MoUs include: U.S.
(Federal Reserve Board, OCC and FDIC signed in April 2013).
The Central Bank Act, 1942 – Section 33AK(5), make specific provisions for the sharing of
information with foreign supervisors, particularly subsections (d) & (e).
(5) Subject to subsection (1A), the Bank may disclose confidential information-
[…]
(d) to an authority in a jurisdiction other than that of the State duly
authorized to exercise functions similar to any one or more of the
statutory functions of the Bank and which has obligations in
respect of nondisclosure of information similar to the obligations
imposed on the Bank under this section, or
(e) to any institution of the European Community because of the
State’s membership of the Community, or to the European
Central Bank for the purpose of complying with the Rome Treaty
or the ESCB Statute, or
(6) Any person or entity to whom confidential information is provided under
subsection (3)(a) or (5) shall comply with the provisions on professional
secrecy in the Supervisory Directives in holding and dealing with
information provided to them by the Bank.
The relevant EU law is CRD – Articles 44-52 (Exchange of Information and Professional
Secrecy); 131 & 132 (Supervision). Exchange of information and professional secrecy is
contained with Article 44: Member States shall provide that all persons working for or who
have worked for the competent authorities, as well as auditors or experts acting on behalf
of the competent authorities, shall be bound by the obligation of professional secrecy. No
confidential information which they may receive in the course of their duties may be
divulged to any person or authority whatsoever, except in summary or collective form, such
that individual credit institutions cannot be identified, without prejudice to cases covered
by criminal law. Nevertheless, where a credit institution has been declared bankrupt or is
being compulsorily wound up, confidential information which does not concern third
parties involved in attempts to rescue that credit institution may be divulged in civil or
commercial proceedings.
The other relevant Articles include 46 – 52 which sets out the framework for member states
to cooperate in an effort to strengthen the stability, including integrity, of the financial
system, allowing for the exchange of information between the competent authorities and
the authorities or bodies responsible under law for the detection and investigation of
breaches of company law.
By way of a practical example, formal arrangements are in place where the Central Bank
leads supervisory Colleges in respect of the two High Impact banking groups in Ireland.
These Colleges have been in operation for a number of years and comprise both EU and
non-EU supervisors. The relevant EU supervisor concerned is subject to the provisions of
the CRD in addition to a Multilateral Cooperation Agreement being in place, and MOUs
have been agreed with respect to the relevant non-EU supervisors. The minutes from the
IRELAND
INTERNATIONAL MONETARY FUND 45
Colleges showed good levels of cooperation between the attendees conducting a joint risk
assessment of the group, reaching decisions on capital adequacy, and sharing plans on
future supervisory activities.
Joint Risk Assessment Documents (JRADs) have been agreed in both years. These Colleges
have been overseen by EBA observers. There is also ongoing cooperation and exchange of
information between the various supervisors throughout each year.
The Central Bank is a host member of a number of Colleges, both within and outside the
EU (e.g. UK, Italian, German, US and Canadian banking groups). The Central Bank is a
signatory to MOUs and/or Multilateral Cooperation Agreements in respect of participation
at these Colleges and many involve input into JRAD reports, and agreeing capital decisions.
Cooperation is also ongoing with these supervisors. These Colleges also agree the broad
supervisory plans and work focus for the year ahead.
The Central Bank also works very closely with other supervisors throughout the year and
collaborates on supervisory assessment and approvals. For example, supervisors work
together with other regulators on plans by banks to establish new business, transfer some
or all of their business between jurisdictions, repatriate capital/revenue reserves, develop
liquidity/funding arrangements etc. In practice, for lower risk PRISM Impact banks the
engagement with Home supervisors is mainly centered mainly around the formal college
arrangement, whereas for High Impact banks the engagement is considerably more
frequent, less informal and supervisor to supervisor.
EC3 The supervisor may provide confidential information to another domestic authority or
foreign supervisor but must take reasonable steps to determine that any confidential
information so released will be used only for bank-specific or system-wide supervisory
purposes and will be treated as confidential by the receiving party.
Description and
findings re EC3
In the context of sharing confidential information, safeguards are provided for in law as to
the purposes for which shared information may be used – i.e. the professional secrecy
provisions of the CRD (see below), which are given effect in domestic law through Section
33AK(5) – (The nature and type of such engagement is described in EC1 & EC2 above).
In addition to the legal provisions, on a practical basis the provision of confidential
information is done through MOUs with other authorities. These MOUs require, inter alia,
that confidential information shared will only be used in the performance of regulatory and
supervisory functions and subject to any restrictions agreed, and/or must recognize the
professional secrecy obligations under EU and domestic law.
Sections 33AK(5)(d) & (6) of the Central Bank act 1942 provide that any information shared
of a confidential nature must comply with the professional secrecy provisions of the
supervisory directives (e.g. CRD). Directive 2006/48/EC (‘CRD’) provides, inter alia, for
cooperation and sharing of confidential information between competent authorities, both
within and outside of the EU. These provisions are specifically set out in Articles 44 to 52.
Supervisory teams participate in Colleges and exchange confidential information as
required throughout the supervisory period. These exchanges are governed by the above
legal provisions. In addition, MOUs and Multilateral Cooperation Agreements are also in
place which set out clear principles surrounding sharing of confidential information.
EC4 The supervisor receiving confidential information from other supervisors uses the
confidential information for bank-specific or system-wide supervisory purposes only. The
IRELAND
46 INTERNATIONAL MONETARY FUND
supervisor does not disclose confidential information received to third parties without the
permission of the supervisor providing the information and is able to deny any demand
(other than a court order or mandate from a legislative body) for confidential information
in its possession. In the event that the supervisor is legally compelled to disclose
confidential information it has received from another supervisor, the supervisor promptly
notifies the originating supervisor, indicating what information it is compelled to release
and the circumstances surrounding the release. Where consent to passing on confidential
information is not given, the supervisor uses all reasonable means to resist such a demand
or protect the confidentiality of the information.
Description and
findings re EC4
The Central Bank is subject to strict legal requirements in relation to confidentiality of
information. These are set out in domestic law and require that the Central Bank cannot
provide confidential information except in specified circumstances, i.e. with the consent of
the authority that provided the information; where required for criminal proceedings; or
where it is being provided to another supervisory authority subject to the same
professional secrecy laws. Sections 33AK(5)(d) & (6) of the Central Bank act 1942 provide
that any information shared of a confidential nature must comply with the professional
secrecy provisions of the supervisory directives. Articles 44 to 52 of the EU Directive
provides for cooperation and sharing of confidential information between competent
authorities, both within and outside of the EU.
As referred to in EC3 above, the Central Bank is a signatory to a number of MOUs. These
provide, inter alia, that it can only use confidential information received for certain
purposes, must obtain the permission of the authority that shared it in certain
circumstances, and must inform the other authority of mandatory or legal requests to
disclose and use best endeavours to resist these requests.
The Central Bank is not, at present, subject to the provisions of the Freedom of Information
Act (as is the case with Government Departments and certain public bodies). This
legislation gives the public the right to access documents and records of these bodies,
although there are exemptions to protect information relating to key areas of Government
activity, parliamentary and court matters as well as third party information of a personal,
commercial or confidential nature.
The Central Bank exercises its powers under Section 33AK of the Central Bank 1942 not to
share confidential information. For example, the Central Bank receives requests from
members of the public, other agencies/institutions, media, and parliamentary members to
access information relating to individual banks. This approach and exercise of Central Bank
powers is applied to all confidential information in its possession, whether produced
internally, received from banks, or received from other supervisory authorities.
No examples have been identified of the Central Bank being legally compelled to pass on
information received from another supervisor and having to use best efforts to resist the
demand (or vice versa).
EC5 Processes are in place for the supervisor to support resolution authorities (e.g. central
banks and finance ministries as appropriate) to undertake recovery and resolution planning
and actions.
Description and
findings re EC5
The CBCIR was enacted in 2011. This act establishes an effective resolution regime for
certain institutions at the least cost to the State. The Special Resolution Unit (SRU) was
established within the Central Bank to operationalize this legislation.
IRELAND
INTERNATIONAL MONETARY FUND 47
While operationally separate, both the Supervisory Function and the Special Resolution
Unit (SRU) sit within the Central Bank. This allows for interaction and information sharing at
an earlier stage. A MOU is envisaged between the supervisory and resolution units to
formalize the interaction between the units, especially in the areas of:
? Early notification of distress in an entity (to assist resolution planning)
? Consideration of triggers
? Development of Recovery & Resolution (R&R) plans
The CBCIR Act 2011 does not, however, apply at present to those credit institutions that
come under the remit of emergency legislation introduced during the banking crisis to deal
with those domestic institutions which needed State support. These are the institutions of
greatest systemic importance in this jurisdiction.
These institutions are, however, in receipt of significant State support, and are also subject
to a heightened level of supervisory and legal requirements and oversight. In effect these
institutions have been and will be in a recovery and resolution process for some time. It
would be the intention that if, and when, they come out of the regime of State support
they will be covered under the provisions of the CBCIR Act 2011.
While the Central Bank has not required recovery plans from all credit institutions, recovery
plans have been requested from the two largest banking groups in Ireland. Within Europe
the forthcoming Banking Recovery and Resolution Directive will contain minimum
requirements with respect to recovery and resolution planning for credit institution and
investment firms
In respect of recovery and resolution plans, the CBCIR Act 2011 permits the Central Bank to
request recovery plans from institutions. SRU has prepared draft recovery plan guidelines
for institutions and anticipate that these guidelines will be subject to consultation with
industry and the Minister for Finance prior to being finalized. These guidelines prepared in
line with the discussion paper on the topic produced by the European Banking Authority
(EBA) Sub Group on Crisis Management and will be finalized after the Banking Recovery
and Resolution Directive has been implemented.
The CBCIR Act 2011 is relatively new legislation and has not been required to be used to
resolve a licensed bank in this jurisdiction.
The Deposit Guarantee Scheme is administered by the Payments and Securities Settlements
Division of the Central Bank. An MOU has been agreed between Payments and Securities
Settlements Division, Banking Supervision and the SRU. It sets out the responsibilities of
each party in respect of the operation of the Irish Scheme.
The Deposit Guarantee Scheme (DGS) was established under the terms of:
? The European Communities (Deposit Guarantee Schemes) Regulations, 1995 (S.I.
No.168 of 95) and amended by European Communities (Deposit Guarantee
Schemes) (Amendment) Regulations,2009 (S.I. No. 228 of 2009); and
? The Financial Services (Deposit Guarantee Scheme) Act 2009.
The DGS was invoked for the first time in respect of the liquidation of Irish Bank Resolution
Corporation in February 2013. The liquidation was initiated under special legislation rather
than under the CBCIR Act 2011. The terms of the IBRC Act 2013 provided that a Special
IRELAND
48 INTERNATIONAL MONETARY FUND
Liquidation Order by the Minister for Finance constituted a compensation event for the
purposes of the DGS.
As at 30 April, the DGS had paid out €9.6 million in compensation to 594 eligible
depositors in accordance with the rules of the scheme. The Special Liquidators continue to
review deposits held by customers who also hold loans, to establish if a right of set off
applies. These investigations may identify additional accounts which qualify for DGS
compensation and further payments will be made in due course.
A coordinating committee was established within the Central Bank to oversee the
supervisory and compensation aspects of the liquidation.
Assessment of
Principle 3
Compliant
Comments The Central Bank is responsible for the regulation of financial service providers and markets
in Ireland, and ensuring financial stability. There is provision in European and domestic
legislation for cooperation and sharing of confidential information with supervisors both
within and outside the EU. In addition there are other non-legal (informal) arrangements
such as MoUs and ‘multilateral cooperation agreements’ made with other competent
authorities. Evidence suggested these arrangements were working effectively.
Formal and information arrangements are in place between the relevant authorities to
facilitate cooperation and coordination, importantly between the Central Bank and the
Minister for Finance. An MoU between the Central Bank and the Department of Finance has
been in place since 2011 in relation to oversight of the banking sector and State supported
credit institutions.
The Central Bank leads supervisory colleges for two systemic banking groups in Ireland as
well as participating in joint risk assessments. Evidence showed the process working in
practice to share relevant information, conduct joint risk assessments and coordinate
supervisory activities where possible.
The CBCIR Act 2011 does not currently apply to those credit institutions that come under
the remit of emergency legislation introduced during the banking crisis to deal with those
domestic institutions which needed State support which are the institutions of greatest
systemic importance in this jurisdiction. To mitigate this gap, these institutions which are, in
receipt of significant State support are also subject to a heightened level of supervisory and
legal requirements and oversight. In effect these institutions have been and will be in a
recovery and resolution process for some time. It would be the intention that if, and when,
they come out of the regime of State support they will be covered under the provisions of
the CBCIR Act 2011.
The Central Bank has not required recovery plans from all credit institutions. However,
recovery plans have been requested from the two largest domestic banking groups in
Ireland). Ireland is not a Home supervisor for any G-SIBs.
Principle 4 Permissible activities. The permissible activities of institutions that are licensed and
subject to supervision as banks are clearly defined and the use of the word “bank” in names
is controlled.
Essential criteria
IRELAND
INTERNATIONAL MONETARY FUND 49
EC1
The term “bank” is clearly defined in laws or regulations.
Description and
findings re EC1
The terms “credit institution” and “banking business” are defined in legislation. Only bank
license holders can conduct banking business or hold themselves out as banks. The range
of activities that may be conducted by banks is specified (activities are detailed in Annex 1
of Directive 2006/48/EC). The use of the word “bank” and its derivations are tightly
controlled by the CBI (with prior CBI approval being required where the term bank is
proposed for use by a nonbank organization). Only institutions that are licensed and
subject to supervision as banks (with defined exceptions as set out in the response to EC4)
may accept deposits from the public. The CBI publishes a detailed list of licensed
institutions on a daily basis.
The powers of the CBI in this area are outlined in Sections 7 and 8 of the CBI Act, 1971.
EC2
The permissible activities of institutions that are licensed and subject to supervision as
banks are clearly defined either by supervisors, or in laws or regulations.
Description and
findings re EC2
The activities which may be conducted by banks are set out at Annex I of Directive
2006/48/EC. The Directive requires that ‘Member States shall require credit institutions to
obtain authorization before commencing their activities’.
In addition, banks may also provide the services and activities detailed in Sections A and B
of Annex I to Directive 2004/39/EC of the European Parliament and of the Council of 21
April 2004 on markets in financial instruments (MiFID), when referring to the financial
instruments provided for in Section C of Annex I of that Directive.
Notwithstanding the general range of permissible activities, the activities which may be
undertaken by individual institutions may be restricted by the CBI, particularly when a
banking license is being awarded, to those activities which it is proposed will be
undertaken as set out in the banking license application. Any further activities not detailed
in the banking license application would then require prior CBI approval before they could
be undertaken.
Schedule to S.I. No. 395 of 1992 / European Communities (Licensing and Supervision of
Credit Institutions) Regulations 1992, lists a range of activities which are subject to mutual
recognition by EU regulators when conducted by banks. The only activity that a bank could
not engage in is that in relation to insurance. It may be able to do so through a subsidiary
or parent but the bank itself cannot carry on insurance business.
CRD (2006/48) has been largely transposed into Irish law by the CBI Act 1971, S.I. 661 of
2006, the amended S.I. 395 of 1992 and S.I. 475 of 2009 in relation to banks. Section 7 of
the CBI Act 1971 requires that any person who wishes to carry on “banking business” must
be authorized by the CBI. “Banking business” is defined in section 2(1) of the CBI Act 1971.
EC3
The use of the word “bank” and any derivations such as “banking” in a name, including
domain names, is limited to licensed and supervised institutions in all circumstances where
the general public might otherwise be misled.
Description and
findings re EC3
It is unlawful to carry out banking business or represent oneself as a banker without
holding a banking license (which can only be issued by the Central Bank).
Prior permission of the CBI is required if a company wishes to use the word ‘bank’, ‘banker’
etc. Irish credit institutions or branches of European Economic Area (EEA) credit institutions
operating in Ireland do not require an exemption for trading names with the word bank,
IRELAND
50 INTERNATIONAL MONETARY FUND
banking or banker in the title. There are procedures in place which banking supervision
staff follows in assessing such applications.
Sections 7 and 8 of the CBI Act, 1971 address use of the terms ‘bank’, ‘banker.’
Since 2011, the CBI has approved 11 applications for use of the word ‘Bank’, with one
application being rejected. In addition, the CBI issued a “non-objection” in relation to one
application on the basis that Irish credit institutions or branches of EEA credit institutions
operating in Ireland do not require an exemption for trading names with the word bank,
banking or banker in the title.
EC4
The taking of deposits from the public is reserved for institutions that are licensed and
subject to supervision as banks.
10
Description and
findings re EC4
Section 7 of the Central Bank Act 1971 provides that: ‘Subject to the provisions of this Act, a
person, other than a Bank, shall not, in or outside the State, carry on banking business or hold
himself out or represent himself as a banker or as carrying on banking business or on behalf
of any other person accept deposits or other repayable funds from the public, unless he is the
holder of a license.’
EC5 The supervisor or licensing authority publishes or otherwise makes available a current list of
licensed banks, including branches of foreign banks, operating within its jurisdiction in a
way that is easily accessible to the public.
Description and
findings re EC5
The CBI publishes on its website the following information:
? Register of Credit Institutions (which includes branches of foreign banks, and foreign
banks which provide services on a cross-border basis in Ireland). This is updated on
a daily basis.
? Register of designated credit institutions under the Asset Covered Securities Act
2001. This is also updated on a daily basis.
? An annual list of bank license holders at the end of the previous year.
This data can be easily located by the public as the ‘Registers’ icon appears on opening the
Central Bank Homepage.
Assessment of
Principle 4
Compliant
Comments
Principle 5 Licensing criteria. The licensing authority has the power to set criteria and reject
applications for establishments that do not meet the criteria. At a minimum, the licensing
process consists of an assessment of the ownership structure and governance (including
the fitness and propriety of Board members and senior management)
11
of the bank and its
10
The Committee recognizes the presence in some countries of nonbanking financial institutions that take deposits
but may be regulated differently from banks. These institutions should be subject to a form of regulation
commensurate to the type and size of their business and, collectively, should not hold a significant proportion of
deposits in the financial system.
11
This document refers to a governance structure composed of a board and senior management. The Committee
recognizes that there are significant differences in the legislative and regulatory frameworks across countries
(continued)
IRELAND
INTERNATIONAL MONETARY FUND 51
wider group, and its strategic and operating plan, internal controls, risk management and
projected financial condition (including capital base). Where the proposed owner or parent
organization is a foreign bank, the prior consent of its home supervisor is obtained.
Essential criteria
EC1
The law identifies the authority responsible for granting and withdrawing a banking license.
The licensing authority could be the banking supervisor or another competent authority. If
the licensing authority and the supervisor are not the same, the supervisor has the right to
have its views on each application considered, and its concerns addressed. In addition, the
licensing authority provides the supervisor with any information that may be material to
the supervision of the licensed bank. The supervisor imposes prudential conditions or
limitations on the newly licensed bank, where appropriate.
Description and
findings re EC1
The CBI is the authority for licensing of banks. The denial of a licensing application, requires
the consent of the Minister for Finance. In these cases, the views of the CBI will be
considered by the Minister for Finance.
The CBI is also the competent authority for supervising banks and imposes prudential
conditions on all newly licensed banks. These may be adjusted to reflect the nature and/or
complexity of the bank. The Authorization Team meets with the Supervision team in
advance of and following authorization.
Article 6 of the CRD refers to the requirement for credit institutions to obtain authorization
before commencing their activities. Article 9 refers to those circumstances in which the
competent authority shall not grant authorization.
Section 9(1) of the CBI Act 1971 identifies the CBI as the competent authority for both
granting and withdrawing a license. However, it should be noted that in specified
circumstances Ministerial approval will be required for the withdrawal of a license. Section
9(1) states that “Subject to the provisions of this section, the Bank may, in its discretion, grant
or refuse to grant to any person applying to it for the grant thereof a license authorizing the
holder to carry on banking business.” Section 11(1) of the Central Bank Act 1971 advises that
the Central Bank may revoke a license where the license holder so requests however
Ministerial consent is required in other specified circumstances.
Section 10 of the CBI Act 1971 states that the CBI has the ability to impose
conditions/requirements on all newly-licensed banks where relevant.
Section 18 of the CBI Act 1971 enables the CBI to request that certain information or
regarding these functions. Some countries use a two-tier board structure, where the supervisory function of the
board is performed by a separate entity known as a supervisory board, which has no executive functions. Other
countries, in contrast, use a one-tier board structure in which the board has a broader role. Owing to these
differences, this document does not advocate a specific board structure. Consequently, in this document, the terms
“board” and “senior management” are only used as a way to refer to the oversight function and the management
function in general and should be interpreted throughout the document in accordance with the applicable law within
each jurisdiction.
IRELAND
52 INTERNATIONAL MONETARY FUND
returns are provided to it. These may be requested only where the CBI is of the view that
the information or returns are necessary for the proper performance of its functions.
Section 23 of the Central Bank Act 1971 enables the Central Bank to require credit
institutions to maintain specified ratios.
EC2
Laws or regulations give the licensing authority the power to set criteria for licensing banks.
If the criteria are not fulfilled or if the information provided is inadequate, the licensing
authority has the power to reject an application. If the licensing authority or supervisor
determines that the license was based on false information, the license can be revoked.
Description and
findings re EC2
The CBI has the power to set criteria for licensing banks, reject an application if the criteria
are not fulfilled or if the information provided is not adequate and revoke a banking license
if it was granted based on false information (Ministerial consent is required in this instance).
The CBI also needs Minister for Finance consent to deny an application.
Criteria for authorization
Article 6 of the CRD “Member States shall require credit institutions to obtain authorization
before commencing their activities. Without prejudice to Articles 7 to 12, they shall lay
down the requirements for such authorization and notify them to the Commission.”
Section 9(4) of the CBI Act 1971 states that “An application for a license shall be in such
form and contain such particulars as the Bank may from time to time determine.” This would
allow the CBI to reject an application based on inadequate information.
Section 6(1) of S.I. 395 of 1992 permits the CBI to set a higher capital requirement than €5
million if deemed necessary.
The CBI’s regulatory document entitled “Banking License Application under the CBI Act,
1971 (as amended) – Guidelines on completing and submitting Banking License Applications”
gives guidance on the criteria for applying for a banking license.
Section 9 of the CBI Act 1971 states:
9.-
(1) Subject to the provisions of this section, the Bank may, in its discretion, grant or
refuse to grant to any person applying to it for the grant thereof a license
authorizing the holder to carry on banking business.
(1A) The Bank shall not grant a license under this section to an applicant unless the
applicant satisfies the Bank that-
(a) it is a body corporate,
(b) its registered office and its head office are both located in the State,
(c) it is a credit institution that is authorised for the purposes of the Recast
Credit Institutions Directive,
(d) its business as a credit institution is directed by at least 2 persons who
are of good repute and have sufficient experience to direct that
business, and
(e) those persons’ direction of that business is real and not merely
nominal.
(2) The Bank shall not refuse to grant a license without the consent of the Minister
IRELAND
INTERNATIONAL MONETARY FUND 53
and unless it is satisfied that the grant of the license would not be in the
interest of the orderly and proper regulation of banking, and the Minister shall
not grant his consent to the refusal unless he is satisfied that the grant of the
license would not be in the interest of the orderly and proper regulation of
banking.
Revoke authorisation if granted on basis of false information
Section 11(1) of the CBI Act 1971, which transposes article 17 of the CRD, is key states:
The Bank may-
[…]
(b) with the consent of the Minister, revoke a license if the holder of the license-
[…]
(iv) has obtained the license through false statements or any other
irregular means.
Article 17 of the CRD states that “The competent authorities may withdraw the authorization
granted to a credit institution only where such an institution:
[…]
b) has obtained the authorization through false statements or any other irregular
means.
EC3 The criteria for issuing licenses are consistent with those applied in ongoing supervision.
Description and
findings re EC3
The criteria for issuing licenses are consistent with those applied in ongoing supervision.
The regulatory document entitled “Banking License Application under the Central Bank Act,
1971 (as amended) – Guidelines on completing and submitting Banking License Applications”
states:
“Each potential applicant must assess whether its proposed business model
? Requires a banking license (including meeting the definition of “banking business“ in
the Act)
? Complies with the Central Bank’s requirements; and
? Will comply with the requirements that must be adhered to by credit institutions on an
ongoing basis.”
In addition, the “Checklist for completing and submitting Bank License Applications”
completed by applicants during the application process seeks information on all the criteria
which banks are required to comply with on an ongoing basis. In particular, section 7
requires details of the “Organization of the Applicant and Governance Arrangements.”
Detailed information is also sought on “Risk Oversight” which includes:
? Audit;
? Compliance;
? Risk Management;
? Treasury;
? Financial Control;
? Credit;
? Internal Controls/Policies;
? Anti-Money Laundering Procedures;
? Conflict of Interest;
? Liquidity;
? Outsourcing; and
? Reporting Structures.
IRELAND
54 INTERNATIONAL MONETARY FUND
For example, one of the criteria for issuing licenses is that the proposed corporate
governance structure is in compliance with the Central Bank’s regulatory document entitled
“Corporate Governance Code for Credit Institutions and Insurance undertakings.” All licensed
banks are also required to comply with this code on an ongoing basis and the applicant’s
ability to comply at the outset would be considered as part of the application process.
Where, as part of the banking license application, the applicant bank proposes providing
services into an EU Country on a cross-border basis or branch basis, the CBI writes to the
host country to notify it of the bank’s intention to passport its services into that country.
The notifications are not issued until the entity has received its banking license.
EC4 The licensing authority determines that the proposed legal, managerial, operational and
ownership structures of the bank and its wider group will not hinder effective supervision
on both a solo and a consolidated basis.
12
The licensing authority also determines, where
appropriate, that these structures will not hinder effective implementation of corrective
measures in the future.
Description and
findings re EC4
Bank applicants owned by credit institutions
The CBI reviews the proposed legal, managerial, operational and ownership structures of
both the applicant bank and the group to ensure that the structures at both solo and
group level would not hinder (i) effective supervision on a consolidated basis and/or (ii)
effective implementation of corrective measures in the future.
Bank applicants owned by corporates
In accordance with the CRD, the CBI issues licenses to subsidiaries of unregulated entities.
Those structures may reduce the transparency of transactions between the parent and the
regulated Irish entity. Additionally, the CBI performs fit and proper review on the
controlling owner but not on management of the unregulated parent. To mitigate risks that
may arise from the unregulated parent, the CBI imposes additional conditions at applicant
level to ensure that the proposed legal, managerial, operational and ownership structures
of the bank and its wider group do not hinder supervision. The CBI can impose conditions
such as ring-fencing the Irish entity from the rest of the group or requiring it to submit
specified documentation relating to both it and the group on a regular basis (Section 18 of
the Central Bank Act 1971 requires that the bank shall “provide the Bank, at such times, or
within such periods, as the Bank specifies from time to time, with such information and
returns concerning the relevant business carried on by the person as the Bank specifies from
time to time”).
The CBI also lacks enforcement power over unregulated parent or its management.
Section 8(1) of S.I. 395 of 1992 requires that the CBI consults with the competent authority
in another Member State before it grants an authorization to a credit institution in any case
in which that credit institution is a subsidiary or fellow subsidiary of a credit institution
authorized in that Member State.
Section 9(1) of the CBI Act 1971 requires that the applicant is a body corporate, that its
registered office and its head office are both located in the State, that its business as a
credit institution is directed by at least 2 persons who are of good repute and have
12
Therefore, shell banks shall not be licensed. (Reference document: BCBS paper on shell banks, January 2003.)
IRELAND
INTERNATIONAL MONETARY FUND 55
sufficient experience to direct business, and that those persons’ direction of that business is
real and not merely nominal.
In the period, 2008 to 2013, the following banking licenses have been processed:
? One on behalf of a US corporate - granted
? One conversion of a building society into a licensed credit institution – granted
? Three mortgage banks – granted
One credit institution – granted
EC5 The licensing authority identifies and determines the suitability of the bank’s major
shareholders, including the ultimate beneficial owners, and others that may exert
significant influence. It also assesses the transparency of the ownership structure, the
sources of initial capital and the ability of shareholders to provide additional financial
support, where needed.
Description and
findings re EC5
All qualifying shareholders (greater than 10% shareholding) who are natural persons are
required to submit an Individual Questionnaire (a form completed by the proposed
shareholder that requests information such as prior experience, skills, expertise, other
directorships and shareholdings etc.). This form is reviewed by the Regulatory Transactions
Division within the CBI to determine suitability. Where the shareholder is a company or
bank the CBI seeks detailed financial information on same. It also ensures that the
promoter of the new bank has sufficient funds to establish a bank and to provide
additional capital where required. For unregulated, cross-border parent company, the CBI
lacks authority to perform fit and proper tests on senior management.
The CBI’s “Checklist for completing and submitting Bank License Applications” requires full
details of the owners, ownership structure, sources of initial capital and the ability of
shareholders to provide additional financial support where needed. Sections 2 (Overview of
Parent/Group), 4 (Ownership Structure), 9 (Capital, Funding and Solvency) and 10 (Financial
Information and Projections) are particularly relevant. The CBI ensures that the Applicant
has sufficient funds to meet all regulatory obligations. This is evidenced by financial
statements, etc. The CBI also requests a bank statement of the applicant bank prior to bank
license being issued to ensure that the funds have been lodged.
Regulation 7(1) of S.I. 395 of 1992 requires that the CBI be notified of the identity of all
persons having a qualifying holding in the applicant and the size of the holding in
question.
Regulation 7(2) of S.I. 395 of 1992 requires that the CBI must be satisfied as to the fitness
and probity of all qualifying shareholders such that they will exercise their rights in the
interest of the orderly and proper regulation of credit institutions in the State.
EC6 A minimum initial capital amount is stipulated for all banks.
Description and
findings re EC6
The CBI requires all banks to hold the initial capital amount of €5 million in accordance with
legislation. As part of the CBI’s business model analysis and financial analysis, the team
ascertains how much capital is actually required to support the planned business both on a
base and stressed position. Therefore, in reality, newly licensed banks will be required to
hold much more capital depending on size, strategy, anticipated level of RWAs, etc. The
capital must be in the form of cash. The CBI would require the promoter to have sufficient
funds to cover the share capital required and ongoing capital requirements, and would not
permit the initial disbursement of capital to occur with borrowed funds.
Article 9 of the CRD (as transposed into Irish legislation by Regulation 6(1) of S.I. 395 of
1992) requires that authorization will not be granted unless the bank has initial capital of €5
IRELAND
56 INTERNATIONAL MONETARY FUND
million.
EC7 The licensing authority, at authorization, evaluates the bank’s proposed Board members
and senior management as to expertise and integrity (fit and proper test), and any
potential for conflicts of interest. The fit and proper criteria include: (i) skills and experience
in relevant financial operations commensurate with the intended activities of the bank; and
(ii) no record of criminal activities or adverse regulatory judgments that make a person
unfit to uphold important positions in a bank.
13
The licensing authority determines whether
the bank’s Board has collective sound knowledge of the material activities the bank intends
to pursue, and the associated risks.
Description and
findings re EC7
There is legislation in place and standards governing the fit and proper regime which the
applicant’s proposed board and senior management must undergo. As part of this, the CBI
is responsible for evaluating all of the proposed board members and certain identified
senior management. The criteria used include those listed below. In addition, after the bank
is licensed, the CBI continues to have oversight over the approval of all directors and senior
managers. The CBI also reviews the board as a whole to ensure that it has adequate skill
and expertise.
On 1 October 2010, Part 3 of the CBI Reform Act 2010 introduced a statutory system for
the regulation by the CBI of persons performing controlled functions (CF) or pre-approval
controlled functions (PCF) in regulated financial service providers (including credit
institutions).
There are 18 senior positions in banks which are designated as Pre-Approval Controlled
Functions (PCF). They include functions such as Chief Executive Officer, Directors or Heads
of Compliance, Risk, and Retail Sales. CBI approval is required before appointments may be
made to these positions.
On 1 December 2011, the CBI issued Standards of Fitness and Probity (‘the Standards’)
which apply to all persons performing CFs or PCFs in regulated financial service providers,
including credit institutions. A regulated financial service provider is not allowed appoint a
person to perform a controlled function unless firm is “satisfied on reasonable grounds”
that the person complies with the Standards and that the person has agreed to abide by
the Standards. In order to comply with the Standards, a person is required to be:
a) competent and capable;
b) honest, ethical and to act with integrity; and
c) financially sound.
In relation to the criterion of skills and experience in relevant financial operations
commensurate with the intended activities of the bank, the Standards require the person
applying for a PCF role to have the qualifications, experience, competence and capacity
appropriate to the relevant function. The person must be able to demonstrate that he or
she:
a) has professional or other qualifications and capability appropriate to the relevant
function;
b) has obtained the competence and skills appropriate to the relevant function,
whether through training or experience gained in an employment context;
13
Please refer to Principle 14, Essential Criterion 8.
IRELAND
INTERNATIONAL MONETARY FUND 57
c) has shown the competence and proficiency to undertake the relevant function
through the performance of (i) previous functions which, if carried out at present,
would be subject to this Code, (ii) current controlled functions, or (iii) any role similar
or equivalent to the functions that are covered by this Code. If the person performed
a function in a regulated financial service provider which, if performed at present,
would be subject to this Code, and that regulated financial service provider received
State financial support, consideration shall be given to the competence and skills
demonstrated by that person in that function and to the extent, if any, to which the
performance of his or her function may have contributed to the necessity for such
State financial support.
In relation to criminal activities or adverse regulatory judgments, the relevant standards are:
(1) A person must be able to demonstrate that his or her ability to perform the
relevant function is not adversely affected to a material degree where the
person has, in any jurisdiction:
a) been convicted of an offence either of money laundering or terrorist
financing (or their equivalents);
b) been convicted of an offence which could be relevant to that
person’s ability to perform the relevant function; or
c) had a finding, judgment or order made against him/her involving
fraud, misrepresentation, dishonesty or breach of trust or where the
person is subject to any current proceedings for fraud,
misrepresentation, dishonesty or breach of trust.
(2) The CBI has issued non statutory guidance on the approach to be taken if
holder of a controlled function has been declared bankrupt or have a criminal
conviction. The regulated financial service provider should:
? Seek and obtain signed written confirmation from the person
performing or proposing to perform a CF as to whether or not any of
the circumstances set out in the Standards (e.g. criminal conviction)
apply to that person. Where the person confirms that one of more of
the circumstances apply, the person must be in a position to
demonstrate that his or her ability to perform the CF is not adversely
affected to a material degree by that matter.
? Require from the person concerned any underlying documents
relevant to the matter (for example, a final decision or report and/or
key correspondence).
? Make an assessment based on all of the information received as to
whether the matter is material to the performance of the CF.
The question of what is material to a particular CF, however, is a matter for
the regulated financial service provider. The following matters would be
relevant in assessing the matter:
a) its seriousness
b) the relevance of those to the duties that are to be performed
c) repetition and duration of the behavior;
d) the passage of time since the matter under consideration; and
e) evidence of rehabilitation.
The Fitness and Probity process is assessed at two levels. The initial assessment is
completed by Regulatory Transactions Division, as per above. The second level check is
IRELAND
58 INTERNATIONAL MONETARY FUND
completed by the relevant supervisory division, who take a holistic view in relation to the
applicant’s role in a particular regulated institution.
If the PCF advises that it has worked for entities supervised by other competent authorities
or for other entities supervised by the CBI those other competent authorities and/or
supervision teams are also contacted for any observations/comments they may wish to
make on the applicant PCF.
Article 11 of the CRD (as transposed by Section 9 of the CBI Act 1971) requires that there
must be at least two persons who effectively direct the business of the bank. In addition,
these persons must be of sufficiently good repute and have sufficient experience to
perform such duties.
Under the CBI’s Corporate Governance Code there are additional requirements relating to
board members and certain senior management positions and the overall composition of
the board. For example, the Code requires, inter alia, the following:
? The board of an institution shall be of sufficient size and expertise to oversee
adequately the operations of the institution and shall have a minimum of 5 directors
(7 directors where the institution is deemed to be a “Major” institution)
? The majority of the board shall be independent non-executive directors
? Directors must attend a majority of board meetings
? Each board member shall have sufficient time to devote to the role of director and
associated responsibilities
? The number of directorships held by each director shall be limited.
? Appointments to the board cannot proceed where any potential conflicts of interest
emerge which are significant to the overall work of the board
? Institutions shall review board membership at least once every three years. A formal
review is required every 9 years. The renewal frequency shall consider the balance of
experience and independence sought.
? There also detailed guidelines relating to the following: Chairman, CEO, Independent
Non-Executive Directors, Non-Executive Directors and Executive Directors
In relation to the conflicts of interest, the CBI reviews the directorships, shareholdings and
executive tasks carried out by the individual to ensure that there are no apparent conflicts
of interest. In addition, the bank itself is required to check all applicants’ fitness and probity.
The Guidance advises that “probity may also include individuals ensuring that they act
without conflicts of interest.”
In relation to determining whether or not the “licensing authority determines whether the
bank’s Board has collective sound knowledge of the material activities the bank intends to
pursue, and the associated risks” the Corporate Governance Code also contains a number of
requirements including the following:
? Independent Non-Executive Directors (INEDs) must bring an independent viewpoint
to the deliberations of the board that is objective and independent of the activities
of the management and of the institution
? The Executive Directors, INEDs and Non-Executive Directors shall have a knowledge
and understanding of the business, risks and material activities of the institution to
enable them to contribute effectively
? The Executive Directors, INEDs and Non-Executive Directors shall comprise of
individuals with relevant skills, experience and knowledge (such as accounting,
auditing and risk management)
IRELAND
INTERNATIONAL MONETARY FUND 59
? The CEO shall have relevant financial services expertise, qualifications and
background. He/she shall have the necessary personal qualities, professionalism and
integrity to carry out his or her obligations.
EC8 The licensing authority reviews the proposed strategic and operating plans of the bank.
This includes determining that an appropriate system of corporate governance, risk
management and internal controls, including those related to the detection and prevention
of criminal activities, as well as the oversight of proposed outsourced functions, will be in
place. The operational structure is required to reflect the scope and degree of
sophistication of the proposed activities of the bank.
14
Description and
findings re EC8
All banking license applications are reviewed by the CBI’s Business Model Unit (within
Banking Supervision Division) in conjunction with the authorization team. An assessment is
carried out of whether or not the bank’s proposed strategic and operating plans are
feasible. Usually this review will result in questions going back to the applicant seeking
further details or clarification.
In relation to corporate governance, risk management and internal controls including those
related to the detection and prevention of criminal activities, as well as the oversight of
proposed outsourcing functions, these are assessed in detail using the CBI’s internal
procedures for same. The “Checklist for completing and submitting Bank Licence
Applications” contains detailed information on these areas with supporting documentation.
For example, in relation to outsourcing, there is a checklist of 13 questions to assist the
examiner in assessing the policy in place.
Article 7 of the CRD requires that “applications for authorization to be accompanied by a
program of operations setting out, inter alia, the types of business envisaged and the
structural organization of the credit institution.”
Section 9(4) of the Central Bank Act 1971 requires that “An application for a license shall be
in such form and contain such particulars as the Bank may from time to time determine.”
The “Corporate Governance Code for Credit Institutions and Insurance Undertakings”
includes requirements to ensure that appropriate and robust corporate governance
frameworks are in place and implemented to reflect the risk and nature of those
institutions. The definition of Corporate Governance contained in the Code is as follows:
“Procedures, processes and attitudes according to which an organisation is directed and
controlled. The corporate governance structure specifies the distribution of rights and
responsibilities among the different participants in the organization – such as the board,
managers, shareholder and other stakeholders – and lays down the rules and procedures
for decision-making.”
All requirements in the Code are relevant for ensuring that the applicant has appropriate
governance in place.
Requirement 6.3 of the Code requires that:
“All institutions shall have robust governance arrangements which include a clear
organizational structure with well defined, transparent and consistent lines of
responsibility, effective processes to identify, manage, monitor and report the risks to
14
Please refer to Principle 29.
IRELAND
60 INTERNATIONAL MONETARY FUND
which it is or might be exposed, adequate internal control mechanisms, including sound
administrative and accounting procedures, IT systems and controls, remuneration policies
and practices that are consistent with and promote sound and effective risk management
both on a solo and at group level. The system of governance shall be subject to regular
internal review.”
In addition, section 6 of the CBI’s “Checklist for completing and submitting Bank Licence
Applications” requires full information to be submitted on the legal structure of the
applicant while section 7 requires details of the “Organisation of the Applicant and
Governance Arrangements.” Detailed information is also sought on Risk Oversight which
includes:
? Audit;
? Compliance;
? Risk Management;
? Treasury;
? Financial Control;
? Credit;
? Internal Controls/Policies;
? Anti-Money Laundering Procedures;
? Conflict of Interest;
? Liquidity;
? Outsourcing; and
? Reporting Structures.
EC9 The licensing authority reviews pro forma financial statements and projections of the
proposed bank. This includes an assessment of the adequacy of the financial strength to
support the proposed strategic plan as well as financial information on the principal
shareholders of the bank.
Description and
findings re EC9
All banking license applications are reviewed by the Business Model Unit in conjunction
with the Authorization Team. Together they assess the following:
1. Whether or not the bank has adequate financial strength to support the proposed
strategic plan of the bank; and
2. Financial information on the principal shareholders of the bank.
The application submitted is based on the CBI’s “Checklist for completing and submitting
Bank License Applications” which contains the following specific section dealing with
financials and strategy:
? Section 9 – Capital, Funding and Solvency – includes 5 year projections and solvency
ratios
? Section 10 – Financial Information and Projections – includes previous 3 years of
audited accounts for the group, projected income statement, balance sheet,
prudential ratios and capital structure, projected key financial indicators and stress
test of financials assuming a down turn. (NB: all projected financials are for a period
of 5 years)
In relation to financial information on the principal shareholders the following information
is received:
? Where the shareholder is an individual, an Individual Questionnaire which sets out,
inter alia, details of directorships, past employments and shareholdings. Where the
private shareholder is the owner of a company the financials of the company are
also assessed
IRELAND
INTERNATIONAL MONETARY FUND 61
? Where an individual holds shareholdings or interests in other companies, the
financials of those companies
? Where shareholders are companies, the financial statements for those companies to
ensure that the finances are satisfactory
Article 6 of the CRD requires that “Member States shall require credit institutions to obtain
authorization before commencing their activities. Without prejudice to Articles 7 to 12, they
shall lay down the requirements for such authorization and notify them to the Commission.”
This is transposed into Irish legislation by Section 9(4) of the Central Bank Act 1971 which
states that “An application for a licence shall be in such form and contain such particulars as
the Bank may from time to time determine.”
As part of the CBI’s license application criteria it requires various financial information to be
submitted.
EC10 In the case of foreign banks establishing a branch or subsidiary, before issuing a license,
the host supervisor establishes that no objection (or a statement of no objection) from the
home supervisor has been received. For cross-border banking operations in its country, the
host supervisor determines whether the home supervisor practices global consolidated
supervision.
Description and
findings re EC10
The following process is followed:
? In relation to EEA, the home supervisor sends the CBI a notification form; therefore it
is implicit that the home competent authority has no objection if not stated here.
? In relation to subsidiaries being set up, the CBI contacts (in writing) the home
supervisor for the foreign bank and ascertains if there are any issues with the
subsidiary bank setting up in Ireland. It also requests the following as part of the
banking application (see Section 2 of the “Checklist for completing and submitting
Bank License Applications”):
o Details on the parent/group including: background; ownership/structure
(including details on the organization structure); the legal structure of
each of the entities in the organization structure; details on activities, lines
of business, debt ratings for parent/group; and confirmation that the
board of the parent has approved the submission of the application.
o Confirmation must be submitted that “the supervisory authority in the
country of origin of that bank or group exercises effectively its supervisory
responsibilities on a consolidated basis.”
o The applicant must confirm that they have obtained the prior consent of
their home country supervisory authority
? In relation to cross border operations, a notification is also received advising that a
bank from another EU jurisdiction intends to commence activities in the country on
a cross border basis (notification is in a format agreed at European level). In this
instance it is inherent that the home supervisor practices global consolidated
supervision.
Branches
Regulation 20(1) of S.I. 395 of 1992 (underlying CRD articles 23 and 25) requires that:
“A credit institution authorized and supervised by the competent authority of another
Member State may carry on business in the State by establishing a branch or any other
means in any one or more of the activities set out in the Schedule provided that the
undertaking or provision of these activities is in accordance with the authorization of the
credit institution in that Member State and the requirements of these Regulations are
IRELAND
62 INTERNATIONAL MONETARY FUND
complied with in full.”
Regulation 23(1) requires that where a notification of a branch setting up in Ireland is
received by the CBI, the CBI shall within two months of the receipt of the information notify
the parent credit institution of all the enactments and regulatory provisions applying to the
conduct of banking business or the proposed operations of the branch in the State.
Subsidiaries
Regulation 8(1) of S.I. 395 of 1992 requires that:
“The Bank shall consult the competent authority in another Member State before it grants
an authorization to a credit institution in any case in which that credit institution is a
subsidiary or fellow subsidiary of a credit institution authorized in that other Member
State or is under common control with one or more credit institutions authorized in that
other Member State.”
Cross Border
Regulation 20(1) also covers the provision of activities on a cross border basis. The
regulation does not refer to the host competent authority contacting the home competent
authority to determine whether or not global consolidated supervision is carried out;
however, the fact that the home competent authority issues the notification to the host
competent authority under Article 28 of the CRD means that it is implicit that the parent
bank will be carrying out consolidated supervision as it is subject to the CRD.
Article 24 of the CRD requires that the competent authorities of the home Member State
shall ensure the supervision of the financial institution which is passporting with regards to
own funds, acquiring transactions, prudential supervision, sharing of information and the
right to sanction.
EC11 The licensing authority or supervisor has policies and processes to monitor the progress of
new entrants in meeting their business and strategic goals, and to determine that
supervisory requirements outlined in the license approval are being met.
Description and
findings re EC11
While there are no specific policies and processes for monitoring of newly licensed banks,
there are detailed policies and processes in place for monitoring (i) the business and
strategic goals of all supervised banks and (ii) whether or not all licensed banks are
complying with the requirements imposed on them. The policies and processes differ
depending on the risk impact rating of the bank.
For banks, the minimum engagement under PRISM requires that the business model and
strategic goals of the bank are analyzed as part of a FRA (carried out on different
frequencies depending on impact of the bank). Completion of the minimum engagement
model for relevant banks intensifies where necessary based on the identification or
crystallization of risk.
In addition, supervision teams will prioritize newly licensed banks as part of work plans
within the PRISM requirements.
Assessment of
Principle 5
Compliant
Comments Licenses are granted to cross-border unregulated corporate parents in line with the
requirements of the CRD. The CBI does not perform fit and proper tests on senior
management of the unregulated parent, and cannot take enforcement action on the
IRELAND
INTERNATIONAL MONETARY FUND 63
parent. As a result the banks are ring-fenced from inception.
Principle 6 Transfer of significant ownership. The supervisor
15
has the power to review, reject and
impose prudential conditions on any proposals to transfer significant ownership or
controlling interests held directly or indirectly in existing banks to other parties.
Essential criteria
EC1 Laws or regulations contain clear definitions of “significant ownership” and “controlling
interest.”
Description and
findings re EC1
Significant Ownership; the CBI uses a definition of “Qualifying holding” which is the legal
definition of “significant ownership.” The definition of qualifying holding per Article 4(11) of
Directive 2006/48/EC, which was transposed via Regulation 2(1) of S.I. 395 of 1992; that is,
“a direct or indirect holding in an undertaking which represents 10% or more of the capital or
of the voting rights or which makes it possible to exercise significant influence over the
management of that undertaking.”
Controlling Interest; regulation 4 of S.I. 395 of 1992, Article 4(9) of the
CRD, defines “Control” as including "any power, whether arising from
a contract or agreement or otherwise, whereby one party can direct the affairs
of another and a parent undertaking shall be deemed to control its subsidiaries.
The reference to “one party” could include parties acting in collusion
depending on the particular circumstances concerned.
EC2 There are requirements to obtain supervisory approval or provide immediate notification of
proposed changes that would result in a change in ownership, including beneficial
ownership, or the exercise of voting rights over a particular threshold or change in
controlling interest.
Description and
findings re EC2
Prior approval of the CBI is required for Acquiring Transactions (as defined in Regulation 14
of S.I. 395 of 1992). An Acquiring Transaction refers to an acquisition by one person or
more than one person acting together of a qualifying holding (as defined in the response
to EC1) in a credit institution or an increase in a qualifying holding which results in the
acquirer reaching or exceeding thresholds of 20%, 33% or 50% ownership. The Acquiring
Transaction Notification Form is published on the CBI’s website.
The prior approval of the CBI is required for acquiring transactions in accordance with the
following legislation:
1. Article 19 of the CRD (2006/48/EC) [as amended], which was transposed into
Irish legislation by Regulation 14 of S.I. 395 of 1992 [as amended] and set out
above. This applies to:
? The acquisition, directly or indirectly, of a “qualifying holding” in a
target entity
? The direct or indirect increase in a “qualifying holding” whereby (i)
the resulting holding would reach or exceed the following
“prescribed percentages:” 20%, 33% and 50% of the capital of, or
voting rights in, a target entity or (ii) a target entity would become
the proposed acquirer’s subsidiary
? The disposal, directly or indirectly, of qualifying holdings in a target
entity
15
While the term “supervisor” is used throughout Principle 6, the Committee recognizes that in a few countries these
issues might be addressed by a separate licensing authority.
IRELAND
64 INTERNATIONAL MONETARY FUND
2. Chapter VI of Part II of the CBI Act, 1989 (as amended). While this Act is
mostly superseded by S.I. 395 of 1992 (above) the following types of
transaction still fall to be approved under this Act:
? Acquiring transactions which are not subject to notification and
prudential assessment under S.I. 395 of 1992 – that is, transactions
which represent an increase in shareholding which does not of itself
result in the shareholding reaching or exceeding the prescribed
thresholds. An example would be an increase in a shareholding from
75% to 85%
In the past 12 months there have been 20 approvals under Statutory Instrument No. 395 of
1992.
EC3 The supervisor has the power to reject any proposal for a change in significant ownership,
including beneficial ownership, or controlling interest, or prevent the exercise of voting
rights in respect of such investments to ensure that any change in significant ownership
meets criteria comparable to those used for licensing banks. If the supervisor determines
that the change in significant ownership was based on false information, the supervisor has
the power to reject, modify or reverse the change in significant ownership.
Description and
findings re EC3
The CBI has the legal power to reject applications and reverse a purported acquisition.
Regulation 14(3) of S.I. 395 of 1992 requires that an acquiring transaction notification shall
include sufficient information to enable the CBI to consider the proposed acquisition
against the criteria in paragraphs (1) and (2) of Regulation 14(C) (as set out below), and in
particular shall include information on who the proposed acquirers are, the individuals to
be responsible for management, how the proposed acquisition is to be financed (including
details of any proposed issue of financial instruments) and the structure of the resulting
group. It has not been necessary for the CBI to reject any applications.
Rejection of a Proposal
Regulation 14(G) of S.I. 395 of 1992, transposing Article 19(a) (2) of the CRD, provides that
the CBI may oppose a proposed acquisition when there are reasonable grounds based on a
review of: suitability of acquirer, financial soundness, reputation, experience, possible
impact on compliance with regulation, transparency of structure, whether there are
reasonable grounds to suspect that, in connection with the proposed acquisition, money
laundering or terrorist financing (within the meaning of Article 1 of Directive 2005/60/EC
[Note OJ L 309, 25.11.2005, p. 15.]) is being or has been committed or attempted, or that
the proposed acquisition could increase the risk of money laundering or terrorist financing.
When information provided by the proposed acquirer concerned in its notification under
paragraph (1) or (2) of Regulation 14 is incomplete, or the proposed acquirer has not
provided information in response to a request under paragraph (5) or (8) of Regulation
14(B), the CBI may request additional information.
Regulation 14(I)(2) of S.I. 395 of 1992, transposing Article 21(1) of the CRD, provides that if
a proposed acquirer purports to complete a proposed acquisition in contravention of
paragraph (1) of Regulation 14(I) (i.e. without prior notification to or approval by the
Central Bank), then:
(a) the purported acquisition is of no effect to pass title to any
share or any other interest, and
(b) any exercise of powers based on the purported acquisition of the
holding concerned is void.
IRELAND
INTERNATIONAL MONETARY FUND 65
Provision of false information
While the provision of false information in an application is an offence (Regulation 14(L) of
S.I. 395 of 1992), the legislation does not refer specifically to the powers of the CBI in
circumstances where the CBI has approved a transaction based upon ‘false’ information. If
an issue of provision of false information was discovered prior to CBI approval then the
application could be rejected on the grounds that it was “incomplete.” If it was discovered
post-approval then the Central Bank would go to Court under Regulation 14(M) in order to
have the transaction reversed.
EC4 The supervisor obtains from banks, through periodic reporting or on-site examinations, the
names and holdings of all significant shareholders or those that exert controlling influence,
including the identities of beneficial owners of shares being held by nominees, custodians
and through vehicles that might be used to disguise ownership.
Description and
findings re EC4
Credit institutions are required to provide shareholder information annually to the CBI.
Institutions provide:
1. A list of shareholders or beneficial owners of 10% or more of the share capital.
2. Where shares are registered in the name of a nominee, a list identifying the ultimate
beneficial owner of the shares, where the nominee shares constitute more than 5%
of the shares or of the voting rights attaching to the shares in a credit institution.
This information is reviewed by the supervision teams.
Regulation 14(K) of S.I. 395 of 1992, transposing Article 21 of the CRD, provides that a
credit institution shall, at times specified by the CBI and at least once a year, notify the CBI
of the names of shareholders or members who have qualifying holdings and the size of
each such holding.
EC5 The supervisor has the power to take appropriate action to modify, reverse or otherwise
address a change of control that has taken place without the necessary notification to or
approval from the supervisor.
Description and
findings re EC5
Regulation 14(I)(2) of the S.I. 395 of 1992, transposing Article 21(1) of the CRD, provides
that if a proposed acquirer purports to complete a proposed acquisition in contravention
of paragraph (1) of Regulation 14(I) i.e. without prior notification to or approval by the
Central Bank, then:
(a) the purported acquisition is of no effect to pass title to any share or any other
interest, and
(b) any exercise of powers based on the purported acquisition of the holding
concerned is void.
EC6 Laws or regulations or the supervisor require banks to notify the supervisor as soon as they
become aware of any material information which may negatively affect the suitability of a
major shareholder or a party that has a controlling interest.
Description and
findings re EC6
The suitability of a major shareholder is assessed at the time of acquisition of the holding
as set out in the procedures “Acquiring Transactions – assessing an application to acquire
an interest of greater than 10 per cent in a credit institution” This provides guidance for
assessing suitability and also provides that the requirements set out in Directive
2007/44/EC (as transposed into Irish law by S.I. 395 of 1992) be adhered to in the
assessment of applications by supervisors.
A requirement for banks to provide notification to the CBI on an ongoing basis in relation
to material negative information was imposed by means of a license condition on all banks.
Assessment of
IRELAND
66 INTERNATIONAL MONETARY FUND
principle 6 Compliant
Comments
Principle 7 Major acquisitions. The supervisor has the power to approve or reject (or recommend to
the responsible authority the approval or rejection of), and impose prudential conditions
on, major acquisitions or investments by a bank, against prescribed criteria, including the
establishment of cross-border operations, and to determine that corporate affiliations or
structures do not expose the bank to undue risks or hinder effective supervision.
Essential criteria
EC1 Laws or regulations clearly define:
(a) what types and amounts (absolute and/or in relation to a bank’s capital) of
acquisitions and investments need prior supervisory approval; and
(b) cases for which notification after the acquisition or investment is sufficient. Such
cases are primarily activities closely related to banking and where the investment is
small relative to the bank’s capital.
Description and
findings re EC1
Prior Approval
Credit Institutions are required, by means of a license condition imposed in August 2013,
pursuant to Section 10(3) of the CBI Act 1971 and Section 17 of the Building Societies Act
1989, to seek the prior approval of the CBI for Major Acquisitions.
A Major Acquisition is defined as a transaction in which a credit institution acquires an
interest (this includes an investment) which is equal to or greater than 9% of the Own
Funds of the credit institution in any undertaking that falls outside of the EU Acquiring
Transaction regime. (An Acquiring Transaction refers to an acquisition by a person or more
than one person acting together of a qualifying holding in a credit institution or an increase
in the qualifying holding held resulting in the acquirer reaching or exceeding 20%, 33% or
50%. Major Acquisitions refer to acquisitions by credit institutions.) The CBI’s Policy on
Major Acquisitions also provides for certain other categories of exemption from the
requirement for prior approval but not prior notification.
The CRD, Articles 120-122, as transposed in Ireland via S.I. 661 of 2006 and S.I. 395 of 1992,
stipulate specific limits on holdings by credit institutions in other bodies corporate and
qualifying holdings outside the financial sector and powers of the CBI in enforcing these
limits.
Regulation 62 of S.I. 661 of 2006 (European Communities (Capital Adequacy of Credit
Institutions (Regulations) 2006 is important to note in this regard (as is part 7 of S.I. 661 in
general). It provides that :
? A credit institution shall ensure that it does not have in an undertaking a qualifying
holding the amount of which exceeds 15% of its own funds, unless the undertaking is a
permitted undertaking.
? A credit institution shall ensure that the total amount of the institution’s qualifying
holdings in undertakings (other than permitted undertakings) do not exceed 60% of its
own funds.
? The limits set out in paragraphs (1) and (2) may be exceeded only in exceptional
circumstances.
? Where paragraph (3) applies to a credit institution, the Bank shall require the institution
to increase its own funds or to take other equivalent measures.
IRELAND
INTERNATIONAL MONETARY FUND 67
? For the purposes of this Regulation, a permitted undertaking is one of the following:
o a credit institution;
o a financial institution;
o an undertaking that carries on one or more activities that either are a direct
extension of banking, or involve the provision of services that are ancillary to
banking (such as leasing, factoring, the management of unit trusts and the
management of data processing services).
Regulation 64 of S.I. 661 transposes Article 120 of the CRD concerning qualifying holdings
of credit institutions outside the financial sector.
? Regulation 64(1) provides that the CBI may not apply these limits in paragraphs (1) and
(2) of Regulation 62:
o To holdings in insurance companies or in re-insurance
companies.
o If the CBI provides that 100% of the amounts by which a credit institution’s
qualifying holdings exceed these limits must be covered by Own Funds and
that these shall not be included in the minimum Own Funds calculation under
regulation 19.
? Regulation 64(3) sets out that where these limits in paragraphs (1) and (2) of
Regulation 62 are exceeded, the amount to be covered by own funds shall be the
greater of the excess amounts.
Regulation 15 of S.I. 395 of 1992 should also be noted. It is very similar to regulation 62 of
S.I. 661 of 2006, in that there is no provision for CBI approval. However, Regulation 15(6) is
noteworthy in that it states:
“The Bank may prescribe rules and standards for the application of this Regulation to
credit institutions either generally or in particular.”
Furthermore, Regulation 15(4) permits the CBI, where it has reason to believe that a credit
institution has exceeded the limits, to require credit institutions to increase the amount of
own funds, to dispose of specified shareholdings in a relevant body corporate or to take
other measures specified by the CBI to meet these limits. ‘Relevant body corporate’ for the
purposes of S.I. 395 of 1992 does not include a body corporate that is a credit institution or
a financial institution or insurance or re-insurance companies.
a) Prior-event notification
Credit institutions are required, by means of a license condition imposed in August 2013
pursuant to Section 10(3) of the Central Bank Act, 1971, and Section 17 of the Building
Societies Act, 1989 to provide prior notification to the CBI (prior approval is not required)
of the following:
a) Acquisitions that fall outside of the EU Acquiring Transaction regime which exceed
5% of the Own Funds of the Credit Institution but are less than 9% of Own Funds.
b) Debt restructuring where the overriding purpose is to maximize the amount of
credit that can be recovered;
c) Short term acquisitions that are held for sale investments;
d) Indirect acquisitions by independently managed funds where the transaction is in
line with the funds objectives;
e) Activities of nominee companies established by the credit institution that are
acting on the nominees behalf; and,
IRELAND
68 INTERNATIONAL MONETARY FUND
f) Undertakings falling within Regulations 62, 63(1) and (2) and 64(1) of Statutory
Instrument 661 of 2006 (European Communities (Capital Adequacy of Credit
Institutions) Regulations 2006).
g) The disposal of any undertaking which was previously approved under the Major
Acquisitions regime.
In addition to the above, credit institutions, in respect of which the CBI is the consolidating
supervisor, are required to notify the CBI in advance of major acquisitions (as defined) by
other non-regulated entities within the license holder’s group.
For b) to f) above prior notification is required where the interest being acquired exceeds
5% of the own funds of the credit institution. There is no upper limit.
In addition, from August 2013, Credit institutions are required to notify the CBI of major
acquisitions by other entities in the banking group which are not regulated by the CBI. The
CBI will review such acquisitions in order to satisfy itself that they do not expose the credit
institution to any undue risks or hinder effective supervision. In the event that the Central
Bank is concerned with the risks arising or the impact on supervision resulting from such
acquisitions, it may require the credit institution to take measures to insulate itself from the
acquisition.
Requirements for prior approval and notification were imposed on credit institutions in
August 2013 pursuant to Section 10(3) and Section 18 of the Central Bank Act 1971 and
Section 17 of the Building Societies Act 1989.
In the last five years six “Major Acquisitions” (as defined under a previous regime which had
no legal basis) were approved by the CBI. No applications were denied.
EC2 Laws or regulations provide criteria by which to judge individual proposals
Description and
findings re EC2
CBI Policy sets out criteria for supervisors in assessing Major Acquisitions proposals. The
criteria are as follows:
1. The potential impact of the acquisition on the credit institution.
2. Whether the proposed acquisition will expose the credit institution to undue
risks.
3. Whether the credit institution has the financial, managerial and organizational
capacity to handle the proposed investment. This is particularly important
where the undertaking being acquired is involved in nonbanking related
activities.
4. Whether the acquisition falls within the scope of the credit institution’s
internal control and risk management framework.
5. Whether the proposed acquisition will hinder effective supervision.
6. Whether the proposed acquisition will hinder effective implementation of
corrective measures in the future (i.e. whether the proposed acquisition
creates an obstacle to the orderly resolution of the credit institution).
7. In relation to overseas acquisitions, the effectiveness of supervision in the
host country and the ability of the Central Bank to exercise supervision on a
consolidated basis (including information flows from the host country).
8. The impact, if any, on financial stability.
Criteria by which to judge individual proposals are set out in the Policy which was imposed
on credit institutions in August 2013 pursuant to Section 10(3) of the Central Bank Act 1971
and Section 17 of the Building Societies Act 1989. Items 1 to 5 inclusive have been included
IRELAND
INTERNATIONAL MONETARY FUND 69
in the license condition.
EC3 Consistent with the licensing requirements, among the objective criteria that the supervisor
uses is that any new acquisitions and investments do not expose the bank to undue risks or
hinder effective supervision. The supervisor also determines, where appropriate, that these
new acquisitions and investments will not hinder effective implementation of corrective
measures in the future.
16
The supervisor can prohibit banks from making major
acquisitions/investments (including the establishment of cross-border banking operations)
in countries with laws or regulations prohibiting information flows deemed necessary for
adequate consolidated supervision. The supervisor takes into consideration the
effectiveness of supervision in the host country and its own ability to exercise supervision
on a consolidated basis.
Description and
findings re EC3
The criteria as set out in the Policy by which the CBI will review applications are as follows:
1. Whether the proposed acquisition will expose the credit institution to undue risks.
2. Whether the proposed acquisition will hinder effective supervision.
3. Whether the proposed acquisition will hinder effective implementation of corrective
measures in the future (i.e. will the proposed acquisition create an obstacle to the
orderly resolution of the credit institution).
4. In relation to overseas acquisitions, the effectiveness of supervision in the host
country and the ability of the Central Bank to exercise supervision on a consolidated
basis (including information flows from the host country).
The CBI has the power to prohibit banks from undertaking transactions which fall within
the ambit of the Acquiring Transactions regime.
The requirements of the Policy were imposed on credit institutions in August 2013
pursuant to Section 10(3) of the Central Bank Act 1971 and Section 17 of the Building
Societies Act 1989.
In addition to the Policy on Major Acquisitions, the CBI also requires prior approval for the
following:
? Establishment of a subsidiary outside the EEA where that subsidiary is a bank or
other licensed entity;
? Establishment, formation or taking part in forming a company, other body corporate
or an unincorporated body of persons which is a non-licensed subsidiary, in the
European Economic Area or elsewhere.
? Establishment of a branch in a non-EU(Third Country)
EC4 The supervisor determines that the bank has, from the outset, adequate financial,
managerial and organizational resources to handle the acquisition/investment.
Description and
findings re EC4
There is a requirement in the Policy that supervisors assess whether the credit institution
has the financial, managerial and organizational capacity to handle the proposed
investment.
The requirements of the Policy were imposed on credit institutions in August 2013
pursuant to Section 10(3) of the Central Bank Act 1971 and Section 17 of the Building
Societies Act 1989.
16
In the case of major acquisitions, this determination may take into account whether the acquisition or investment
creates obstacles to the orderly resolution of the bank.
IRELAND
70 INTERNATIONAL MONETARY FUND
EC5 The supervisor is aware of the risks that nonbanking activities can pose to a banking group
and has the means to take action to mitigate those risks. The supervisor considers the
ability of the bank to manage these risks prior to permitting investment in nonbanking
activities.
Description and
findings re EC5
The CBI requires that supervisors, in assessing Major Acquisitions applications, consider
whether the credit institution has the financial, managerial and organizational capacity to
handle the proposed investment. The Policy states that this assessment “is particularly
important where the undertaking being acquired is involved in nonbanking related activities.”
As part of the supervisory review process, the CBI will assess the governance and internal
capital assessment process to determine the level of own funds required. This should
include an assessment of the risks nonbanking activities can pose to a banking group – for
example, analyzing unregulated entities such as special purpose vehicles established for
securitization purposes, assessing their liquidity requirements, level of implicit support,
significant risk transfer, etc. The CBI may impose supervisory measures to address
deficiencies identified.
CBI supervisors are aware of the risks posed by nonbanking (including non-regulated)
entities and activities to banking groups. This is primarily the case for nonbanking activities
which are regulated by other divisions within the CBI, e.g. insurance entities. While the
mitigation of such risks and the approval of acquisitions is the responsibility of the relevant
supervision teams in those divisions, there is regular formal (e.g. internal CBI colleges) and
informal contact between the banking group supervisors (who are the ‘lead regulators’)
and those supervisory teams. This ensures that the banking group supervisors are fully
aware of the risks which those entities pose to the banking group.
The requirements of the Policy were imposed on credit institutions in August 2013
pursuant to Section 10(3) of the Central Bank Act 1971 and Section 17 of the Building
Societies Act 1989
Assessment of
Principle 7
Largely Compliant
Comments In August of 2013 the CBI implemented the legal framework and process to meet the
requirements of this CP. However, currently there is no evidence of the effectiveness of the
process and the regulation.
Principle 8 Supervisory approach. An effective system of banking supervision requires the supervisor
to develop and maintain a forward-looking assessment of the risk profile of individual
banks and banking groups, proportionate to their systemic importance; identify, assess and
address risks emanating from banks and the banking system as a whole; have a framework
in place for early intervention; and have plans in place, in partnership with other relevant
authorities, to take action to resolve banks in an orderly manner if they become non-viable.
Essential criteria
EC1 The supervisor uses a methodology for determining and assessing on an ongoing basis the
nature, impact and scope of the risks:
(a) which banks or banking groups are exposed to, including risks posed by entities in
the wider group; and
(b) which banks or banking groups present to the safety and soundness of the banking
system
IRELAND
INTERNATIONAL MONETARY FUND 71
The methodology addresses, among other things, the business focus, group structure, risk
profile, internal control environment and the resolvability of banks, and permits relevant
comparisons between banks. The frequency and intensity of supervision of banks and
banking groups reflect the outcome of this analysis.
Description and
findings re EC1
PRISM is the methodology used by the Central Bank for determining and assessing on an
ongoing basis the nature, impact and scope of risks to which banks or banking groups are
exposed. The supervisor is required to apply, at a minimum, the engagement model
appropriate for their firm’s impact category as specified under PRISM. While PRISM
prescribes a minimum supervisory plan of activities on a specified frequency, supervisors
can, and do, go beyond the minimum in performing supervision of the banks.
Risk assessment under PRISM is judgment based comprising qualitative and quantitative
assessments as appropriate. Supervisors are required to provide a rationale on the PRISM
system to support their probability risk rating. The 12 point risk rating scale is non-numeric
and, as such, supports the philosophy of judgment based supervision. The rating scale is
divided into four Impact categories of High, Medium High, Medium Low and Low and
within each Impact category the supervisor can assign a positive, negative or neutral rating.
PRISM has ten risk categories: credit; market; operational; insurance; capital; liquidity;
governance; strategy/business model; environment and conduct. Several categories have
sub-categories, such as credit risk, which is broken down into inherent risk, quality of
control and concentration. Inherent risk and quality of controls are assessed within the
same risk category to determine a net risk rating. Each risk category is assigned a rating by
the supervisor which reflects the risk of failure from that risk category. The ten risk
categories form the basis of the overall probability risk rating. Standardized weightings are
assigned to each of the ten risk categories.
With regard to the specific risks identified, business focus is captured under
Strategy/Business Model Risk, the assessment of which derives from the engagement
model task of Business Model Analysis conducted for High Impact banks and from the Full
Risk Assessment (FRA) for Medium High and Medium Low Impact banks.
Group structure is assessed under business model analysis and governance reviews for
High Impact banks and as part of the full risk assessment for Medium High and Medium
Low Impact banks. Structural complexity is considered as part of Governance which
provides supervisors a framework to consider resolvability of banks.
The quality and effectiveness of internal controls is assessed on a per risk basis via the
engagement with the bank and other external stakeholders such as the external auditor. An
assessment of risk management and the control environment at a bank is an integral
component of onsite reviews (Financial Risk review such as a credit risk visit, operational
risk etc. or a Full Risk Assessment). In addition, Risk Management Quality is a discreet sub-
category of Governance in PRISM.
With regard to comparisons between banks, there are pre-determined peer groups within
PRISM. The facility to create customized peer group reports was also provided as part of
PRISM in May 2012. Additionally, specialist treasury and credit teams within the Banking
Supervision divisions prepare detailed packs on a quarterly basis for higher impact banks
which includes peer analysis for liquidity and credit risk.
The minimum frequency and intensity of the supervision of banks and banking groups is a
IRELAND
72 INTERNATIONAL MONETARY FUND
function of its impact categorization (i.e. the assessment of the impact of a bank’s failure
on the economy, the taxpayer and consumers). The impact assessment is purely
quantitative and is conducted on an ongoing basis as new impact metric data become
available (typically on a quarterly basis).
The impact metrics for banks are:
Total balance sheet and off ? -balance sheet size
Concentration of lending ?
Intra ? -financial system assets
Retail deposit base ?
Core Tie ? r 1capital
The minimum engagement plan with banks as prescribed by PRISM is a function of the
Impact on financial stability from a bank failure, rather than the risk of failure of the
individual bank. Banks with a significant domestic presence in terms of deposits and
liabilities are more likely to be assigned a higher Impact rating and as a consequence
receive greater supervisory attention through PRISM.
Within the PRISM model, the assessment of each risk category reflects the risk of failure
attributed to the particular category.
From a resourcing perspective, the impact categorization of a firm determines the
minimum number of supervisors allocated to that firm. Resource buffers are also
determined with reference to the impact category of each firm. These resource buffers are
managed at divisional level to engage with firms above the minimum as required.
Prism is an ongoing assessment and is updated as a result of any onsite or offsite
supervisory activity i.e. Financial Risk Review (equivalent to an onsite examination such as a
credit, market or operational risk review) or through analysis of regulatory returns (FINREP,
COREP). It is therefore intended to be a continuous risk assessment.
The PRISM methodology captures group-wide risks in several key areas depending upon
the nature of the subsidiary. Business Model Risk would capture group-wide risks. In the
circumstance of an insurance subsidiary within a banking group (which is a feature for one
of the Very High Impact banks) the risk from the insurance subsidiary will be included in
several risk categories: the Insurance Risk Category and equally taken into consideration in
the capital section.
The Risk Governance Panel is an opportunity for group issues to be discussed where the
responsible supervisor for each of the regulated entities within the group meet and discuss
ratings, RMPs and future supervisory plans.
In the circumstance where the Central Bank is a Host supervisor, the supervisor will take
into consideration the risk profile of the parent. For example, when rating liquidity risk, the
Central Bank will take into consideration the parent liquidity risk profile especially in the
circumstance when the group pursues a group funding model.
Processes to compare the risk profile of an individual bank against its peer group are
provided for in the PRISM system and predominantly used in preparation for risk
Governance Panels.
Triggers are built into PRISM to alert supervisors if there has been a change in financial
IRELAND
INTERNATIONAL MONETARY FUND 73
ratios – these are Key Risk Indicators (KRIs). Numerous KRIs are built into PRISM covering
the balance sheet and the risk categories of capital, credit, liquidity, market risk and
strategy/Business Model, including (but not limited to):
- Capital. CET1 ratio (solo and consolidated); Balance Sheet Leverage Ratio (solo
and consolidated); Pillar 1 solvency ratio (solo and consolidated).
- Credit. Provisions coverage ratio of impaired assets; largest 10 exposures as a
percentage of total drawn loans to customers
- Liquidity. Wholesale funding as a percentage of total funding (solo and
consolidated); liquid assets as a percentage of total funding; and liquidity ratio
sight to 8 days.
- Market Risk. Market risk capital as a percentage of total capital.
- Business Model/Strategy. Cost to income ratio (solo and consolidated), net
interest income to total loans and advances (solo and consolidated).
Data that feeds into the KRIs is sourced from bank’s submissions across FINREP, COREP,
Liquidity Return, the Quarterly Summary Financial Return (QSFR) and other relevant returns
(Impairment Provisions and Large Exposures).
EC2 The supervisor has processes to understand the risk profile of banks and banking groups
and employs a well defined methodology to establish a forward-looking view of the profile.
The nature of the supervisory work on each bank is based on the results of this analysis.
Description and
findings re EC2
PRISM is the framework supervisors use to understand banks’ risk profiles and to establish
a forward looking view of the profile. The engagement model which is implemented by the
supervisory teams, provides the operational context through which risk assessments are
conducted. In conducting their risk assessments, supervisors have access to different types
of guidance material contained within PRISM regarding the risk assessment process and
engagement with banks. The guidance material is an important part of the methodology to
help ensure consistency.
Risk Guidance Materials have been written for each of the ten probability risk categories
and each of the twenty four sub-categories. The materials are updated on an ongoing basis
to ensure their continued relevance and are designed to support supervisors in making
informed judgments in a structured fashion. For a given sub-category the materials:
(i) explain the sub-category in question;
(ii) outline key questions for the supervisor to consider;
(iii) contain information specific to certain sectors; and
(iv) provide sample characteristics of high, medium high, medium low and low probability
risk for each sub-category.
The guidance materials are web-based, which allows the material to be easily consulted
and/or quickly updated with new information on risk categories, thus maintaining their
relevance. The guidance materials can be accessed through links from the PRISM modules.
Similarly, engagement task guidance is provided for the components of the engagement
model that identify the major stages of the process and key questions to consider. More
detailed processes/procedures can be appended to the guidance, as can useful links which
provides supervisors with an opportunity to broaden their knowledge on the particular
subject of the guidance they are reviewing. The guidance materials are amended to reflect
new supervisory practices to the degree that legislation and experience demand change.
The centrally available assessments (i.e. those generated by Consumer, Financial Stability
IRELAND
74 INTERNATIONAL MONETARY FUND
and Risk Divisions (rather than the supervision teams) in relation to Conduct and
Environmental risks) also provide context against which the risks facing banks can be
assessed and monitored.
Finally, supervisors monitor movements in quantitative KRIs on an ongoing basis via the
PRISM system.
Engagement with institutions is not designed to be an exercise in compliance, but rather a
forward looking assessment of risk. The results and findings from previous supervisory
engagements will direct the focus of future engagements. For covered institutions, this will
include an assessment of how these banks will return to viability. Submission and
assessment of liquidity and capital management plans are a key element of forward
looking analysis performed by supervisors (i.e. three year capital management plan).
Regulation 66 of S.I. 661 of 2006, transposing Article 124 of the CRD, obliges the Central
Bank to review the arrangements, strategies, processes and mechanisms implemented by
credit institutions to comply with the CRD and evaluate the risks to which credit institutions
are or might be exposed taking into account the technical criteria set out in Annex XI of
that Directive.
More generally, Section 5A of the Central Bank Act 1942 (as amended) stipulates in effect
that the Central Bank has the power to do whatever is necessary for, or in connection with,
or reasonably incidental to the performance of its functions. Section 6A of the Central Bank
Act 1942 stipulates that one of those functions is the proper and effective regulation of
financial services providers and markets while ensuring that the best interests of consumers
of financial services are protected.
EC3 The supervisor assesses banks’ and banking groups’ compliance with prudential regulations
and other legal requirements.
Description and
findings re EC3
The Central Bank’s “PRISM” engagement model sets out a strategy for minimum
supervisory engagement. It provides a tool to assist supervisors to undertake systematic
and structured assessment of risks in firms and to ensure compliance with prudential
requirements and legislation including the CRD, EBA guidelines and Central Bank
guidelines.
In addition, the PRISM system has alert functionality, which assists supervisors to prioritize
their work and focus on emerging risks and trends and potential or actual breaches of
regulatory requirements.
There was evidence which showed the Central Bank taking action as a result of its analysis
of bank’s non-compliance with the regulations.
EC4 The supervisor takes the macroeconomic environment into account in its risk assessment of
banks and banking groups. The supervisor also takes into account cross-sectoral
developments, for example in nonbank financial institutions, through frequent contact with
their regulators.
Description and
findings re EC4
The macro-economic environment is assessed for supervisors by the Central Bank’s
Financial Stability Division and Risk Division, working with BSD, as part of their monitoring
of environmental risk. The assessment currently focuses on the following main areas:
1. Risk of disorderly sovereign defaults in the euro area;
2. Domestic sovereign debt sustainability;
3. Economic growth covering:
IRELAND
INTERNATIONAL MONETARY FUND 75
- International risks to Irish economic growth
- Domestic risks to Irish economic growth.
In addition to the macroeconomic risk, the environmental risk assessment attributes ratings
and describes sector specific risk aspects. Currently, the focus is on the following for retail
banks:
1. Business Environment
2. Funding/Liquidity Risk
3. Asset Encumbrance
4. Increasing Regulation
5. Personal Insolvency Bill and Mortgage Arrears Resolution Strategy
6. Taxation
7. Consumer Implications
The above ratings and assessments are updated at a minimum frequency of twice-yearly,
but this is augmented where it is felt that circumstances have changed sufficiently to
require an update. In their assessment of probability risk categories, supervisors take
account of the macro-economic environment and in particular in any review of the balance
sheet, investments, funding/liquidity risk and earnings/income profile. The Central Bank of
Ireland is the single prudential regulator for financial services in Ireland. Risk Division
therefore produces the environmental risk assessments not only for banking but also for
investment firms, insurance and credit unions sector. The cross-sector team produces
analysis of emerging risks which is communicated to supervisors.
EC5 The supervisor, in conjunction with other relevant authorities, identifies, monitors and
assesses the build-up of risks, trends and concentrations within and across the banking
system as a whole. This includes, among other things, banks’ problem assets and sources of
liquidity (such as domestic and foreign currency funding conditions, and costs). The
supervisor incorporates this analysis into its assessment of banks and banking groups and
addresses proactively any serious threat to the stability of the banking system. The
supervisor communicates any significant trends or emerging risks identified to banks and
to other relevant authorities with responsibilities for financial system stability.
Description and
findings re EC5
The responsibility for bank supervision and financial system stability falls under the Central
Bank. Arrangements have been put in place to strengthen the feedback loop between
systemic risk analysis and bank supervision. The Financial Stability Division (FSD) within the
Central Bank publishes a Macro Financial Review twice per year which identifies risks to
financial stability. In forming their view, the FSD will meet with supervisors and the risk
specialist teams that have been involved in meeting with banks throughout the period. The
results of this analysis are updated in Environment Risk as a risk category in PRISM which
the supervisor will consider when assessing a bank.
Supervisors are assisted in their identification, monitoring and assessment of the build-up
of risks, trends and concentrations within and across the banking system as a whole by the
Central Bank’s research work, such as its Research Technical Papers and Economic Letters.
With regard to problem assets, supervisors are assisted in preparation for the PCAR by the
development of loan loss forecast models. The Financial Stability Division initiated the
modelling of Loan Loss Forecasting (LLF), which is delivering improved capability to
forecast loan losses as part of the Central Bank’s oversight and supervisory functions.
Models are being developed for asset classes such as Mortgages, Commercial Real Estate,
IRELAND
76 INTERNATIONAL MONETARY FUND
Corporate, Small and Medium Enterprises (SME), Micro-SME and Non-Mortgage Retail.
Specifically, LLF is delivering a model development framework which:
- is capable of providing an independent and credible estimate of future loan losses,
under various scenarios;
- is capable of being used as the key input to the PCAR;
- can incorporate those areas of specific importance to the Central Bank and key
stakeholders, including overlays, assumptions and policy changes; and
- is ultimately capable of being maintained and updated by the Central Bank,
independent of third party support.
An example of proactively addressing negative implications for Irish financial stability is the
replacement of Loan-to-Deposit Ratios with an Advanced Monitoring Framework (AMF).
The introduction of the AMF removed the requirement for each bank to meet specific
funding targets within prescribed timeframes. Those funding targets may have induced the
banks to take individual actions which had negative implications for Irish financial stability.
The AMF should ensure that the FMP banks will become compliant with Basel III liquidity
requirements in a timely manner and move to a more sustainable funding profile in the
future.
In accordance with Regulation 67 of S.I. 661 of 2006, implementing Article 129 of the CRD,
where the Central Bank is responsible for supervision on a consolidated basis of EU parent
credit institutions and credit institutions by EU parent financial holding companies, it shall:
Coordinate the gathering and dissemination of relevant or essential information in ?
going-concern and emergency situations;
Co ? -ordinate supervisory activities in going concern situations, including in relation to
Articles 123 (Regulation 65 concerning ICAAP), 124 (Regulation 66 of S.I. 661 of 2006
concerning supervisory review) and 136 (Regulation 70 concerning supervisory measures),
and in Annex V of the CRD (concerning the organisation and treatment of risks), in
cooperation with the other competent authorities involved; and
Plan and coordinate supervisory activities in cooperation with the other competent ?
authorities involved, and if necessary with other Central Banks, in preparation for and
during emergency situations, including adverse developments in credit institutions or in
financial markets using, where possible, existing defined channels of communication for
crisis management.
Planning and coordination of supervisory activities referred to above include exceptional
measures in accordance with Article 132(3)(b) of CRD, preparation of joint assessments,
implementation of contingency plans, communication to the public. Furthermore where the
Central Bank is responsible for supervision on a consolidated basis it shall, in accordance
with Article 67(A), further transposing Article 129 of the CRD, make reasonable efforts to
reach a joint decision with the other competent authorities concerned on:
(a) The application of Regulations 65 and 66 of S.I. 661 of 2006 to determine the adequacy
of the consolidated level of own funds held by the group with respect to its financial
situation and risk profile; and
(b) The required level of own funds for the application of Regulation of Regulation 70(4) of
S.I. 661 of 2006 regarding a specific level of additional own funds in cases where
deficiencies are identified with the internal capital adequacy assessment process
(Regulation 65 of S.I. 661 of 2006) and Governance arrangements (Regulation 16 of S.I. 395
of 1992)
IRELAND
INTERNATIONAL MONETARY FUND 77
EC6 Drawing on information provided by the bank and other national supervisors, the
supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability
where appropriate, having regard to the bank’s risk profile and systemic importance. When
bank-specific barriers to orderly resolution are identified, the supervisor requires, where
necessary, banks to adopt appropriate measures, such as changes to business strategies,
managerial, operational and ownership structures, and internal procedures. Any such
measures take into account their effect on the soundness and stability of ongoing business.
Description and
findings re EC6
Section 93(1) of the CBCIR Act 2011 allows the Central Bank to prepare a Resolution Report
where it has previously requested a Recovery Plan from a credit institution. While the
Central Bank received the power to request recovery plans and to produce resolution plans
under the CBCIR Act 2011 in October 2012, a local recovery and resolution plan regime has
not yet been implemented. The Special Resolutions Unit has developed guidelines for the
banks for the production of recovery plans, which would precede the development of
resolution plans.
While there are some national authorities making progress in relation to the production of
recovery plans for G-SIFIs the Central Bank is awaiting EU/international developments in
the area, especially with respect to the CRD, Notwithstanding this and in line with EBA
recommendations, the Central Bank has requested recovery plans from two high impact
credit institutions.
Resolution planning is at only an early stage and has not been fully implemented across all
credit institutions.
EC7 The supervisor has a clear framework or process for handling banks in times of stress, such
that any decisions to require or undertake recovery or resolution actions are made in a
timely manner.
Description and
findings re EC7
The legal basis for resolution handling is derived from: The Credit Institutions and Central
Bank (Resolution) Act 2011; Section 106 of the CBCIR Act 2011 allows the Central Bank to
issue codes of practice relating to the operation of the Act; and Section 107 allows the
Central Bank to issue guidelines or policy statements in relation to the exercise of the
functions conferred by the Act – all of which are subject to prior consultation with the
Minister for Finance. To date, the Central Bank has not used these powers.
The CBCIR Act 2011 provides the Central Bank with the power to take action prior to a bank
failing. Section 9 of the Act sets out a number of conditions which must be met before the
Central Bank can intervene – these are qualitative and quantitative in nature. In the absence
of simple financial triggers for intervention, and recognising the last resort nature of the
powers, the Central Bank has taken a pragmatic approach. Banking Supervision Divisions,
under a draft MoU, will inform the Standing Resolution Committee (SRU) when a bank
begins to exhibit signs of financial or regulatory distress. From this point, the SRU will begin
to plan for a failure. At the point where Banking Supervision Divisions determine that they
have exhausted the supervisory tools and approach, they will inform a Standing Resolution
Committee, which will consider the situation and, where appropriate, recommend that the
SRU begin preparing a resolution case for the Governor to consider.
The framework for resolution planning and handling is yet to be fully implemented. The CBI
has undertaken considerable work in terms of crisis management and supervision in
periods of stress.
EC8 Where the supervisor becomes aware of bank-like activities being performed fully or
partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw
IRELAND
78 INTERNATIONAL MONETARY FUND
the matter to the attention of the responsible authority. Where the supervisor becomes
aware of banks restructuring their activities to avoid the regulatory perimeter, the
supervisor takes appropriate steps to address this.
Description and
findings re EC8
Unauthorized Providers Unit (UPU), a unit within the Enforcement Directorate, deals with
issues of unauthorized activity that are fully outside of the regulatory perimeter, i.e. where
the firm is not a regulated firm. Where an issue arises in relation to unauthorized activity
being conducted by a regulated firm, this is referred to the relevant supervision team for
escalation/close-out.
If the UPU receives a query or complaint in relation to a firm which is alleged to be acting
as a bank or offering banking services in the absence of an appropriate
authorization/license, it writes to the firm seeking clarification of its regulatory status and a
written description of its activities. If the firm is regulated by the Central Bank, and is
alleged to be acting outside of the scope of its authorization, the query will be referred to
the firm’s prudential supervisor for it to take appropriate action. Any allegation of
unauthorized banking which is brought to the attention of the UPU is referred to the Police
(Garda Bureau of Fraud Investigation) pursuant to the Central Bank’s obligations under
Section 33AK.
It is an offence to carry on “banking business” without an authorization; see section 7 of the
Central Bank Act 1971 and section 58(1) of the Central Bank Act 1971 (this area is dealt with
in CP4). Section 59 of that Act states that the Central Bank may bring a summary
prosecution for any offence in this regard. An Garda Síochána prosecute any offences
brought on indictment.
In 2011/2012, a complaint was referred to the Central Bank in respect of two unauthorized
firms. On the basis that these firms were purporting to be based in/operating in Ireland and
were using the word ‘bank’ in their titles, the Central Bank issued a warning (pursuant to
the Central Bank’s statutory powers) to alert the public that neither firm held any
authorization or license, nor were they appropriately licensed in another EEA member state
as a credit institution with authority to provide services in Ireland under a passporting
arrangement.
A further complaint was referred in respect of another entity purporting to be based in
Ireland and using the word ‘bank’ in its title. The UPU wrote to the website registrant and
the entity’s website was removed. This entity was claiming to operate from the premises of
a licensed credit institution in Dublin, so the matter was referred to Banking Supervision for
them to contact the licensed entity to alert them. A warning was not issued in respect of
this entity.
Assessment of
Principle 8
Compliant
Comments The PRISM methodology supports a structured and proportionate approach to supervision
that has a strong linkage between impact and supervisory intensity. The framework allows
for a structured approach to resource allocation and planning of supervisory activities. Built
into PRISM is an ongoing monitoring capability that will pick up changes in risk profile
through the use of financial ratios that, if triggered, will prompt supervisory
attention/intervention. The risk rating in PRISM is updated after a supervisory activity is
completed and in this way it is an ongoing measure of risk.
Impact in PRISM measures the impact to the system of an individual bank failing. Banks
IRELAND
INTERNATIONAL MONETARY FUND 79
that maintain a predominantly retail banking footprint represent the greatest risk to the
system and are assigned High Impact ratings. Resources, supervisory attention and
intrusiveness are increased where the impact rating is higher and resources are directed to
the High Impact banks. High Impact banks receive ongoing monitoring through offsite
supervision, frequent onsite reviews and ongoing engagement with bank senior
management. As the Impact rating decreases, the level of supervision also decreases.
Principle 9 Supervisory techniques and tools. The supervisor uses an appropriate range of
techniques and tools to implement the supervisory approach and deploys supervisory
resources on a proportionate basis, taking into account the risk profile and systemic
importance of banks.
Essential criteria
EC1
The supervisor employs an appropriate mix of on-site
17
and off-site
18
supervision to
evaluate the condition of banks and banking groups, their risk profile, internal control
environment and the corrective measures necessary to address supervisory concerns. The
specific mix between on-site and off-site supervision may be determined by the particular
conditions and circumstances of the country and the bank. The supervisor regularly
assesses the quality, effectiveness and integration of its on-site and off-site functions, and
amends its approach, as needed.
Description and
findings re EC1
The Central Bank employs a mix of on-site and off-site supervision. The Central Bank uses a
variety of information, such as prudential reports (Common Reporting (COREP), Financial
Reporting (FINREP), and Quarterly Summary Financial Return etc.), statistical returns, etc., to
regularly review and assess the safety and soundness of banks, evaluate material risks, and
identify necessary corrective actions.
The Central Bank determines that information provided by banks is reliable and obtains, as
necessary, additional information on the banks and their related entities. Prudential Reports
are reviewed at a high level by a specialist Prudential Reporting team who conduct some
on site testing and in greater detail by the supervision teams.
The supervisory engagement model is determined by PRISM, based on the impact of each
institution (details of the engagement model are set out under CP8), to ensure that Banking
Supervision resources are primarily directed towards those institutions which have the
highest impact. As a result, the on-site presence (which can also include attendance at
internal bank senior management meetings, such as Credit and Treasury meetings) is
significantly higher for the High Impact institutions than for Medium Low Impact
institutions.
The following are the primary engagement tasks through which supervisors identify and
17
On-site work is used as a tool to provide independent verification that adequate policies, procedures and controls
exist at banks, determine that information reported by banks is reliable, obtain additional information on the bank
and its related companies needed for the assessment of the condition of the bank, monitor the bank’s follow-up on
supervisory concerns, etc.
18
Off-site work is used as a tool to regularly review and analyze the financial condition of banks, follow up on
matters requiring further attention, identify and evaluate developing risks and help identify the priorities, scope of
further off-site and on-site work, etc.
IRELAND
80 INTERNATIONAL MONETARY FUND
assess risk and evaluate internal control frameworks:
(a) financial risk reviews and full risk assessments;
(b) business model analysis;
(c) review of the outcome of stress tests undertaken by the bank;
(d) governance reviews, including risk management and internal control systems;
(e) meetings with senior management and Board members;
(f) meetings with internal and external auditors;
(g) horizontal peer reviews; and
(h) model validation reviews.
(i) The Supervisory Review and Evaluation Process (ICAAP review)
(j) participation in supervisory colleges
(k) Thematic reviews
The Central Bank communicates its findings to banks as appropriate and requires banks to
take action to mitigate any particular vulnerabilities that have the potential to affect their
safety or soundness. The Central Bank uses its analysis to determine what follow-up work is
required, if any.
In carrying out this role supervision teams are assisted by specialist units, for example
Credit, Treasury, Business Model Analytics, Financial Reporting, Portfolio Analytics and
Stress testing and Quantitative models amongst others. The minimum level of on-site and
off-site supervision is prescribed for (i) specific review types (such as Financial Risk Reviews
(FRRs)) and (ii) engagement with the Management Team of the banks.
The Supervision Team should at a minimum carry out 6 FRRs for a High Impact firm over a
two year period.
Full Risk Assessments (FRAs) are carried out on a 2-4 year cycle for Medium High
institutions At a minimum, 10% of Medium low banks are subject to a Full Risk Assessment
on an annual basis. In recognition of the important position banks occupy in the financial
services system, the Central bank determined that no Irish licensed bank could be
categorized as Low impact notwithstanding the results of the impact assessment. A number
of branches operate on a cross border basis in Ireland. As the scope of the Central Bank’s
responsibilities for these entities extends only to liquidity, anti-money laundering and
conduct of business these firms have been categorised as Low Impact.
While unscheduled inspections are not carried out (firms are given advance notice of on-
site inspection) specific elements of a review are unscheduled such as requesting
walkthroughs of specific areas (for example systems used for regulatory reporting, booking
trades etc)and selecting loan files.
Thematic inspections are carried out and generally driven by the Consumer Directorate and
more recently the Reporting Unit has been conducting sample testing in selected
institutions.
Banking Supervision carries out thematic reviews in areas such as Regulatory Reporting,
Effectiveness of Risk Committees and Effectiveness of Internal Audit.
The minimum level of supervisory engagement for each bank is determined by PRISM,
with reference to the impact of its failure (further details are set out under CP8). While
IRELAND
INTERNATIONAL MONETARY FUND 81
there is commonality of some engagement tasks regardless of which impact category a
firm is assigned (e.g. meeting with a CEO), the depth and intensity of minimum
engagement is greater for higher impact firms than for lower impact firms. It should be
noted however that notwithstanding the minimum engagement model, Banking
Supervision is resourced to supervise above the minimum engagement model assigned for
each of its firms so it can (and does) engage well above the minimum as determined by
divisional management. With the benefit of the experience of the Irish banking collapse, it
is clear that the firms/firm types which caused the greatest impact as a result of their failure
are now assigned the largest share of resources.
The Legal powers of the CBI in the context of this EC are derived from:
- Section 18 of the Central Bank Act 1971 obliges holders of licences and others to
provide Bank with required information and returns.
- Part 3 of the Central Bank (Supervision and Enforcement) –Act provides powers for
authorised officers
- Regulation 66 of S.I. 661 of 2006, implementing Article 124 of the CRD, obliges the
Central Bank to review the arrangements, strategies, processes and mechanisms
implemented by the credit institutions to comply with the CRD and evaluate the
risks to which the credit institutions are or might be exposed, taking into account
the technical criteria set out in Annex XI of that Directive.
- Regulation 70 of S.I. 661 of 2006, implementing Article 136 of the CRD, enables the
Central Bank to require any credit institution that does not meet the requirements
of [any law of the State giving effect to the [Recast Credit Institutions Directive]
(CRD)] to take the necessary actions or steps at an early stage to address the
situation. Supervisory measures in this regard include requiring credit institutions
to: (i) hold additional own funds; strengthen capital via net profits; reinforce
governance and internal capital adequacy assessment processes; apply specific
provisioning policy; restrict / limit business operations; or reduce risk inherent in
the credit institution’s business products and systems.
The Central Bank regularly assesses its supervisory approach and engagement model. The Central
Bank’s Supervision Support Team continually reviews the quality of supervision via firm specific
reviews, survey reviews etc. Internal Audit also conduct reviews on the implementation of the risk
based approach to supervision. In addition, an independent review commenced in Quarter 2, 2013,
which is due to report towards the end of this year.
EC2
The supervisor has a coherent process for planning and executing on-site and off-site
activities. There are policies and processes to ensure that such activities are conducted on a
thorough and consistent basis with clear responsibilities, objectives and outputs, and that
there is effective coordination and information sharing between the on-site and off-site
functions.
Description and
findings re EC2
The planning module in PRISM sets out the minimum level of engagement with
institutions; this is dependent on the impact category of the institution. PRISM guidance
materials set out the processes to follow in conducting reviews of credit institutions and
the Supervisory Support Team (SST), a unit within the Risk Division, carries out reviews of
the practical implementation of PRISM and the quality of supervision, to ensure that
reviews are conducted on a thorough and consistent basis.
The supervision teams are responsible for on-site and off-site supervision and are
responsible for developing a supervision plan. The Supervision Team is supported by
specialist teams as mentioned in EC1; there is regular and scheduled coordination and
IRELAND
82 INTERNATIONAL MONETARY FUND
information sharing between supervision teams and specialist units.
The Governance Review process set out in PRISM includes the following guidance for review
planning:
- Objective of the Governance Review;
- Stages in the Analysis Process;
- Initial planning;
- Visit preparation;
Firm inspection;
- Visit;
- Analysis, quality assurance and write-up.
The process includes an estimate of the duration of each stage and the appropriate time to spend on-
site and off-site.
EC3
The supervisor uses a variety of information to regularly review and assess the safety and
soundness of banks, the evaluation of material risks, and the identification of necessary
corrective actions and supervisory actions. This includes information, such as prudential
reports, statistical returns, information on a bank’s related entities, and publicly available
information. The supervisor determines that information provided by banks is reliable
19
and
obtains, as necessary, additional information on the banks and their related entities.
Description and
findings re EC3
The CBI uses a mix of information sources to assess the safety and soundness of banks and
the sector. The CBI receives a full suite of regulatory returns including: COREP; FINREP;
Large Exposure; Sectoral Limits; Related Party Lending; Liquidity Returns; Funding Reports;
Impairment Return; Quarterly Summary Financial Return; and Deposit Protection. These
returns are analyzed by supervision staff on a periodic basis, for High and Medium High
Impact banks. To assess the reliability of data, the CBI performs a range of activities. For
example, a high level review of regulatory returns is performed by the Financial Reporting
Unit in Banking Supervision. Once this is conducted, the supervision team will perform a
detailed analysis of the data identifying trends and underlying drivers which will be used in
conjunction with the findings arising from the supervisors’ engagement to probability risk
rate the firm. A combination of detailed analysis of key risk indicators and regulatory
returns is carried out for all banks (irrespective of impact category). For banks in the lower
two Impact categories the analysis of regulatory returns is automated.
In advance of meetings with officers of a bank however, supervisors would review
supplementary data on the returns and request additional relevant information (e.g. MI
data used by the bank, risk appetite statements, risk policies, limits, Board and Board sub-
committee meeting minutes, Board and Committee terms of reference). On average, one
such meeting is held on a quarterly basis with Medium Low banks, the character of which is
robust and intrusive.
The legal basis for the submission of regulatory returns and other supervisory material is
derived from Section 18 of the Central Bank Act 1971 which obliges holders of licenses and
others to provide the Central Bank with required information and returns. Regulation 65
and 66 of the CRD covers the ICAAP and SREP respectively.
19
Please refer to Principle 10.
IRELAND
INTERNATIONAL MONETARY FUND 83
Credit institutions are required under Regulation 72 of S.I. 661 of 206, transposing Article
145 of the CRD, to adopt a formal policy to comply with disclosure requirements and to
have policies for assessing the appropriateness of these requirements, including their
verification and frequency. In accordance with Regulation 72, credit institutions are to
publicly disclose, on at least an annual basis, the information set out in Part 2 of Annex XII
of the CRD concerning technical criteria on transparency and disclosure. The CBI also
receives a multitude of other information which it uses to assess bank risk, including:
? Audit Reports: from Internal and External Audit.
? Internal Capital Adequacy Assessment Process (ICAAP) submissions
? Annual information – such as financial statements, Banking Supervision Assets and
Liabilities return, reconciliation between financial statements and regulatory returns.
? Annual Compliance Statements with Regulatory Codes, e.g. Annual Compliance
Statement with the Corporate Governance Code and Annual Internal Audit on
compliance with the requirements for the management of liquidity risk.
? Publicly available information such as media reports, reports from rating agencies,
analyst reports, etc.
? Pillar III disclosures by institutions.
? Evidence to support the implementation of RMPs.
Key Risk Indicator Review: Once a key risk indicator limit is breached or threshold for same
is breached a detailed analysis is carried out by the supervisor, which can include
requesting further quantitative or qualitative information for the bank, with a detailed
rationale for closure to be provided within the PRISM system. Supervisors will also
determine what the movement suggests about the bank’s risk profile. The depth of
regulatory returns review is determined by the impact category as opposed to inherent risk.
Regulatory Returns Review: Supervisors carry out detailed analytical work on the condition of
High and Medium High banks. A supervisory tool has been developed (banking cube) to
ensure that at a minimum supervisors carry out analysis of movements in excess of
thresholds of all regulatory returns and trend analysis on a quarterly basis. The tool also allows
supervisors to investigate irregular completion of returns (for example supervisors will be
able to review risk weights applied and can investigate when changes are expected).
Supervisors are required to comment on the validity of all movements, to investigate as
necessary and to make judgements about the risk profile of the firm before the return is signed
off. The submission of data by banks is validated through investigative questioning;
recalculating data using regulatory rules (for example limits to Hybrid instruments); and on-
site testing (thematic reviews, full risk assessment and financial risk reviews).
EC4
The supervisor uses a variety of tools to regularly review and assess the safety and
soundness of banks and the banking system, such as:
(a) analysis of financial statements and accounts;
(b) business model analysis;
(c) horizontal peer reviews;
(d) review of the outcome of stress tests undertaken by the bank; and
(e) analysis of corporate governance, including risk management and internal control
systems.
The supervisor communicates its findings to the bank as appropriate and requires the bank
IRELAND
84 INTERNATIONAL MONETARY FUND
to take action to mitigate any particular vulnerabilities that have the potential to affect its
safety and soundness. The supervisor uses its analysis to determine follow-up work
required, if any.
Description and
findings re EC4
The Central Bank uses a variety of tools to regularly review and assess the safety and
soundness of banks and the system such as:
- Reviews of the annual accounts of banks (and, where appropriate, of the
quarterly accounts)
- Business Model Reviews are required every two years for High Impact
institutions. In completing an FRA for Medium High/Low Impact institution (see
CP8) a business model analysis is completed. The objective of the review is to aid
the supervisor in assessing the risks the firm is taking, its vulnerabilities, its capacity
to identify risks/threats and its ability to react appropriately in a timely manner. It
will also identify the operational flexibility of an organisation to respond to major
shocks, e.g. recession, liquidity crisis, etc.
- Reviews of the outcome of stress tests on an annual basis in completing FRA
and ICAAP reviews This supervisory activity is performed for all banks as directed
by the CRD. For banks with an Impact rating of Medium High and Medium Low for
the year when a FRA has not been performed, a self assessment questionnaire is
completed by the bank and supported by aspects of the ICAAP – business plan,
capital plan, risk appetite statement, material changes in the ICAAP etc
- Horizontal peer reviews are conducted by the Treasury and Credit Teams for
High and some Medium High Impact institutions. Peer group analysis reports are
available in PRISM and provide a comparison on KRIs, and show overall trends for
same. It should be noted that some Medium High and Medium Low Impact
institutions do not have relevant peers for comparison purposes
- Governance reviews are required every two years for High Impact institutions. In
completing an FRA for Medium High/Low Impact institutions, a governance review
is conducted. The objective of the review is to establish that the institution is
managed in a sound and prudent manner, if the “seat of control” is the Board and
not a parent company or other affiliate. The supervisors in their assessments also
give consideration to the culture of the Board, the attributes it values in its
directors, its expectations of directors in terms of their engagement and the
interplay between members of the executive and the Board. In addition, corporate
governance is reviewed on an annual basis as part of an ICAAP review and
institutions are required to submit an annual statement of compliance with the
Corporate Governance Code.
- Pillar 3 reports are reviewed when available as part of offsite supervision to inform
the overall risk assessment or supervisory activities.
Following a process where a supervisor has investigated an institution, such as an FRA or a
review/inspection, the findings of the review are communicated to the institution. Initial
findings can be informally communicated at a meeting with the senior management team,
with a formal letter to follow. Where areas of weakness are identified, a RMP is developed
to ensure that the institution takes the appropriate action to mitigate any particular
vulnerability. RMP are authorised either by a RGP or, when no RGP is planned, by a
IRELAND
INTERNATIONAL MONETARY FUND 85
member of the divisional management team. The purpose of the RGP is to bring together a
wide variety of experience and expertise to help supervisors reach high quality judgments
on how to appropriately take forward supervisory activities. If breaches of
regulation/legislation are identified during an inspection, the Supervision Team will
escalate the violation to Divisional Management. The violation will be documented in the
report of the inspection and the Supervision Team will complete an escalation report for
the SRC, with possible referral to the Enforcement Directorate.
EC5
The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and
mitigate any emerging risks across banks and to the banking system as a whole, potentially
including conducting supervisory stress tests (on individual banks or system-wide). The
supervisor communicates its findings as appropriate to either banks or the industry and
requires banks to take action to mitigate any particular vulnerabilities that have the
potential to affect the stability of the banking system, where appropriate. The supervisor
uses its analysis to determine follow-up work required, if any.
Description and
findings re EC5
The objective in Section 6A (2) (a) of the Central Bank Act, 1942 (as amended by the Central
Bank Reform Act, 2010), in relation to the “stability of the financial system overall” gives the
Central Bank of Ireland a leading role in the area of macro-prudential policy. There are also
legislative provisions for co-operating with a range of public bodies whose actions have a
material impact on financial stability, without prejudice to their respective mandates. The
Central Bank of Ireland has employed tools, which are macro-prudential in nature, both
pre-emptively (i.e., imposing sector capital requirements in 2006 in an attempt to curb
mortgage lending) and as a tool of crisis management (i.e., in 2011 imposing capital and
loan-to-deposit requirements) under the Financial Measures Program.
The Central Bank is currently developing a national macro-prudential framework in line
with ESRB recommendations. The Financial Stability Division is undertaking analytical work
to support this framework.
The implementation of Basel III in Europe via an amended CRD and CRR (collectively CRD
IV) will come into force on 1 January 2014 and will allow for the implementation of certain
macro-prudential measures such as additional capital buffers and broader macro-
prudential discretions. The new framework requires Member States to designate an
authority (the “Designated Authority”) responsible for taking measures necessary to
prevent or mitigate systemic risk or macro-prudential risks posing a threat to financial
stability at national level, when appropriate. Although in the Irish case, the Designated
Authority has not yet been formally confirmed, the Department of Finance (DoF) has
indicated its intention to assign the Central Bank of Ireland to this role. The Central Bank is
currently actively engaging with DoF on the transposition of CRD IV and also intends to
issue a revised CRD implementation document on its intended exercise of discretions and
options available to it as competent authority in due course.
As mentioned above, the Central Bank of Ireland Act 1942 provides that the stability of the
financial system overall is one of its key objectives. As part of this, the Central Bank
identifies, assesses and communicates banking risks through the preparation and
publication of the Macro Financial Review conducted by the Financial Stability Division. The
Minister for Finance also has legislative responsibility for financial stability, in terms of
proposing legislation and Government policy that promotes financial stability. The Central
Bank and Department of Finance have an agreed MoU in this area.
Within the Central Bank, the Deputy Governors for Financial Regulation and Central
IRELAND
86 INTERNATIONAL MONETARY FUND
Banking report to the Governor who has overall responsibility for Financial Stability. The
Governor chairs a Financial Stability Committee (FSC). The FSC advises the Governor on
issues central to the fulfillment of the mandate of the Central Bank, to contribute to
financial stability in Ireland and the Euro area. The FSC’s role involves monitoring and
assessing both domestic and international economic and financial developments,
highlighting potential areas of concern relevant to the Irish financial system and drawing
conclusions from the analysis. A key focus of the committee is to identify potential actions
that can be taken to mitigate risks to financial stability and to follow up on past measures.
Formulation of specific actions may be delegated by the Governor to management within
or outside the FSC. Actions may take the form of consideration, implementation, and
review of micro-prudential and/or macro prudential policy instruments.
In addition, the Financial Stability Division in conjunction with the Risk Division provides an
environmental risk assessment for PRISM, which contributes to individual risk scores.
In terms of stress tests, the Central Bank has conducted sector-wide macro stress tests in
the past, but in recent years supervisory stress tests, Asset Quality Reviews, Balance Sheet
Assessments and Data Integrity Verification exercises - under the PCAR process have been
conducted by the Central Bank (with the assistance of external bodies) to determine the
Covered Banks capital requirements. In preparation for the next loan level PCAR exercise in
2014, the Central Bank has undertaken the development of loan loss forecasting models for
four asset classes: residential mortgages, non-mortgage retail, micro SME and
SME/Corporate. The Central Bank communicates its findings to industry through press
releases/conferences and updating the Central Bank web-site. The Central Bank
communicates its findings to banks via meetings with the senior management team and
formal letters or requirements in the case of supervisory stress test results. The Central
Bank requires banks to take actions, such as maintaining capital at a specific level.
In addition, the Financial Stability Division in conjunction with the Risk Division provides an
environmental risk assessment for PRISM, which contributes to individual risk scores.
In terms of stress tests, the Central Bank has conducted sector-wide macro stress tests in
the past, but in recent years supervisory stress tests under the PCAR process have been
conducted by the Central Bank to determine the Covered Banks capital requirements. The
Central Bank communicates its findings to industry through press releases/conferences and
updating the Central Bank web-site. The Central Bank communicates its findings to banks
via meetings with the senior management team and formal letters or requirements in the
case of supervisory stress test results. The Central Bank requires banks to take actions, such
as maintaining capital at a specific level.
EC6 The supervisor evaluates the work of the bank’s internal audit function, and determines
whether, and to what extent, it may rely on the internal auditors’ work to identify areas of
potential risk.
Description and
findings re EC6
The PRISM guidelines for High Impact institutions require the team to meet the Internal
Audit function on an annual basis. Medium High Impact institutions are required to meet
the Internal Audit function every two years. While the minimum engagement model for
Medium Low firms does not prescribe a minimum engagement level with Internal Audit,
notwithstanding, supervisors can and do include such meetings in their supervisory
engagement. Supervisors have met with the Internal Audit functions in 30% of the Medium
Low bank population since PRISM roll-out. PRISM engagement model for Internal Audit as
follows:
IRELAND
INTERNATIONAL MONETARY FUND 87
High – annual
Med high every two years
Med Low/Low – no frequency.
There is no requirement for an IA function in the regulations issued by the Central Bank
although the EBA guidelines GL44 set out the requirements for internal control functions.
For High Impact banks it is expected that an IA function be in place. The PRISM guidelines
for meeting with the Internal Auditor state that the objective of the meeting is to
determine the adequacy of the procedures and satisfy the supervisor as to the effectiveness
of policies and practices followed, and that management takes appropriate corrective
action in response to internal control weaknesses. Central Bank has confirmed to all Irish
licensed banks that EBA guidelines constitute Central Bank guidance and must be complied
with.
Thematic reviews of the effectiveness of Internal Audit functions across the banking system
are also carried out by the Central Bank. Analysing and forming a view of the effectiveness
of the Internal Audit function is a key element of the Governance Review as set out in the
PRISM guidelines. According to the minimum engagement model, Governance Reviews are
required at least every two years for High Impact institutions and as part of an FRA for
Medium High and Medium Low Impact firms. In Q1 2011, the Central Bank carried out a
thematic review of the “effectiveness of the internal audit function” across the banking and
insurance sectors (a sample of banks and insurance entities were included in the review).
Letters issued to the banks involved in Q3 2011.
EC7 The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s
Board, non-executive Board members and senior and middle management (including
heads of individual business units and control functions) to develop an understanding of
and assess matters such as strategy, group structure, corporate governance, performance,
capital adequacy, liquidity, asset quality, risk management systems and internal controls.
Where necessary, the supervisor challenges the bank’s Board and senior management on
the assumptions made in setting strategies and business models.
Description and
findings re EC7
Engagement with the Board is determined by a bank’s impact category. The purpose of
contact with the Board is to develop an understanding and assessment of matters such as
business models, strategy, structure, governance, capital adequacy, liquidity, asset quality,
risk management systems and internal controls. During the meeting with key personnel,
Central Bank staff will advise of the PRISM rating, the key drivers and RMP issues as well as
the forthcoming supervision action plan.
The Central Bank also has robust engagement with institutions where it identifies
weaknesses, for example, where a Board Risk Committee has approved changes to risk
strategies and appetite without due consideration or challenge.
The minimum frequency of engagement with a Board is determined by the impact category
of the institution as follows:
?High Impact – at least on an annual basis, supervisors meet the CEO, CFO, CRO,
Chairman, Senior Non-Executive Director, Internal Audit and External Auditor. In addition,
teams meet with middle management functions, e.g. control functions, treasury, credit, etc.
?Medium High – at least on an annual basis, supervisors meet the CEO, CFO, Chairman,
Senior Non-Executive Director, External Auditor and on a 2-year cycle CRO and Internal
IRELAND
88 INTERNATIONAL MONETARY FUND
Auditor. They also meet with senior and middle management with day-to-day
responsibility for credit, market, operational and liquidity risks.
?Medium Low – with due regard to risk and on a staggered basis, over an 18-24 month
cycle supervisors meet with the CEO, CFO, Chairman, Senior Non-Executive Director and
External Auditor. On a two-year cycle they meet with the CRO.
?Low – not specified (note there are no Irish licensed banks in this rating category).
The Central bank in its engagement with credit institutions will meet with the full board
when presenting results from the RGP. On an annual basis, meetings will be held with
individual Board members i.e. INED and Chair separately.
The power to meet with and question bank staff is set out in Section 17A part (e), of the
Central Bank Act 1971, outlining the powers of authorised persons with respect to holders
of licenses. Section 17A part (e) covers requests to any person who appears to the
authorised person to have information relating to the records, or to the business, of the
license holder or related body, to answer questions with respect to those records or that
business.
There are also new extensive powers provided in the Central Bank (Supervision and
Enforcement) Act 2013 which enhance matters, i.e. Part 3 in relation to Authorised Officers
and a new general information gathering power
While the minimum engagement model with senior management is outlined above, in
practice, supervision teams have contact with and meet senior management on a much
more regular basis for the High impact banks. During meetings with the Board members of
an institution and the senior management team supervisors challenge the current strategy,
including assumptions made in developing the strategy. The typical questions to ask when
challenging the strategy of an institution are set out in the PRISM guidelines.
EC8 The supervisor communicates to the bank the findings of its on- and off-site supervisory
analyses in a timely manner by means of written reports or through discussions or
meetings with the bank’s management. The supervisor meets with the bank’s senior
management and the Board to discuss the results of supervisory examinations and the
external audits, as appropriate. The supervisor also meets separately with the bank’s
independent Board members, as necessary.
Description and
findings re EC8
The PRISM engagement model involves a schedule of ongoing meetings between
supervisors and senior management (CEO, CRO, CFO, Head of Internal Audit) and board
members (Chairman and senior INEDs). The frequency of meetings is determined by the
impact rating of a particular bank. For banks rated Medium-Low and Low, engagement
with bank’s management will not typically take place.
The Central Bank communicates the findings from on-site and off-site reviews via written
letter with a RMP attached. The Central Bank meets with the Board and the Senior
Management Team to discuss the RMP. Supervisors and senior management of the Central
Bank also frequently meet with banks’ senior management and board members in relation
to specific prudential and consumer protection matters, e.g. in relation to recapitalisations;
asset deleveraging; mortgage arrears resolutions and distressed credit operation
capabilities; internal model methods for capital purposes; and new business applications,
amongst other matters.
IRELAND
INTERNATIONAL MONETARY FUND 89
EC9 The supervisor undertakes appropriate and timely follow-up to check that banks have
addressed supervisory concerns or implemented requirements communicated to them.
This includes early escalation to the appropriate level of the supervisory authority and to
the bank’s Board if action points are not addressed in an adequate or timely manner.
Description and
findings re EC9
PRISM requires supervisors to ensure that deadlines for the completion of RMP actions are
met. PRISM allows the supervisor to monitor, track and close RMP actions. Supervisors
follow up on the implementation of RMPs through desk top analysis and on-site
inspections, dependent on the nature of the particular mitigation required. The CBI can also
engage Third party or independent party validation to ascertain the extent to which RMPs
have been implemented. For example, if an institution is required to implement a credit
policy, supervisors will complete a desk top review of the policy and will then visit the
institution to test its implementation.
The planner facility allows the supervisor to see when RMP actions are falling due. As soon
as the supervisor receives an RMP response from a firm, the supervisor is required to
change the action’s status in PRISM to ‘Results Under Review’. Supervisors should review
RMP actions within three weeks of their becoming due, assess their success, change their
status to concluded and provide a closure narrative. PRISM has the facility to generate
reports highlighting to Divisional Management the RMPs that are overdue; these reports
show institutions that are late in meeting RMP deadlines and reviews by supervisors that
have not been completed within the three week requirement. In certain circumstances, for
example when an on-site visit is required, it is possible to extend the review beyond three
weeks. If action points are not addressed, the supervisor escalates internally by following
the Central Bank’s escalation policy. In addition, in certain circumstances the Central Bank
writes to the Board of the bank.
EC10 The supervisor requires banks to notify it in advance of any substantive changes in their
activities, structure and overall condition, or as soon as they become aware of any material
adverse developments, including breach of legal or prudential requirements.
Description and
findings re EC10
The Central Bank has imposed a requirement on credit institutions to notify the Central
Bank in advance of any substantive changes in activities, structure and overall condition. In
addition, there are notification requirements (within regulatory requirements and
legislation) that cover changes in activities, structure and condition.
The legal basis for notifications exist within specific regulatory codes and documents, such
as Corporate Governance Code for Credit Institutions and Insurance Undertakings, the
Code of Practice for Related Party Lending etc. The Central Bank of Ireland’s regulatory
codes and documents set out requirements for banks to notify the Central Bank of
deviations from/breaches of a code or regulatory document; for example, the Corporate
Governance Code requires that “any institution which becomes aware of a material
deviation from this Code shall within 5 business days report the deviation to the Central
Bank, advising of the background and the proposed remedial action.” The Requirements for
the Management of Liquidity Risk requires that “where there are breaches or a credit
institution foresees a possible breach of the liquidity requirements outlined in this paper, the
Financial Regulator must be notified immediately.”
Specific legislation incorporates notification requirements, for example the CRD. Under Regulation
57 (5) of S.I. 661 of 2006, transposing Article 111(4) of the CRD, banks are required to report to the
Central Bank without delay exposures that exceed the limits set out in the CRD for Large
Exposures. In issuing a banking license the Central Bank requires banks to confirm that they will
comply with a set of requirements. In the past the Central Bank has required institutions to confirm
they will comply with the requirement that ‘the expansion of the range of proposed products beyond
IRELAND
90 INTERNATIONAL MONETARY FUND
those in the application to the Central Bank for the banking license will require the prior approval of
the Central Bank’.
EC11 The supervisor may make use of independent third parties, such as auditors, provided there
is a clear and detailed mandate for the work. However, the supervisor cannot outsource its
prudential responsibilities to third parties. When using third parties, the supervisor assesses
whether the output can be relied upon to the degree intended and takes into consideration
the biases that may influence third parties.
Description and
findings re EC11
The power to require a skilled person review has recently been enacted and is contained in
the Central Bank (Supervision and Enforcement) Act 2013.
The Central Bank’s ability to gather information from auditors of regulated financial service
providers is covered by the Central Bank Act 1997 (as amended), specifically Sections 27 (B)
– 27 (F).
The use of third parties is set out in the PRISM guidelines on ‘Skilled Person Reviews’. In
circumstances where the Central Bank has additional firm-specific needs for information
and/or analysis, the supervisor may request the firm to provide a special report prepared
by a third party in accordance with a brief from the Central Bank. The supervisor will
consider the following:
a) the competence and capabilities necessary to prepare the report on the matter
concerned;
b) the ability to complete the report within the period specified by the supervisor;
c) any relevant specialized knowledge, including specialized knowledge of the firm, the
nature of the business carried on by the firm and the matters to be reported on;
d) any potential conflict of interest in reviewing the matters to be reported on, including
any arising from the fact that the matters may raise questions relating to the quality or
reliability of work previously carried out by the proposed reviewer;
e) sufficient detachment, having regard to any existing professional or commercial
relationship, to give an objective opinion; and
f) previous experience in preparing reports under this Part or reports of a similar nature.
During the course of the review the supervisor will have regular meetings with the skilled
person, with progress reports where projects are of longer duration.
EC12 The supervisor has an adequate information system which facilitates the processing,
monitoring and analysis of prudential information. The system aids the identification of
areas requiring follow-up action.
Description and
findings re EC12
The Central Bank of Ireland has implemented three systems to facilitate the processing,
monitoring and analysis of prudential information:
1. Prudential data is submitted to the Central Bank via the online reporting
system. This system has the facility to upload the data submitted by banks, and to
validate and store the data.
2. Viewpoint has the ability to retrieve the prudential information submitted by
institutions. It provides the supervisor with the ability to monitor and analyse
prudential information through the running of numerous reports, from generating
the prudential returns to generating analysis reports. Viewpoint also has a query
system, enabling the supervisor to generate large pieces of information in relation
to specific return items for trend analysis.
IRELAND
INTERNATIONAL MONETARY FUND 91
3. PRISM allows the supervisor to monitor KRIs and aids the identification of
areas requiring follow-up action, with alerts being generated for significant
changes in impact metrics, KRIs, new information becoming available, and activity
being required in relation to risk mitigation issues. Alerts are only closed once a
supervisor has acted upon the alert and provided a narrative within PRISM. PRISM
also generates numerous reports, such as alerts listings (both open alerts and
those closed within 30 days), RMP issues, engagement models, risk profiles, impact
profiles, RGP documents, peer group reports, firm reports and stress test reports.
Additional
criteria
AC1
The supervisor has a framework for periodic independent review, for example by an
internal audit function or third party assessor, of the adequacy and effectiveness of the
range of its available supervisory tools and their use, and makes changes as appropriate.
Description and
findings re AC1
Section 32 (L) 3 of Part IIIA of the Central Bank Act 1942 sets out the legal basis for periodic
independent review: The review of the Bank’s regulatory performance required by subsection
(2)(b) shall include details of the activities carried out during the relevant year by-
(a) the part of the Bank responsible for internal audit.
Following the results of the reports into the Banking Crisis the Central Bank reviewed the
adequacy and effectiveness of the range of its available supervisory tools. The Central Bank
overhauled its approach to supervision with the implementation of PRISM The task of
developing PRISM was assigned to the Risk, Governance and Accounting Policy Division,
which is independent of the Supervisory Divisions. To validate the approach, the Central
Bank hired independent consultants to opine on the adequacy and effectiveness of PRISM.
The rollout of PRISM was completed in November 2012. With this important stage
achieved, the senior management team in regulation wanted to undertake a stock take of
PRISM and see what improvements could be made, given that many supervisory areas had
more than a year’s experience with PRISM. An independent assessment as to how effective
PRISM has been in the delivery of high quality risk based supervision has commenced with
a final report and recommendations being presented to the Governor and Commission at
the January 2014 meeting.
The Central Bank Internal Audit charter states that “the Internal Audit function is an
independent and objective appraisal function, which is required to provide audit assurance
that the system of risk management and internal control is adequate to manage and control
those risks to which the Bank is exposed. It also assists the Bank in its pursuit of efficiency and
effectiveness.” The review of the effectiveness of Supervision tools and their use is captured
under this objective; Internal Audit recommendations cover both of these areas. Internal
Audit’s reviews are supplemented by a second line of defense: the Supervisory Support
team (SST), a unit within the RGP Division.
The principal objective of the SST is to provide senior management with “reasonable
assurance” on the practical implementation of PRISM and the quality of supervision, i.e.
that PRISM is being implemented appropriately in the supervisory divisions and that the
level of supervisory engagement is providing a “reasonable assurance” on the identification
and mitigation of risk.
It is the responsibility of Divisional Management to ensure that all concerns raised by
independent parties are addressed appropriately.
IRELAND
92 INTERNATIONAL MONETARY FUND
Examples of independent reviews conducted recently of the supervisory tools include: the Internal
Audit carried out in first half of 2012 on the use of PRISM in Banking Supervision; the SST review
of the supervision of two banks in Q3 2012; and Independent consultants were hired to opine on the
adequacy and quality of the engagement model, impact metrics models, the risk structures and the
logic behind PRISM during its development.
Assessment of
Principle 9
Materially non compliant
Comments The Central Bank employs a mix of off- and on-site supervisory activities. The PRISM model
is the centerpiece of the supervisory framework which is used to assign bank risk ratings
and allocate supervisory resources and determines frequency and intensity of supervisory
activities. A primary concern is whether the mix of offsite and onsite supervisory activities
prescribed by PRISM for the lower impact ratings is appropriate.
The supervisory approach for banks that fall into Medium Low Impact rating rely heavily on
reactive processes. Analysis of regulatory returns is largely automated using sensitivity
analysis of financial ratios. The quality, frequency and depth of verification of qualitative
data to assess risk are limited. Onsite activity prescribed by PRISM for Medium Low Impact
banks is on a random-spot check basis with limited coverage by risk specialists. In the case
of Low Impact banks (which are all foreign banks branches for which the Central Bank has a
very limited prudential supervision mandate set out in the CRD), no minimum frequency of
onsite or offsite supervision.
A lack of onsite activity which is not supported by a sufficiently detailed offsite analysis
does not facilitate an accurate assessment to identify and mitigate risk. A build up of risks
across a number of lower impact banks in aggregate could create vulnerabilities in the
banking system and, moreover, could create reputational risk for the Central Bank and a
threat to the integrity of banking system. A more appropriate mix of onsite and offsite
supervision practices (with due regard for proportionality) would encourage a more
proactive approach to supervision in an effort to mitigate this risk. In the case of Low
Impact banks (foreign bank branches), an absence of a prescribed supervisory cycle for
offsite and onsite will not facilitate an assessment of risk in the banking system from this
sector.
It is acknowledged that supervisors will, and often do, go beyond the minimum
engagement model prescribed by PRISM. There was evidence of supervisors mitigating risk
when events occurred and addressing risks appropriately. Focusing the supervisory process
primarily on the impact of a failure will distort the allocation of resources since the
supervisory approach is supposed to be preventive/corrective to maintain safety and
soundness and not on the impact of resolution. As a result, supervisory activities to identify
risk insufficient for banks with an Impact rating below High. Materially insufficient for
Medium Low and Low. Activities such as onsite reviews and intrusive supervision
techniques are mainly allocated to High Impact banks. More attention needs to be paid to
verification of self assessment of compliance with regulations and assessment of risk
profile. Setting up the supervisory scope should focus on bank-specific risks, so even
between high risk banks there should be a difference in activities being performed and no
need to perform a full suite of activities.
KRIs are fed into PRISM which are sourced from a number of returns submitted by the
banks across various time buckets (e.g. monthly, quarterly). KRIs are built into capital,
liquidity, credit, business model/strategy and market risk. There are, however, no KRIs for
IRELAND
INTERNATIONAL MONETARY FUND 93
operational risk and interest rate risk in the banking book and only a single indicator for
market risk. The KRIs form a key feature of exception reporting framework especially for
lower impact rated banks) and should be expanded to ensure all material risks are
monitored (there is a separate risk dashboard for High Impact banks that cover a broader
suite of risk metrics for liquidity, and market risk).
While the Central Bank received the power to request recovery plans, a local recovery
planning regime is yet to be fully developed and implemented. Recovery plans for the two
high impact firms have been requested but not received and analysis has not commenced.
Processes for resolution handling not fully developed (EC6). The Central Bank of Ireland has
employed tools, which are macro-prudential in nature, both pre-emptively (i.e., imposing
sector capital requirements in 2006 in an attempt to curb mortgage lending) and as a tool
of crisis management (i.e., in 2011 imposing capital and loan-to-deposit requirements)
under the Financial Measures Program. The implementation of Basel III in January 2014 will
provide the Central Bank further powers to implement certain macro measures such as the
CCyB.
Principle 10 Supervisory reporting. The supervisor collects, reviews and analyses prudential reports
and statistical returns
20
from banks on both a solo and a consolidated basis, and
independently verifies these reports through either on-site examinations or use of external
experts.
Essential criteria
EC1
The supervisor has the power
21
to require banks to submit information, on both a solo and
a consolidated basis, on their financial condition, performance, and risks, on demand and at
regular intervals. These reports provide information such as on- and off-balance sheet
assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk
concentrations (including by economic sector, geography and currency), asset quality, loan
loss provisioning, related party transactions, interest rate risk, and market risk.
Description and
findings re EC1
The CBI requires the submission of various returns by credit institutions on a regular basis.
Both solo and CRD consolidated data are collected. For common reporting (COREP) and
financial reporting (FINREP), the two main regulatory returns, the EBA minimum frequency
for submission of the COREP is six-monthly (CRD), with no frequency specified for FINREP
(CEBS GL06). However, both of these returns are collected quarterly, with monthly
submission by the covered banks.
In general, CBI powers to require reporting from banks derive from the CBI Act 1971,
Section 18, subsections 2 & 3:
(2) A person to whom this section applies shall provide the Bank, at such
times, or within such periods, as the Bank specifies from time to time,
with such information and returns concerning the relevant business
carried on by the person as the Bank specifies from time to time.
(3) A person to whom this section applies shall, at such time or within such
period as the Bank specifies, provide the Bank with such information or
return (not being information or a return specified under subsection (2))
as it requests in writing concerning the relevant business carried on by
20
In the context of this Principle, “prudential reports and statistical returns” are distinct from and in addition to
required accounting reports. The former are addressed by this Principle, and the latter are addressed in Principle 27.
21
Please refer to Principle 2.
IRELAND
94 INTERNATIONAL MONETARY FUND
the person.
N.B. “A person” refers to a license holder, in the case of a bank.
? The CRD, namely S.I. No. 661 of 2006 sets out the requirements for solvency and
large exposures reporting.
? Reporting on the Code of Practice on Related Parties has been specified by the CBI
pursuant to Section 117(3)(a) of the CBI Act 1989.
? The quantitative prudential liquidity requirements are imposed under section 23 of
the CBI Act 1971 or Section 39 of the Building Societies Act 1989.
? The Impairment Return is a condition to which all credit institutions are subject,
pursuant to Section 10 of the CBI Act 1971 or Section 17 of the Building Societies
Act 1989.
EC2
The supervisor provides reporting instructions that clearly describe the accounting
standards to be used in preparing supervisory reports. Such standards are based on
accounting principles and rules that are widely accepted internationally.
Description and
findings re EC2
Full instructions for each return are provided, either by the CBI or by reference to external
bodies such as the EBA for the source of instructions. Most regulatory reports are compiled
under the CRD rules and under IFRS/Irish GAAP. Where reports are required to be prepared
on a different basis, this is clearly stated and instructions are provided.
EC3
The supervisor requires banks to have sound governance structures and control processes
for methodologies that produce valuations. The measurement of fair values maximizes the
use of relevant and reliable inputs and are consistently applied for risk management and
reporting purposes. The valuation framework and control procedures are subject to
adequate independent validation and verification, either internally or by an external expert.
The supervisor assesses whether the valuation used for regulatory purposes is reliable and
prudent. Where the supervisor determines that valuations are not sufficiently prudent, the
supervisor requires the bank to make adjustments to its reporting for capital adequacy or
regulatory reporting purposes.
Description and
findings re EC3
There is a legal requirement for banks to manage their business in accordance with sound
administrative and accounting principles. Reports are compiled under the CRD or IFRS/Irish
GAAP using EBA guidelines and templates. Detailed rules on the calculation and/or
valuation of items to be reported are set out in the directive or the accounting standards,
and banks are obliged to follow these rules in the compilation of regulatory reports. For
solvency purposes the CRD specifies that the reporting entity use valuations as per their
accounting standards regulation 18(1) of SI 661. Compliance with standards is assessed by
supervision teams through both regular monitoring of returns and by review of specific
items. The CBI has developed a framework for the analysis of regulatory returns which
specifies the type and frequency of review of the main returns. This framework is supported
by a suite of reports for use by supervision teams. Valuation methodologies are also
reviewed on an ad hoc basis by other teams in the Banking Supervision Division, e.g. the
Credit team as part of their on-site file reviews.
The CBI has challenged banks’ approaches to valuations, for example in relation to
provisions, and required adjustments for capital adequacy and regulatory reporting
purposes.
Regulation 16 of S.I. No. 395 of 1992 / European Communities (Licensing and Supervision
of Credit Institutions) Regulations 1992 requires that:
(1) Every credit institution authorized by the Bank shall manage its business in accordance
with sound administrative and accounting principles and shall put in place and
IRELAND
INTERNATIONAL MONETARY FUND 95
maintain internal control and reporting arrangements and procedures to ensure that
the business is so managed.
(2) The Bank may direct a credit institution in writing to furnish to it, within a specified
period, such information in relation to the arrangements and procedures referred to in
paragraph (1) as the Bank may require and the credit institution shall comply with
that direction.
(3) Subject to paragraph (4), every credit institution shall have robust governance
arrangements including-
(a) a clear organizational structure with well defined, transparent and
consistent lines of responsibility,
(b) effective processes to identify, manage, monitor and report the risks it is or
might be exposed to,
(c) adequate internal control mechanisms,
(d) without prejudice to the generality of subparagraph (c), sound
administrative and accounting procedures; and
(e) remuneration policies and practices that are consistent with and promote
sound and effective risk management.
Valuations and assumptions used by a number of High Impact banks in loan loss
forecasting and valuation of collateral have been challenged by the CBI, and the banks
have had to make adjustments to reported data for impairments and provisions.
During on-site meetings with a Medium High Impact bank, a potential concern was
highlighted in relation to the appropriateness of the independent third party valuations
used in the Commercial Real Estate (CRE) portfolio, a portfolio the Central Bank considers
to be one of this bank’s higher-risk portfolios. As part of the 2011 RMP, the bank was
required to update the Central Bank on the actions taken/or planned actions to be taken in
order to ensure that appropriate CRE valuations were used. This bank took appropriate
action to ensure that valuations were performed independently of the areas managing the
assets, and valuations were reduced (considerably in some cases).
EC4
The supervisor collects and analyses information from banks at a frequency commensurate
with the nature of the information requested, and the risk profile and systemic importance
of the bank.
Description and
findings re EC4
Data are collected at frequencies ranging from weekly to annually, depending on the
nature of the data and the risk profile of the bank. (CBI Act 1971, Section 18, subsections 2
& 3; see EC1 for details).
EC5
In order to make meaningful comparisons between banks and banking groups, the
supervisor collects data from all banks and all relevant entities covered by consolidated
supervision on a comparable basis and related to the same dates (stock data) and periods
(flow data).
Description and
findings re EC5
Returns are collected from all banks and banking groups subject to consolidated
supervision, using the CRD scope of consolidation. All returns have common reporting
dates across all banks. Peer group analysis is available using default and custom peer
groups.
A detailed management information pack for all of the banks is compiled on a quarterly
basis, which provides granular bank by bank information in respect of own funds and
solvency levels, funding profile, asset quality, overall balance sheet date and profitability
metrics. This information is provided on a quarterly basis to the CBI’s Supervisory Risk
Committee where key issues and trends are highlighted to Committee members.
EC6 The supervisor has the power to request and receive any relevant information from banks,
IRELAND
96 INTERNATIONAL MONETARY FUND
as well as any entities in the wider group, irrespective of their activities, where the
supervisor believes that it is material to the condition of the bank or banking group, or to
the assessment of the risks of the bank or banking group or is needed to support
resolution planning. This includes internal management information.
Description and
findings re EC6
Section 18 of the Central Bank Act 1971 allows the Central Bank to request information
from any licensed bank for the purpose of supervision.
Central Bank Act 1971, Section 18, subsections 2 & 3:
(2) A person to whom this section applies shall provide the Bank, at such times, or
within such periods, as the Bank specifies from time to time, with such
information and returns concerning the relevant business carried on by the
person as the Bank specifies from time to time.
(3) A person to whom this section applies shall, at
such time or within such period as the Bank
specifies, provide the Bank with such information
or return (not being information or a return
specified under subsection (2)) as it requests in
writing concerning the relevant business carried
on by the person.
EC7 The supervisor has the power to access
22
all bank records for the furtherance of supervisory
work. The supervisor also has similar access to the bank’s Board, management and staff,
when required.
Description and
findings re EC7
The CBI has unrestricted access to all material available to a license holder which the CBI
requires for the supervision of any bank or banking group where it is the consolidated
supervisor. Material can be requested directly from the institution, or the CBI can appoint
an “authorized officer.”
Central Bank (Supervision and Enforcement) Act 2013:
26.-(1) Subject to subsection (2), an authorized officer may at all reasonable times
enter any premises-
(a) which the authorized officer has reasonable grounds to
believe are or have been used for, or in relation to, the
business of a person to whom this Part applies, or
(b) at, on or in which the authorized officer has reasonable
grounds to believe that records relating to the business of a
person to whom this Part applies are kept.
27.-(1) An authorized officer may do any one or more of the following:
(a) search and inspect premises entered under section 26 or
pursuant to a warrant under section 28;
(b) require any person to whom this Part applies who apparently
has control of, or access to, records, to produce the records;
(c) summons, at any reasonable time, a person to whom this
Part applies-
(i) to give to the authorized officer such information as the
22
Please refer to Principle 1, Essential Criterion 5.
IRELAND
INTERNATIONAL MONETARY FUND 97
authorized officer may reasonably require,
(ii) to provide to the authorized officer any records which the
person has control of, or access to, and which the authorized
officer may reasonably require, or
(d) (iii) to provide an explanation of a decision, course of action,
system or practice or the nature or content of any records
provided under this section inspect records so produced or
found in the course of searching and inspecting premises;
(e) take copies of or extracts from records so produced or found;
(f) subject to subsection (3), take and retain records so produced
or found for the period reasonably required for further
examination;
(g) secure, for later inspection, any records produced or found
and any data equipment, including any computer, in which
those records may be held;
(h) secure, for later inspection, premises entered under section
59 or pursuant to a warrant under section 61, or any part of
such premises, for such period as may reasonably be
necessary for the purposes of the exercise of his or her
powers under this Part, but only if the authorized officer
considers it necessary to do so in order to preserve for
inspection records that he or she reasonably believes may be
kept there;
(i) require any person to whom this Part applies to answer
questions and to make a declaration of the truth of the
answers to those questions;
(j) require any person to whom this Part applies to provide an
explanation of a decision, course of action, system or practice
or the nature or content of any records;
(k) require a person to whom this Part applies to provide a
report on any matter about which the authorized officer
reasonably believes the person has relevant information;
(l) require that any information given to an authorized officer
under this Part is to be certified as accurate and complete by
such person or persons and in such manner as the Bank or
the authorised officer may require.
Also, in particular section 29 of the Act which states –
29.-(1) An authorized officer may attend any meeting relating to the business of a
regulated financial service provider if the authorized officer considers that it is
necessary to attend in order to assist the Bank in the performance of any of its
functions under financial services legislation.
(2) The attendance of an authorized officer pursuant to subsection (1) at a
meeting referred to in that subsection does not in any circumstances limit
the powers of the authorized officer or of the Bank.
Under the above, the Central Bank has access to the Board, management and staff of a
bank.
EC8 The supervisor has a means of enforcing compliance with the requirement that the
IRELAND
98 INTERNATIONAL MONETARY FUND
information be submitted on a timely and accurate basis. The supervisor determines the
appropriate level of the bank’s senior management is responsible for the accuracy of
supervisory returns, imposes sanctions for misreporting and persistent errors, and requires
that inaccurate information be amended.
Description and
findings re EC8
Compliance with reporting requirements is a legal obligation, subject to sanction by the CBI
for any breaches. All regulatory returns must be signed off by a director of a bank. Any
material inaccuracy in a return, once discovered by either the reporting bank or the
supervisor, is required to be corrected.
Where an entity provides incorrect or misleading information to the Central Bank, this may
be a prescribed contravention for the purposes of section 33AQ of the Central Bank Act
1942.
A prescribed contravention is subject to the powers of sanction under Part IIIC of the
Central Bank Act 1942 (which outlines the administrative sanctions procedure –
settlements, inquiries, etc.). Persons involved in the management of the entity concerned
may be liable for administrative sanction from the Central Bank where they participated in
the commission of the contravention concerned. Whether or not a contravention has
occurred will be determined by members of the Inquiry appointed by the Central Bank
The Central Bank reprimanded a High Impact institution and required it to pay a monetary
penalty of €1,960,000 for errors in regulatory reporting. Five contraventions in total were
identified.
EC9 The supervisor utilizes policies and procedures to determine the validity and integrity of
supervisory information. This includes a programme for the periodic verification of
supervisory returns by means either of the supervisor’s own staff or of external experts.
23
Description and
findings re EC9
The CBI has a framework for the analysis of regulatory returns which specifies the type and
frequency of review of the main returns. This framework is supported by a suite of reports
for use by supervision teams. The CBI has also used external parties to verify data on its
behalf. The framework is currently being reviewed with a view to:
(a) its application across the various risk categories of banks (i.e. PRISM categories);
(b) generating supporting data for PRISM alerts; and
(c) maximizing use of latest technology.
In addition, the Financial Reporting Unit is undertaking a series of themed regulatory
reporting reviews across a sample of banks. There are two reviews, each covering five
different banks (i.e. 10 banks). The first review covers FINREP balance sheet compilation
and the second review covers COREP market risk calculation. Also, the calculation of risk
weighted assets generated using internal models based approaches is being reviewed. The
Central Bank is also engaging in a cross European analysis of RWAs through the EBA; this
work is ongoing.
In 2012 the CBI required a High Impact bank to engage a third party to review its
regulatory returns.
EC10 The supervisor clearly defines and documents the roles and responsibilities of external
23
May be external auditors or other qualified external parties, commissioned with an appropriate mandate, and
subject to appropriate confidentiality restrictions.
IRELAND
INTERNATIONAL MONETARY FUND 99
experts,
24
including the scope of the work, when they are appointed to conduct supervisory
tasks. The supervisor assesses the suitability of experts for the designated task(s) and the
quality of the work and takes into consideration conflicts of interest that could influence
the output/recommendations by external experts. External experts may be utilized for
routine validation or to examine specific aspects of banks’ operations.
Description and
findings re EC10
There is no specific policy for the engagement of external experts for the review of
regulatory returns. However, the CBI operates under public sector procurement rules
(tendering, etc.) and when external parties are engaged for any tasks such engagement is
subject to a service level agreement, which sets out, inter alia, the roles and responsibilities
of both the CBI and the service provider.
There is also provision in the Central Bank Act 1989 for the auditors of an institution to
report certain matters to the Central Bank, and for the Central Bank to require an auditor to
furnish certain information to it. Auditors’ duties are elaborated further in Chapter III of the
Central Bank Act 1994.
EC11 The supervisor requires that external experts bring to its attention promptly any material
shortcomings identified during the course of any work undertaken by them for supervisory
purposes.
Description and
findings re EC11
Central Bank Act 1989 – Part II, The Central Bank / Chapter III Licensing and Supervision of
License Holders
47. Duties of auditor
(1) If the auditor of a holder of a license-
(a) has reason to believe that there exist circumstances which are likely to
affect materially the holder's ability to fulfil his obligations to persons
maintaining deposits with him or meet any of his financial obligations
under the Central Bank Acts, 1942 to 1989, or
(b) has reason to believe that there are material defects in the financial
systems and controls or accounting records of the holder, or
(c) has reason to believe that there are material inaccuracies in or
omissions from any returns of a financial nature made by the holder to
the Bank, or
(d) proposes to qualify any certificate which he is to provide in relation to
financial statements or returns of the holder under the Companies
Acts, 1963 to 1986, or the Central Bank Acts, 1942 to 1989, or
(e) decides to resign or not seek re-election as auditor,
he shall report the matter to the Bank in writing without delay.
EC12 The supervisor has a process in place to periodically review the information collected to
determine that it satisfies a supervisory need.
Description and
findings re EC12
CBI follows EBA guidelines and templates for the bulk of its regulatory reporting
requirements. The CBI is an active participant in all of the EBA reporting groups and
networks. In a recent review of the EBA guidelines for solvency and regulatory reporting,
the CBI (in conjunction with its European counterparts) reviewed the existing reporting
24
May be external auditors or other qualified external parties, commissioned with an appropriate mandate, and
subject to appropriate confidentiality restrictions. External experts may conduct reviews used by the supervisor, yet it
is ultimately the supervisor that must be satisfied with the results of the reviews conducted by such external experts.
IRELAND
100 INTERNATIONAL MONETARY FUND
framework, assessing the usefulness of existing templates and the reporting requirements
under CRD IV. This process took a number of years, but this is acceptable as a change in
the reporting framework should only occur relatively infrequently (so as to facilitate trend
analysis). Data needs are subject to continuous review and, where new requirements are
identified, new returns are created or existing returns enhanced.
In addition, the CBI is engaging with the ECB in the development of a new reporting
framework for Irish banks covered by the single supervisory mechanism.
Assessment re
Principle 10
Compliant
Comments
Principle 11 Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage
to address unsafe and unsound practices or activities that could pose risks to banks or to
the banking system. The supervisor has at its disposal an adequate range of supervisory
tools to bring about timely corrective actions. This includes the ability to revoke the
banking license or to recommend its revocation.
Essential criteria
EC1
The supervisor raises supervisory concerns with the bank’s management or, where
appropriate, the bank’s Board, at an early stage, and requires that these concerns be
addressed in a timely manner. Where the supervisor requires the bank to take significant
corrective actions, these are addressed in a written document to the bank’s Board. The
supervisor requires the bank to submit regular written progress reports and checks that
corrective actions are completed satisfactorily. The supervisor follows through conclusively
and in a timely manner on matters that are identified.
Description and
findings re EC1
The CBI raises concerns with bank management or, where appropriate, the bank’s Board, at
an early stage, and requires that these concerns be addressed in a timely manner. Where
the CBI requires the bank to take significant corrective actions, these are addressed in a
written document to the bank’s Board (i.e. the RMP). The CBI requires the bank to submit
regular written progress reports and checks that corrective actions are completed
satisfactorily. The CBI follows through conclusively and in a timely manner on matters that
are identified through desk-top analysis and onsite engagement with the bank. The CBI’s
supervisory teams monitor implementation of RMP actions through its PRISM tool.
PRISM provides a structured framework for the supervision of banks (and other firms).
PRISM sets out and documents guidance to supervisors on how to assess the risk profile of
a bank. In addition, PRISM sets out and documents the basis and process for issuing an
RMP to a bank and the process for monitoring a bank’s compliance with it.
RMP actions may be imposed through a number of methods:
? Where there is a breach of the requirements set out in the European Communities
(Capital Adequacy of Credit Institutions) Regulations 2006 (S.I. No. 661/2006), an
RMP may be imposed under Regulation 70(2)(e) of S.I. 661/2006.
Regulation 70 (4) of S.I. 661/2006 has been used to impose additional capital
requirements on credit institutions where the Central Bank has assessed that a credit
institution already holds a level of internal capital adequate to cover the nature and
level of the risks to which it is or might be exposed.
? An RMP can be imposed via Section 10 of the Central Bank Act 1971, which gives
the Central Bank the power to impose conditions on licenses.
IRELAND
INTERNATIONAL MONETARY FUND 101
? Section 21 of the Central Bank Act 1971 confers broad powers of direction on the
Central Bank. If the situation warranted it, the Central Bank could consider directing
a credit institution to meet the requirements of an RMP.
? More general RMP actions which do not result from a direct breach of CRD
requirements are imposed by way of agreement.
? Where the CBI has imposed an RMP by way of agreement but it is not satisfied with
how a bank has delivered or where a bank has failed to deliver an RMP action, it can
escalate the matter by legally imposing the RMP (where a breach of CRD has
occurred) using its powers under Regulation 70 of S.I. 661/2006. To date the Central
Bank has had to use its powers once in this regard.
RMPs have been issued to all High Impact and certain Medium High Impact and Medium
Low Impact banks following risk assessment carried out by the Central Bank.
The Central Bank has used its powers under Regulation 70 of S.I. 661/2066 where deemed
appropriate. As part of its 2011 FMP and under Regulation 70 of S.I. 661 of 2006, the
Central Bank imposed additional capital requirements on credit institutions to cover
potential future loan losses to prevent potential breaches of minimum regulatory capital
requirements. See CP16 for link to FMP Report.
EC2
The supervisor has available
25
an appropriate range of supervisory tools for use when, in
the supervisor’s judgment, a bank is not complying with laws, regulations or supervisory
actions, is engaged in unsafe or unsound practices or in activities that could pose risks to
the bank or the banking system, or when the interests of depositors are otherwise
threatened.
Description and
findings re EC2
The CBI has a range of supervisory tools available to it when a bank is in breach of
legislative or regulatory requirements or is engaged in unsafe or unsound practices or in
activities that could pose risks to the bank or the banking system, or when the interests of
depositors are otherwise threatened. The supervisory tools available are the following:
Risk Mitigation Program
The CBI uses an RMP where it has identified issues which it requires a credit institution to
remediate. Such issues include:
? A breach of legislative or regulatory requirements
? Where an institution is engaged in unsafe or unsound practices or in activities that
could pose risks to the bank or the banking system
? When the interests of depositors are otherwise threatened
The RMP sets out the basis of the issue, the prescribed action for the credit institution to
take and the required outcome, and sets out a defined timeline for the action to be taken.
Legislative Tools
? Under Section 10 of the CBI Act 1971 the CBI has powers to impose conditions on
banking licences.
? Section 21 of the CBI Act 1971 allows the CBI to give a direction in writing to the
holder of a licence.
? Regulation 70 of S.I. 661 of 2006 requires the CBI to require any credit institution
that does not meet the requirements of any law of the State to take the necessary
25
Please refer to Principle 1.
IRELAND
102 INTERNATIONAL MONETARY FUND
actions or steps at an early stage to address the situation. Such steps could include
restricting or limiting the business of a bank; taking actions to reduce the risks in its
activities; applying specific provisioning policy; or imposing additional own funds
requirements in excess of the minimum required.
Supervisory Warning
CBI may issue Supervisory Warnings which are not underpinned by legislation. These are
non-public, and will set out the concerns which the CBI has in relation to certain activities.
Supervisory Warnings may be taken into account by the CBI in considering whether to
commence/take subsequent enforcement action against a particular entity, but may not be
taken into account in imposing sanctions following such action.
Supervisory Warnings may be imposed following a specific referral, or may be imposed in
the context of the ASP, where:
? The matter giving rise to concern is minor in nature;
? Immediate remedial action has been taken;
? Full cooperation has been received; and
? Other considerations supporting another enforcement approach do not apply.
Enforcement
Under its enforcement powers, the CBI has powers to investigate and take enforcement
actions against regulated entities that have failed to comply with relevant regulatory
requirements. The formal enforcement actions available to the CBI are:
(1) The administrative sanctions procedure under Part IIIC of the CBI Act 1942, which
permits the CBI to:
a) caution or reprimand,
b) direct the refund or withholding of money charged or paid for the
provision of a financial service,
c) direct payment to the CBI of an amount up to €5,000,000 for corporate
bodies and €500,000 for natural persons
26
,
d) disqualify natural persons from being concerned in the management of a
bank,
e) direct payment of all or part of the costs to the CBI of holding an inquiry
and investigating a matter,
f) direct persons to cease a contravention,
g) enter into a settlement with the relevant person;
(2) Fitness and Probity Investigations under Part 3 of the CBI Reform Act 2010, which
permit the CBI or Governor to suspend or prohibit a person from performing a
controlled function in a credit institution;
(3) Revocation of authorization of a bank (with Ministerial consent);
(4) Summary criminal prosecution.
Internal policies exist in relation to minimum thresholds that must be satisfied before an
Enforcement case is accepted and brought forward. However, there is no trigger for a
mandatory enforcement action, which is instead left to the judgment of supervisors. The
grounds for acceptance of a case into Enforcement are set out in the Enforcement Referral
26
As outlined further below, the Central Bank (Supervision and Enforcement) Act 2013 increased the maximum
amount of fines that may be imposed.
IRELAND
INTERNATIONAL MONETARY FUND 103
Process and are:
(a) Reliable grounds
The supervisors should have gathered sufficient evidence to demonstrate, on
reliable grounds, that a breach has (or a breach has more than likely) occurred. The
reliable grounds test is the legal test condition for a referral. ‘Reliable grounds’
means that sufficient evidence exists/has been gathered to show that it is likely that
a breach has occurred (i.e. the ‘evidential’ value of the referral).
(b) Policy grounds
Supervisors should have given sufficient consideration to the CBI’s statutory
objectives as articulated by its stated priorities. Supervisors will need to identify the
CBI’s objectives which are put at risk by the issues being referred, how the referral
supports the CBI’s strategic objectives and priorities, and a summary of the public
message which an administrative sanction would convey. This is the ‘policy grounds’
condition for a referral.
The CBI (Supervision and Enforcement) Act 2013 enhanced the range of sanctions available.
The level of fines was doubled for both firms and individuals, with an alternative calculation
of maximum fine for firms based upon 10% of annual turnover. This represents a significant
deterrent and thereby increases compliance generally.
The CBI’s approach to Enforcement proceedings is documented in its published Outline of
the Administration Sanctions Procedure and Inquiry Guidelines. The process of referring
cases from the banking supervisory divisions to Enforcement for consideration has been
formalized.
Resolution Powers
Under its Resolution powers and subject to certain conditions being met (including that the
CBI is satisfied that the bank concerned has failed or is likely to fail to meet a regulatory
requirement imposed by law, or a requirement or condition of its license, and that the CBI
is satisfied that there is a threat to the financial stability of the bank concerned or the
financial system in the State), the CBI also has the following powers:
(a) Appointment of a Special Manager
(b) Transfer of Engagements
(c) The ability to create a Bridge Bank
(d) Liquidation
(e) Powers to go to court to wind up a bank
The resolution powers conferred on the Governor of the CBI will only be used as a last
resort to bring about the orderly resolution of institutions that are about to fail or have
already failed.
European legislation applies in relation to bankruptcy of banks, e.g. 2011/48 – The
European Communities (Reorganization and Winding-up of Credit Institutions) Regulations
2011, together with the relevant parts of the Companies Acts for companies in liquidation.
The Resolution Act provisions might also apply if that Act is used to wind up the bank
concerned.
Appeals Process
The Irish Financial Services Appeals Tribunal was set up as outlined by the Central
Bank and Financial Services Authority of Ireland Act 2003. It acts like a court, but is outside
the normal court system. It is a forum that can hear appeals relating to some decisions
IRELAND
104 INTERNATIONAL MONETARY FUND
made by the CBI and has the authority to decide them.
The CBI has entered into settlement agreements and issued public notices for a number of
banks.
In its Financial Measures Project 2011, under regulation 70 of S.I. 661/2006, the Central
Bank required banks to hold capital in excess of the minimum set out in S.I. 661/2006, in
order for those banks to maintain adequate capital resources.
The Central Bank has issued Supervisory Warnings to a number of firms.
EC3
The supervisor has the power to act where a bank falls below established regulatory
threshold requirements, including prescribed regulatory ratios or measurements. The
supervisor also has the power to intervene at an early stage to require a bank to take action
to prevent it from reaching its regulatory threshold requirements. The supervisor has a
range of options to address such scenarios.
Description and
findings re EC3
The CBI has the power to intervene at an early stage to require a bank to take action to
prevent it from reaching its regulatory threshold requirements based primarily on the
following legal powers.
Regulation 70 of S.I. 661 of 2006, Section 21 of the Central Bank 1971 and Section 45 of the
Central Bank (Supervision and Enforcement) Act, 2013.
The CBI commences the corrective action process at an early stage through its RMP. The
RMP notices are sent promptly to the bank at the conclusion of supervisory activities that
disclose areas in need of attention by the bank. Supervisory Warnings are also being issued
at an early stage.
EC4
The supervisor has available a broad range of possible measures to address, at an early
stage, such scenarios as described in essential criterion 2 above. These measures include
the ability to require a bank to take timely corrective action or to impose sanctions
expeditiously. In practice, the range of measures is applied in accordance with the gravity
of a situation. The supervisor provides clear prudential objectives or sets out the actions to
be taken, which may include restricting the current activities of the bank, imposing more
stringent prudential limits and requirements, withholding approval of new activities or
acquisitions, restricting or suspending payments to shareholders or share repurchases,
restricting asset transfers, barring individuals from the banking sector, replacing or
restricting the powers of managers, Board members or controlling owners, facilitating a
takeover by or merger with a healthier institution, providing for the interim management of
the bank, and revoking or recommending the revocation of the banking license.
Description and
findings re EC4
In relation to the scenarios described in Essential Criteria 2 above, the Enforcement
measures available to the CBI include:
1. The ASP, which allows the CBI to:
a) caution or reprimand
b) direct the refund of monies charged or paid, or withholding of monies to
IRELAND
INTERNATIONAL MONETARY FUND 105
be charged or paid
c) direct payment to the CBI of an amount up to €5,000,000 for corporate
bodies and €500,000 for natural persons
27
d) disqualify natural persons from being concerned in the management of a
bank
e) direct payment of all or part of the costs to the Central Bank of holding an
inquiry and investigating a matter
f) direct persons to cease a contravention
g) enter into a settlement with the relevant person
2. Fitness and Probity Investigations under Part 3 of the Central Bank Reform Act 2010,
which permits the Central Bank or Governor to suspend or prohibit a person from
performing a controlled function in a credit institution
3. Revocation of authorization of a regulated financial service provider
4. Summary criminal prosecution
EC5
The supervisor applies sanctions not only to the bank but, when and if necessary, also to
management and/or the Board, or individuals therein.
Description and
findings re EC5
The CBI may initiate administrative sanctions proceedings against both the regulated entity
itself and against persons concerned in their management where they have “participated”
in a prescribed contravention (section 33AO of the 1942 Act). Such proceedings may be
progressed with regards to the regulated entity and person concerned in its management
individually and separately, or collectively, or against one but not the other. It is therefore
possible to impose sanctions following an ASP on a person concerned in the management
without having proceeded against the regulated entity. The sanctions which may be
imposed on individuals under Part IIIC of the 1942 Act have been outlined above, and
would include the ability to disqualify an individual from being concerned in the
management of a bank for such period as specified (section 33AQ(5)(c) of the 1942 Act).
The CBI has powers under the fitness and probity regime which allow the CBI to prohibit
persons who may exercise significant influence within regulated financial service providers
from performing all or part of a controlled function. Should a person be found not to be of
sufficient fitness and probity to perform a controlled function, the CBI or Governor may
issue a Prohibition Notice prohibiting a person from performing all or part of a controlled
function(s), having particular regard to the need to prevent potential serious damage to the
financial system in the State and ensure the continued stability of the system, and the need
to protect users of financial services (section 43 of the 2010 Act).
The CBI’s procedures relating to ASP and the fitness and probity regime have been
documented and published.
EC6
The supervisor has the power to take corrective actions, including ring-fencing of the bank
from the actions of parent companies, subsidiaries, parallel-owned banking structures and
other related entities in matters that could impair the safety and soundness of the bank or
the banking system.
Description and
findings re EC6
Regulation 70 of the S.I. 661 of 2006 states that the CBI shall require any bank that does
not comply with any law of the State giving effect to Directive 2006/48/EC to take
necessary action to address the issue. These steps can include taking an action restricting
27
The Central Bank (Supervision and Enforcement) Act 2013 increased the maximum amount of fines that may be
imposed.
IRELAND
106 INTERNATIONAL MONETARY FUND
or limiting the business of a bank.
Under Section 21 of the CBI Act 1971 the CBI can direct banks to take corrective and other
actions. The direction making powers are broad and specifically include: “On becoming
satisfied that it would be in the public interest to do so, or that a prescribed circumstance
exists in relation to the holder of a license, the Bank may, by direction given in writing,
require the holder to suspend, for a specified period not exceeding 6 months, any specified
banking activity except as authorized by the Bank.”
EC7
The supervisor cooperates and collaborates with relevant authorities in deciding when and
how to effect the orderly resolution of a problem bank situation (which could include
closure, or assisting in restructuring, or merger with a stronger institution).
Description and
findings re EC7
The CBI’s resolution powers require that before CBI intends to exercise its resolution power
in relation to an authorized credit institution that carries on business in a jurisdiction other
than that of the State, whether it carries on that business itself or through one or more
subsidiaries, the CBI should inform the corresponding authority in that other jurisdiction.
The revised CRD requires the establishment of colleges of supervisors, with a view to
reinforcing the efficiency and effectiveness of supervision of cross-border banking groups
and to facilitating the tasks of the consolidating supervisor and host supervisors. The
Central Bank participates in Supervisory Colleges, which promote stronger coordination
and cooperation whereby competent authorities reach agreement on key supervisory tasks.
These tasks include (but are not limited to):
? Exchanging information
? Views and assessments
? Voluntary work-sharing and delegation
? Developing a common understanding of the risk profile of the group at both the
group and solo levels
? Taking due account of macro-prudential risks
The Colleges also play a role in both the preparation for and handling of emergency
situations and crisis management.
For cooperation among domestic authorities there is also a MoU on Financial Stability
between the Central Bank and the Department of Finance entered into in 2007.
Additional
criteria
AC1
Laws or regulations guard against the supervisor unduly delaying appropriate corrective
actions.
Description and
findings re AC1
There are no legal provisions or regulations setting out timeframes for supervisors to take
action. Notwithstanding this, the CBI endeavors to act on a timely basis when dealing with
corrective action.
AC2
When taking formal corrective action in relation to a bank, the supervisor informs the
supervisor of nonbank related financial entities of its actions and, where appropriate,
coordinates its actions with them.
Description and
findings re AC2
The Central Bank informs the supervisors of nonbank related financial entities which are
supervised by the Central Bank of intended action and coordinates its actions with them.
In the case of one high impact bank, the bank supervisors coordinated its approach with
Insurance supervisors.
IRELAND
INTERNATIONAL MONETARY FUND 107
Assessment re
principle 11
Compliant
Comments
Principle 12 Consolidated supervision. An essential element of banking supervision is that the
supervisor supervises the banking group on a consolidated basis, adequately monitoring
and, as appropriate, applying prudential standards to all aspects of the business conducted
by the banking group worldwide.
28
Essential criteria
EC1
The supervisor understands the overall structure of the banking group and is familiar with
all the material activities (including nonbanking activities) conducted by entities in the
wider group, both domestic and cross-border. The supervisor understands and assesses
how group-wide risks are managed and takes action when risks arising from the banking
group and other entities in the wider group, in particular contagion and reputation risks,
may jeopardize the safety and soundness of the bank and the banking system.
Description and
findings re EC1
The Central Bank collects and analyses financial and other information which it considers
adequate to conduct consolidated supervision of banking groups. It collects this data both
on a consolidated basis for the banking group and on a solo basis, covering areas such as
capital adequacy, liquidity, large exposures, exposures to related parties, lending limits and
group structure. The legal platform is largely contained within S.I. 475 of 2009.
The Central Bank’s minimum frequency of supervision and level of intensity depend to a
large extent upon the PRISM Impact rating of the credit institution. The PRISM framework
that prescribes the supervisory activities to understand the overall group structure of High
impact banks is generally comprehensive. For High Impact banks, a range of activities
included in the supervisory plan (which is typically annual), will involve an assessment of
the activities across the wider banking group. An assessment of the organizational structure
by subsidiary with an explanation of activities and an analysis of financial statements forms
the basis of offsite supervision.
In terms of onsite activities, the following are part of the PRISM activities for a High impact
bank: (i) Financial Risk Reviews (minimum of six across a two year period) will consider
group structures and foreign operations; (ii) The Governance Category within PRISM
requires an assessment of group structure; and (iii) meetings with key personnel will
include a consideration of strategy, structure and activities across the banking group.
Supervisors have the ability to go beyond the minimum activities prescribed in PRISM. For
Medium-High and Medium-Low Impact banks, the key offsite supervision activities that
cover the structure and activities of the banking group are part of the Full Risk Assessment
(FRA) which is performed on at least a two to four year frequency. Recommendations or
conclusions are outlined in the FRA report are presented at the Risk Governance Panel
(RGP), after detailed desk-based analysis and onsite examinations have been completed.
The Central Bank applies a proportionate approach to supervision of an individual banking
group and relies on PRISM guidance and on the expert judgment of its supervisors to
decide the extent to which those risks require further examination. The Central Bank
reviews the main activities of parent companies, and affiliates (including nonbank), that
have a material impact on the safety and soundness of the banking group, and takes
28
Please refer to footnote 19 under Principle 1.
IRELAND
108 INTERNATIONAL MONETARY FUND
appropriate supervisory action. The extent of a review uses the same approach as outlined
above, i.e. a combination of the judgment of skilled supervisors with reference to the
guidance document for reviewing the wider activities including those of foreign offices
within the consolidated banking Group.
The Central Bank takes into account the effectiveness of supervision conducted in the host
countries in which its banks have material operations. Its policy on when or how it conducts
these reviews is to adopt a risk-based or proportionate approach, i.e. depending on the risk
impact score of the local institution and the materiality of the risks that arise from the
activities of foreign offices, and then decide the extent to which those risks require further
examination, with reference to the guidance material available to supervisors in PRISM. The
Central Bank visits the foreign offices periodically, the location and frequency being
determined by the risk profile and systemic importance of the foreign operation. The
Central Bank would generally meet the host supervisor during these visits.
The Central Bank reviews whether the oversight of a bank’s foreign operations by
management is adequate, having regard to their risk profile and systemic importance. It
also assesses whether any hindrance exists in host countries which could restrict either the
parent entity or the supervisors’ ability to access all the material information required of
foreign branches/subsidiaries. The College framework provides an effective mechanism for
information-sharing and meetings with relevant supervisors to understand the risks in cross
border operations.
The legal platform for consolidated supervision is largely S.I. 475 of 2009, in that it sets out
when consolidated supervision is applicable. Regulation 70 of S.I. 661 2006, which
transposes Article 136 of the CRD (2006/48) – provides the Central Bank with powers to
restrict or limit the business, operations or network of credit institutions, or oblige credit
institutions to hold own funds in excess of the minimum level set out in the Article 75 of
the CRD (2006/48 (transposed via Regulation 19 of S.I. 661 2006). There are also extra
direction-making powers in section 37 of the new Supervision and Enforcement Act 2013,
which allow the Central Bank to direct a bank to dispose of certain assets. This could be
used to direct a bank to take certain actions to alleviate the risk. Another avenue which is
clearly envisaged by S.I. 475 is to communicate and cooperate with the other relevant
competent authorities to alleviate any risks. Part 3 of the Act also provides powers, which
can be used outside the State and in relation to “related undertakings” of a regulated
financial service provider. Regulation 18 of S.I. 475 of 2009 relates to general information
gathering powers to request information relevant to its supervision of the banking group.
Part 3 of the Central Bank (Supervision and Enforcement) Act 2013 has extensive authorized
officer powers and general information gathering powers to “associated enterprises” when
the Central Bank is the consolidated supervisor. Regulation 20 of S.I. 475 of 2009 extends
the authorized officer powers. Section 21 of the Central Bank Act 1971 – direct to suspend,
for a period not lasting six months, the disposal or acquiring of assets
The extent and frequency of the offsite analysis will vary depending on the bank or group’s
PRISM impact rating and a minimum level of engagement and review is set out for each
impact rating. Supervisors of High Impact banks present analysis of the risks across the
overall group at least annually at RGPs and are attended by senior Central Bank personnel.
Medium High Impact RGPs are held on average every 3 years. The FRA details the material
risks of the credit institution and banking group (including nonbanking activities) and
assesses how effectively these are being managed within the group. Where actions are
IRELAND
INTERNATIONAL MONETARY FUND 109
identified as being required to mitigate any of these key risks which could jeopardise the
safety and soundness of the bank or the banking system (credit, liquidity,
capital/profitability etc.), they are agreed at these panel meetings before being clearly set
out in the SREP letter and attaching RMP.
EC2
The supervisor imposes prudential standards and collects and analyses financial and other
information on a consolidated basis for the banking group, covering areas such as capital
adequacy, liquidity, large exposures, exposures to related parties, lending limits and group
structure.
Description and
findings re EC2
The Central Bank imposes prudential standards on a consolidated basis and develops its
own specific Codes, which have the effect of imposing additional prudential standards on
institutions and banking groups by attaching these Codes to banking licenses as
appropriate. This framework is based on the prudential standards and requirements of all
credit institutions and banking groups as set out in the CRD (as transposed into Irish Law
via S.I. 661 of 2006). As regards to collecting financial information, the powers in regulation
20 of S.I. 475 of 2009 are relevant (together with the new enhanced powers in the 2013
Supervision and Enforcement Act). The direction making powers in the new Supervision
and Enforcement Act (Part 5) give a reach into this area – see section 37(3) of the Act. The
2013 Act provide a more comprehensive suite of powers.
The CBI has a defined “Framework for the Review and Monitoring of Prudential Data
Submitted by Credit Institutions” designed to provide the basis for the collection and
analyses of prudential data from credit institutions (both on a solo and consolidated basis
where a banking group exits) used to identify any prudential issues, inform and confirm its
understanding of the institution’s business model, etc.
The Central Bank collects and analyses financial and other information which it considers
adequate to ensure effective consolidated supervision of banking groups. The overall
framework of data consists of a number of returns (COREP, FINREP, Impairment, Liquidity,
Large Exposures, Sectoral Lending Limits, Funding, Related Party Lending and Deposit
Protection), all of which are reported on a quarterly basis by all banks and banking groups
supervised by the Central Bank. Depending on the nature of the data, the Central Bank can
require more frequent reporting, e.g. in the case of liquidity, banks are required to submit
this information monthly. Where the structure of the banking group warrants it, credit
institutions/banking groups are required to submit these both on a solo and consolidated
basis – see CP10 for more details.
The framework for each report consists of:
? A description of the report
? A description of supporting reports and query facilities for the report
? Details of any guidelines in place which support review of the report, together with
legal basis
? A description of the minimum review process required for each of the reports
In addition to the reporting framework used to assess the prudential standards imposed on
banks, the Central Bank interprets and sometimes enhances sections of the CRD or EBA
Guidelines and develops its own specific Codes, which have the effect of imposing
additional prudential standards on institutions and banking groups by attaching these
Codes to banking licences as appropriate.
Confirmation of the credit institution or banking group’s compliance with these Codes is
IRELAND
110 INTERNATIONAL MONETARY FUND
required on an annual basis, e.g. the 2010 Corporate Governance Code for Credit
Institutions and Insurance Undertakings.
EC3
The supervisor reviews whether the oversight of a bank’s foreign operations by
management (of the parent bank or head office and, where relevant, the holding company)
is adequate having regard to their risk profile and systemic importance and there is no
hindrance in host countries for the parent bank to have access to all the material
information from their foreign branches and subsidiaries. The supervisor also determines
that banks’ policies and processes require the local management of any cross-border
operations to have the necessary expertise to manage those operations in a safe and sound
manner, and in compliance with supervisory and regulatory requirements. The home
supervisor takes into account the effectiveness of supervision conducted in the host
countries in which its banks have material operations.
Description and
findings re EC3
The oversight of a bank’s foreign operations by parent/group management is reviewed by
the Central Bank on a proportionate basis, i.e. where the credit institution/banking group’s
risk profile and systemic importance warrants it. This oversight forms part of the
supervisory engagement by examiners with the credit institution. If a situation arises that
warrants an on-site inspection by the Central Bank of a foreign entity/branch, then this will
be carried out.
As part of the FRRs conducted in accordance with the PRISM engagement cycle (i.e.
annually for High Impact institutions) these risk assessments incorporate a review of the
activities of all subsidiaries and foreign operations as well as interaction with local host
supervisors.
For High Impact banks, the appropriateness of significant policies is assessed by the Central
Bank as part of the FRRs to ensure they are in line with group policies. In addition, the
expertise of those directing the business and managing cross border operations is
considered by the Central Bank, initially through the Fit and Proper checks performed when
key personnel are appointed in foreign operations. On an ongoing basis, an assessment of
management in foreign operations will be supplemented with discussions with other
supervisors. The College forms the basis of this engagement and for the High Impact banks
frequent engagement on a range of topics is performed. Examples of engagement with
overseas bank management through onsite visits evident.
For Medium High Impact banks and Medium Low Impact banks, the risks associated with
the activities of all foreign subsidiaries/branches, as well as those other foreign
activities/operations, may be reviewed on a more ad-hoc basis or as part of a themed
review of a specific risk. The requirement for any review of foreign operations is assessed
by supervisors having regard to both the risk profile and systemic importance of the
banking group to the banking system and the potential impact of the risks of foreign
operations to the banking group. The specific Central Bank examiner guidance material
prompts supervisors to at least consider the materiality of wider group or foreign office
activities on the banking group.
The Central Bank has a policy on how it assesses local jurisdiction hindrances to the
accessibility of information relevant to the branch or subsidiary operating in that
jurisdiction, either for the parent bank or home supervisor, and also how it assesses the
effectiveness of supervision in the host country.
Part 3 of the Central Bank (Supervision and Enforcement) Act has extensive authorised
officer powers.
IRELAND
INTERNATIONAL MONETARY FUND 111
EC4
The home supervisor visits the foreign offices periodically, the location and frequency
being determined by the risk profile and systemic importance of the foreign operation. The
supervisor meets the host supervisors during these visits. The supervisor has a policy for
assessing whether it needs to conduct on-site examinations of a bank’s foreign operations,
or require additional reporting, and has the power and resources to take those steps as and
when appropriate.
Description and
findings re EC4
The assessment of a bank’s foreign operations commences with a desk-based review of
material activities. Proportionality is then considered regarding the materiality of the
operations compared with the overall size. Information gathered from Supervisory Colleges
is a key input into this assessment. Formal documented guidance is available to supervisors
in PRISM which sets out high-level principles to be considered by supervisors when
assessing a bank’s foreign operations. For example:
a. To what extent a review of the activities of other entities (including
nonbanking) is required
b. How to assess those risks, the level of analysis and the approach to be
applied
c. Whether any action is needed to address unacceptable levels of risks or
activities in which affiliate operations, banking and nonbanking, are engaged
The guidance helps to ensure a consistent approach is applied to assess the level/extent of
supervision that the Central Bank expects supervisors to conduct in relation to the activities
of cross-border offices, including those of nonbanking entities within the group.
The Central Bank visits the foreign offices of institutions periodically, the location and
frequency being determined by the risk profile and systemic importance of the foreign
operation. The local supervisors are always informed of the intended on-site visit and given
the opportunity to attend the visit.
The legislative basis for the Central Bank’s oversight of branches operating in Ireland is set
out in the CRD, Articles 30–34 (transposed via S.I. 395 of 1992, Regulations 27, 29 and 34).
The legal basis of the CBIs capacity to visit foreign operations of regulated banks is derived
from Article 129 of the CRD (2006/48), as transposed via Regulation 67 of S.I. 661 2006,
stipulates that the consolidated supervisor has responsibility for coordinating the gathering
and dissemination of relevant or essential information, as well as the planning and
coordination of supervisory activities. Regulation 7 of S.I. 475 2009 transposes into Irish law
the provision outlined in Article 133 of the CRD (2006/48) and specifies that the
consolidated supervisor shall require full consolidation (on a proportionate basis) of all the
credit institutions and financial institutions which are subsidiaries of a parent undertaking.
EC5
The supervisor reviews the main activities of parent companies, and of companies affiliated
with the parent companies, that have a material impact on the safety and soundness of the
bank and the banking group, and takes appropriate supervisory action.
Description and
findings re EC5
A review of the activities of the parent is completed as part of assessing a bank license
application. This may result in a higher solvency ratio; a reduced large exposure limit to
affiliate or group companies; or other more onerous conditions attaching to the bank
license. Supervisors routinely reassess the ownership structure and the activities of the
parent as part of the FRR/FRA. The frequency of these FRAs is dependent on the PRISM
Impact rating of the bank. For High Impact banks the frequency for ongoing assessment of
the parent is included in the activities prescribed to be performed on an annual basis. For
Medium-High Impact this on average every three years in the FRA and less frequent for
IRELAND
112 INTERNATIONAL MONETARY FUND
lower impact rated banks.
Where it is considered that risks are increasing, examiners can take action up to and
including instructing the cessation of particular activities or the imposition of capital add-
ons, as well as other supervisory measures.
In respect of the activities of affiliated companies, these will be considered as part of the
ongoing assessment of the material risks to which an entity is exposed, e.g. where the
ancillary activity of an affiliated company could have a significant influence or may be
proving to be a strain on the consolidated groups liquidity position, and by extension the
liquidity of the entity, examiners can take action up to and including instructing the
cessation of particular activities or the imposition of capital add-ons, as well as other
supervisory measures.
Where the Central Bank identifies any potential concerns in relation to the activities of
parent companies or other affiliated companies at time of granting a licence to the banking
entity pursuant to Section 9 of the Central Bank Act 1971, it may attach conditions to that
licence in line with section 10 of the Central Bank Act 1971.
Article 140 of the CRD, as transposed by S.I. 475 of 2009, provides for consolidated
supervision of banking groups. Article 136 of the CRD, as transposed by Regulation 70 of
S.I. 661 2006, provides the power to undertake supervisory action. However, this power has
yet to be tested in respect of instructing any entity supervised by the Central Bank to cease
any activity at an affiliated company. There are currently no examples where a supervisor
has determined that an activity of an affiliated company has any materially adverse impact
on the safety and soundness of the bank or the banking group.
EC6
The supervisor limits the range of activities the consolidated group may conduct and the
locations in which activities can be conducted (including the closing of foreign offices) if it
determines that:
(a) the safety and soundness of the bank and banking group is compromised because
the activities expose the bank or banking group to excessive risk and/or are not
properly managed;
(b) the supervision by other supervisors is not adequate relative to the risks the activities
present; and/or
(c) the exercise of effective supervision on a consolidated basis is hindered
Description and
findings re EC6
The Central Bank has the power to limit the range and location of activities undertaken by
consolidating banking groups. This power is derived from Article 136 (a)-(e) of the CRD, as
transposed via Regulation 70.2 of S.I. 661 of 2006 which specifically addresses concerns in
relation to point (a), as Article 136 refers to these actions being used to address any
concerns the Central Bank, as consolidated supervisor, may have in relation to the group’s
compliance with Article 22 (transposed via Regulation 79 of S.I. 661 2006), which requires
robust governance arrangements at any credit institution for the managing and reporting
of all risks associated with the activities of that institution.
The examples provided by the CBI demonstrate how the activities which can be undertaken
by firms within Irish banking groups are restricted to those set out in the banking licence
application, and how all subsequent activities require the prior approval of the Central
Bank. Similarly, examples are provided:
IRELAND
INTERNATIONAL MONETARY FUND 113
? where a firm was instructed by examiners to cease any new lending activity, given
that it had breached Central Bank sectoral limits
? where the firm is required to seek the prior approval of the Central Bank for any new
activity as a condition of the licence
? where a firm was instructed to cease lending for apartment purchases and restricted
to providing property loans to a maximum Loan-to-Value of 80%.
EC7
In addition to supervising on a consolidated basis, the responsible supervisor supervises
individual banks in the group. The responsible supervisor supervises each bank on a stand-
alone basis and understands its relationship with other members of the group.
29
Description and
findings re EC7
As part of the Central Bank’s supervisory approach, individual licensed entities which are
part of Irish consolidated banking groups are supervised on both a solo and consolidated
basis in accordance with the requirements of the CRD. Regulatory reporting obligations are
imposed by the Central Bank on each individual bank within the group. As part of the
FRR/FRA, the group structure is always assessed and the relationship between all member
entities and their activities explained in the RGP Report.
Recital 13 of the CRD sets out how the capital requirements are to be applied both at solo
and consolidated level and refers to the specific CRD Articles 42, 131 and 141 in terms of
collaboration of supervisors and information-sharing. Article 130 of the CRD (2006/48/EC),
as transposed via Regulation 68 of S.I. 661 of 2006, provides for the immediate alerting by
the consolidated supervisor of the host competent authority where a situation arises within
the consolidated banking group which may jeopardise the stability of the financial system
in the host country.
Additional
criteria
AC1
For countries which allow corporate ownership of banks, the supervisor has the power to
establish and enforce fit and proper standards for owners and senior management of
parent companies.
Description and
findings re AC1
The Central Bank does not have the power to apply its Fitness and Probity regime to the
owners and senior management of parent companies with the exception of owners of the
parent company who are natural persons and are qualifying shareholders (greater than
10% shareholding) in the Irish licensed bank. However, the expertise of the parent company
senior management is reviewed during license applications and on an ongoing basis, as
part of the FRR/FRA. The extent of this assessment depends on the control that the parent
has over directing the activities of the banking business and the materiality of the impact of
the banking group on the Irish and global financial system. For example, where the banking
group could be considered to be Medium Low or Low Impact, assessment of the quality of
the management of a parent or owners of the banking group would not be considered a
priority. In the case of a High Impact bank, it is considered good practice to consider the
fitness and probity of the ownership and senior management of parent companies.
However, no official policy exists on this issue.
Article 135 of the CRD, as transposed via Regulation 69 of S.I. 661 of 2006, outlines that the
Member States shall require the persons directing the business of a financial holding
company be of sufficiently good repute and of sufficient experience to perform the duties.
This is reinforced in Regulation 17 of S.I. 475 2009, but only extends to the management of
29
Please refer to Principle 16, Additional Criterion 2.
IRELAND
114 INTERNATIONAL MONETARY FUND
a financial holding company – it does not extend to the “corporate” parent companies.
The Central Bank Supervisory & Enforcement Act 2013 includes a power to obtain
information from an unregulated parent and a right to require that a third-party skilled
person report be provided by an unregulated parent, including in respect of the senior
management. However, this appears to be the extent of these intended powers in relation
to non-regulated parent companies
There have been no such examples of the Central Bank attempting to enforce Fitness and
Probity standards at parent companies.
Assessment of
Principle 12
Compliant
Comments The CBI undertakes supervisory activities to understand the overall structure of the banking
group for which it is ultimately responsible and supervises and monitors material activities
(including nonbanking activities conducted by entities in the wider group, both domestic
and cross-border). Importantly, the CBI applies prudential standards on a group wide basis
where it is responsible for consolidated supervision.
The CBI takes action when risks arising from the banking group and other entities in the
wider group are identified as potentially jeopardizing the safety and soundness of the bank
and banking group. The Central Bank collects and analyses financial and other information
which it considers adequate to ensure effective consolidated supervision of banking
groups. Legislation provides the Central Bank with the scope to close branches or offices of
Irish Licensed banks in foreign jurisdictions. However, the legislation has not been tested to
the extent that it provides the power to the Bank to close foreign, affiliated, nonbanking
entities within banking groups.
Principle 13 Home-host relationships. Home and host supervisors of cross-border banking groups
share information and cooperate for effective supervision of the group and group entities,
and effective handling of crisis situations. Supervisors require the local operations of
foreign banks to be conducted to the same standards as those required of domestic banks.
Essential criteria
EC1
The home supervisor establishes bank-specific supervisory colleges for banking groups
with material cross-border operations to enhance its effective oversight, taking into
account the risk profile and systemic importance of the banking group and the
corresponding needs of its supervisors. In its broadest sense, the host supervisor who has a
relevant subsidiary or a significant branch in its jurisdiction and who, therefore, has a
shared interest in the effective supervisory oversight of the banking group, is included in
the college. The structure of the college reflects the nature of the banking group and the
needs of its supervisors.
Description and
findings re EC1
The Central Bank, through the transposition of relevant European legislation and its active
participation in Supervisory Colleges, shares information and cooperates with other
supervisors for the effective supervision of groups and group entities. The Supervisory
Colleges allow for the sharing of information and planning and coordination of supervisory
activities. In this regard, the Central Bank receives a significant amount of information on
banks for which it is a host supervisor.
The Central Bank holds Supervisory Colleges for all banking groups that have material
cross-border operations where it is the consolidating supervisor. The operation of these
Colleges is consistent with international standards. Membership of the College is
IRELAND
INTERNATIONAL MONETARY FUND 115
determined based on the nature (subsidiaries or branches) and significance of the cross-
border entities and is consistent with the criteria for the establishment of Colleges.
At present the Central Bank is the consolidated supervisor for AIB plc. and The Governor
and Company of the Bank of Ireland (BoI), and is the European consolidating supervisor for
Citibank Europe plc. In addition to the College setting, the Central Bank engages in bilateral
information sharing with other supervisors where deemed relevant; it has established MoUs
with a number of other supervisors. Where it is the consolidating supervisor (AIB and BoI),
the Central Bank evidenced frequent contact with foreign supervisors.
At present there are no formal processes for the exchange of information with other
regulators; however, the College setting and the Central Bank’s bilateral relationships
ensure that it receives the necessary information to carry out its role. In addition, the
Colleges allow for the establishment of an agreed communication strategy and the
development of a framework for cross-border crisis cooperation and coordination.
Subsidiaries of overseas banks operating in Ireland are subject to the same basic standards
as those applied to domestic institutions; however, the requirements imposed on domestic
institutions may be more onerous given their systemic importance and risk profile. The
Central Bank has on-site access to overseas subsidiaries and branches of institutions where
it is the consolidating supervisor, and would inform the host supervisor in advance of any
such visits. In relation to third country supervisors, information is shared with those
supervisors where there is a MoU in place. If the Central Bank was to take action based on
information provided by another supervisor, it would (to the extent possible) consult with
that supervisor beforehand.
At present, all banks (with the exception of two) for which the Central Bank is a host
supervisor are subject to consolidated supervision at the parent level.
EC2
Home and host supervisors share appropriate information on a timely basis in line with
their respective roles and responsibilities, both bilaterally and through colleges. This
includes information both on the material risks and risk management practices of the
banking group
30
and on the supervisors’ assessments of the safety and soundness of the
relevant entity under their jurisdiction. Informal or formal arrangements (such as
memoranda of understanding) are in place to enable the exchange of confidential
information.
Description and
findings re EC2
The Central Bank uses both the College setting and bilateral communications to ensure
that all relevant information is shared in a timely manner. The most significant element of
the College forum is that the members communicate their risk assessment of the entities
under their supervision. In this regard the Central Bank utilises the templates set out in the
CEBS Guidelines for the Joint Assessment of the Elements Covered by the SREP and the
Joint Decision Regarding the Capital Adequacy of Cross-Border Groups. These templates
require each supervisor to set out its assessment of the entity under headings such as
financial position; business and risk strategy; internal governance; and individual risk types.
These assessments are fully discussed as part of the college forum and are the main input
into the overall Joint Risk Assessment Decision (JRAD).
30
See Illustrative example of information exchange in colleges of the October 2010 BCBS Good practice principles on
supervisory colleges for further information on the extent of information sharing expected.
IRELAND
116 INTERNATIONAL MONETARY FUND
The Central Bank has signed agreements with the members of the Colleges. The
Agreements cover the exchange of information and confidentiality.
Outside of the College setting, the Central Bank has an MoU process in place for formal
‘exchange of information’ with other supervisors. Rather, the exchange of information
occurs on an ad-hoc basis based on requests from to the home supervisor. Given the
nature of the banking groups of which the Central Bank is the consolidating supervisor, i.e.
a limited number of foreign entities, this process is deemed sufficient at present.
Where the Central Bank is a host supervisor it is not party to any formal exchange of
information processes; however, membership of supervisory colleges provides the host
supervisor with significant levels of information. Additionally, the Central Bank has obtained
information through bilateral agreements with other regulators and thus, to date, the lack
of a formal exchange of information process has not hindered its ability to receive the
necessary information from the home supervisor.
Colleges have been established for both AIB and BOI and it is clear from both the Joint Risk
Assessment Documents and the minutes of the meetings that information is shared with all
members of the college. In addition, the records of the regular bilateral and multilateral
teleconference calls provide further evidence of the sharing of information on a timely
manner.
EC3
Home and host supervisors coordinate and plan supervisory activities or undertake
collaborative work if common areas of interest are identified in order to improve the
effectiveness and efficiency of supervision of cross-border banking groups.
Description and
findings re EC3
The Central Bank has established annual plans for Colleges which seek to align the work of
the individual members to facilitate the Joint Decision, identify areas of commonality where
joint work can be undertaken, and agree the meeting schedule and timelines for
submission of information. As part of its ongoing supervisory activities, the Central Bank
considers the risk emanating from foreign subsidiaries or branches of Irish institutions. In
line with its risk-based approach to supervision, the Central Bank will focus its resources on
those areas of risk that pose the greatest threat to the institution. In this regard, the Central
Bank has carried out inspection work in foreign offices of Irish banks. However, as very few
Irish banks have foreign subsidiaries or branches, the requirement for inspections of
foreign offices is very low.
Supervision plans are agreed during the annual RGP which precedes the Supervisory
College allowing host supervisors an understanding of the Central Bank’s plans for the
forthcoming year. The Central Bank obtains the supervisory plans from host supervisors
which allows for a degree of coordination and planning. There were recent examples where
the Central Bank had an awareness of Fit & Proper assessments by key Host Supervisors.
Article 129(1)(b) of the CRD, as transposed by Regulation 67(1) of S.I. 661 of 2006, provides
the legal basis for the establishment of supervisory colleges and the reaching of a joint
decision.
EC4
The home supervisor develops an agreed communication strategy with the relevant host
supervisors. The scope and nature of the strategy reflects the risk profile and systemic
importance of the cross-border operations of the bank or banking group. Home and host
supervisors also agree on the communication of views and outcomes of joint activities and
college meetings to banks, where appropriate, to ensure consistency of messages on
group-wide issues.
IRELAND
INTERNATIONAL MONETARY FUND 117
Description and
findings re EC4
The supervisory plan sets out clearly the ongoing communication between the college
members including both the regular teleconferences and the submission of information for
the Joint Risk Assessment. The communication strategy is based on the relative importance
and riskiness of the entities under supervision, with a higher intensity of communication
with regulatory authorities responsible for oversight of those entities that pose the highest
risk level or that are the most systemically important.
In relation to the communication of views and outcomes to the banks, this is discussed as
part of the underlying exercise, i.e. inspection, risk assessment, etc. In the situation where
the College members or a subgroup of the members undertakes a body of work, the
substance of communications to the bank will be agreed by all relevant supervisors in
advance of any communication.
Article 129 of the CRD, as transposed by Regulation 67 of S.I. 661 of 2006, provides the
legal basis for the establishment of Supervisory Colleges and the reaching of a joint
decision.
The college plans set out clearly the anticipated level of communication between College
members. In relation to the communication of information to the bank, the records show
the agreement of the members of Colleges on the information issued to the bank.
EC5
Where appropriate, due to the bank’s risk profile and systemic importance, the home
supervisor, working with its national resolution authorities, develops a framework for cross-
border crisis cooperation and coordination among the relevant home and host authorities.
The relevant authorities share information on crisis preparations from an early stage in a
way that does not materially compromise the prospect of a successful resolution and
subject to the application of rules on confidentiality.
Description and
findings re EC5
Within the Central Bank there is a dedicated Special Resolutions Unit (SRU) which liaises
with the Banking Supervision Divisions where issues are seen to be arising that may
threaten the ongoing viability of a bank.
The Central Bank is a member of a Cross Border Stability Group (CBSG) which comprises
the Irish Department of Finance; the UK’s Prudential Regulatory Authority; the Bank of
England; and Her Majesty’s Treasury. The purpose of the CBSG is to share information
relating to Irish banks that have significant operations in the UK. This group was
established during the crisis as a conduit to coordinate and cooperate their efforts and
share information.
Where the Central Bank is the home supervisor in a College setting, it has established
cross-border crisis management frameworks with the other members of the College. These
frameworks cover:
? the definition of “Emergency Situation”;
? communication between supervisors in an emergency situation;
? coordinated supervisory response;
? external communications;
? simulation exercises; and
? contingency planning.
These frameworks are reviewed on an annual basis (at minimum) to ensure they continue
to be up to date and relevant.
IRELAND
118 INTERNATIONAL MONETARY FUND
The Central Bank recently signed a Cooperation Agreement with Federal Deposit Insurance
Corporation FDIC and an agreement to share information.
EC6
Where appropriate, due to the bank’s risk profile and systemic importance, the home
supervisor, working with its national resolution authorities and relevant host authorities,
develops a group resolution plan. The relevant authorities share any information necessary
for the development and maintenance of a credible resolution plan. Supervisors also alert
and consult relevant authorities and supervisors (both home and host) promptly when
taking any recovery and resolution measures.
Description and
findings re EC6
While the Central Bank received the power to request recovery plans and to produce
resolution plans under the CBCIR Act 2011 in October 2012, a local recovery and resolution
plan regime has not yet been implemented. The CBCIR has not yet been used to resolve an
authorized credit institution in this jurisdiction. The recovery plan aspect of the legislation
has yet to be fully implemented. It should be noted that the Central Bank’s implementation
may be deferred pending a review of the proposed arrangements under an EU proposed
Directive on Crisis Management and Bank Resolution. Section 93(1) of the CBCIR Act 2011
allows the Central Bank to prepare a Resolution Report where it has previously requested a
Recovery Plan from a credit institution.
While there are some national authorities making progress in relation to the production of
recovery plans for G-SIFIs the Central Bank is awaiting EU/international developments in
the area, especially with respect to the CRD, Notwithstanding this and in line with EBA
recommendations, the Central Bank has requested recovery plans from two high impact
credit institutions.
EC7 The host supervisor’s national laws or regulations require that the cross-border operations
of foreign banks are subject to prudential, inspection and regulatory reporting
requirements similar to those for domestic banks.
Description and
findings re EC7
All banks licensed by the Central Bank are subject to the same laws and regulations;
therefore, the cross-border operations of foreign banks are subject to the same prudential,
inspection and regulatory requirements as domestic banks.
In relation to EU branches, the level of regulatory oversight is much less than that for a
bank licensed by the Central Bank. In the case of branches, the Central Bank’s oversight is
limited to AML, Liquidity and Conduct of Business supervision. In certain instances, the
branches are granted a Liquidity Concession Waiver whereby liquidity oversight is the
responsibility of the home regulator at the level of the parent rather than the Central Bank.
At present, there are no third-country branches in Ireland; however, if one was established,
the Central Bank would undertake a significantly higher level of oversight than for EU
branches.
Licensed Banks
In order to hold a banking license issued by the Central Bank the entity is required to
comply with all relevant legislation, including (but not limited) to the CRD (as transposed
into Irish law by various S.I.s) and the Central Bank Acts. In addition, the Central Bank may
issue regulatory notices with which the entity must comply, e.g. the Corporate Governance
Code for Credit Institutions and Insurance Undertakings; the Requirements for the
Management of Liquidity Risk; etc. The Central Bank has also informed all credit institutions
that, unless otherwise stated, any guidelines issued by CEBS/EBA are Central Bank
guidelines.
IRELAND
INTERNATIONAL MONETARY FUND 119
Branches
The legislative basis for the Central Bank’s oversight of branches is as set out in the CRD in
Articles 29–34 (S.I. 395 of 1992, Regulations 27, 29 and 34).
The majority of banks operating in Ireland are cross-border operations of foreign banks.
Supervision of these institutions is carried out in accordance with PRISM, which sets out the
minimum level of engagement with banks. There is no differentiation within PRISM based
on the location of the parent institution. The RGP Papers for cross-border banks provide
confirmation that they are not regulated any differently to domestic banks of the same
impact rating.
Branches
Where a Liquidity Concession Waiver has not been granted, branches must comply with
Central Bank liquidity requirements, including reporting requirements.
EC8 The home supervisor is given on-site access to local offices and subsidiaries of a banking
group in order to facilitate their assessment of the group’s safety and soundness and
compliance with customer due diligence requirements. The home supervisor informs host
supervisors of intended visits to local offices and subsidiaries of banking groups.
Description and
findings re EC8
The Central Bank has the power and right to on-site access to local (Irish) offices and
subsidiaries of a banking group. In this regard, the Central Bank liaises closely with
supervisors of foreign subsidiaries and branches, and has conducted overseas inspections
with the agreement of those foreign supervisors. Part 3 of the Central Bank (Supervision
and Enforcement) Act 2013 provides the legal basis for such powers.
A cross-border onsite inspection will be undertaken where the Central Bank has
determined that the foreign entity poses a risk to the Central Bank’s statutory role of
ensuring financial stability. In this regard, the Central Bank evidenced a number of such
assessments in recent years that had been conducted. In situations where the Central Bank
is the host supervisor it has facilitated onsite assessments by the home regulator, e.g. FSA,
BaFin, Bundesbank.
EC9 The host supervisor supervises booking offices in a manner consistent with internationally
agreed standards. The supervisor does not permit shell banks or the continued operation
of shell banks.
Description and
findings re EC9
There are currently no booking offices within the Irish jurisdiction; however, if one were to
be established, the Central Bank would adhere to internationally-agreed standards. In
relation to shell banks, the Central Bank would not approve or allow the continued
operation of such an entity. Section 8 of the Central Bank Act 1971 prohibits the carrying
on of banking business without a license.
EC10 A supervisor that takes consequential action on the basis of information received from
another supervisor consults with that supervisor, to the extent possible, before taking such
action.
Description and
findings re EC10
The Central Bank, as good practice, would inform another supervisor that it intends to take
action as a result of information provided by the other supervisor.
Assessment of
Principle 13
Compliant
Comments
B. Prudential regulations and requirements
IRELAND
120 INTERNATIONAL MONETARY FUND
Principle 14 Corporate governance. The supervisor determines that banks and banking groups have
robust corporate governance policies and processes covering, for example, strategic
direction, group and organizational structure, control environment, responsibilities of the
banks’ Boards and senior management,
31
and compensation. These policies and processes
are commensurate with the risk profile and systemic importance of the bank.
Essential criteria
EC1
Laws, regulations or the supervisor establish the responsibilities of a bank’s Board and
senior management with respect to corporate governance to ensure there is effective
control over the bank’s entire business. The supervisor provides guidance to banks and
banking groups on expectations for sound corporate governance.
Description and
findings re EC1
The Central Bank has, in its Corporate Governance Code for Credit Institutions and
Insurance Undertakings (the Code), set out clearly defined corporate governance
requirements which must be adhered to by all credit institutions. These requirements are
proportionate, with 'major institutions', as defined, having more stringent requirements
imposed on them. The responsibilities of Board (and the Chief Executive) are detailed in the
Code.
The Code provides that the Board shall be responsible for appointing a CEO and senior
management with appropriate integrity and adequate knowledge, experience, skill and
competence for their roles. In addition, the Board shall be responsible for endorsing the
appointment of people who may have a material impact on the risk profile of the
institution and monitoring on an ongoing basis their appropriateness for the role. The
Code also provides that the Board shall ensure that there is an appropriate succession plan
in place.
The Code requires that all institutions shall have robust governance arrangements which
include a clear organizational structure with well defined, transparent and consistent lines
of responsibility; effective processes to identify, manage, monitor and report the risks to
which it is or might be exposed; adequate internal control mechanisms, including sound
administrative and accounting procedures; adequate IT systems and controls; and
remuneration policies and practices that are consistent with and promote sound and
effective risk management both on a solo basis and at group level.
Through the Code, the Central Bank has the power to require changes in the composition
of the bank’s Board if it believes that any individuals are not fulfilling their duties related to
the satisfaction of these criteria.
The Code requires the Board to set the business strategy for the institution, understand the
risks to which the institution is exposed and establish a documented risk appetite for the
institution. The appetite shall be expressed in qualitative terms, and shall also include
quantitative metrics to allow the tracking of performance and compliance with agreed
strategy (e.g. Value at Risk (VaR), leverage ratio, range of tolerance for bad debts,
acceptable stress losses, economic capital measures, etc.). The risk appetite is subject to
annual review by the Board.
Compliance with the Corporate Governance requirements is assessed by supervisors on a
31
Please refer to footnote 27 under Principle 5.
IRELAND
INTERNATIONAL MONETARY FUND 121
routine basis and action is taken where issues of non-compliance are identified. A
contravention of the Code may result in the Central Bank using any of its regulatory
powers.
With respect to remuneration, the Central Bank has implemented the FSB standards for
compensation transposed into Irish law via S.I. 625 2010, effective from 1 January 2011.
Supervisors ensure that significant financial institutions’ compensation systems give
appropriate consideration to risk, capital, liquidity and the likelihood and timeliness of
earnings on an ongoing basis, through the utilization of supervisory methods. Examples of
remedial action required include overhauls of remuneration policies and implementation of
new remuneration processes to ensure the banks’ compensation systems give appropriate
consideration to risk, capital and liquidity.
The Pillar III disclosures are assessed to ensure the remuneration disclosures have been
made where appropriate (e.g., this may not be required for subsidiaries of a large EU parent
which includes the subsidiaries’ disclosures in the group disclosures).
The Corporate Governance Code was introduced as a condition to which institutions are
subject pursuant to:
? Section 10 of the Central Bank Act 1971
? Section 16 of the Asset Covered Securities Act 2001
? Section 17 of the Building Societies Act 1989
? Section 24 of the Insurance Act 1989
? Regulation 12 of the European Communities (Reinsurance) Regulations 2006 (S.I No.
380 of 2006).
The Central Bank is given extensive powers as regards the fitness and probity of the
directors by Part 3 of the Central Bank Reform Act 2010.
EC2
The supervisor regularly assesses a bank’s corporate governance policies and practices,
and their implementation, and determines that the bank has robust corporate governance
policies and processes commensurate with its risk profile and systemic importance. The
supervisor requires banks and banking groups to correct deficiencies in a timely manner.
Description and
findings re EC2
Minimum supervisory activities are prescribed in PRISM and are proportionate to the
impact rating assigned to a bank. For High Impact banks, a full governance review should
be conducted at least once every two years. In Medium High Impact institutions, it should
be reviewed at least once every two-to-four years as part of an FRA. PRISM includes
guidance for supervisors regarding suggested activities to perform when assessing
governance and include a mix of on-and offsite activities. Guidance material also includes
suggested agenda items for meetings with senior management.
For High Impact banks, the annual cycle of meetings with the Board and senior
management provide the basis for assessing the adequacy of corporate governance. The
annual engagement includes meetings with the Chair of the Board and the senior non-
executive (independent) director. Preparation for the meeting will typically involve
obtaining board minutes and board packs for the last year which will be reviewed to assess
the quality of management information submitted to the Board. Supervisors will also meet
with senior management such as the CEO, CFO and CRO where corporate governance
issues will be considered and discussed. Meetings with the Board and senior management
for Medium-High banks is closely aligned with an annual cycle, although for medium Low
Impact banks the frequency is 18 months and for Low Impact banks there is no prescribed
IRELAND
122 INTERNATIONAL MONETARY FUND
frequency for meetings with the Board or senior management. Nonetheless, the supervisor
may conduct engagements if a risk is identified.
For High Impact banks, policies and procedures will be reviewed as part of the preparation
for Financial Risk Reviews which are performed frequently across a two year cycle (six FRRs
are conducted every two years – see CP 8&9 for a fuller explanation of the FRR). For
Medium-High banks a full review of governance will be performed as part of the FRA which
is performed at a minimum 2-4 years. Material policies and procedures will be assessed as
part of the governance review. For banks with an impact rating of Medium-Low and Low,
there is no prescribed minimum frequency for receipt or assessment of policies and
procedures.
For High Impact banks, the supervisor will include an assessment of a bank’s annual report
which includes information relating to corporate governance such as number of meetings
and Board attendance.
For High Impact and Medium-High Impact banks, the ICAAP is assessed annually. Included
in the ICAAP assessment is a review of key policies and procedures. An ICAAP assessment is
not required to be conducted annually for Medium Low and Low impact banks, instead a
Self-Assessment Questionnaire (SAQ) is completed by the bank and submitted to the
Central Bank. The SAQ includes a high level overview of ICAAP information and details on
governance such as the institution’s definition of Governance Risk and how this is
managed. This is reviewed by the Supervision Team and discussed with the institution’s
management team as required. Meetings with senior management on an individual basis
are scheduled every 18 months at minimum. Meetings with the internal audit function take
place for High and Medium High Impact banks, to gain insight into some of a bank’s
internal controls.
On occasion, Banking Supervision conducts thematic reviews which provide a useful source
for benchmarking analyses to be performed across institutions
For banks with an Impact rating of Medium-Low and Low the approach to assessing
corporate governance is reactive and will not include an assessment of policies and
procedures unless a risk is identified. Under the requirements of the Code any institution
which becomes aware of a material deviation from the Code shall, within 5 business days,
report the deviation to the Central Bank, advising of the background and the proposed
remedial action. The Central Bank also requires each institution, irrespective of PRISM
rating, to submit an annual compliance statement as set out at Section 25, in accordance
with any guidelines issued by the Central Bank, specifying whether the institution has
complied with the Code. The statement is signed by the Board.
Information enabling an examiner to evaluate an institution’s corporate governance
structures is not as readily available as with quantitative-based risks, as regular regulatory
reporting is, by and large, redundant for the purpose of governance reviews. However,
there are many other sources which examination teams can use to properly evaluate the
effectiveness of an institution’s corporate governance. Information is obtained through
observation and ad-hoc bilateral engagements/meetings, from the production of Central
Bank MI reports on regulated firms, and during the SREP engagement/FRA. Oversight
committees, responsibilities, reporting lines and interactions between stakeholders are
usually examined as part of this engagement.
IRELAND
INTERNATIONAL MONETARY FUND 123
For High and Medium High Impact banks, the frequency and range of supervisory activities
provides the supervisor with a regular assessment of corporate governance. For those
banks assigned a rating of Medium-low and Low, the range and frequency of supervisory
activities to assess governance is not adequate to assess the robustness of governance.
EC3
The supervisor determines that governance structures and processes for nominating and
appointing Board members are appropriate for the bank and across the banking group.
Board membership includes experienced non-executive members, where appropriate.
Commensurate with the risk profile and systemic importance, Board structures include
audit, risk oversight and remuneration committees with experienced non-executive
members
Description and
findings re EC3
The Central Bank determines that governance structures and processes for nominating and
appointing Board members are appropriate for the bank and across the banking group
through:
? Governance reviews;
? Reviewing minutes of Board & sub-committees;
? Attendance in an observation capacity at meetings;
? Reviewing Management Information that goes to the Board and sub-committees;
? Other reviews, such as Operational Risk Framework reviews, Outsourcing reviews or
specific thematic reviews.
With respect to the appropriate nomination and appointing of board members, the Code
requires the following:
? The Board shall be responsible for endorsing the appointment of people who may
have a material impact on the risk profile of the institution, and monitoring on an
ongoing basis their appropriateness for the role.
? The Board shall be responsible for either the appointment of non-executive directors
or, where appropriate, identifying and proposing the appointment of non-executive
directors to shareholders. The Board shall ensure that non-executive directors are
given adequate training about the operations and performance of the institution.
The Board shall routinely update the training as necessary to ensure that they make
informed decisions.
? The majority of the board shall be independent non-executive directors (this may
include the Chairman). However, in the case of institutions that are subsidiaries of
groups, the majority of the Board may be group non-executive directors, provided
that in all cases the subsidiary institution shall have at least two independent non-
executive directors, or such greater number as is required by the Central Bank.
? The Board shall review Board membership at least once every three years.
Institutions shall formally review the membership of the Board of any person who is
a member for nine years or more. It shall document its rationale for any continuance,
and so advise the Central Bank in writing.
Adherence by institutions to the Code is monitored on an ongoing basis by supervisors,
and action is taken where institutions have been found to be in breach of the Code. In
addition to ongoing supervision and in conjunction with PRISM, specific governance
reviews will also be carried out to determine compliance. The Central Bank also requires
each institution to submit an annual compliance statement as set out at Section 25 of the
Code, in accordance with any guidelines issued by the Central Bank, specifying whether the
institution has complied with the Code.
IRELAND
124 INTERNATIONAL MONETARY FUND
With respect to board structures the code requires the following:
? The Board shall establish, at a minimum, both an audit committee and a risk
committee (except where it is part of a wider group, in which case it may rely on
those group committees). Where appropriate, the Board should consider the
appointment of a Remuneration Committee and/or Nomination Committee. Major
institutions are required to establish Audit, Risk, Remuneration and Nomination
Committees. The non-executive directors and, in particular, independent non-
executive directors shall play a leading role in these committees; where the functions
are carried out at group level, they shall play a leading role in satisfying the Board
that the institution’s audit and risk functions are adequately carried out.
? An Audit Committee shall be composed of non-executive directors, the majority of
directors being independent. The Risk Committee shall ensure that there is an
appropriate representation of non-executive and executive directors which is
appropriate to the nature, scale and complexity of the business of the institution.
Where possible, all members of the Remuneration Committee shall be independent
non-executive director; in any event, the majority of members of the Committee
shall be independent non-executive directors. The majority of members of the
Nomination Committee shall be independent non-executive directors.
In addition to the board’s requirements, the Code also requires major institutions to
establish Nomination Committees. Under the Code, Nomination Committees are required
to:
? make recommendations to the Board on all new appointments of both executive
and non-executive directors; and
? in considering appointments the Nomination Committee, prepare a comprehensive
job description, taking into account for board appointments, the existing skills and
expertise of the Board and the anticipated time commitment required.
The Supervisor will review the Nomination Committee’s terms of reference to determine its
suitability and fitness for purpose as part of the Governance review. This assessment will be
performed in line with the PRISM engagement model. Examples were evidenced where the
Central Bank had actively considered board composition as an ongoing part of their
assessment of governance. The frequency of these reviews are based on the PRISM model
and range from annual in the case of High Impact banks to 2-4 years for Medium-High and
only reactively for Medium –Low and Low Impact banks.
EC4
Board members are suitably qualified, effective and exercise their “duty of care” and “duty
of loyalty.”
32
32
The OECD (OECD glossary of corporate governance-related terms in “Experiences from the Regional Corporate
Governance Roundtables”, 2003, www.oecd.org/dataoecd/19/26/23742340.pdf.) defines “duty of care” as “The duty
of a board member to act on an informed and prudent basis in decisions with respect to the company. Often
interpreted as requiring the board member to approach the affairs of the company in the same way that a ’prudent
man’ would approach their own affairs. Liability under the duty of care is frequently mitigated by the business
judgment rule.” The OECD defines “duty of loyalty” as “The duty of the board member to act in the interest of the
(continued)
IRELAND
INTERNATIONAL MONETARY FUND 125
Description and
findings re EC 4
Part 3 of the Central Bank Reform Act 2010 gives extensive powers to the Central Bank in
relation to those persons who perform “controlled functions” (CFs) and “pre-approval
controlled functions” (PCFs). Under the Fitness and Probity Regime, a Director is a PCF.
Before an institution can appoint a person to a PCF, the Central Bank must have approved
the appointment in writing. The approval process requires the submission of an individual
questionnaire, which contains a section on ‘Professional Experience, Educational
Qualifications, Professional Memberships and Relevant Training’. The Central Bank also has
the power to call PCF applicants for interview.
In addition, PCFs are required to comply with the Standards of Fitness and Probity and the
institution must confirm, after carrying out the necessary due diligence, that it is satisfied
on reasonable grounds that those persons are compliant with the Fitness and Probity
Standards and that they have obtained those persons’ written agreement to abide by the
Fitness and Probity Standards. The Standards require individuals to be:
a) Competent and capable (this standard requires individuals to have the appropriate
qualifications);
b) Honest, ethical and to act with integrity; and
c) Financially sound.
The effectiveness of Board members is assessed on an ongoing basis through a review of
Board minutes and meetings with members of the Board for High and Medium High banks.
In addition, for High Impact banks, supervisors may attend Board meetings (in particular,
supervisors attended a number of Board meetings of all High Impact banks after the
financial crisis).
All Board appointments must be made in accordance with Fitness and Probity standards.
Interviews with directors allows for further assessment, but may not be explicitly focused on
"duty of care" and "duty of loyalty.”
EC5
The supervisor determines that the bank’s Board approves and oversees implementation of
the bank’s strategic direction, risk appetite
33
and strategy, and related policies, establishes
and communicates corporate culture and values (e.g. through a code of conduct), and
establishes conflicts of interest policies and a strong control environment.
Description and
findings re EC5
The Central Bank has set out in its Corporate Governance Code corporate governance
requirements in relation to strategy, risk appetite and related policies that are required to
be adhered to by all credit institutions. Adherence by institutions to the Code is monitored
on an ongoing basis by supervisors through various supervisory activities. Action is taken
where institutions have been found to be in breach of the Code. In addition to ongoing
supervision and in conjunction with PRISM, specific governance reviews will also be carried
out to determine compliance. The Central Bank also requires each institution to submit an
annual compliance statement as set out at Section 25 of the Code, in accordance with any
guidelines issued by the Central Bank, specifying whether the institution has complied with
company and shareholders. The duty of loyalty should prevent individual board members from acting in their own
interest, or the interest of another individual or group, at the expense of the company and all shareholders.”
33
“Risk appetite” reflects the level of aggregate risk that the bank’s Board is willing to assume and manage in the
pursuit of the bank’s business objectives. Risk appetite may include both quantitative and qualitative elements, as
appropriate, and encompass a range of measures. For the purposes of this document, the terms “risk appetite” and
“risk tolerance” are treated synonymously.
IRELAND
126 INTERNATIONAL MONETARY FUND
the Code.
However, the Code does not refer to corporate culture and values. Corporate culture and
values are reviewed as a PRISM governance risk sub-category, and guidance is providers to
the supervisors for the assessment of same.
Supervisors also assess the role of the board in approving strategy, risk appetite, policies,
etc., In addition, for all High Impact banks, the Deputy Governor (Financial Regulation) and
the Director of Credit Institutions Supervision meet with Board members on an ad-hoc
basis to discuss issues including strategy implementation, e.g. mortgage arrears resolutions
strategy and asset deleveraging.
For banks with an Impact rating of Medium-Low and Low, the process to determine that
Boards are discharging their responsibilities in relation to the requirements in the Code
(e.g. approves and oversees implementation of the bank’s strategic direction, risk appetite
34
and strategy, and related policies) is through receipt and review of an annual compliance
statement asserting a self assessment by management. While the supervisor will meet
periodically with the bank, testing through onsite examination or supporting evidence of
compliance is not conducted by the Central Bank. In the case of Low Impact banks, the
entire population of which are foreign bank branches, these credit institutions do not have
a Board.
EC6
The supervisor determines that the bank’s Board, except where required otherwise by laws
or regulations, has established fit and proper standards in selecting senior management,
maintains plans for succession, and actively and critically oversees senior management’s
execution of Board strategies, including monitoring senior management’s performance
against standards established for them.
Description and
findings re EC6
Part 3 of the Central Bank Reform Act 2010 introduced a statutory system for the
regulation by the Central Bank of Ireland of persons performing CFs or PCFs in regulated
financial service providers (including credit institutions).
There are 41 senior positions which are PCFs. They include functions such as CEO, Director
or Heads of Compliance, Risk, and Retail Sales. The Central Bank’s approval is required
before appointments may be made to these positions. CFs refer to functions undertaken by
staff who exercise a significant influence on conduct of the affairs of the financial service
provider, monitor compliance, or perform functions in a customer-facing role. The Central
Bank’s approval is not required for appointments to these positions.
The Central Bank issued Standards of Fitness and Probity (the Standards) that apply to all
persons performing CFs or PCFs in regulated financial service providers, including credit
institutions. A regulated financial service provider is not allowed appoint a person to
perform a CF/PCF unless firm is “satisfied on reasonable grounds” that the person complies
with the Standards and that the person has agreed to abide by the Standards. In order to
comply with the Standards, a person is required to be:
a) Competent and capable;
b) Honest, ethical and to act with integrity; and
c) Financially sound.
IRELAND
INTERNATIONAL MONETARY FUND 127
Failure by a person to comply with the Standards may, inter alia:
a) Where the approval of the Central Bank is being sought to permit a person to
perform a PCF, lead to approval being refused;
b) Where a person is performing a CF/PCF, lead to an investigation being conducted in
relation to the fitness and probity of that person to perform the relevant function;
c) Cause that person to be the subject of a prohibition notice under Central Bank
Reform Act 2010.
Board members are assessed in respect of their fitness and probity. Ongoing oversight of
approved PCF holders is managed by the respective supervisory divisions
The Corporate Governance Code states that the Board shall ensure that there is an
appropriate succession plan in place. The Nominations Committee shall be involved in
succession planning for the Board, bearing in mind the future demands on the business
and the existing level of skills and expertise.
The Code also states that the Board shall formally review its overall performance, and that
of individual directors, relative to the Board’s objectives, at least annually. The review shall
be documented.
In order to critically oversee senior management’s execution of Board strategies, including
monitoring senior management’s performance against standards established for them,
supervisors would carry out a number of activities: meet with the Independent Non-
Executive Directors; meet external auditors; and evaluate reviews conducted by Boards
against strategy.
EC7
The supervisor determines that the bank’s Board actively oversees the design and
operation of the bank’s and banking group’s compensation system, and that it has
appropriate incentives, which are aligned with prudent risk taking. The compensation
system, and related performance standards, are consistent with long-term objectives and
financial soundness of the bank and is rectified if there are deficiencies.
Description and
findings re EC7
Compensation requirements were introduced in 2011 that apply to credit institutions.
Leading up to the implementation of the new requirements, expectations were
communicated to banks. In 2011 a thematic review was performed obtaining compensation
policies from all banks.
The supervisor determines that the bank’s Board actively oversees the design and
operation of the bank’s and banking group’s compensation system, and that it has
appropriate incentives, through the following:
- Meetings with HR to discuss compensation systems.
- Internal Audit reviews. Internal Audit is required to review Remuneration Policies and
Practices. Examiners ensure that these reviews are carried out and follow up on any
issues identified.
- Thematic reviews (review on Remuneration was undertaken in 2011).
- Governance Inspection, where remuneration may form part of the review.
With respect to remuneration the Code requires the Board to complete the following:
? Ensure that the institution’s remuneration practices do not promote excessive risk-
IRELAND
128 INTERNATIONAL MONETARY FUND
taking.
? Design and implement a remuneration policy to meet that objective and evaluate
compliance with this policy.
In addition to the Board’s requirements, the Code also requires major institutions to
establish Remuneration Committees. Under the Code, Remuneration Committees are
required to establish remuneration policies and procedures within the institution based on
best practice and any requirements which the Central Bank may issue.
The supervisor reviews the Remuneration Committee’s terms of reference to determine its
suitability and fitness for purpose.
Irish credit institutions also have to comply with remuneration requirements under CRD III.
Article 22 of the CRD, as amended by CRD III, lays down the fundamental principle for
institutions to ensure that their remuneration policies and practices are consistent with and
promote sound and effective risk management. This article indicates that remuneration
policies and practices form part of an institution’s overarching obligation to have robust
governance arrangements in place; this is the basis for all other Pillar II requirements. The
further remuneration requirements of CRD III are included in Annex V, Section 11 and
Annex XII, Part 2, point 15 of the CRD. Considered together, the remuneration requirements
in the annexes are divisible into three blocks: governance (Annex V), risk alignment (Annex
V) and transparency (Annex XII). Proportionality, as explained further in these guidelines
(from paragraph 19), is relevant for all three blocks.
EC8
The supervisor determines that the bank’s Board and senior management know and
understand the bank’s and banking group’s operational structure and its risks, including
those arising from the use of structures that impede transparency (e.g. special-purpose or
related structures). The supervisor determines that risks are effectively managed and
mitigated, where appropriate.
Description and
findings re EC8
The supervisor determines that the bank’s Board and senior management know and
understand the bank’s and banking group’s operational structure and its risks, including
those arising from the use of structures through attendance at board meetings, review of
board packs, meetings held with both board members and senior management. The
management and mitigation of risks is determined through the ongoing risk assessment of
institutions. Over the last several years, the intensity and intrusiveness of these meetings
have increased with supervisors placing greater focus on the effectiveness of meetings with
the Board of Directors as a mechanism to assess the Board.
There is no prescribed supervisory cycle within PRISM for onsite meetings with Low Impact
banks unless warranted such as FRAs, FRRs to assess corporate governance. Equally, no
minimum prescribed supervisory cycle for analysis of organizational structure or use of
special purpose vehicles. For Low Impact banks (i.e. Foreign Bank Branches), the Corporate
Governance Code does not apply, instead the assessment is covered by the Home
supervisor (legislated for in the CRD).
EC9
The supervisor has the power to require changes in the composition of the bank’s Board if
it believes that any individuals are not fulfilling their duties related to the satisfaction of
these criteria.
Description and
findings re EC9
Part 3 of the Central Bank Reform Act 2010 has given the Central Bank powers to (inter
alia):
a) refuse to appoint a proposed director to any pre-approval controlled function
IRELAND
INTERNATIONAL MONETARY FUND 129
where prescribed by the Central Bank pursuant to Part 3 of the Central Bank
Reform Act 2010; and/or
b) suspend, remove or prohibit an individual from carrying out a controlled
function where prescribed by the Central Bank pursuant to Part 3 of the
Central Bank Reform Act 2010.
Failure by a person to comply with the Standards of Fitness and Probity may (inter alia):
a) Where the approval of the Central Bank is being sought to permit a person to
perform a pre-approval controlled function, lead to approval being refused;
b) Where a person is performing a controlled function (pre-approval controlled
functions are also “controlled functions”), lead to an investigation being
conducted in relation to the fitness and probity of that person to perform the
relevant function;
c) Cause that person to be the subject of a prohibition notice under Central
Bank Reform Act 2010.
Additional
criteria
AC1
Laws, regulations or the supervisor require banks to notify the supervisor as soon as they
become aware of any material and bona fide information that may negatively affect the
fitness and propriety of a bank’s Board member or a member of the senior management.
Description and
findings re AC1
In completing the online Individual Questionnaire, as part of the Fitness & Probity
assessment process, both the applicant and proposing entity give an undertaking to inform
the Central Bank of any material changes to the information supplied subsequent to the
submission of the declaration. The applicant gives the following undertaking: “I will
promptly notify the Central Bank of Ireland of any material changes in the information which
I have provided and confirm that I will inform the Central Bank of Ireland in writing of the
details of such changes and any other relevant/ material information of which I may become
aware at any time after the date of this declaration,” and the proposing entity agrees with
the statement “Please confirm the proposing entity will notify the Central Bank of Ireland
without delay of any material change in circumstances that would render the information
contained in this application out of date/inaccurate.” These notifications are forwarded to
the relevant supervisory divisions in respect of ongoing oversight.
In addition, any director who has any material concern about the overall corporate
governance of an institution, which may be in relation to a Board member or a member of
the senior management, shall report the concern without delay to the Board in the first
instance and, if the concern is not satisfactorily addressed by the Board within 5 business
days, the director shall promptly report the concern directly to the Central Bank, advising of
the background to the concern and any proposed remedial action. This is without prejudice
to the director’s ability to report directly to the Central Bank.
Assessment of
Principle 14
Largely Compliant
Comments In addition to the requirements outlined in the CRD, the Central Bank has set out in its
Corporate Governance Code requirements which must be adhered to by all credit
institutions. The requirements of the Code address elements of this CP. For High and
Medium High Impact banks, the frequency and range of supervisory activities provides the
supervisor with a regular assessment of corporate governance. Evidence showed that for
High Impact banks, action is taken where institutions have been found to be in breach of
the Code. The Central Bank also has extensive powers as regards the fitness and probity of
IRELAND
130 INTERNATIONAL MONETARY FUND
the directors and holders of certain senior management positions.
For banks that are assigned Medium-Low and Low Impact ratings, the supervisory process
is largely reactive, relying on the bank’s submission of a self assessment of compliance with
the Code. For certain banks that fall into the lower Impact ratings, unless a red flag is
triggered, an assessment by a supervisor of governance arrangements will not be
performed on a regular basis. For those banks assigned a rating of Medium-low and Low,
the range and frequency of supervisory activities to assess governance is not adequate to
assess the robustness of governance (EC2). Does not appear to be an adequate level of
attention to senior management’s stewardship and understanding of risk and corporate
governance for Low Impact banks (EC8).
Principle 15 Risk management process. The supervisor determines that banks
35
have a comprehensive
risk management process (including effective Board and senior management oversight) to
identify, measure, evaluate, monitor, report and control or mitigate
36
all material risks on a
timely basis and to assess the adequacy of their capital and liquidity in relation to their risk
profile and market and macroeconomic conditions. This extends to development and
review of contingency arrangements (including robust and credible recovery plans where
warranted) that take into account the specific circumstances of the bank. The risk
management process is commensurate with the risk profile and systemic importance of the
bank.
37
Essential criteria
EC1
The supervisor determines that banks have appropriate risk management strategies that
have been approved by the banks’ Boards and that the Boards set a suitable risk appetite
to define the level of risk the banks are willing to assume or tolerate. The supervisor also
determines that the Board ensures that:
(a) a sound risk management culture is established throughout the bank;
(b) policies and processes are developed for risk-taking, that are consistent with the risk
management strategy and the established risk appetite;
(c) uncertainties attached to risk measurement are recognized;
(d) appropriate limits are established that are consistent with the bank’s risk appetite,
risk profile and capital strength, and that are understood by, and regularly
communicated to, relevant staff; and
35
For the purposes of assessing risk management by banks in the context of Principles 15 to 25, a bank’s risk
management framework should take an integrated “bank-wide” perspective of the bank’s risk exposure,
encompassing the bank’s individual business lines and business units. Where a bank is a member of a group of
companies, the risk management framework should in addition cover the risk exposure across and within the
“banking group” (see footnote 19 under Principle 1) and should also take account of risks posed to the bank or
members of the banking group through other entities in the wider group.
36
To some extent the precise requirements may vary from risk type to risk type (Principles 15 to 25) as reflected by
the underlying reference documents.
37
It should be noted that while, in this and other Principles, the supervisor is required to determine that banks’ risk
management policies and processes are being adhered to, the responsibility for ensuring adherence remains with a
bank’s Board and senior management.
IRELAND
INTERNATIONAL MONETARY FUND 131
(e) senior management takes the steps necessary to monitor and control all material
risks consistent with the approved strategies and risk appetite.
Description and
findings re EC1
The Central Bank requires institutions to comply with both Irish and EU legislation and
guidelines in respect of risk management, and assesses their compliance against these
requirements. Regulation 16 of S.I. 395 of 1992 requires every credit institution authorized
by the Central Bank to manage its business in accordance with sound administrative and
accounting principles and shall put in place and maintain internal control and reporting
arrangements and procedures to ensure that the business is so managed.
The Central Bank determines compliance with this requirement through periodic risk
assessments of banks (including as part of the SREP), or specific thematic reviews. The
frequency and granularity of the periodic risk assessments depends on the individual
banks’ impact scores, in addition to an evaluation of the probability and materiality of the
risk (see response to CP8 and CP9). With respect to risk management, seven banks’ risk
management frameworks, including strategies, risk appetite statements and culture, were
examined in a thematic risk review in 2011. Where deficiencies are found in a bank’s risk
management, RMP items are raised by supervision teams.
In addition to ongoing supervision, the Central Bank also requires banks to self-certify
compliance with its Corporate Governance Code (under section 25(1)) annually. For
example, if banks’ risk appetite statements or risk reporting and monitoring by the board
are non-compliant with the Code, then this must be highlighted to the Central Bank.
Remedial actions are required to be taken by the banks to address non-compliance.
The Central Bank’s Code of Corporate Governance, EBA guidelines on Internal Governance
(September 2011) and relevant legislation form the basis of what the Central Bank expects
of the banks’ risk management strategies and frameworks. An assessment of the bank’s
compliance with the relevant legislation and guidelines is conducted as part of the ongoing
supervisory engagement (which is based on the Central Bank’s PRISM engagement model).
PRISM also provides supervisors with guidance for how to conduct the assessment of risk
management established by the bank.
For High Impact banks, key risk management policies are required to be submitted to
supervisors and assessed as part of the Full Risk Assessment and as part of relevant
Financial Risk Reviews. While PRISM prescribes a minimum level of engagement, the
Central Bank evidenced a significantly greater number of activities with the covered banks
(High Impact). The intensity and intrusiveness was commensurate with the complexity and
risk of the bank.
Where weaknesses are identified through ongoing supervisory engagement (as per the
PRISM engagement model) with the bank’s risk management processes, supervisors raise
RMP issues which include outlining the actions required to be taken to resolve the issue
identified and the deadline by which supervisors expect the remedial actions to be
completed by. In both challenging firms and mitigating risk, supervisors have a range of
powers to draw on which are set out in the Central Bank Acts 1942 to 2010 (for example,
issuance of directions to firms to make modifications to systems and controls).
With regards to recovery and resolution planning, under the Central Bank and Credit
Institutions (Resolution) Act 2011 (CBCIR Act 2011), the Central Bank has the power to
require a credit institution to produce a recovery plan. The Act states that the Central Bank
may direct an authorised credit institution to prepare a recovery plan setting out actions
IRELAND
132 INTERNATIONAL MONETARY FUND
that could be taken to facilitate the continuation or secure the business of that credit
institution where the institution is experiencing financial difficulty. The Central Bank is also
complying with the EBA’s recommendation on the development of recovery plans by
specified credit institutions by 31 December 2013.
A supervisory themed review took place in Q3 2011 which looked at the role and
effectiveness of the Board Risk Committee (the Review). The objectives of the Review were
to:
1. Assess whether the institution’s Risk Committee was adequately fulfilling its role in
line with regulatory expectations.
2. Assess whether in discharging this role, the Risk Committee demonstrably adds
value to the management of risk in the credit institution.
Other examples of supervisory activities for risk management were evidenced during the
mission.
The Corporate Governance Code requires the following:
? 14(1) The Board shall establish a documented risk appetite for the institution.
? 14(3) The Board shall ensure that the risk management framework and internal
controls reflect the risk appetite and that there are adequate arrangements in place
to ensure that there is regular reporting to the board on compliance with
the risk appetite.
? 22(3) The Risk Committee shall oversee the risk management function.
? 22(4) The Risk Committee shall ensure the development and ongoing
maintenance of an effective risk management system within the financial institution
that is effective and proportionate to the nature, scale and
complexity of the risks inherent in the business.
The EBA guidelines on Internal Governance (September 2011) also set out the following:
? 22(2) An institution's risk management framework should establish and
maintain internal limits consistent with its risk tolerance/appetite and commensurate
with its sound operation, financial strength and strategic goals. An
institution’s risk profile should be kept within these limits. The risk management
framework should ensure that breaches of the limits are escalated
and addressed with appropriate follow up.
? 20(3) Business units, under the oversight of the management body, should be
primarily responsible for managing risks on a day-to-day basis, taking into account
the institution’s risk tolerance/appetite and in line with its
policies, procedures and controls.
? 20(2) The risk culture should be established through policies, examples,
communication and training of staff regarding their responsibilities for risk.
? 20(6) The risk management framework should be subject to independent
internal or external review and reassessed regularly against the institution’s risk
tolerance/appetite, taking into account information from
the risk control function and, where relevant, the risk committee.
The Code sets out that the Board shall establish a documented risk appetite for the
institution. The appetite shall be expressed in qualitative terms and also include
quantitative metrics to allow tracking of performance and compliance with agreed strategy.
The Board shall ensure that the risk management framework and internal controls reflect
IRELAND
INTERNATIONAL MONETARY FUND 133
the risk appetite and that there are adequate arrangements in place to ensure that there is
regular reporting to the board on compliance with the risk appetite.
EC2
The supervisor requires banks to have comprehensive risk management policies and
processes to identify, measure, evaluate, monitor, report and control or mitigate all material
risks. The supervisor determines that these processes are adequate:
(a) to provide a comprehensive “bank-wide” view of risk across all material risk types;
(b) for the risk profile and systemic importance of the bank; and
(c) to assess risks arising from the macroeconomic environment affecting the markets in
which the bank operates and to incorporate such assessments into the bank’s risk
management process.
Description and
findings re EC2
The Corporate Governance Code requires that “All institutions shall have effective
processes to identify, manage, monitor and report the risks to which they are or might be
exposed.” (See Code 6(3). In addition to the Code, EBA Guidelines on Internal Governance
(September 2011) outlines the following which banks are expected to comply with:
? 22(1) An institution's risk management framework shall include policies, procedures,
limits and controls providing adequate, timely and continuous identification,
measurement or assessment, monitoring, mitigation and reporting of the risks
posed by its activities at the business line and institution-wide levels.
? 22(2) An institution’s risk management framework should establish and maintain
internal limits consistent with its risk tolerance/appetite and commensurate with its
sound operation, financial strength and strategic goals. An institution’s risk profile
should be kept within these limits. The risk management framework should ensure
that breaches of the limits are escalated and addressed with appropriate follow up.
? 22(3) When identifying and measuring risks, an institution should develop forward-
looking and backward-looking tools to complement work on current exposures.
? 22(6) Relevant macroeconomic environment trends and data should be explicitly
addressed to identify their potential impact on exposures and portfolios. Such
assessments should be formally integrated into material risk decisions.
Regulation 16 of S.I. 395 requires every credit institution authorized by the Central Bank to
manage its business in accordance with sound administrative and accounting principles,
and to put in place and maintain internal control and reporting arrangements and
procedures to ensure that the business is so managed.
The Central Bank has dedicated Credit, Treasury, Risk Analytics (Quantitative Models Unit)
and Business Model Analytics teams which monitor Business, Credit, Liquidity and Market
Risk and Interest Rate Risk in the Banking book. The level of monitoring performed by
these teams varies according to the size, scale and complexity of the institution, as well its
PRISM impact rating.
In addition to consideration of a bank’s risk management policies and processes as part the
PRISM risk assessment process (See CP8 for further details on PRISM engagement), the
Central Bank also performs detailed thematic reviews which evaluate a bank’s risk
management policies and processes. The focus of these risk assessments and thematic
reviews is primarily the policies and processes of material risks, or other risks where there
are signs of issues arising.
IRELAND
134 INTERNATIONAL MONETARY FUND
Examples of supervisory activities include:
As noted previously, a supervisory themed review took place in Q3 2011 which looked at
the role and effectiveness of Board Risk Committees. The review also looked at risk
management policies to confirm if:
? There is an overall risk policy or policies for individual risks
? The Board satisfies itself as to the appropriateness of these policies and
functions for the institution, and in particular that these policies and functions
take full account of Irish laws and regulations and the supervisory
requirements of the Central Bank.
It was noted that one bank did not have risk management processes and policies in place
for credit concentration risk and interest rate risk in the banking book. Two supervisory
measures were imposed in 2010 which were to remain until the Central Bank was satisfied
that these issues had been addressed. The supervision team conducted an on-site
inspection in 2011 to determine whether the RMP had been implemented and were not
satisfied that there was sufficient understanding of these risks at the subsidiary level.
EC3
The supervisor determines that risk management strategies, policies, processes and limits
are:
(a) properly documented;
(b) regularly reviewed and appropriately adjusted to reflect changing risk appetites, risk
profiles and market and macroeconomic conditions; and
(c) communicated within the bank
The supervisor determines that exceptions to established policies, processes and limits
receive the prompt attention of, and authorization by, the appropriate level of
management and the bank’s Board where necessary.
Description and
findings re EC3
The Central Bank performs both financial risk reviews and full risk assessments and
thematic reviews to evaluate a bank’s risk management policies and processes. The focus of
these assessments is primarily on the policies and processes of material risks, or other risks
where there are signals of issues arising. The reviews of these policies are conducted by
supervisors to ensure, inter alia, that management strategies, policies, processes and limits
are properly documented, regularly reviewed and updated to reflect changing risk
appetites, risk profiles and market and macroeconomic conditions, and that they are
communicated and applied throughout the bank.
Probability risk ratings for all institutions under the Central Bank’s supervision are updated
on an ongoing basis. In completing this update, supervisors must assess the ongoing
completeness, quality and appropriateness of risk management policies, strategies and risk
limits.
In addition, banks are required to submit an annual statement of compliance with the
Corporate Governance code which includes confirmation, inter alia, that appropriate risk
management strategies and processes are in place. The Central Bank reviews the
compliance statement and follows up with regulatory action where deviations from the
code are identified. Evidence was provided to support this.
In order to assess whether risk management strategies, policies, processes and limits are
communicated adequately in the bank, a number of actions are taken, including:
IRELAND
INTERNATIONAL MONETARY FUND 135
? Review of internal reporting, such as CRO reports, with a specific emphasis on
ensuring material exceptions to policies, processes and limits are advised to the
Board.
? Compliance reporting.
? Internal audit reports.
? Operational risk logs, to identify issues of non-compliance, and specifically any
issues which may be endemic.
? Onsite interviews with personnel in various levels in the bank, to assess their
knowledge and understanding of risk management strategies, policies, processes
and limits.
Policies are reviewed by supervision teams as part of onsite reviews. For example, the
operational risk policies (outsourcing, new product approval and business continuity) of
one bank were reviewed as part of an onsite inspection. Many were found to be inadequate
or out-dated.
The approach to ongoing supervision of risk management policies and practices is similar
for Medium Low impact banks, albeit with less intensity. However, it should be noted that
these are reviewed as part of the full risk assessment. Furthermore as part of the ICAAP
assessment of medium low banks, banks submit a self-assessment questionnaire (SAQ) and
a copy of the bank’s risk appetite and business strategy. The risk appetite statement and
strategy is reviewed on an annual basis. The minimum engagement model prescribed by
PRISM for Medium-Low and Low banks will rely upon a compliance statement as the tool
to assess compliance with this EC. The annual statement of compliance with the Code will
not necessarily involve testing, sampling or assessing supporting material by the
supervisor. Unless an exception is self reported, limited analysis and verification is
preformed to make an accurate determination that risk management policies, strategy and
risk limits are reviewed and appropriately adjusted to reflect changing risk appetites, risk
profiles and market and macroeconomic conditions.
EC4
The supervisor determines that the bank’s Board and senior management obtain sufficient
information on, and understand, the nature and level of risk being taken by the bank and
how this risk relates to adequate levels of capital and liquidity. The supervisor also
determines that the Board and senior management regularly review and understand the
implications and limitations (including the risk measurement uncertainties) of the risk
management information that they receive.
Description and
findings re EC4
The Corporate Governance Code requires that adequate arrangements are in place to
ensure regular reporting to the Board on compliance with the institution’s risk appetite
(section 14(3)). The Code also seeks to ensure that there are effective processes in place in
banks to identify, manage, monitor and report the risks to which they are or might be
exposed (section 6(3)).
The EBA Guidelines on Internal Governance (September 2011) set out that regular and
transparent reporting mechanisms should be established so that the management body
and all relevant units in an institution are provided with reports in a timely, accurate,
concise, understandable and meaningful manner, and can share relevant information about
the identification, measurement or assessment and monitoring of risks (22(7)).
The Guidelines also set out that the CRO (or equivalent position) is responsible for
providing comprehensive and understandable information on risks, enabling the
management body to understand the institution’s overall risk profile (section 27(2)). The
IRELAND
136 INTERNATIONAL MONETARY FUND
Central Bank’s requirements for the management of liquidity place an onus on senior
management to provide the Board and the Asset and Liability Committee (ALCO) with
relevant and timely information with regard to liquidity risk. Liquidity reporting to the
Board and the ALCO should be carried out more frequently in times of stress (section
3(2)(2)).
A bank’s ICAAP is the process by which the Central Bank expects the bank to obtain
sufficient information to assess its capital adequacy relative to its risk profile. The ICAAP
should form an integral part of the management process and decision-making culture of
the institution. These requirements are set out in EBA Guidelines on the Application of the
Supervisory Review Process Under Pillar 2 (GL03). In addition, the Central Bank’s Fitness and
Probity Regime, which came into effect on 1 December 2011, seeks to ensure that a person
performing a PCF or CF, as set out in Part 3 of the Central Bank Reform Act, has the
relevant qualifications, experience, competence and capacity appropriate to the relevant
function which they are carrying out.
In order to evaluate the quality and sufficiency of information received by the Board and
senior management, supervisors review Board/relevant committee packs. These are
requested and reviewed on a more frequent basis for the covered banks; however, they are
also received as needed from the international banks. The Central Bank has found
deficiencies in management information and board reporting in a number of banks and has
addressed this through RMP actions and supervisory measures. There was sufficient
evidence to show that supervisors undertook analysis of Board packs and relevant
information in preparing for scheduled meetings (such as with the Independent Non-
Executive Director and Chair of the Board which are two of the routine meetings with banks
prescribed in the PRISM engagement model). The assessment of risk was often shown to
be an integrated process linking back to liquidity and capital. This was most evident in the
covered banks and High Impact banks with heightened supervisory intensity and where the
ICAAP formed part of the overall assessment process. For those banks that submitted a
summary ICAAP (i.e. SAQ) a less detailed assessment was performed.
EC5
The supervisor determines that banks have an appropriate internal process for assessing
their overall capital and liquidity adequacy in relation to their risk appetite and risk profile.
The supervisor reviews and evaluates banks’ internal capital and liquidity adequacy
assessments and strategies.
Description and
findings re EC5
Capital
While the Central Bank expects all banks to assess their internal capital adequacy on an
ongoing basis, the frequency of submission of ICAAP data to the Central Bank is governed
under Regulation 66(4) of S.I. 661 of 2006 and is a function of the following:
? The nature, size and systemic importance of the credit institution.
? The outcome of the credit institution’s most recent SREP.
? Any changes to the credit institution’s governance arrangements or business.
? The consequence of any merger or acquisition activity to which the credit institution
might be exposed.
The Central Bank has also completed two PCARs (2010 and 2011) for the Irish covered
banks. The PCAR (see CP16) assessed the capital requirements arising for expected base
and potential stressed loan losses, and other financial developments, over a 3 year time
horizon. This exercise will be completed in 2013 in conjunction with the EBA stress tests.
Liquidity
IRELAND
INTERNATIONAL MONETARY FUND 137
The Central Bank has established requirements for the management of liquidity risk (June
2009
All banks are required to produce regular reporting returns to the Central Bank covering
capital adequacy and allocation, liquidity and solvency. These are reviewed and analysed by
supervision teams and anomalies/erroneous movements are queried. This allows the
Central Bank to monitor institutions’ capital, solvency and liquidity. For example the
Treasury Team receives daily liquidity reports from the covered and large wholesale banks.
The specialist liquidity team within Banking Supervision division reviews the liquidity
strategies of banks through thematic reviews. For example, a thematic review of the ALCO
and a review of behavioural assumptions applied by 7 banks was conducted in 2012, and a
transfer pricing and deposit behaviour review was completed Q1 2013. A market risk review
was also conducted in 2011.
EC6 Where banks use models to measure components of risk, the supervisor determines that:
(a) banks comply with supervisory standards on their use;
(b) the banks’ Boards and senior management understand the limitations and
uncertainties relating to the output of the models and the risk inherent in their use;
and
(c) banks perform regular and independent validation and testing of the models
The supervisor assesses whether the model outputs appear reasonable as a reflection of
the risks assumed.
Description and
findings re EC6
1. The Central Bank determines during model validation reviews that banks comply
with supervisory standards on their use
2. The Central Bank also determines that there is an appropriate level of
understanding at both senior management and Board level around the use and
limitation of internal models used for the determination of regulatory capital.
3. Banks are required to perform regular and independent validation and testing of
their internal models and the supervisor (in conjunction with the Central Bank’s
Quantitative Model review team) assesses whether the model outputs appear
reasonable as a reflection of the risks assumed.
A regulatory Notice was issued by the Central Bank in December 2006 which outlines its
policy and procedures for institutions that wish to apply for the use of the IRBA for the
calculation of their regulatory capital requirements for credit risk pursuant to Directive
2006/48/EC and Directive 2006/49/EC, the CRD.
The Central Bank challenges the banks’ model processes, as outlined by the banks
themselves, and determines whether they is adequate. Supporting evidence was provided
during the mission.
Pillar I Models
For Pillar I, the approval process is as outlined in the CRD, and model performance is
reviewed on a yearly basis for high impact banks. At present, this yearly review is limited to
the covered banks and two international subsidiary banks (with significant Irish retail
exposures). However, not all bank’s internal models are reviewed on this same frequency.
For all other banks (all international banks), once the model is approved, no further formal
IRELAND
138 INTERNATIONAL MONETARY FUND
reviews are carried out on an ongoing basis, including ongoing assessment of Board and
senior management understanding of models. Home regulators, however would perform
their own monitoring of the other centrally developed models.
The decision on whether to subject a bank’s Pillar 1 IRB models to periodical [ongoing]
reviews is dependent on whether:
(a) the Central Bank is a consolidating or host supervisor,
(b) the models are centrally or locally developed, and
(c) central or local data have been used.
Based on these criteria, ongoing reviews mainly focus on: (a) banks where the Central Bank
is the consolidating supervisor, and (b) host institutions where models are calibrated to
Irish experience (and the institution has material retail exposures in Ireland).
? In relation to host institutions operating under IRB, the Central Bank will only
exercise its obligation to feed into the “joint decision” process (provided under
Article 129(2) of the CRD) where the institution has material exposures in Ireland.
The Central Bank will rely on the home supervisor to ensure adequacy of models
that are used for regulatory capital purposes (Pillar 1) where the institution is lower-
impact.
? The review [as part of the model approval process] of centrally developed models
used by host institutions for their non-retail exposures shall only focus on: (a) model
governance, (b) the use test, (c) senior management understanding, and (d) impact
of such models from regulatory capital and solvency ratio perspective.
Approach
The reviews are done in accordance with the Central Bank’s overall supervisory framework,
which takes into account the proportionality principle. The reviews also take into
consideration the Credit RWA Supervisory Framework/procedures for IRB model
performance reviews developed by the Central Bank’s Risk Modeling Unit.
Frequency and Depth
The frequency and depth of the individual reviews take into account the proportionality
principle (PRISM impact rating of the relevant institution). All material approved models
used by banks where the Central Bank is a consolidating supervisor, and those used by host
institutions for their Irish retail exposures, are reviewed on an annual basis.
Coverage of IMA and AMA Models
Currently, there is only one institution using the IMA approach to market risk. No home
institution has so far been approved to use AMA for operational risk. At present, five host
institutions use the AMA for operational risk. Where a host institution applies to use a
group AMA on an allocation basis, the Central Bank is required to ensure that the local staff
of the host institution has good knowledge of the group model and the allocation process.
The approval of AMA models to be used by subsidiaries based in Ireland is done taking
into account the provisions of Article 129 (2) of the CRD, and hence the Central Bank has a
right to feed into the Joint decision process.
Pillar II Models
For Pillar II models, the Central Bank assesses the reasonableness of models by comparison
with the output, if available, of its own Central Bank models or by expert judgment if
unavailable. This process is generally carried out as part of SREP process, and thus at its
most frequent, is completed on a yearly basis. Similar to Pillar 1 models, the home
IRELAND
INTERNATIONAL MONETARY FUND 139
regulators of the international banks under the Central Bank’s supervision would perform
their own monitoring of centrally developed models.
The Central Bank does not grant regulatory approval for the use of Pillar 2
models/Economic Capital Models. However, where a bank uses the output of such models
to inform the allocation of capital to specific risk types, as part of the Pillar 2 process, then
the Central Bank would review the outputs from such models and the underlying
assumptions. The review of such models (ECAP), which is normally done as part of the
ICAAP review process, is aimed at determining the degree of reliance to be placed by the
Central Bank on the outputs from such models in determining Pillar 2 capital add-ons. The
output of Central Bank’s ‘capital toolbox’ together with its view on the bank’s general
model assumptions and model parameters would feed into the decision on whether to rely
on the bank’s own estimate from its ECAP models.
Credit Models
As part of the ongoing Banking Supervision engagement plan, the Credit Team conducts
regular on-site inspections in credit institutions to review samples of borrower loan files.
The Credit Team adopts a risk based approach and selects loans files of borrowers with
higher risk credit grades i.e. watch risk and impaired risk. While on-site, the Credit Team
reviews pertinent customer data such as the most recent credit reports, up to date financial
information and collateral valuation reports. The primary objective of an on-site loan file
inspection is to provide Banking Supervision with an informed view on a credit institutions
credit risk management process and controls. Two of the primary areas of focus include:
i. the reliability of a credit institution’s credit grading system – as part of this process,
the Credit Team review credit grade model outputs to check that credit institution
internal credit risk rating systems reflect the credit risk profile of borrower
exposures.
ii. the adequacy of impairment provisions – as part of this process the Credit Team
reviews DCF model inputs and outputs where a borrower exposure is classified as
impaired risk, to evaluate the provision calculation and to check that the provision is
sufficient to absorb likely loan losses based on point-in-time data.
The Credit Team completes an individual Credit Review template for all loan files examined.
On completion of the on-site loan file reviews work, the Credit Team completes a Summary
Report to outline review findings, with recommendations made where appropriate to
strengthen credit controls and to mitigate risks identified. In circumstances where
deficiencies are identified with regard to a credit institution’s credit grading (reliability) /
DCF model outputs (provision adequacy), this will be reflected in the findings. The
Summary Report is subsequently forwarded to the relevant Supervisory Team. On receipt
of the Summary Report, a RMP is agreed with Banking Supervision management.
Supervisors, having drawn conclusions, may meet with the CRO / CCO and CEO of the bank
to discuss the review findings and to obtain feedback which may allow them to refine the
conclusions. A post-review letter is then sent to the credit institution addressed to the CEO
to formally communicate significant findings and to highlight credit control weaknesses
identified during the review. The letter will also outline risk mitigation actions required and
a time line for the completion of the actions. The bank will be required to respond with an
appropriate action plan to address the review findings. The RMP is uploaded to PRISM to
ensure timely follow up and tracking.
IRELAND
140 INTERNATIONAL MONETARY FUND
Testing of Board and Senior Management Understanding at Application Stage
The banks are required to carry out a self-assessment of quality of senior management
understanding of models as part of application for approval of new IRB models. Following
on from this, the Central Bank carries out an onsite assessment of the level of senior
management understanding of rating systems – by interviewing specific senior
management within the relevant institutions.
The overall assessment of senior management understanding feeds into the assessment of
the use test and the decision on whether to approve the relevant models or on the
conditions to be placed on approval of such models. (See examples below which detail the
work performed in this regard.)
Ongoing Review of Senior Management Understanding of models including an evaluation
of their capability to understand the limitations and uncertainties relating to the output of
the models and the risk inherent in their use.
As part of the Central Bank’s Pillar II reviews, the Central Bank seeks to ensure that
Board/Senior management have an appropriate knowledge of models, which includes an
understanding of their limitations and uncertainties relating to the output of the models
and the risk inherent in their use. (See examples below which detail the work performed in
this regard.)
In Autumn 2011, a bank applied for permission to use an F-IRB model to calculate their
Pillar I charge for their branch banking Ireland portfolio. They submitted their
documentation as required under the CRD and the Central Bank had a period over which it
consulted with the bank to clarify issues via face-to-face meetings, conference calls and
emails. The conclusion of the process was that approval for use of the F-IRB method was
given on the condition that their process around calculating downturn Loss Given Defaults
(LGDs) was improved, and a review of the factor weights in their Probability of Default (PD)
models was carried out. To date, the bank is not yet using F-IRB for this portfolio.
Testing of Board and Senior Management Understanding at Application Stage
Specifically for, one institution which sought approval for IRB model, the senior
management interviewed included:
? Head of Business;
? Member of the designated approval committee; and
? Divisional head of credit.
The key elements of rating systems considered included: (a) IRB concepts, (b) use of ratings,
(c) key material drivers of PD, LGD and Cash Flow, (d) discriminatory power of the model,
(e) model life cycle, (f) IRB stress testing, and (g) challenge and model weaknesses
(amongst others)
The overall assessment of senior management understanding fed into the decision on
whether to approve the relevant models or on the conditions to be placed on approval of
such models. The Central Bank was not satisfied with the level of understanding and
recommended that a condition be placed on any permission requiring the senior
management understanding program to be improved in terms of its scope, frequency and
depth of training provided, with a specific timeframe, with the aim of demonstrating
compliance with the requirements for senior management understanding in Annex VII, Part
4 of the CRD.
IRELAND
INTERNATIONAL MONETARY FUND 141
EC7 The supervisor determines that banks have information systems that are adequate (both
under normal circumstances and in periods of stress) for measuring, assessing and
reporting on the size, composition and quality of exposures on a bank-wide basis across all
risk types, products and counterparties. The supervisor also determines that these reports
reflect the bank’s risk profile and capital and liquidity needs, and are provided on a timely
basis to the bank’s Board and senior management in a form suitable for their use.
Description and
findings re EC7
The EBA Guidelines on Internal Governance stipulate that institutions shall have effective
and reliable information and communication systems covering all its significant activities
(section 30(1)). Information systems, including those that hold and use data in electronic
form, should be secure, independently monitored and supported by adequate contingency
arrangements. An institution should comply with generally accepted IT Standards when
implementing IT systems (section 30(2)). The Corporate Governance Code requires that the
board shall ensure that it receives timely, accurate and sufficiently detailed information
from risk and control functions (section 14(6)). The Central Bank’s 2009 requirements for
the management of liquidity risk provides details of what is expected from the
Management Information System and Internal Controls employed in managing liquidity
(section 3(4)).
The Central Bank recently developed a new IT framework and assessment methodology
and this has been rolled out within the last two months. The methodology provides the
Central Bank with a structured approach for reviewing the IT capability of banks. The
Central Bank’s framework includes an in-depth online assessment tool which is used as the
basis for challenging senior bank management. In addition, the framework encompasses a
review of IT policies and procedures and IT internal audit reports etc.
On an ongoing basis, supervisors evaluate the capability of a bank to produce close to real-
time management information across their portfolios to aggregate total exposure
positions.
EC8 The supervisor determines that banks have adequate policies and processes to ensure that
the banks’ Boards and senior management understand the risks inherent in new products,
38
material modifications to existing products, and major management initiatives (such as
changes in systems, processes, business model and major acquisitions). The supervisor
determines that the Boards and senior management are able to monitor and manage these
risks on an ongoing basis. The supervisor also determines that the bank’s policies and
processes require the undertaking of any major activities of this nature to be approved by
their Board or a specific committee of the Board.
Description and
findings re EC8
EBA Guidelines on Internal Governance (GL44) section 23 states that:
? An institution shall have in place a well-documented New Product Approval Policy
(“NPAP”), approved by the management body, which addresses the development of
new markets, products and services and significant changes to existing ones.
? An institution’s NPAP should cover every consideration to be taken into account
before deciding to enter new markets, deal in new products, launch a new service or
make significant changes to existing products or services.
? The NPAP should set out the main issues to be addressed before a decision is made.
? The risk control function should be involved in approving new products or
38
New products include those developed by the bank or by a third party and purchased or distributed by the bank.
IRELAND
142 INTERNATIONAL MONETARY FUND
significant changes to existing products.
In line with EBA Guidelines on Internal Governance (section 23) the Central Bank requires
that institutions have in place a well-documented NPAP, approved by the management
body, which addresses the development of new markets, products and services and
significant changes to existing ones. The risks inherent in new products, changes to existing
products or processes are required to be set out and should be subject to a
multidisciplinary review.
It is not a prerequisite that the Board or a subcommittee approve all new products,
however in line with the EBA guidelines, the Central Bank does require that a new product
policy and process is in place which is approved by the management body. In the
aforementioned RMP, the Central Bank did request that significant new products be signed
off by the Board or a nominated subcommittee. For example in respect of the new
advanced forbearance mortgage products launched by banks, these were approved by the
boards of the relevant banks.
In terms of Board and Senior management understanding of risks inherent in in new
products, material modifications to existing products, and major management initiatives
the Central Bank expects members of the management body, both individually and
collectively, to have the necessary expertise, experience, competencies, understanding and
personal qualities to properly carry out their duties. In addition, it is expected that
members of the management body should acquire, maintain and deepen their knowledge
and skills to fulfill their responsibilities. Section 11(3) of the Corporate Governance Code
also requires that the non-executive and executive directors shall have a knowledge and
understanding of the business, risks and material activities of the institution to enable them
to contribute effectively.
Compliance with these provisions is monitored through corporate governance reviews in
conjunction with vetting of new directors and senior managers through the fitness and
probity regime. As part of the Central Bank’s fitness and probity regime, the Central Bank
seeks to ascertain that directors and senior management are competent for the role which
they are being proposed for. This includes ensuring that they have an understanding of all
risks of the banks. Banks certify compliance with the Corporate Governance Code by
submitting an annual compliance statement under section 25(1). In addition as part of the
PRISM engagement activities supervisors meet with banks senior management and
directors (frequency of meeting dependent upon the impact categorization of the bank).
These meetings would cover a number of topics including, inter alia, risks inherent in new
products, material modifications to existing products, and major management initiatives.
New product approval process in the institutions under supervision is assessed as part of
the assessment of the banks’ operational risk framework, utilising the guidance provided in
Banking Supervision’s Operational Risk Assessment Methodology. The frequency of this
review is dependent on whether a signal of risk exists.
EC9 The supervisor determines that banks have risk management functions covering all material
risks with sufficient resources, independence, authority and access to the banks’ Boards to
perform their duties effectively. The supervisor determines that their duties are clearly
segregated from risk-taking functions in the bank and that they report on risk exposures
directly to the Board and senior management. The supervisor also determines that the risk
management function is subject to regular review by the internal audit function.
IRELAND
INTERNATIONAL MONETARY FUND 143
Description and
findings re EC9
As part of its ongoing supervision, the Central Bank reviews the risk management functions
of Irish licensed banks to determine if, inter alia, (i) they are sufficiently and adequately
skilled (ii) there are clear delineations between the first and second lines of defense and (iii)
the functions have appropriate access to the banks’ Boards. This assessment is conducted
through meetings with relevant personnel (including with the CRO, which is a defined
PRISM engagement task), review of executive/board risk committee or other relevant
minutes (to identify any issues which may call into question the independence, authority or
adequacy of resourcing of the risk management function). In some cases (predominately
for the covered banks) supervisors attend Risk Committee meetings (both Board and
Executive risk committees) and credit review meetings to validate independence, authority
and ability of the Risk function.
Supervisors of all High Impact institutions meet with the Internal Auditor at least once a
year. A key focus of those meetings is the annual audit plan, and ensuring the plan is
sufficient in scope, targeting all areas across the bank. This includes the risk management
function. The Central Bank’s Corporate Governance Code also requires that the bank’s
system of governance shall be subject to regular internal review. (6(3))
Guidelines on the Application of the Supervisory Review Process under Pillar 2 identify the
need for a risk control function in large, complex and sophisticated institutions, and state
that a risk control function should be established to monitor each of the material risks to
which the institution is exposed. The Central Bank requires institutions to have a risk
control function which is proportionate to the nature, scale and complexity of the
institution.
The Corporate Governance Code requires Credit Institutions to meet the following criteria
in relation to risk management functions:
? 14(3) The Board shall ensure that the risk management framework and internal
controls reflect the risk appetite and that there are adequate arrangements in place
to ensure that there is regular reporting to the Board on compliance with the risk
appetite.
? 22(3) The role of the Risk Committee shall be to advise the Board on risk appetite
and tolerance for future strategy, taking account of the Board’s overall risk appetite;
the current financial position of the institution; and, drawing on the work of the
Audit Committee and the External Auditor, the capacity of the institution to manage
and control risks within the agreed strategy. The Risk Committee shall oversee the
risk management function.
? 22(4) The Risk Committee shall ensure the development and ongoing maintenance
of an effective risk management system within the financial institution that is
effective and proportionate to the nature, scale and complexity of the risks inherent
in the business.
The Central Bank also requires banks to adhere to Section D part IV of the EBA Guidelines
on Internal Governance (GL 44) in establishing their risk management function.
The regular engagement with bank’s key risk management personnel (predominantly the
CRO), provide an opportunity to assess the adequacy of risk management within a bank in
terms of quality of staff, issues being addressed and level of independence. Preparation for
these meetings involved obtaining and reviewing risk material. Outside of the engagement
with the CRO, supervisors will assess the adequacy of resources, authority and
independence through the onsite risk activities: FRR and FRA processes.
IRELAND
144 INTERNATIONAL MONETARY FUND
EC10 The supervisor requires larger and more complex banks to have a dedicated risk
management unit overseen by a Chief Risk Officer (CRO) or equivalent function. If the CRO
of a bank is removed from his/her position for any reason, this should be done with the
prior approval of the Board and generally should be disclosed publicly. The bank should
also discuss the reasons for such removal with its supervisor.
Description and
findings re EC10
The Corporate Governance Code requires that the governance structure put in place by
each institution shall be sufficiently sophisticated to ensure that there is effective oversight
of the activities of the institution taking into consideration the nature, scale and complexity
of the business being conducted (6(4)). All institutions shall have robust governance
arrangements which include a clear organisational structure with well defined, transparent
and consistent lines of responsibility, effective processes to identify, manage, monitor and
report the risks to which it is or might be exposed, adequate internal control mechanisms,
including sound administrative and accounting procedures, IT systems and controls,
remuneration policies and practices that are consistent with and promote sound and
effective risk management both on a solo basis and at group level. The system of
governance shall be subject to regular internal review. (6(3))
In addition to the above, the Central Bank requires banks to comply with guidelines on the
Application of the Supervisory Review Process under Pillar 2 (GL03) which state:
? The risk management function should be a central organisational feature of an
institution. It should be structured in a way that permits it to achieve its objectives of
implementing risk policies and managing risk within the institution. Large, complex
and sophisticated institutions could consider establishing risk management
functions to cover each material business line.
Section 13.7 of the Central Bank’s Corporate Governance Code requires that removal from
office of the head of a Controlled Function (including the CRO) shall be subject to prior
Board approval. The Central Bank does not, however, seek that this removal be disclosed
publicly.
CRO is deemed a PCF under the Central Bank’s fitness and probity regime, thus a
comprehensive assessment is conducted of the individual prior to a letter of non-objection
to the appointment issuing by the Central Bank. When a person who holds a PCF resigns
(even in the case of removal) from that position, the following information must be
provided to the Central Bank:
? Full name of person resigning
? Financial Service Provider name and number
? PCF held
? Date of resignation
? Reason given for resignation (including copy of resignation letter)
? Contact details for person resigning, including email address and postal address
(The Central Bank may contact PCF who have resigned in the course of regulation of
Financial Service Providers)
? Contact details for Financial Service Provider
While the Central Bank does not require that the removal of a CRO be disclosed publicly, a
record of such a removal would be maintained by the Central Bank and would be taken
into account should that person ever seek appointment for a pre-approval role in the
future.
EC11 The supervisor issues standards related to, in particular, credit risk, market risk, liquidity risk,
IRELAND
INTERNATIONAL MONETARY FUND 145
interest rate risk in the banking book and operational risk.
Description and
findings re EC11
The Central Bank has issued a significant number of standards and guidance to banks on a
range of prudential requirements covering: credit risk; market risk; operational risk;
Corporate Governance; liquidity risk; and capital, amongst others. It has also issued codes
on conduct of business rules. In addition, the Central Bank requires institutions to ensure
that their operations are consistent with all EBA guidelines unless otherwise instructed (as
outlined in the Central Bank’s notice entitled “Implementation of the CRD” (28 December
2006, as amended January 2011).
EC12 The supervisor requires banks to have appropriate contingency arrangements, as an
integral part of their risk management process, to address risks that may materialize and
actions to be taken in stress conditions (including those that will pose a serious risk to their
viability). If warranted by its risk profile and systemic importance, the contingency
arrangements include robust and credible recovery plans that take into account the specific
circumstances of the bank. The supervisor, working with resolution authorities as
appropriate, assesses the adequacy of banks’ contingency arrangements in the light of
their risk profile and systemic importance (including reviewing any recovery plans) and
their likely feasibility during periods of stress. The supervisor seeks improvements if
deficiencies are identified.
Description and
findings re EC12
The Central Bank’s notice entitled “Implementation of the CRD” (28 December 2006, as
amended January 2011) advised that institutions should be guided by the paper published
by BCBS entitled “Sound Practices for the Management of Operational Risk.” Principle 7 of
this paper specifically outlines that banks should have in place contingency and business
continuity plans to ensure their ability to operate on an ongoing basis and limit losses in
the event of severe business disruption.
Section E(31) of EBA’s Guidelines on Internal Governance outlines specific requirements for
banks in respect of business continuity including the following:
? An institution shall establish a sound business continuity management to ensure its
ability to operate on an ongoing basis and limit losses in the event of severe
business disruption.
? An institution should carefully analyse its exposure to severe business disruptions
and assess (quantitatively and qualitatively) their potential impact, using internal
and/or external data and scenario analysis.
? On the basis of the above analysis, an institution should put in place:
o Contingency and business continuity plans to ensure an institution reacts
appropriately to emergencies and is able to maintain its most important
business activities if there is disruption to its ordinary business procedures.
o Recovery plans for critical resources to enable it to return to ordinary business
procedures in an appropriate timeframe. Any residual risk from potential
business disruptions should be consistent with the institution’s risk
tolerance/appetite.
? Contingency, business continuity and recovery plans should be documented and
carefully implemented.
BCBS also produced a paper in August 2006 entitled High Level Principles for Business
Continuity. Banks are expected to be guided by these principles.
Supervisors assess the appropriateness of banks’ contingency arrangements generally, as
part of thematic operational risk reviews. The frequency of these reviews is increased if
IRELAND
146 INTERNATIONAL MONETARY FUND
there are signals of risk, where supervisors have determined that there are indicators of
this risk being material to the bank. Banking Supervision’s Methodology for the
Assessment of Operational Risk outlines typical signals of business continuity risk which
assist in the determination of whether a risk is material to a given bank, and also outlines
typical expected mitigants of these risks. As noted previously, where deficiencies are
identified in this area, RMP actions are raised accordingly.
The quality and depth of analysis of BCP as part of routine offsite supervision was
insufficient to detect deficiencies. There was a scarcity of regular routine reports regarding
the status of bank continuity arrangements for supervisors to monitor this risk adequately.
The regime was largely exception based after an event. In terms of onsite analysis, onsite
review of business continuity is assessed as part of operational risk within the FRR/FRA.
Given operational risk is assessed thematically, the process is not systematic to identify
higher inherent risk banks, especially for the higher impact banks.
In light of a recent systems issue at a major bank, the retail banks in Ireland were required
to review their business continuity plans and specifically examine the risks of a similar issue
arising in their own institutions. In addition, operational risk reviews have been completed
in many of the banks, including consideration of business continuity risk. Further, IT risk
assessment completed in one of the major banks, with consideration of disaster recovery
planning - this is being rolled out further.
EC13 The supervisor requires banks to have forward-looking stress testing programmes,
commensurate with their risk profile and systemic importance, as an integral part of their
risk management process. The supervisor regularly assesses a bank’s stress testing
programme and determines that it captures material sources of risk and adopts plausible
adverse scenarios. The supervisor also determines that the bank integrates the results into
its decision-making, risk management processes (including contingency arrangements) and
the assessment of its capital and liquidity levels. Where appropriate, the scope of the
supervisor’s assessment includes the extent to which the stress testing programme:
(a) promotes risk identification and control, on a bank-wide basis
(b) adopts suitably severe assumptions and seeks to address feedback effects and
system-wide interaction between risks;
(c) benefits from the active involvement of the Board and senior management; and
(d) is appropriately documented and regularly maintained and updated.
The supervisor requires corrective action if material deficiencies are identified in a bank’s
stress testing programme or if the results of stress tests are not adequately taken into
consideration in the bank’s decision-making process
Description and
findings re EC13
The Central Bank requires banks to comply with both European and international
legislation and guidelines in respect of stress testing. Annex VII, Part 4 of the CRD
(2006/48/EC - Points 40-42) requires a credit institution to have in place sound stress
testing processes for use in the assessment of its capital adequacy. Stress testing shall
involve identifying possible events or future changes in economic conditions that could
have unfavorable effects on a credit institution’s credit exposures and assessment of a
credit institution’s ability to withstand such changes. Annex V of the CRD (2006/49/EC - 2G)
advises that a bank’s stress testing process shall particularly address illiquidity of markets in
stressed market conditions; concentration risk; one way markets; event and jump-to-default
risks; non-linearity of products; deep out-of-the-money positions; positions subject to the
IRELAND
INTERNATIONAL MONETARY FUND 147
gapping of prices; and other risks that may not be captured appropriately in the internal
models. The shocks applied shall reflect the nature of the portfolios and the time it could
take to hedge out or manage risks under severe market conditions.
(a) promotes risk identification and control, on a bank-wide basis
The Central Bank Stress Testing and Capital Planning Supervisory Framework, which forms
a basis of evaluation of a bank’s stress testing practices and which is an in-house
implementation of EBA guidelines on stress testing (GL 32) and general best practice in this
area, requires regulated institutions to ensure that:
? Stress testing is conducted on a firm-wide basis covering a range of risks in order to
deliver a complete and holistic picture of the institution’s risks.
? Stress testing is performed for all material risks types including: market, credit,
operational and liquidity risk with scenarios addressing all the material risk types;
main risk factors; and institution-specific vulnerabilities.
? Stress testing explicitly covers complex and bespoke products such as securitised
exposures, and for scenarios to factor in (a) illiquidity/gapping of prices, (b)
concentrated positions, (c) one-way markets, (d) non-linear products, (e) jump-to-
default, and (f) significant shifts in correlations and volatility.
? Stress tests are performed on specific portfolios and specific types of risks that affect
them.
? Banks must fully articulate the role of stress tests in identification of concentration
and business risk.
(b) adopts suitably severe assumptions and seeks to address feedback effects and system-wide
interaction between risks
The Central Bank Stress Testing and Capital Planning Supervisory Framework require
regulated institutions to:
? Ensure that Stress Testing is based on exceptional but plausible effects.
? Incorporate system-wide interactions and feedback effects within scenario stress
tests and specifically to incorporate simultaneous occurrence of events across the
institution.
? Ensure that Stress Testing programme covers a range of scenarios with different
severities including scenarios which reflect a severe economic downturn.
? Be aware of the possible dynamic interactions among risk drivers.
? Take into account simultaneous pressures in funding and asset markets and the
impact of a reduction in market liquidity on exposure valuation.
? Develop reverse stress tests as one of their risk management tools to complement
the range of stress tests they can undertake.
Some of the specific considerations expected to be taken into account in scenario
formulation could include:
? expectations with regard to collateral valuations;
? trading strategies of the institution;
? market disturbance, breakdown in correlations;
? failure of hedging techniques;
? illiquid markets; and
? Major failure in systems/processes/people.
There should also be a good mix of historical and hypothetical scenarios. Supervisory
reviews, as part of the Pillar 2 process, involve the evaluation and challenge of severity of
and assumptions around firm-wide stress testing. This is achieved through benchmarking
IRELAND
148 INTERNATIONAL MONETARY FUND
and expert judgment. The reverse stress test also acts as a complement to the range of the
adopted stress scenarios.
(c) benefits from the active involvement of the Board and senior management
The Central Bank Stress Testing and Capital Planning Supervisory Framework requires
regulated institutions to:
? Provide evidence of senior management participation in review and identification of
potential stress scenarios.
? Demonstrate that there has been candid discussion on modeling assumptions
between the board and risk managers.
? Ensure that stress testing programme is actionable and informs decision-making at
all appropriate management levels of the institution, e.g. reviewing limits and
reviewing strategy. Specifically, stress testing should be sufficiently integrated into
the institution’s risk management frameworks and senior management decision-
making.
? Demonstrate that the outcome of a reverse stress test has appropriately feed into
contingency planning.
? Ensure that the Stress Testing Committee, where in place, is involved in the
discussion of: design; assumptions; results; limitations; and implication of stress
testing.
(d) is appropriately documented and regularly maintained and updated
The Central Bank Stress Testing and Capital Planning Supervisory Framework requires
regulated institutions to:
? Have written policies and procedures to facilitate the implementation of the stress
testing programme.
? Ensure that stress testing is reviewed regularly and assessed for fitness of purpose.
S.I. 661 of 2006, which transposes the requirements of the CRD, includes a number of
requirements in relation to stress testing:
? A credit institution shall conduct periodic stress tests of their credit risk
concentrations including in relation to the realisable value of any collateral taken.
? The stress tests shall address risks arising from potential changes in market
conditions that could adversely impact the credit institution’s adequacy of own
funds and risks arising from the realisation of collateral in stressed situations.
? The credit institution shall satisfy the Central Bank that the stress tests carried out
are adequate and appropriate for the assessment of such risks.
? Where a stress test indicates a lower realisable value of collateral taken than would
be permitted to be taken into account under paragraphs (1) and (2) or (3) to (6), as
appropriate, the value of collateral permitted to be recognised in calculating the
value of exposures for the purposes of Regulation 57(1) to (5) shall be reduced
accordingly.
? Such credit institutions shall include in their strategies to address concentration risk
policies and procedures in the event that a stress test indicates a lower realisable
value of collateral than taken into account under paragraphs (1) to (6).
In addition to European and Irish legislation in respect of stress testing, the EBA has also
published guidelines in respect of stress testing, which banks are required to comply with
GL32, CEBS revised guidelines on stress testing, published August 2010. EBA Guidelines on
Internal Governance outline that, to identify and measure risks, an institution should
develop forward-looking and backward-looking tools. Forward-looking tools (such as
IRELAND
INTERNATIONAL MONETARY FUND 149
scenario analysis and stress tests) should identify potential risk exposures under a range of
adverse circumstances. The Central Bank has developed a Stress Testing and Capital
Planning Supervisory Framework. This Framework takes into account the proportionality
principle.
The supervisor requires corrective action if material deficiencies are identified in a bank’s
stress testing programme or if the results of stress tests are not adequately taken into
consideration in the bank’s decision-making process. The Central Bank focuses primarily on
the results from the bank’s models. It specifically reviews macro-economic factors applied
by the banks in their models to perform a peer comparison, and a comparison with other
scenarios, such as those specified for PCAR 2011 (see CP16 for details on FMP 2011). The
Central Bank reviews the output of the models and assesses their plausibility (which again
may involve a peer comparison), and whether they adequately cover all material risks in the
portfolio. Banks are also required to demonstrate the firm-wide nature of the stress tests,
i.e. that the same tests are applied across all risk types. Their ICAAP is also reviewed to
verify that the results of the stress tests are appropriately disclosed (i.e. to the board and
senior management), the impact on capital and liquidity levels, and the subsequent actions
(where required) taken.
In addition, the monitoring of stress testing practice and processes in regulated institutions
(as part of the SREP exercise) normally involves a combination of desk-based review and
on-site exercises. The desk-based review involves a review of:
? stress testing framework and methodology documents;
? results of internal stress testing;
? outcome of gap analysis against EBA guidelines on stress testing (GL 32); and
? terms of reference for relevant committees (e.g., stress testing committee).
The on-site work, on the other hand, mainly involves review of governance and overall
implementation of stress testing. Specifically, the following areas are covered (subject to
the proportionality principle):
? scenario formulation and selection;
? scenario translation methodologies (including challenge);
? quantification of impact of selected scenarios on profitability, capital and liquidity;
and
? use of outputs.
To ensure consistency in the review of institutions, the Risk Modeling Unit has developed a
Stress Testing and Capital Planning Framework setting out general expectations.
In PRISM, the assessment of the level of capital risk inherent in a regulated institution
requires that an examiner takes into account:
? the quality of stress testing process;
? the role of stress testing and scenario analysis in the firm’s capital and business
planning process; and
? the feasibility of proposed contingency measures in a period of general market
stress.
EC14 The supervisor assesses whether banks appropriately account for risks (including liquidity
impacts) in their internal pricing, performance measurement and new product approval
process for all significant business activities.
Description and
findings re EC14
The supervisor assesses whether banks appropriately account for risks (including liquidity
impacts) in their internal pricing, performance measurement and new product approval
IRELAND
150 INTERNATIONAL MONETARY FUND
process for all significant business activities through a number of measures:
Business Model Review
As per PRISM supervisory tasks, for High Impact firms, a business model review assesses,
inter alia, if the banks are appropriately taking account of risk in their internal pricing.
(These reviews are completed every 2 years).
Remuneration Reviews
These reviews were carried out both in 2010 and 2011. The reviews considered whether risk
was incorporated into performance measurement (see practical example for further details).
Operational Risk Reviews
New product approval is assessed as part of supervisors’ operational risk assessments
under the following categories:
Completeness ? Operational risk is considered in approval process and
processes
? New systems/system upgrades fully assessed for potential
operational risk
Quality ? Comprehensive and regular review
? Testing of processes
? Functional and business areas involved (e.g. I.T., risk and
business lines)
Effectiveness ? Regular review for appropriateness
? Internal Audit review of new product approval process and
integration with operational risk
The Central Bank requires banks to take account of both legislation and guidelines to
ensure they appropriately account for risks (including liquidity impacts) in their internal
pricing, performance measurement and new product approval process for all significant
business activities.
New Product Approval Process and Internal Pricing
EBA guidelines on internal governance (September 2011) include a specific section relating
to new products (section 23). It outlines the following in respect of ensuring banks
appropriately account for risk in new products: formalized new product approval;
involvement of risk control functions in the new product approval process; and a
compliance function should verify new products comply with legal requirements.
BCBS Principles for the Management of Credit Risk, specifically principle 3, outlines that
Banks should identify and manage credit risk inherent in all products and activities. Banks
should ensure that the risks of products and activities new to them are subject to adequate
risk management procedures and controls before being introduced or undertaken, and
approved in advance by the Board of Directors or its appropriate committee.
BCBS Principles for Sound Liquidity Risk Management and Supervision (September 2008),
specifically principle 4, requires that banks should incorporate liquidity costs, benefits and
risks in the internal pricing, performance measurement and new product approval process
for all significant business activities (both on and off-balance sheet), thereby aligning the
risk-taking incentives of individual business lines with the liquidity risk exposures their
activities create for the bank as a whole.
IRELAND
INTERNATIONAL MONETARY FUND 151
Performance Measurement
New legal requirements on remuneration contained in the amended CRD came into effect
on 1 January 2011 and were supplemented by guidelines issued by the EBA (together “the
Requirements”). The Central Bank advised all banks, in December 2010, of the
Requirements and required banks to take whatever action was necessary to ensure
compliance with the Requirements. In 2011, the Central Bank carried out a Remuneration
Review. This Review assessed compliance with the CRD, followed up findings from the 2010
Central Bank review and assessed compliance against the EBA guidelines.
Additional
criteria
AC1
The supervisor requires banks to have appropriate policies and processes for assessing
other material risks not directly addressed in the subsequent Principles, such as
reputational and strategic risks.
Description and
findings re AC1
Article 123 of Directive 2006/48/EC (as amended) (CRD) requires credit institutions to have
in place sound, effective and complete strategies and processes to assess and maintain on
an ongoing basis the amounts, types and distribution of internal capital that they consider
adequate to cover the nature and level of the risks to which they are or might be exposed.
The Corporate Governance Code requires banks to have in place robust governance
arrangements and effective processes to identify, manage, monitor and report the risks to
which it is or might be exposed, adequate internal control mechanisms, including: sound
administrative and accounting procedures; IT systems and controls; and practices that are
consistent with and promote sound and effective risk management.
As part of the SREP process and ICAAP review, the Central Bank assesses the processes
around all material risks.
In relation to reputational and strategic risks, these are considered as part of the Business
Model Reviews which are completed by the Central Bank. These reviews look at inter alia,
the bank’s strategy and business plan, including an evaluation of the reasonableness of
underlying assumptions, determination of earnings at risk and other strategic impediments
to achievement of this plan. This would take account of the impact of any reputational
issues being faced by the bank.
Directive 2006/48 (the CRD) has been largely transposed into Irish law by the Central Bank
Act 1971, S.I. 661 of 2006, the amended S.I. 395 of 1992 and S.I. 475 of 2009. Particular
regard should be given to regulations 66 and 70 of S.I. 661 of 2006.
Assessment of
Principle 15
Largely Compliant
Comments The Central Bank determines that banks have a comprehensive risk management process in
place through a combination of on and off-site supervision in line with the PRISM
engagement model. Supervisors evaluate the adequacy of risk management strategies,
policies, processes and limits established by a bank through periodic risk assessments, FRAs
and FRRs. For onsite risk reviews, the Central Bank has dedicated Credit, Treasury, Risk
Analytics (Quantitative Models Unit & Portfolio Analytics and Stress testing unit) and
Business Model Analytics teams which analyze credit institution’s risk management
processes. These teams are also used in assessing offsite reporting by banks. A specialist
team for operational risk does not exist (however an operational risk methodology has
been developed and rolled for use by supervisors) and in relation to business continuity
(EC12) onsite reviews are largely reactive and is one gap in the supervisory framework. The
IRELAND
152 INTERNATIONAL MONETARY FUND
range of qualitative and quantitative information to assess the status of business continuity
was not sufficient to reliably monitor the robustness of arrangements on an ongoing basis.
While some thematic work has been performed, a systematic approach to test and evaluate
continuity arrangements has yet to be completed.
The level of monitoring and frequency of analysis performed by the specialist teams is
determined by its PRISM impact rating, which sets out the minimum engagement model
required. Supervisory engagement over and above the minimum is determined, inter alia,
by the probability risk ratings. For High Impact banks, coverage is adequate to make a
comprehensive assessment of risk management. For banks with an Impact rating less than
High, review and assessment of risk management will be performed through the FRA with a
minimum frequency of between 2-4 years. In the event issues arise from the Central Bank’s
assessment of risk management, actions are updated in the risk mitigation programs within
PRISM which is an effective system for tracking the status of issues and remediation.
In relation to internal models, the Central Bank conducts a risk-based annual model
performance review covering all retail and significant locally developed wholesale models.
Accordingly, only high impact firms are subject to an annual performance review (i.e. 5 of
the 14 institutions with regulatory approval to use internal models). For the remaining
lower impact institutions, the CBI relies on ongoing model performance conducted at the
parent level, which regulated by the home country supervisor. For these 9 institutions, a
higher level of ongoing assurance through liaisons with the Home country supervisor that
models are working effectively should be gained.
Principle 16 Capital adequacy.
39
The supervisor sets prudent and appropriate capital adequacy
requirements for banks that reflect the risks undertaken by, and presented by, a bank in the
context of the markets and macroeconomic conditions in which it operates. The supervisor
defines the components of capital, bearing in mind their ability to absorb losses. At least
for internationally active banks, capital requirements are not less than the applicable Basel
standards.
Essential criteria
EC 1
Laws, regulations or the supervisor require banks to calculate and consistently observe
prescribed capital requirements, including thresholds by reference to which a bank might
be subject to supervisory action. Laws, regulations or the supervisor define the qualifying
components of capital, ensuring that emphasis is given to those elements of capital
permanently available to absorb losses on a going concern basis.
Description and
findings re EC1
Capital is currently (legal basis) defined under the Capital Requirements Directive (CRD), as
transposed by Irish statutory instruments (primarily S.I 661 of 2006, Regulations 3-11, in
relation to Own Funds). As with the CRD, the statutory instruments do not explicitly use the
terms Core Tier 1, Non-Core Tier 1 and Tier 2, although the substance of the Basel rules on
Tier 1 and Tier 2 is reflected in those transposed articles.
The CBI defines CT1 in line with the EBA definition of April 2011 applied by EBA for stress
39
The Core Principles do not require a jurisdiction to comply with the capital adequacy regimes of Basel I, Basel II
and/or Basel III. The Committee does not consider implementation of the Basel-based framework a prerequisite for
compliance with the Core Principles, and compliance with one of the regimes is only required of those jurisdictions
that have declared that they have voluntarily implemented it.
IRELAND
INTERNATIONAL MONETARY FUND 153
testing purposes (which complies with the CRD). In addition, when the CBI set higher
capital requirements (i.e. 10.5% CT1) on the Irish covered banks in 2011, the CBI defined
CT1 using the definition of CT1 as defined in the regulatory policy on Alternative Capital
Instruments (ACIs – i.e. CT1 minus non-core Tier 1 and hybrid capital).
The new CRR capital rules will apply from 1 January 2014, however, any Irish licensed bank
intending to issue capital instruments now will have to ensure that such instruments are
“forward-proofed” and meet the requirements of the CRR.
Hybrid capital instruments which contain an incentive to redeem are treated as innovative
instruments and limited to a maximum of 15% of total Tier 1 capital under S.I. 661 of 2006.
The EBA guidelines on hybrid capital instruments are also applied. Non-Cumulative
preference shares are considered as hybrids; those considered non-innovative may account
for a maximum of 50% of total Tier 1 (depending on the specific terms and conditions).
They are not included in CT1; the only exception is in the case of emergency state aid
instruments, which in specific circumstances have been included in CT1 (this only applies to
Irish covered banks). These will cease to count as CT1 post-2017(end of the grandfathering
period).
Prudential Filters applied for Tier 1 calculation
Irish banks are required to filter out any fair value reserves related to gains or losses on
cash flow hedges of financial instruments measured at amortized cost, and any gains or
losses on their liabilities measured at fair value that are due to changes in their own credit
standing. In addition, they are required by the CBI to comply with the CEBS Guidelines for
Prudential Filters on Regulatory Capital.
Deductions from Tier 1
Deductions entirely from Tier 1:
? Intangible assets.
? Own shares at book value held by the institution, and losses (material or otherwise)
of the financial year.
?
50:50 Deductions
Other deductions which are currently applied 50 percent from Tier 1 and 50 percent from
Tier 2 include:
? Holdings in other credit and financial institutions amounting to more than 10% of
their capital, and any subordinated claims and instruments which the bank holds in
respect of these institutions.
? Excess over 10% of the bank’s adjusted own funds of holdings in other credit and
financial institutions of up to 10% of their capital and any subordinated claims, and
instruments which the bank holds in respect of these institutions.
? Participations held in insurance undertakings, reinsurance undertakings and
insurance holding companies, and any other capital instruments issued by these
entities in which a participation is held.
? IRB Provision shortfall and IRB equity expected loss amounts.
? Securitization exposures not included in risk-weighted assets or in the net positions
subject to capital charge, respectively.
IRELAND
154 INTERNATIONAL MONETARY FUND
Tier 2 capital incorporates lesser quality (in terms of loss absorption and permanence)
capital instruments and reserves. For the PCAR banks, Tier 2 capital include state aid in the
form of contingent convertible instruments (CoCos) issued in July 2011. The five-year host
instruments convert to common equity on a breach of a CT1/Common Equity Tier 1 ratio of
8.25%, or when deemed non-viable by the Central Bank.
Tier 3 capital is made up of short-term (minimum of 2 years) subordinated loan capital and
net trading book profits. The Central Bank may require any other reductions
(filters/deductions) from a tier of total capital, as it deems necessary.
Minimum Capital Requirements
As a minimum requirement, all Irish-licensed banks are required to meet a total capital
ratio of 8%, incorporating a minimum ratio of 4% Tier 1 or going-concern capital to RWA.
Of the 4% Tier 1, Irish law states that at most half of the capital required may comprise
hybrid capital instruments which convert into Article 57(a)-compliant instruments at the
initiative of the issuer or in emergency situations, and within that hybrid limit, no more than
35% may be made up of instruments without such convertibility but also without an
incentive to redeem, and no more than 15% by instruments with an incentive to redeem.
Up to 50% of Tier 2 may comprise dated subordinated debt and fixed term cumulative
preference shares. Basel I capital floors using an adjustment factor of 80% or higher,
continues to be applied to Irish banks using an IRB approach to credit risk requirement
calculations and/or the AMA approach to operational risk requirements.
All banks are required to meet these minimum requirements on a solo basis, unless this
requirement is waived by the CBI. Irish-licensed parent institutions and Irish-licensed parent
financial holding companies must meet the capital requirements on a consolidated basis.
The CBI may permit the exclusion of certain subsidiaries from regulatory consolidation.
Subsidiary banks must apply their capital requirements on a sub-consolidated basis if those
banks (or their holding company) have a bank/financial institution/asset management
company as a subsidiary in a third country, or hold a participation in such an undertaking.
The minimum “Initial Capital” required is €5m or higher, as specified by the CBI, comprising
fully paid-up shares or reserves (as defined by Article 57(a) and (b) of 2006/48/EC) only.
Any authorizations given to banks with Initial Capital less than €5m must be notified by the
CBI to the European Commission and EBA. Authorization, including verification of Initial
Capital (see CP5), is an iterative process of question and response between the Central
Bank and the applicant. Where the own funds of a bank fall below the minimum initial
amounts required, the CBI may exempt the institution from those requirements for a
specified period in order for the institution to rectify the situation or make arrangements,
with the consent of the CBI, for the orderly cessation of deposit-taking and, where
appropriate, the winding-up of its affairs
Additional Capital Requirements
IRELAND
INTERNATIONAL MONETARY FUND 155
The CBI may apply a higher minimum ratio requirement to a bank at the outset of its
operations as a condition of license, as described in Principle 5, or to a going concern, as a
Pillar 2 measure.
Three High Impact rated Irish banks are currently subject to the (FMP) minimum
consolidated CT1 ratio of 10.5% until at least the end-2013. While applied as Pillar 2
measures by the CBI, following extensive on-site and off-site examinations (including a
prudential capital assessment review (loan loss forecast), data integrity validation and asset
quality review), these are structured as minimum requirements (rather than capital add-
ons) and are in the public arena. The CT1 ratio used for the FMP is defined by the CBI as
Tier 1 minus hybrids and all Tier 1 deductions (including 50% Tier 1 deductions) as per CRD
Regulations. The same High Impact banks also fall under EBA’s December 2011
Recommendation, requiring a 9% CT1 amount (EBA stress test definition) to be maintained
by the banks once the CRR comes into effect. Due to various null sets for the Irish banks,
the PCAR and EBA stress test definitions of CT1 are largely equivalent. In practice, the
8.25% Core Equity Tier 1 trigger (calculated using applicable national Basel III phase-in
rules) in the Tier 2 CoCos (see “Tier 2” above) will constitute the minimum capital
requirement for the PCAR banks. The average CT1 ratio for the three banks was c.14.67% at
June 2013.
Early Warning and Corrective Action
Ireland’s resolution regime, provides the CBI with the power to direct an authorized credit
institution to prepare a recovery plan. The CBI uses a variety of tools to regularly review
and assess the safety and soundness of banks. In cases where the CBI has concerns about
the bank’s capital adequacy levels, it raises them at an early stage, and requires that these
concerns be addressed in a timely manner. Where significant corrective action is required,
the CBI may oblige the credit institution to hold own funds in excess of the minimum level,
restrict the bank’s activities (including products) and risks, and/or sanction the bank, as
appropriate.
EC2
At least for internationally active banks,
40
the definition of capital, the risk coverage, the
method of calculation and thresholds for the prescribed requirements are not lower than
those established in the applicable Basel standards.
Description and
findings re EC2
Basel II was implemented in the EU via the CRD comprising two Directives, 2006/48/EC and
2006/49/EC. The CRD is applicable to all banks in the EU, not just those which are
internationally active. The CRD was transposed into Irish law primarily by S.I. 661 of 2006
(as amended) and S.I. 660 of 2006 (as amended) and applies to all Irish-licensed banks,
domestically and internationally-focused. The capital rules, as described in EC1, apply
40
The Basel Capital Accord was designed to apply to internationally active banks, which must calculate and apply
capital adequacy ratios on a consolidated basis, including subsidiaries undertaking banking and financial business.
Jurisdictions adopting the Basel II and Basel III capital adequacy frameworks would apply such ratios on a fully
consolidated basis to all internationally active banks and their holding companies; in addition, supervisors must test
that banks are adequately capitalized on a stand-alone basis.
IRELAND
156 INTERNATIONAL MONETARY FUND
therefore to all Irish-licensed banks.
EC3
The supervisor has the power to impose a specific capital charge and/or limits on all
material risk exposures, if warranted, including in respect of risks that the supervisor
considers not to have been adequately transferred or mitigated through transactions (e.g.
securitization transactions)
41
entered into by the bank. Both on-balance sheet and off-
balance sheet risks are included in the calculation of prescribed capital requirements.
Description and
findings re EC3
The CBI has powers to impose a specific capital charge, for all material risk exposures, on a
bank, restrict or limit its business and operations and reduce the risks inherent in the bank.
Regulation 70 of S.I. No. 661 of 2006 provides the CBI with the necessary powers and
actions if a bank does not meet the requirements set out in the CRD.
Regulation 70 states:
(1) The Bank (Central Bank) shall require any credit institution that does not meet
the requirements of these regulations (i.e. CRD) to take the necessary actions or
steps at an early stage to address the situation.
(2) For the purposes of paragraph (1), the measures available to the Bank shall
include the following:
a) Obliging credit institutions to hold own funds in excess of the
minimum level set out in Regulation 19,
b) Requiring the reinforcement of the arrangements, processes,
mechanisms and strategies implemented to comply with Regulation
16(3), i.e. governance arrangements including a clear organisational
structure with well defined, transparent and consistent lines of
responsibility, effective processes to identify, manage, monitor and
report the risks it is or might be exposed to, adequate internal control
mechanisms, sound administrative and accounting procedures and
remuneration policies and practices that are consistent with and
promote sound and effective risk management; and 4 (as inserted by
Regulation 79) of the European Communities (Licensing and
Supervision of Credit Institutions) Regulations 1992 and Regulation 65,
c) Requiring credit institutions to apply a specific provisioning policy or
treatment of assets, in terms of own funds requirements,
d) Restricting or limiting the business, operations or network of credit
institutions,
e) Requiring the reduction of the risk inherent in the activities, products
and systems of credit institutions.
f) Requiring credit institutions to limit variable remuneration as a
percentage of total net revenues when it is inconsistent with the
maintenance of a sound capital base,
g) Requiring credit institutions to use net profits to strengthen the capital
base.
41
Reference documents: Enhancements to the Basel II framework, July 2009 and: International convergence of capital
measurement and capital standards: a revised framework, comprehensive version, June 2006.
IRELAND
INTERNATIONAL MONETARY FUND 157
EC4
The prescribed capital requirements reflect the risk profile and systemic importance of
banks
42
in the context of the markets and macroeconomic conditions in which they operate
and constrain the build-up of leverage in banks and the banking sector. Laws and
regulations in a particular jurisdiction may set higher overall capital adequacy standards
than the applicable Basel requirements.
Description and
findings re EC4
In specific circumstances, where the CBI considers additional capital requirements are
warranted to reflect the risk profile and systemic importance of a bank, it can and has
applied additional requirements. Adequate powers and laws are available to the CBI to
apply risk sensitive capital requirements, impose additional capital requirements and
reduce the level of leverage in the financial system.
The prescribed capital requirements applied by the CBI are the requirements of the CRD.
Regulation 19 of S.I. 661 of 2006 sets out the minimum level of own funds. Regulations 20
to 47 of the S.I. set out minimum own funds requirements for credit risk. Regulations 48 to
51 of the S.I. set out minimum own fund requirements for operational risk.
For trading book capital requirements: Annex I of CRD (2006/49/EC), as amended, sets out
the minimum capital requirements for position risk (relating to general and specific risk
capital requirements); Annex II sets out minimum capital requirements for settlement and
counterparty credit risk (settlement/delivery risk); Annex III sets out minimum capital
requirements for foreign exchange risk; Annex IV sets out minimum capital requirements
for commodities risk; and Annex VI sets out minimum capital requirements for large
exposures.
Regulation 70 of S.I. 661 of 2006 provides the Central Bank with the necessary powers to
set overall capital adequacy standards (see EC3 above).
As part of the CBI’s FMP 2011, it conducted a PCAR on four of Ireland’s main banks, AIB,
BOI, IL&P and EBS. The PCAR consisted of 3 elements to derive additional capital
requirements:
? The estimation of independent loan-life and three-year losses under the base and
adverse macro-economic scenarios;
? The modeling of the impact of these losses on balance sheets and profit and loss
accounts; and
? The combination of these two steps to produce a capital requirement for each of the
four banks.
42
In assessing the adequacy of a bank’s capital levels in light of its risk profile, the supervisor critically focuses,
among other things, on (a) the potential loss absorbency of the instruments included in the bank’s capital base, (b)
the appropriateness of risk weights as a proxy for the risk profile of its exposures, (c) the adequacy of provisions and
reserves to cover loss expected on its exposures and (d) the quality of its risk management and controls.
Consequently, capital requirements may vary from bank to bank to ensure that each bank is operating with the
appropriate level of capital to support the risks it is running and the risks it poses.
IRELAND
158 INTERNATIONAL MONETARY FUND
The consequence of applying conservative assumptions, and of setting demanding capital
targets, was to require Irish banks to raise a significant amount of additional capital.
The minimum amount of capital the banks were required to raise as a result of the PCAR
was, in total, €18.7bn, in order to meet the new ongoing target of 10.5% CT1 in the base
and 6% CT1 in the adverse scenario. This was on the basis of the combined results of the
three-year projected stress losses derived from BlackRock and the PCAR analysis, before
the addition of a conservative capital 'buffer'.
In addition to these capital requirements, the CBI added a further capital 'buffer' of €5.3bn
across the four banks. This introduced an extra layer of resilience, and recognized the
possible, albeit unlikely, emergence of large losses after 2013. The buffer represents a
further protective capital layer over and above already conservative provisions, which are
based on an even more stressed macroeconomic environment than currently prevails. The
CBI imposed these additional capital requirements on the four banks under Regulation 70
of S.I. 661 of 2006 (see details in EC3 above).
In addition, banks are eligible to use internal assessment and models to determine capital
requirements on a more risk sensitive basis. However, even in cases where the CBI has
granted model approval (see EC5 below), it has applied additional layers of conservatism by
applying minimum floors to capital requirements, ranging from 80% to 100% of Basel 1
capital requirements. In effect, the CBI, while encouraging banks to adopt more
sophisticated forms of risk measurement and management techniques, has not sanctioned
a reduction in the actual level of capital requirements. This is mainly due to concerns
around data quality and quantity, and banks’ experience and ability to model certain assets
classes typically deemed low default portfolios in the lead up to the current financial crisis.
The CBI also applies risk weights under the least risk-sensitive approach to credit risk, the
"Standardized Approach", in line with Basel II, of 35% risk weight for lending backed by
residential mortgages in Ireland. This is restricted to owner-occupiers and loans with an LTV
of less than 75%. In addition, speculative commercial real estate may be risk weighted at
150%.
The application of the FMP 2011 also imposed a program of deleveraging, or ‘right-sizing’
of the domestic banking system. New capital requirements imposed by PCAR were
accompanied by “hard” deleveraging targets in the form of defined loan-to-deposit ratios.
LDR targets were applied by the Central Bank under Regulation 70 of S.I. 661 of 2006.
EC5
The use of banks’ internal assessments of risk as inputs to the calculation of regulatory
capital is approved by the supervisor. If the supervisor approves such use:
(a) such assessments adhere to rigorous qualifying standards;
(b) any cessation of such use, or any material modification of the bank’s processes and
IRELAND
INTERNATIONAL MONETARY FUND 159
models for producing such internal assessments, are subject to the approval of the
supervisor;
(c) the supervisor has the capacity to evaluate a bank’s internal assessment process in
order to determine that the relevant qualifying standards are met and that the bank’s
internal assessments can be relied upon as a reasonable reflection of the risks
undertaken;
(d) the supervisor has the power to impose conditions on its approvals if the supervisor
considers it prudent to do so; and
(e) if a bank does not continue to meet the qualifying standards or the conditions
imposed by the supervisor on an ongoing basis, the supervisor has the power to
revoke its approval.
Description and
findings re EC5
The CBI has an internal model validation review process for assessing internal model
applications relating to market and credit risk regulatory requirements. However, the CBI’s
process for reviewing AMA (operational) risk models is much less tested due to the low
number of Irish licensed banks using the advanced approach. No consolidated Irish
licensed bank has applied for, or been approved for, the use of AMA.
The supervisory review is carried out simultaneously by the supervisors of the individual
regulated entities within the group in accordance with Article 129 of the CRD. At the end of
the review, the CBI will formulate its own view. Supervisors then agree together on the
decision to grant or refuse the permissions sought. Permission, if granted, will be provided
within a defined period of receipt of the complete application to each legal entity within
the applicant entity. Comprehensive regulations, standards and eligibility criteria must be
met by banks using internal models to determine regulatory capital requirements.
The annual model performance review (IRBA), which is carried out by the CBI’s Risk
Modeling Unit in conjunction with the relevant Examination Team, covers all the approved
internal models used by home institutions (where the CBI is the consolidating supervisor)
and those used by host institutions with significant retail presence in Ireland (i.e. models
developed using Irish relevant data and applicable to Irish portfolios).
The Risk Modeling Unit has developed internal policies and procedures on Internal Model
Approval and Performance Review to guide the model approval process and the annual
model performance review exercise. The policy document makes reference to various
internal guidance, relevant regulatory requirements and specific
methodologies/approaches.
Banks are required under Article 129(2) of CRD (Regulation 67(2) of S.I. 661 of 2006) to
make an application for internal model approval, on a Group basis, to the supervisor of the
parent institution in the European Union. Therefore, Irish licensed banks may apply to the
CBI, where it is the home supervisory authority, for regulatory approval to use internal
models for the calculation of regulatory capital requirements. Irish licensed entities, which
are subsidiaries of an EU parent bank, are also permitted to use internal models where
IRELAND
160 INTERNATIONAL MONETARY FUND
regulatory approval has been granted under a “Joint Decision” between the CBI and the EU
home supervisory authority of its parent institution.
Qualifying standards:
CRD Article 84(2) (Regulation 29(3) of S.I. 661 of 2006) sets out the conditions under which
supervisors may grant authorization for the use of the IRBA to set minimum capital
requirements. This article requires that the approach is “sound and implemented with
integrity” and that certain requirements set out in the remainder of the article and in CRD
Annex VII part 4 are met. These requirements apply to all institutions and may not be
abrogated in full or in part by supervisors, except where explicitly permitted by the CRD.
Approval to use the AMA can be given only if the competent authority is satisfied that the
institution’s systems for measuring operational risk meet the qualifying criteria in Article
310, Chapter 1, and Tittle III of CRD. Regulation 51 of S.I. No. 661 of 2006 sets out the CBI’s
powers to allow credit institutions to use the AMA for operational risk capital requirements.
Annex X, part 3 of the CRD (2006/48/EC) sets out the qualifying criteria for AMA, including
both qualitative and quantitative requirements.
Annex V of Directive 2006/49/EC as amended allows for the CBI to grant approval for banks
to calculate their capital requirements for position risk, foreign-exchange risk and/or
commodities risk using their own internal risk-management models. Annex V sets out
eligibility criteria relating to quantitative and qualitative criteria.
The CBI has developed internal model policies, implementation notices, and model
application packs setting out its requirements and processes for internal model use relating
to credit, market and operational risk.
Model Validation Review
In accordance with the CBI’s CRD/VR/1.2 policy document, the model validation review
process consists of 7 stages, which an institution applying for regulatory recognition must
comply with. The institution must have documented policies and procedures in place to
support its internal model framework. The CBI will assess and challenge the robustness of
each of these stages during its review. This framework is applicable to all 3 risk categories
(credit, market and operational risk) but is much less tested for operational risk given the
low level of use of AMA within Irish licensed institutions.
For IRBA, regulatory model approval is granted in accordance with Article 84 of the CRD
(2006/48/EC). Approval is granted in conjunction with a detailed set of conditions covering
the follow components:
? Scope of permission for internal model use – legal entities, exposure classes,
permanent and temporary exemptions, exclusions of use;
? Capital requirements – legal powers under which capital requirements should be,
supervisory minimum floors applied, consolidated capital reporting and permanent
IRELAND
INTERNATIONAL MONETARY FUND 161
exemptions for portfolios using the standardised capital rules.
? Prerequisites – conditions to be satisfied before permission to use the internal
models approach
? Ongoing requirements – model specific elements, including terms and conditions.
This includes a general requirement for institutions to report any significant model
changes to the Central Bank on an ongoing basis. Specifically, a joint decision (as per
Article 129 of the CRD) could contain group-specific or nation-specific terms and
conditions.
The ongoing review of credit risk models by the CBI covers three broad areas which
include:
(a) parameter appropriateness,
(b) deployment of regulatory capital calculation process, and
(c) RWA forecasting.
Review of parameter appropriateness includes an assessment of reasonableness of inputs
and outputs (PDs, Exposure at Defaults (EADs), LGDs, etc.) while assessment of the quality
of deployment covers governance, ownership and testing of the end-to-end capital
calculation process. The last IRB model performance review was presented to the RGP in
December 2012 and the remedial actions were communicated to the banks. The actions are
currently being tracked, and all are due for closure by the end of the year. The ongoing
review of IRB models focus on the three institutions where the CBI is the consolidating
supervisor and the two institutions with significant retail presence in Ireland.
For market risk, banks which have approval to use an internal value-at-risk model are
required to submit details of any back-testing exception within 5 working days of
occurrence. In practice, the CBI assesses 500 days of back-testing data during the model
validation review stage.
The Central Bank has powers under paragraph 8 of annex V of CRD II to revoke the market
risk model's recognition or impose appropriate measures to ensure that the model is
improved promptly if numerous over-shootings indicate that the model is not sufficiently
accurate.
In practice, the CBI applies add-on factors for both qualitative and quantitative weaknesses.
For IRBA, where the bank ceases to comply with the IRBA requirements, Regulation 29 of
S.I. 660 of 2006 requires the bank to either present to the CBI a plan for a timely return to
compliance or demonstrate that the effect of non-compliance is immaterial. A proposal to
revoke an Article 129(2) decision can be made by the consolidating supervisor, a host
supervisor, or the institution itself. The Article 129(2) decision can be revoked by joint
agreement of the consolidating supervisor and the host supervisors or, in the absence of an
agreement, by the consolidating supervisor alone. A host supervisor cannot revoke an
Article 129(2) decision acting on its own. The CBI can, however, direct a bank to cease using
an IRBA model for regulatory capital purposes if it has been found, through the CBI’s
IRELAND
162 INTERNATIONAL MONETARY FUND
annual model performance review or via an ad-hoc analysis, to not be fit for purpose.
EC6
The supervisor has the power to require banks to adopt a forward-looking approach to
capital management (including the conduct of appropriate stress testing).
43
The supervisor
has the power to require banks:
(a) to set capital levels and manage available capital in anticipation of possible events or
changes in market conditions that could have an adverse effect; and
(b) to have in place feasible contingency arrangements to maintain or strengthen capital
positions in times of stress, as appropriate in the light of the risk profile and systemic
importance of the bank.
Description and
findings re EC6
The CBI requires all banks to have an ICAAP process, as per Article 123 of the CRD. Within
the institution’s internal governance framework, the ICAAP is a process to ensure that the
management body (both supervisory and management functions):
? Adequately identify, measure, aggregate and monitor the institution’s risks.
? Hold adequate internal capital in relation to the institution’s risk profile.
? Use sound risk management systems and develop them further.
It is the responsibility of the institution to define and develop its ICAAP. Article 124 of the
CRD sets out the CBI’s requirements in respect of the SREP. Under the SREP, the CBI
assesses banks’ ICAAPs, including the adequacy of capital held for all material risks (both
pillar 1 and pillar 2 material risks, i.e. risk profile). As per EBA guidelines, institutions should
conduct appropriate stress tests which take into account, for example, the risks specific to
the jurisdiction(s) in which they operate and particular stages of the business cycle.
In July 2011, three banks subject to the FMP issued contingent convertible Tier 2
instruments which were subscribed by the State. These instruments convert to common
equity on a going-concern basis once a pre-defined trigger is breached and at the point of
non-viability, as identified by the CBI, and are intended to bolster the banks’ CT1 levels in
periods of stress. Under Basel III/CRD IV, a countercyclical buffer may be applied to banks’
domestic and external exposures as deemed appropriate by the CBI to counteract
overheating markets and/or sectors. This specific buffer is available to Member States of
the EU to be phased in at a minimum from 2016 onwards, The CRD, and in particular
supervisory review under Pillar 2, requires institutions to take a forward-looking view in
their risk management, strategic planning and capital planning. The CBI has also adopted
the EBA guidelines on stress testing. These guidelines outline the criteria and standards for
stress testing that the Central Bank expects banks to adopt and review on a regular basis.
AC1
For non-internationally active banks, capital requirements, including the definition of
capital, the risk coverage, the method of calculation, the scope of application and the
capital required, are broadly consistent with the principles of the applicable Basel
standards relevant to internationally active banks.
43
“Stress testing” comprises a range of activities from simple sensitivity analysis to more complex scenario analyses
and reverses stress testing.
IRELAND
INTERNATIONAL MONETARY FUND 163
Description and
findings re AC1
The minimum requirements and regulations relating to capital, including the definition of
capital, the risk coverage, the method of calculation, the scope of application and capital
required, are applied to all banks with no exceptions, including for non-internationally
active banks. As described in the ECs above, capital adequacy requirements applied to all
Irish licensed banks are broadly consistent with the principles of the applicable Basel
standards relevant to internationally active banks.
AC2
The supervisor requires adequate distribution of capital within different entities of a
banking group according to the allocation of risks.
44
Description and
findings re AC2
All banks are required to meet risk-based minimum capital requirements on a solo basis.
Irish-licensed parent institutions and Irish-licensed parent financial holding companies
must also meet the capital requirements on a consolidated basis. The Central Bank may
permit the exclusion of certain subsidiaries from regulatory consolidation and/or may
conditionally allow the subsidiaries to be incorporated in the parent’s calculations,
obviating the need for a solo return by the subsidiary (“solo consolidation”). Subsidiary
banks must apply their capital requirements on a sub-consolidated basis if those banks (or
their holding company) have a bank/financial institution/asset management company as a
subsidiary in a third country, or hold a participation in such an undertaking.
Assessment of
Principle 16
Compliant
Comments
Principle 17
Credit risk.
45
The supervisor determines that banks have an adequate credit risk
management process that takes into account their risk appetite, risk profile and market and
macroeconomic conditions. This includes prudent policies and processes to identify,
measure, evaluate, monitor, report and control or mitigate credit risk
46
(including
counterparty credit risk)
47
on a timely basis. The full credit lifecycle is covered including
credit underwriting, credit evaluation, and the ongoing management of the bank’s loan and
investment portfolios.
Essential criteria
EC1
Laws, regulations or the supervisor require banks to have appropriate credit risk
management processes that provide a comprehensive bank-wide view of credit risk
exposures. The supervisor determines that the processes are consistent with the risk
appetite, risk profile, systemic importance and capital strength of the bank, take into
account market and macroeconomic conditions and result in prudent standards of credit
underwriting, evaluation, administration and monitoring.
Description and At a minimum, all credit institutions are required to comply with the CRD. In relation to
44
Please refer to Principle 12, Essential Criterion 7.
45
Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem
assets.
46
Credit risk may result from the following: on-balance sheet and off-balance sheet exposures, including loans and
advances, investments, inter-bank lending, derivative transactions, securities financing transactions and trading
activities.
47
Counterparty credit risk includes credit risk exposures arising from OTC derivative and other financial instruments.
IRELAND
164 INTERNATIONAL MONETARY FUND
findings re EC1 credit risk management processes, the CRD requires that credit-granting be “based on
sound and well-defined criteria”, “the process for approving, amending, renewing, and re-
financing credits […] be clearly established”, “the ongoing administration and monitoring of
their various credit risk bearing portfolios and exposures, including for identifying and
managing problem credits and for making adequate value adjustments and provisions, […] be
operated through effective systems” and “diversification of credit portfolios be adequate given
the credit institution's target markets and overall credit strategy” (Annex V of the 2006/48/EC
(see Paragraphs 3-5).
The CRD is supplemented by the EBA Guidelines GL 44 which expand on the requirements
of Article 22 and Annex V and establish governance expectations generally. Any
deficiencies identified by the bank itself, in the absence of remedying measures, must be
backstopped under the requirements of Article 123 of 2006/48/EC (Regulation 65 of S.I.
661 of 2006), which mandates that appropriate levels of internal capital be held by a bank
“to cover the nature and level of the risks to which they are or might be exposed.”
The requirements contained in Annex V of the CRD (2006/48/EC)form part of the more
general governance provisions contained within Article 22 of 2006/48/EC (as transposed by
Regulation 16 of the European Communities (Licensing and Supervision of Credit
Institutions) Regulations, 1992, (S.I. 395 of 1992)) and Annex V, paragraph 2. These
provisions require that every bank manages its business in accordance with sound
administrative and accounting principles, including internal control and reporting
arrangements and procedures, and must be satisfied that comprehensive risk management
policies, strategies and systems are commensurate with the scope, size and complexity of
all the bank’s activities, given the macro-environment.
The Central Bank issued “Impairment Provisions for Credit Exposures” (Oct 2005) which
contains requirements for credit risk management policies and procedures and is the most
specific in terms of minimum expectations for credit risk (Part 1, 3.1).
Under the Banking Supervision engagement model, the Central Bank supervises the banks
in accordance with the PRISM framework through the assessment of a bank’s ‘Quality of
Credit Risk Controls’.
The CBI adopts a differentiated approach to its supervision of credit risk depending upon
the Impact risk rating. The following approaches are adopted based upon the Impact rating
of the bank:
High Impact banks
High Impact banks have a dedicated credit specialist resource that assist the Examination
Team with supervising the credit institution in relation to credit risk. These credit specialists
will, inter alia, assess: Governance and culture; Skills and resources; Concentration risk;
Credit approval process; Credit monitoring process; Credit control and collections;
Impairment and provisions; and Management information and modeling. The assessment
of a High Impact banks’ credit risk profile is based upon analysis of quarterly prudential
returns and is supplemented by more frequent management information given the
prevailing economic conditions.
The “Covered Credit Institutions” submit:
? Quarterly Summary Financial Return (QSFR) – loan losses, nonperforming loans, and
additional information on loans.
IRELAND
INTERNATIONAL MONETARY FUND 165
? Arrears return – extensions/rollovers, restructured loans.
? 3 years of QSFR data is available.
? 3 years of “Impairment Provisions” data is available.
Offsite analysis involves the assessment of the following information:
? Analysis of quarterly prudential returns
? Reviewing Credit Management Information on a monthly or quarterly basis
depending on the size of the institution.
? Reviewing strategy documentation and implementation plans for Distressed Loan
Portfolios (Mortgage, SME & Real Estate).
? Reviewing supporting documentation for Risk and Credit Committees.
The results of the analysis is fed into PRISM upon completion.
The Examination Teams undertake quarterly reviews of regulatory returns which cover
impairments, nonperforming loans, trends in the loans book, etc. The Examination Team
also engage with the credit institution on an ongoing basis to discuss credit risk issues.
Regular meetings with key bank personnel are conducted: for example quarterly with
divisional heads of credit and in the case of a number of High Impact banks monthly
meetings were held with the CEO in relation to Mortgage Arrears. Key credit risk policies
are assessed on an annual basis.
Onsite supervision is a combination of regular meetings with bank executives and onsite
examination. The regular meetings with the bank include meetings with Heads of Credit
and observing Credit Risk Committee meetings.
An onsite Credit Risk Review for High Impact banks is typically performed on at least a two
year cycle and will involve representatives from the Credit Risk Team and the supervision
team. The review will assess documentation and will meet with staff from all lines of
defense – challenging the process of credit risk assessment throughout the credit risk
lifecycle from loan origination to ongoing monitoring and hind-sighting and IA. When
performing a FRR on Credit Risk the CBI assesses a broad range of documentation
including the following: Risk Appetite Statement; Impairment Policy; Credit Policy;
Collateral Valuation Policy; Risk Framework; Credit Review Procedures & Controls; Collateral
Security Procedures and Credit Grading Management & Procedures. While the onsite
aspect of the review includes sample testing of loan files to ascertain compliance with
policy documentation, these reviews will typically assess whether the credit risk grading
system is being applied in an accurate manner. For example, whether a certain grade
applied to an obligor is accurate.
At least annually, a full assessment of credit risk will be conducted for High Impact banks
and will be presented to RGP. The process for High Impact banks in terms of offsite
supervision and onsite activities provide supervisors an opportunity to determine the credit
risk profile of a bank from a number of different perspectives and taking into account
various sources of information.
Medium High
Quarterly analysis of regulatory returns will be performed by supervisors which include a
IRELAND
166 INTERNATIONAL MONETARY FUND
variety of credit risk information. Quantitative data will be supplemented by Board
information when requested. A FRA will be conducted on a minimum frequency between
two to four years during which an assessment of credit risk will be performed. Medium
High banks receive support from credit specialists where deemed necessary and in
particular to lead an onsite file review. Key credit risk policies will be assessed as part of the
FRA.
Credit risk will be discussed during meetings with bank senior management. Meetings will
take place across various levels of senior management: CEO, CRO, Board and include
external auditors.
Medium Low/Low
As part of the planning cycle a proportion of Medium High and Medium Low firms are
included in the annual cycle of Financial Risk Assessments. In addition to this Medium High
and Medium Low and Low Impact banks will be subject to variance analysis whereby
certain specified deviations in quarterly regulatory return data will trigger supervisory
attention. In terms of onsite credit risk reviews, the PRISM engagement model requires an
FRA and RGP on a spot/random basis.
10 percent of banks assigned Medium Low Impact will be sampled per year. This equates
to an average of one FRA/RGP a year for Medium Low Impact credit institutions. The
engagement typically covers:
? Meeting with CRO/CCO/Head of Credit to discuss key credit risks/credit processes.
? Review of firm MI quality and circulation/frequency.
? Review of independence of Credit Risk Function organisation structure.
? Credit Policy – approved by Board annually.
? Desk top review of credit risk MI including asset quality/provision trends.
? Loan file review (small sample).
For Medium low impact banks there is a semi-annual meeting between the credit
specialists and the supervisory team to review credit risk in these institutions. For some of
the medium low institutions, banks are required to submit an abridged QSFR providing an
overview of credit exposures. A full review of credit risk will be conducted during an FRA. In
addition, for Medium Low Impact banks credit specialist support is provided to supervision
teams when required to attend on-site credit institution meetings with senior risk
management personnel and to conduct loan file inspections to assess credit grading
reliability and impairment provision adequacy.
While the requirements in the CRD cover the overall credit granting process, it does not
refer to a comprehensive bank-wide view of credit risk exposures. Routine supervisory
activities for High Impact banks provide the supervisor with a variety of inputs to assess
credit risk management processes against changes in market and macroeconomic
conditions. Analysis of regulatory data and enhanced reporting requirements enable the
supervisor to detect changes in risk profile.
For the banks assigned PRISM Impact ratings of Medium Low and Low, the variance
analysis might not necessarily provide insight into the application of credit risk
management processes until after risks have begun to crystallize resulting in breaching
Central Bank triggers for supervisory attention. The Central Bank does not rely on Variance
Analysis alone to determine what Medium High/Medium Low institutions will be subject to
IRELAND
INTERNATIONAL MONETARY FUND 167
Financial risk Assessments in any given year. Based on their review of Board Packs, Financial
Analysis, meetings with bank executives, the CBI determines its work plan each year.
EC2
The supervisor determines that a bank’s Board approves, and regularly reviews, the credit
risk management strategy and significant policies and processes for assuming,
48
identifying,
measuring, evaluating, monitoring, reporting and controlling or mitigating credit risk
(including counterparty credit risk and associated potential future exposure) and that these
are consistent with the risk appetite set by the Board. The supervisor also determines that
senior management implements the credit risk strategy approved by the Board and
develops the aforementioned policies and processes.
Description and
findings re EC2
For High Impact credit institutions, the Central Bank performs governance reviews at least
every two years. These reviews cover credit risk governance. In addition, as part of the SREP
process, every year the supervisor and the credit specialist will assess the role of the board
and of senior management in respect of credit risk. The Central Bank assessment of credit
governance includes an evaluation of the following:
? The credit competence of the Board
? Whether the Board is actively involved in challenging and approving credit strategy
on an annual basis
? Whether the Board approves and updates the credit risk appetite and credit risk
policies
? The impact of the credit risk function at executive management level
? Whether the Board is provided with comprehensive credit information on a timely
basis
? The bank’s credit model approval committee
The Central Bank reviews, inter alia, the following documentation as part of its offsite
supervision to determine that the Board has approved and regularly reviews the Risk
Appetite Statement (RAS) in accordance with requirements, and that they have adequate
policies and processes that reflect the RAS. Frequency of review will depend upon the
PRISM risk rating. The supervisor also determines that senior management implements the
credit risk strategy approved by the Board and develops the aforementioned policies and
processes. These include:
? RAS
? Impairment Policy
? Credit Policy
? Business Unit Credit Policy Documents
? Collateral Valuation Policy
? Risk Framework
? Credit Review Procedures & Controls
? Collateral Security Procedures
? Credit Grading Management & Procedures
The review of documentation is supported with on-site and off-site supervision by the
Central Bank to observe how policy is implemented on the ground. This may include
48
“Assuming” includes the assumption of all types of risk that give rise to credit risk, including credit risk or
counterparty risk associated with various financial instruments.
IRELAND
168 INTERNATIONAL MONETARY FUND
actions such as:
1. Reviewing credit management information on a monthly or quarterly basis.
2. Observing regularly at Risk and Credit Committees.
3. Reviewing supporting documentation for Risk and Credit Committees.
4. Sample testing loan files to ascertain compliance with policy documentation.
5. Requiring Banks to undertake a third-party review of their policy documentation and
processes.
6. Regular meetings with Group and Divisional Heads of Credit.
7. Reviewing strategy documentation and implementation plans for Distressed Loan
Portfolios (Mortgage, SME & Real Estate).
8. Peer analysis of asset quality trends across the banks where the Central Bank’s risk-
based supervision is focused.
For Medium High Impact and Medium Low Impact Credit Institutions:
The Central Bank's evaluation of the role of the board and senior management’s
implementation of the credit risk strategy is largely completed on a desk-top basis with MI
being received by supervisors in the form of Board Packs and both Credit and Risk
Committee Minutes. An RGP (a full review of capital and risk) is completed every two to
four years for Medium High Impact banks and for Medium Low Impact banks on a sample
basis which will cover the role of the board and senior management in respect of credit
risk.
Credit Risk Committee packs are used to:
a) evaluate the granularity of the MI received by the Board/committees;
b) review the minutes for evidence of challenge and/or understanding of the credit risk
facing the institution.
For High Impact credit institutions, the RAS, the Credit Policy and the Credit Approval
policy would be evaluated against best practice and to also ensure that the policies are in
line with the stated risk appetite. For Medium High and Medium Low credit institutions, the
credit institutions are required to have an up-to-date Risk Appetite Statement. Credit
management structures are evaluated to ensure there is an appropriate division between
the business line and the credit risk divisions. At minimum, biennial meetings are scheduled
to meet the Head of Credit and/or CRO to discuss the developments within the
management of credit risk.
For High Impact banks, the routine supervisory activities are adequate to make an
assessment of the Board’s involvement in developing and regularly approving the credit
risk management strategy and significant policies and processes. Onsite reviews enable the
supervisor the opportunity to assess whether senior management has implemented the
credit risk strategy approved by the Board. The supervisor reviews credit risk policies at
least annually and engages with Board to discuss credit risk.
For Medium High Impact banks, the annual meeting with the Chair of the Board and
executive management (CEO & CFO) provide an opportunity to frequently assess the
implementation of the Board’s credit risk management strategy. For Medium Low Impact
banks the engagement with the Chair and senior management is on an 18 month cycle. For
Low Impact banks, engagement with Senior management is not prescribed in PRISM and
unless in exception will a supervisory activity enable the supervisor to make an accurate
assessment of whether senior management has implemented the Board’s credit risk
IRELAND
INTERNATIONAL MONETARY FUND 169
management strategy.
EC3
The supervisor requires, and regularly determines, that such policies and processes
establish an appropriate and properly controlled credit risk environment, including:
(a) a well documented and effectively implemented strategy and sound policies and
processes for assuming credit risk, without undue reliance on external credit
assessments;
(b) well defined criteria and policies and processes for approving new exposures
(including prudent underwriting standards) as well as for renewing and refinancing
existing exposures, and identifying the appropriate approval authority for the size
and complexity of the exposures;
(c) effective credit administration policies and processes, including continued analysis of
a borrower’s ability and willingness to repay under the terms of the debt (including
review of the performance of underlying assets in the case of securitization
exposures); monitoring of documentation, legal covenants, contractual requirements,
collateral and other forms of credit risk mitigation; and an appropriate asset grading
or classification system;
(d) effective information systems for accurate and timely identification, aggregation and
reporting of credit risk exposures to the bank’s Board and senior management on an
ongoing basis;
(e) prudent and appropriate credit limits, consistent with the bank’s risk appetite, risk
profile and capital strength, which are understood by, and regularly communicated
to, relevant staff;
(f) exception tracking and reporting processes that ensure prompt action at the
appropriate level of the bank’s senior management or Board where necessary; and
(g) effective controls (including in respect of the quality, reliability and relevancy of data
and in respect of validation procedures) around the use of models to identify and
measure credit risk and set limits.
Description and
findings re EC3
The Central Bank performs an annual review of a broad range of documentation and
management information to determine that credit risk policies have been effectively
implemented, including (but not limited to),
1. RAS [(a) and (e)]
2. Impairment Policy [(a) and (b)]
3. Credit Policy [(a) and (b)]
4. Business Unit Credit Policy Documents [(a) and (b)]
5. Collateral Valuation Policy [(a) and (b)]
6. Risk Framework [(a) and (e)]
7. Credit Review Procedures & Controls [(g) and (e)]
8. Collateral Security Procedures [(a)]
9. Credit Grading Management & Procedures [(a)]
The Central Bank also challenges the banks in relation to the frequency of the internal
review of each of their policy documents. The challenge process frequency depends upon
the engagement model in PRISM based on Impact classification.
IRELAND
170 INTERNATIONAL MONETARY FUND
The review of documentation is supported with on-site and off-site supervision by the
Central Bank to observe how policy is implemented on the ground. This includes actions
such as:
1. Reviewing credit management information on a monthly or quarterly basis. [(d)]
2. Observing regularly at Risk and Credit Committees. [(f)]
3. Reviewing supporting documentation for Risk and Credit Committees. [(f)]
4. Sample testing loan files to ascertain compliance with policy documentation;
analysis of the borrower’s ability and willingness to repay under the terms of the
debt monitoring of documentation; legal covenants, contractual requirements,
collateral and other forms of credit risk mitigation; and an appropriate asset grading
or classification system. [(c)]
The Central Bank evaluates lower risk institutions on a similar basis, generally without the
benefit of on-site file reviews. Areas of focus can include:
? Review of credit policies to ensure adherence with the RAS. Adherence to these
policies is tested through the Exceptions Report. This report highlights any
exceptions to policy and would be the subject of discussion with senior credit risk
management. [(a)]
? Review of credit approval policies for appropriateness, including assessment of
individual discretions, domestic discretions and in the case of a subsidiary, the level
of Parent/Group approval required under the policy. [(e)]
? Copies of Credit Approval documents can be requested to monitor the depth of
assessment provided to Credit Committee and therefore the basis for approval in
relation to the credit policies in place. [(e)]
? Review of credit grading policy to assess the appropriateness and granularity of the
approach. [(g)]
? Quality assurance of credit risk to ensure an appropriate level of “4-eyes principle”
review. [(g)]
? Assessment of the valuation policy against the CRD; and best practice in a stressed
environment. [(g)]
? Review frequency and quality is monitored against requirements and internal
policies. [(g)]
? Regulatory returns are monitored, including Connected Clients, Large Exposures and
Sector Reports, as well as a review of the Exceptions Report to credit appetite. [(a)]
The Central Bank demonstrated examples where they had implemented their framework to
assess credit risk management. For High Impact banks, the framework provided several
opportunities to assess that banks had implemented a properly controlled credit risk
environment. Several examples were evidenced in this regard, especially for the covered
banks but also for certain other high impact banks. In several examples, supervisors were
going over and beyond minimum activities prescribed by the PRISM framework.
Supervisors employed a variety of tools to assess the control environment for credit risk
exposures, which seemed appropriate for the market and macroeconomic conditions.
This approach had not been extended to all banks but was heavily skewed to the High
Impact banks which accounted for the bulk of banking assets.
EC4 The supervisor determines that banks have policies and processes to monitor the total
IRELAND
INTERNATIONAL MONETARY FUND 171
indebtedness of entities to which they extend credit and any risk factors that may result in
default including significant un-hedged foreign exchange risk.
Description and
findings re EC4
Banking Supervision Examination Teams, supported by credit specialists, assess High
Impact credit institution policies and processes that monitor the total indebtedness of
borrowers and risk factors that may result in default. This work is conducted by reviewing
credit monitoring policy and procedures to check that they are aligned to strategy, are up
to date, are sufficiently detailed and are approved by the Board on an annual basis.
Credit specialists evaluate credit risk information to ensure it is sufficient to manage loans.
Credit reports are assessed to ensure they enable executives to monitor obligors overdue
for reviews and identify loan arrears in a timely manner. The quality of management
information reported to the Board and Risk Committee is also assessed to ensure pertinent
credit risk information regarding asset quality is reported at both portfolio level and large
exposure level.
To support this work, Banking Supervision credit specialists undertake credit inspections of
sample loan files to evaluate and challenge the bank’s approach to monitoring the total
indebtedness of borrowers. As mentioned in the above EC’s, the depth and frequency of
onsite credit risk reviews are typically performed in line with a bank’s PRISM Impact rating
and will not be performed for Medium Low and Low Impact banks.
Establishment of a Central Credit Register
Banks are required to monitor the total indebtedness of their borrowers, with a particular
focus on multi-banked customers. Their capacity to do this will be further enhanced by the
introduction of a statutory credit register (which is a requirement of Ireland’s financial
support programme with the IMF, EC and ECB). Legislation is due to be enacted by end-
2013, and the indicative implementation date of the Central Credit Register is 2015-2016.
EC5
The supervisor requires that banks make credit decisions free of conflicts of interest and on
an arm’s length basis.
Description and
findings re EC5
Under Paragraph 12(1) of the EBA GL44, which are applied by the Central Bank, it is made
explicit that “members of the management body shall engage actively in the business of an
institution and shall be able to make their own sound, objective and independent decisions
and judgments.”
Paragraph 12(3) of the same document requires that members of the management body
should have a “limited number of mandates or other professional high time-consuming
activities”, and that these other mandates should be disclosed to the bank. Paragraph 12(6)
states that the “management body should have a written policy on managing conflicts of
interests for its members.”
In order to determine that credit decisions are free of conflicts of interest and made on an
arm’s length basis, the Central Bank reviews the following information:
? Credit Framework Document
? KPIs set for credit functionaries as part of their performance appraisals
? Internal Audit and Quality Assurance Reports
? Quarterly Related Party Lending returns submitted to the Central Bank
This enables the Central Bank to determine whether:
? the credit function is independent of the sales function;
? the credit function remuneration is independent of sales volumes; and
IRELAND
172 INTERNATIONAL MONETARY FUND
? there is an appropriate credit quality assurance/internal function.
The Central Bank’s Code of Practice on Lending to Related Parties (2010) provides direction
for credit decision-making where the credit is specifically being extended to related parties.
Under Paragraph 6(a) of this Code, the Central Bank requires that such lending be on an
arm’s length basis (unless it forms part of the general remuneration package of staff), and
under Paragraphs 6(b) to (i), requires that such lending be subject to appropriate
management oversight and limits. Credit institutions are required by the Central Bank to
submit quarterly reports and seek prior approval for certain loans greater than €1 million,
as per the Code. This Code is imposed pursuant to Section 117 of the Central Bank Act
1989.
EC6 The supervisor requires that the credit policy prescribes that major credit risk exposures
exceeding a certain amount or percentage of the bank’s capital are to be decided by the
bank’s Board or senior management. The same applies to credit risk exposures that are
especially risky or otherwise not in line with the mainstream of the bank’s activities.
Description and
findings re EC6
Historically, the Central Bank did not require that a credit institution’s credit policy
prescribes that major credit risk exposures exceeding a certain amount or percentage of
the bank’s capital (and including especially risky or exposure which are not in line with the
mainstream of the bank’s activities) to be decided by the bank’s Board or senior
management. However, this requirement was imposed on credit institutions under section
10 of the Central Bank Act 1971 in August 2013.
EC7 The supervisor has full access to information in the credit and investment portfolios and to
the bank officers involved in assuming, managing, controlling and reporting on credit risk.
Description and
findings re EC7
Licensed banks operating in Ireland are required to comply with the minimum calculation
and reporting requirements contained in Article 74 of 2006/48/EC (as transposed by
Regulation 18 of S.I. No.661 of 2006. In addition, Section 18 of the Central Bank Act 1971
allows the Central Bank and the ECB with the power to require additional information or
returns from banks where they consider it “necessary to have that information or return for
the proper performance of the functions imposed, or the proper exercise of the powers
conferred, on it by law.”
Part 3 of the Central Bank (Supervision and Enforcement) Act 2013 provides for extensive
authorised officer powers.
Through these powers, the Central Bank has full access to information in the credit and
investment portfolios, and to the staff responsible for managing, monitoring and reporting
on the credit risk.
Under the PRISM framework, Central Bank monitors significant information on loan
portfolios (Drawn/Undrawn, Geography, Sectoral, Grades, Arrears, Impairment, Provisions,
etc.) across all credit institutions. In addition, credit analysts are copied with internal credit
institution management information packs (e.g. Board, Executive, Credit, Risk and Policy
Committees). Copies of all information circulated to these committees (and all regular
Credit Risk reporting packs) are available to supervisors and are regularly reviewed to
assess portfolio trends, management priorities and key messages.
Supervisors have access to, and engage with, bank officers in a manner which reflects the
risk impact rating of each institution. Supervisors meet regularly with Heads of Function in
Credit, Risk, Credit Review, Asset Restructuring and Internal Audit.
EC8 The supervisor requires banks to include their credit risk exposures into their stress testing
IRELAND
INTERNATIONAL MONETARY FUND 173
programmes for risk management purposes.
Description and
findings re EC8
The Central Bank requires credit institutions to have a stress testing process and
framework. Under EBA Guidelines on Stress Testing, GL32, all credit institutions exposed to
credit risk as a material risk are subject to credit risk stress testing. As part of the SREP
process, the Risk Modeling Team assesses bank’s stress testing processes at a high level.
Where shortcomings are identified, required actions to address the issues are outlined
within the RMP.
In the majority of banks, credit risk is considered the main driver of loss and therefore
receives the most focus when assessing stress test programmes.
The Central Bank has adopted the EBA Guidelines on stress testing. These Guidelines
outline the criteria and standards for stress testing that the Central Bank expects banks to
adopt and review on a regular basis. Of particular relevance to this EC are:
o Guideline 6 (sensitivity analyses for specific portfolios or risks);
o Guideline 7 (scenario analyses);
o Guideline 14 (use of stress testing outputs); and
o Guideline 19 (relating to supervisory use of stress testing outputs), which
supplements Article 124 and Annex V of 2006/48/EC (as transposed by
Regulation 66 of S.I. 661 of 2006), which lay down the supervisory review and
evaluation process.
? Regulation 65 of S.I. 661 of 2006, transposing Article 123 of 2006/48/EC, requires
banks to have forward-looking strategies and processes in place relating to internal
capital:
o Regulation 65(1) requires banks to have in place “sound, effective and
complete strategies and processes to assess and maintain on an ongoing
basis the amounts, types and distribution of internal capital that they
consider adequate to cover the nature and level of the risks to which they
are or might be exposed”, including credit risks.
o Regulation 65(2) requires that the strategies and processes referred to in
paragraph 65(1) shall be subject to regular internal review to ensure that
they remain comprehensive and proportionate to the nature, scale and
complexity of the activities of the credit institution concerned.
A significant focus of the Central Bank has been placed on improving banks’ ability to
forecast ‘expected’ credit losses and ‘adverse’ credit losses. Banks’ outputs have been sense
checked against one another, as well as against independent estimates produced by the
Central Bank as part of the PCAR. Where banks’ outputs did not appear credible, they were
required to focus on improving their forecasting methodology. In 2011, as part of the
PCAR, the Central Bank conducted rigorous stress test of banks’ credit portfolios and
compared its results against the results of the banks’ own credit risk stress tests. This
resulted in the covered banks being required to raise €24bn in additional capital to cover 3
year stressed losses. The Central Bank also participated in the EBA stress tests.
In addition, for Medium High Impact and Medium Low Impact banks, Central Bank analysis
aims to ensure:
1. That the scenarios (which are often set at Group level) are relevant to the local entity
and that adequate governance is in place to ensure that risks specific to the
subsidiary are appropriately evaluated.
2. That the scenario translation methodology is adequately robust.
IRELAND
174 INTERNATIONAL MONETARY FUND
Assessment of
Principle 17
Largely Compliant
Comment Resources are heavily weighted towards the High Impact banks where the overwhelming
level of credit risk in the Irish banking system resides. Routine supervisory activities for
High Impact banks provide the supervisor with a variety of inputs to assess credit risk
management processes against changes in market and macroeconomic conditions.
Analysis of regulatory data and enhanced reporting requirements enable the supervisor to
detect changes in risk profile. Equally, for High Impact banks, the routine supervisory
activities are adequate to make an assessment of the Board’s involvement in developing
and regularly approving the credit risk management strategy and significant policies and
processes. It was evidenced that supervisors are going beyond routine tasks and minimum
activities prescribed by PRISM.
Where an onsite review is conducted which includes loan file reviews, this process provides
the supervisor with the opportunity to assess whether senior management has
implemented the credit risk strategy approved by the Board and whether underwriting
practices are consistent with policy and prudent for market conditions and the economic
environment. The frequency and depth of credit risk assessment for Medium High and
Medium Low institutions is performed in accordance with the PRISM engagement model
and is informed by the amount of credit risk an institution is exposed to. In this regard in
performing its annual planning process the Central Bank is informed by a range of sources
of information in reaching a view with regard to what Medium High and Medium Low
institutions should be subject to a detailed credit risk review as part of the Financial Risk
Assessment. The frequency and depth of onsite credit risk reviews for lower risk institutions
and the allocation of credit risk specialists to perform file reviews is not sufficient to
maintain an accurate assessment of credit risk for these credit institutions (EC3).
For the banks assigned PRISM Impact ratings of below High (especially Medium Low and
Low), the variance analysis might not necessarily provide insight into the application of
credit risk management processes until after risks have begun to crystallize resulting in
breaching Central Bank triggers for supervisory attention (EC1).
For Medium High Impact banks, the annual meeting with the Chair of the Board and
executive management (CEO & CFO) provide an opportunity to frequently assess the
implementation of the Board’s credit risk management strategy. For Medium Low Impact
banks the engagement with the Chair and senior management is on an 18 month cycle.
For Low Impact banks, engagement with Board and Senior management is not prescribed
in PRISM and unless in exception will a supervisory activity enable the supervisor to make
an accurate assessment of whether senior management has implemented the Board’s
credit risk management strategy (EC2).
Principle 18 Problem assets, provisions and reserves.
49
The supervisor determines that banks have
adequate policies and processes for the early identification and management of problem
assets, and the maintenance of adequate provisions and reserves.
50
Essential criteria
49
Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem
assets.
50
Reserves for the purposes of this Principle are “below the line” non-distributable appropriations of profit required by a supervisor in addition to provisions
(“above the line” charges to profit).
IRELAND
INTERNATIONAL MONETARY FUND 175
EC1
Laws, regulations or the supervisor require banks to formulate policies and processes for
identifying and managing problem assets. In addition, laws, regulations or the supervisor
require regular review by banks of their problem assets (at an individual level or at a
portfolio level for assets with homogenous characteristics) and asset classification,
provisioning and write-offs.
Description and
findings re EC1
As per the CRD (Article 22 of 2006/48/EC), banks are required to have robust governance
arrangements to manage risk. Specifically in relation to problem assets, provisions and
reserves, all banks need to comply with the requirements contained within ‘Impairment
Provisions for Credit Exposures’ published in October 2005. More recently the Central Bank
issued updated guidance: firstly in December 2011 “Impairment Provisioning and
Disclosure Guidelines” and a further update in May 2013. While all credit institutions need
to comply with the 2005 requirements, only Covered banks are required to comply with the
2011 and 2013 requirements (although supervisors do advise institutions that the 2013
Guidelines are examples of better practice).
The obligation for banks to formulate policies and processes for identifying and managing
problem assets is contained within Part 1 of the Qualitative Requirements of “Impairment
Provisions for Credit Exposures 2005 (hereafter ‘Impairment Provisions Guidelines 2005’).
The Impairment Provisions Guidelines 2005 oblige the board and senior management to
exercise effective oversight over all aspects of credit risk management including problem
assets and provisioning. The Impairment Provisions require the board of directors to be
responsible for “reviewing the adequacy of provisions for impairment losses and amounts
written off.”
Section 3.4 of the Impairment Provisions Guidelines 2005 oblige banks to review the
impairment policy at least annually to ensure that it is still appropriate for the business the
credit institution undertakes and the economic environment. Furthermore, that this review
will include a “review and sign off on the processes and systems for credit risk, and the
methodology used in determining the level of impairment provisions.”
In performing its supervision, the Central Bank requires banks to have fit-for-purpose
policies and processes for identifying and managing problem assets. The Central Bank’s
primary focus in this area has been on the High Impact banks as identified under the
PRISM model. This has been an area of significant focus for the Central Bank in the past
number of years as it is concerned that High Impact banks’ policies and processes are very
weak in this area. The focus has been primarily on the domestic mortgage and SME/Real
Estate portfolios, as these are the most distressed loan assets.
The Central Bank evaluates problem assets and provisions for Medium High Impact and
Medium Low Impact banks primarily on a desk-top basis. For these banks, desk-based
supervision is supplemented by thematic reviews of problem assets and provisions. While
Medium High Impact and Medium Low Impact banks don’t have a dedicated credit
specialist, such resources are made available to those supervisory teams whose banks are
holding challenged assets.
EC2
The supervisor determines the adequacy of a bank’s policies and processes for grading and
classifying its assets and establishing appropriate and robust provisioning levels. The
reviews supporting the supervisor’s opinion may be conducted by external experts, with the
supervisor reviewing the work of the external experts to determine the adequacy of the
bank’s policies and processes
IRELAND
176 INTERNATIONAL MONETARY FUND
Description and
findings re EC2
The Central Bank adopts a proportional approach to its supervision of regulated banks,
with resources heavily weighted towards the High Impact banks with the greatest risk-
weighted assets (as determined by PRISM).
High Impact Banks
The Central Bank reviews the following documentation to determine the adequacy of
bank’s policies and processes for grading and classifying its assets and establishing
appropriate and robust provisioning levels:
1. RAS
2. Impairment Policy
3. Credit Policy
4. Business Unit Credit Policy Documents
5. Collateral Valuation Policy
6. Risk Framework
7. Credit Review Procedures & Controls
8. Collateral Security Procedures
9. Credit Grading Management & Procedures
The review of documentation is supported with on-site and off-site supervision by the
Central Bank to observe how policy is implemented on the ground. This includes actions
such as:
1. Reviewing Credit Management Information on a monthly or quarterly basis.
2. Observing regularly at Risk and Credit Committees.
3. Reviewing supporting documentation for Risk and Credit Committees.
4. Sample testing loan files to ascertain compliance with policy documentation.
5. Requiring Banks to undertake a third party review of their policy documentation and
processes.
6. Regular meetings with Group and Divisional Heads of Credit.
7. Reviewing strategy documentation and implementation plans for Distressed Loan
Portfolios (Mortgage, SME & Real Estate).
8. Peer analysis of asset quality trends across the banks where risk-based supervision is
focused.
Medium High and Medium Low Impact Banks
The Central Bank evaluates the appropriateness of provisioning levels for banks through
the desk-top analysis of relevant policies; including: credit policy, impairment policy,
valuation policy, risk management framework, credit grading policy, credit approval policy,
and credit review policy. Supervisors discuss provisions for impaired loans with bank
management to assess adequacy. Credit grading against collateral valuations is also
discussed. Should an on-site file review be required, the Central Bank’s credit team or an
independent third party may complete the review.
The engagement model is that Medium Low Impact credit institutions have a FRA and RGP
on a spot/random basis with a 10% sample of all ML Impact banks per year. This equates to
an average of one FRA/RGP a year for Medium Low Impact credit institutions. The
engagement typically covers:
? Meeting with CRO/CCO/Head of Credit to discuss key credit risks / credit processes
? Review of firm MI quality and who receives it/frequency
? Review of independence of credit risk function organisation structure
? Credit Policy – approved by Board annually
IRELAND
INTERNATIONAL MONETARY FUND 177
? Desk-top review of credit risk MI including asset quality/provision trends
? Loan file review (small sample)
In respect of all institutions, in order to challenge the robustness/appropriateness of banks’
provisioning levels, the credit specialists keep informed of market conditions, particularly in
distressed sectors (e.g. Hotels, Real Estate, Hospitality). They review external publications
(e.g. real estate market reports, sectoral papers on the hotel & pharmacy industries) and
engage with market experts (e.g. insolvency practitioners, property valuers, risk
management experts, NAMA).
The Central Bank has engaged 3
rd
parties in 2011, 2012 ad 2013 to conduct targeted
reviews of bank’s credit grading systems through Asset Quality Reviews (AQR). These
reviews focus on the quality of the credit process, the accuracy of internal credit grading
and the robustness of the provision levels, classification of asset performance and
identification of forbearance. In addition, specific file reviews which have been completed
in the past eighteen months by the Central Bank in a significant number of institutions. In
several cases, banks increased their provisions as a direct result of these reviews.
AQRs were completed by Blackrock Solutions in the covered banks across Real Estate, SME,
Mortgage and Corporate loan portfolios.
The Central Bank engaged 3
rd
party accountancy firm to assess provisioning policies of
retail banks in preparation for the development of the Impairment Provisioning and
Disclosure Guidelines (December 2011).
The data included below highlights the level of intensive engagement between the Central
Bank and the banks as part of its mortgage arrears engagement. Banks included in this
process include 8 high impact banks.
Oct
2011
? Central Bank requested mortgage lenders to submit distressed asset
resolution strategies by end November
Dec
2011
? Central Bank reviewed submissions
Feb
2012
? Deputy Governor met 7 main lenders to discuss common themes
? Central Bank issued specific feedback to each lender on strategies
submitted
Apr
2012
? Central Bank undertook review of DCOR in the three main retail banks
May
2012
? Central Bank completed DCOR review & provided feedback to boards of
the three main retail banks
? Lenders were asked to submit board approved projected segmentation of
book across treatment options
Jun 12 ? Central Bank reviewed board approved submissions & reverted with
feedback
A similar level of supervisory oversight is currently underway in relation to the SME/Real
Estate portfolios. The Central Bank commissioned Blackrock Solutions (BRS) in 2012 to
complete a SME DCOR exercise in two high impact banks. This was an all-encompassing
assessment of how these institutions manage problem SME assets. Following the SME
DCOR, the Central Bank has requested strategy documents and implementation plans to
address weaknesses identified from all banks active in the Irish SME market. It is currently
IRELAND
178 INTERNATIONAL MONETARY FUND
challenging institutions on their SME submissions.
In response to slow progress in addressing the high quantum of mortgage arrears (both
PDH & BTL), the Central Bank has established targets for the resolution of cases >90 days
past due for 6 specified licensed banks (by reference to Regulation 16 of the European
Communities (Licensing and Supervision of Credit Institutions) Regulations 1992 through
the Mortgage Arrears Resolution Targets paper. Within this paper, institutions are
reminded of the regulatory powers contained in Regulation 65 of the European
Communities (Capital Adequacy of Credit Institutions) Regulations 2006, and how these
may be applied if the targets are not met.
For the High Impact banks, the Central Bank demonstrated examples of enhanced attention
paid to the adequacy of bank’s provisioning policies and practices to establish appropriate
levels of provisions. The Central Bank has increased its engagement with High Impact
banks over the course of the last three years to monitor application of its new provisioning
and impairment guidance. While the Central Bank does not prescribe a methodology for
calculating provisions, (accounting policies are prescribed by Companies Law), the Central
Bank has been actively encouraging banks to adopt a more conservative approach to
provisioning when applying its accounting for loan loss provisions under IFRS (the
mandatory effective date of IFRS 9 is anticipated to be 1 January 2015).
In addition to the various stress testing and balance sheet analytical exercises, the Central
Bank has performed onsite reviews in High Impact banks (and in particular the Covered
Banks) to evaluate bank’s provisioning models.
EC3
The supervisor determines that the bank’s system for classification and provisioning takes
into account off-balance sheet exposures.
51
Description and
findings re EC3
Section 3 of the Impairment Provisions for Credit Exposures (26 October 2005) applies to all
credit exposures, but does not explicitly mandate responsibility for, or require
documentation of, impairment provisioning of off-balance sheet exposures. Part II of the
guidance, which applies to IFRS/FRS 26 reporting banks, requires that impairment of off-
balance sheet transactions should be made after the initial recognition of the asset.
Credit institutions currently report loan commitments, financial guarantees and other
commitments to the Central Bank on a quarterly basis through their FINREP submissions.
Supervisors undertake a review of off-balance sheet exposures in the FINREP submissions
periodically.
Supervisors of Medium Low Impact credit institutions monitor and investigate material
movements in loan commitments, financial guarantees and other commitments via the BI
Cube format.
Additionally, credit institutions currently include contingent liabilities in their annual report,
which is reviewed by supervisory teams. Credit Institutions currently report “Impairment
Provisions” to the Central Bank on a quarterly basis through their online submissions. This
return includes provisions for both on and off balance sheet exposures (e.g. provisions on
committed but unfunded loans, or provisions on letters of credit).
51
It is recognized that there are two different types of off-balance sheet exposures: those that can be unilaterally cancelled by the bank (based on contractual
arrangements and therefore may not be subject to provisioning), and those that cannot be unilaterally cancelled.
IRELAND
INTERNATIONAL MONETARY FUND 179
Current Banking Supervision procedure is that supervisory teams undertake a periodic
review of “Impairment Provisions” submissions. This includes monitoring, understanding,
and challenging (if required) the aggregate movement in impairment provisions on both
on- and off-balance sheet exposures.
EC4
The supervisor determines that banks have appropriate policies and processes to ensure
that provisions and write-offs are timely and reflect realistic repayment and recovery
expectations, taking into account market and macroeconomic conditions.
Description and
findings re EC4
High Impact Banks
The Central Bank’s primary focus in this area has been on the High Impact banks as
identified under the PRISM model. In terms of policies and processes, the Central Bank
reviews a comprehensive suite of banks’ documents and challenges their appropriateness
through ongoing engagement with banks and onsite reviews. The Central Bank conducts
loan-level file reviews to assess both the provisioning process and the realism of recovery
expectations (such as “cure rates”) together with a peer analysis of asset quality trends. A
significant number of specific file reviews have been completed in the past eighteen
months by the Credit Team.
The 2011 Provisioning Guidelines for the covered banks encouraged banks to broaden
their impairment policies and procedures under the following guiding principles:
1. Recognise their incurred loan losses as early as possible within the context of IFRS;
2. Adopt a more conservative approach to the measurement of impairment provisions
across all loan portfolios; and
3. Significantly improve the number and granularity of their asset quality and credit risk
management disclosures which will enhance users understanding of their asset
quality profiles and credit risk management practices.
For retail banks, since 2012 the Central Bank has conducted regular on-site reviews of
mortgage banks’ collections capability and operations. This entails assessments of credit
institutions’ mortgage Arrears Support Units, including collection processes and procedures
The Central Bank has focused its attentions on the operational effectiveness of retail credit
institutions’ arrears collections units, and has typically not focused on their arrears units
policies.
Medium High and Medium Low Impact Banks
The Central Bank evaluates the timeliness and conservatism of provisions for these banks
through desk-top analysis of relevant policies, including impairment policy, credit grading
policy, valuation policy, and credit review policy. The timeliness and conservatism of
provisions are areas of considerable subjectivity. However, discussions with senior credit
management and senior risk management are undertaken to form a view of the current
provisioning practices. The Central Bank Impairment guidelines, while only explicitly
applying to covered institutions, should be considered best practice here. These require
early recognition of loss and a general conservatism regarding the estimation of provisions.
Under IFRS banks apply an incurred loss approach to loan loss provisioning. For retail
residential mortgage portfolios that are collectively managed which account for
approximately 50 percent bank total assets, nonperforming loans are collectively managed
and utilize internal models for the calculation of provisions. The assumptions that feed the
models are based on historical loss data and include factors such as: emergence period,
cure rates, and assumptions regarding valuation of collateral (peak to trough). In the
IRELAND
180 INTERNATIONAL MONETARY FUND
absence of prescription in the Central Bank powers, the assumptions vary widely across the
banks. The Central Bank has placed considerable emphasis on influencing banks policies
and assumptions. One example included a High Impact bank which imposed a provision
overlay in their annual accounts following a Central Bank review.
While the Central Bank has had success influencing banks to increase the level of
conservatism in their provisioning practices, particularly ensuring greater conservatism in
the assumptions that input into provisioning models, there is a significant build-up of
mortgage arrears in the system.
EC5
The supervisor determines that banks have appropriate policies and processes, and
organizational resources for the early identification of deteriorating assets, for ongoing
oversight of problem assets, and for collecting on past due obligations. For portfolios of
credit exposures with homogeneous characteristics, the exposures are classified when
payments are contractually in arrears for a minimum number of days (e.g. 30, 60, 90 days).
The supervisor tests banks’ treatment of assets with a view to identifying any material
circumvention of the classification and provisioning standards (e.g. rescheduling,
refinancing or reclassification of loans).
Description and
findings re EC5
High Impact banks
In recent years the higher risk banks have revised their policies in the context of
deteriorating market conditions. The Central Bank has reviewed these documents to
establish their appropriateness for early identification of deteriorating assets and ongoing
oversight of problem loans. Furthermore, banks have enhanced their MIS systems to
classify asset quality into various cohorts, to ensure transparency of asset quality. In
addition, most banks have separated their loan portfolios between distressed/non-
distressed and core/non-core.
The review of documentation is supported with intensive on-site and off-site supervision by
the Central Bank to observe how policy is implemented on the ground. This includes
actions such as:
1. Reviewing Credit Management Information on a monthly or quarterly basis.
2. Observing regularly at Risk and Credit Committees.
3. Reviewing supporting documentation for Risk and Credit Committees.
4. Sample testing loan files to ascertain compliance with policy documentation.
5. Requiring Banks to undertake a third party review of their policy documentation and
processes.
6. Regular meetings with Group and Divisional Heads of Credit.
7. Reviewing strategy documentation and implementation plans for Distressed Loan
Portfolios (Mortgage, SME & Real Estate).
8. Peer analysis of asset quality trends across the banks where risk-based supervision is
focused.
In ongoing Central Bank prudential supervision activities, there is significant focus around
the adequacy of Distressed Credit Operations (homogenous retail books and non-retail
books) in credit institutions. This includes an assessment of the bank’s resources and
operational capabilities within the distressed credit operations and portfolio resolutions
area.
In terms of testing High Impact banks’ treatment of assets to determine the
appropriateness of provisioning standards, the Central Bank has conducted several
IRELAND
INTERNATIONAL MONETARY FUND 181
thematic and bank specific onsite reviews to assess the banks’ capabilities and readiness in
relation to early identification of deteriorating assets and ongoing management of problem
assets. The Central Bank commissioned BlackRock Solutions in 2012 to complete separate
DCOR exercises in Mortgage and SME portfolios. For example, the SME DCOR assessed two
High Impact banks in terms of:
A. Organisational Structure and Resource Capacity
B. Skill and Experience of Staff as well as Quality of Training
C. Workout Strategy and Execution Ability
D. Relevant Documentation and Management Information Systems, including KPIs
E. Data and Reporting Related to Outsourced and/or Delegated Functions
F. Quality Assurance and Monitoring
Following the SME DCOR Review, the Central Bank requested strategy documents and
implementation plans to address weaknesses identified from all banks active in the Irish
SME market. The third phase of this work commenced in 2013. The purpose of these
reviews is to see evidence of the strategies being implemented on the ground. Loan file
reviews were conducted throughout 2013 as banks’ implementation plans are rolled out.
Medium High Impact and Medium Low Impact Banks
The Central Bank evaluates the appropriateness of policies and procedures for the early
recognition of arrears in these banks using a desk-top approach. The frequency of the
review will be determined by the risk profile and PRISM prescribes a minimum frequency
FRA of between 2-4 years. A desk-top review of a bank’s arrears collections capabilities will
be undertaken.
In quarter 4, 2012, the Central Bank employed an arrears collections expert to lead credit
institutions to move from short-term forbearance on mortgage arrears to more sustainable
options, with adequate operational capacity to implement. The expert has been assisting
the Central Bank in the on-site reviews of MARS implementation and arrears management
and collection capability and implementation. These reviews cover all retail credit
institutions.
The Central Bank has performed and continues to perform on-site reviews of Arrears
Support Units. A key output is an evaluation of the banks’ capacity to deal with the volume
of arrears in-flow through inbound and outbound call activities and the capacity to handle
the back-book (old) arrears. The Central Bank is performing continuous assessment of ASUs
throughout 2013.
Following the SME DCOR Review, the Central Bank requested strategy documents and
implementation plans to address weaknesses identified from all banks active in the Irish
SME market.
EC6 The supervisor obtains information on a regular basis, and in relevant detail, or has full
access to information concerning the classification of assets and provisioning. The
supervisor requires banks to have adequate documentation to support their classification
and provisioning levels.
Description and
findings re EC6
The Central Bank’s primary focus in this area has been on the higher risk banks as identified
under the PRISM model. The Central Bank reviews related policy documents for higher risk
banks on an annual basis, as well as monthly/quarterly management information on a
regular basis. It examines the quality and appropriateness of the information. A list of
documentation obtained and reviewed includes:
IRELAND
182 INTERNATIONAL MONETARY FUND
Annually
? Impairment Policy
? Credit Policy
? Business Unit Credit Policy Documents
? Collateral Valuation Policy
? Credit Grading Management & Procedures
? Year-end Impairment papers presented to Risk Committee
? Loan loss projection reports
Monthly/Quarterly
? Interim impairment papers presented to Risk Committee
? Credit information packs (classification of assets, provisioning & asset quality
trends supported by management commentary)
? Review quality of information furnished to risk committees and boards
? Management information specific to distressed loans
? Internal audit reports – quality assurance & controls
? Quarterly Summary Financial Return – a quarterly return from High and Medium
High impact institutions which details information on loan portfolios
(Drawn/Undrawn; Geography; Sectoral; Grades; Arrears; Impairment; Provisions;
etc.)
? Market information sourced on each of SME, Residential Mortgages, Real Estate
and Corporate
? Regular meetings with Heads of Function in Credit, Risk, Credit Review, Asset
Restructuring and Internal Audit
? The Regulatory Document on Impairment Provisions for Credit Exposures (2005)
requires quarterly reporting on provisioning levels as per the CRD asset classes
Having reviewed documentation and management information, the Central Bank analyses
asset quality trends across banks and highlights areas of concern with follow-up action
required. In addition it has, on occasion, highlighted its concerns to the banks’ external
auditors.
The Central Bank obtains information on a regular basis regarding asset classification and
provisioning. This information is submitted as required regulatory returns (see CP10 for
details) on a quarterly basis and further information can be requested by the supervision
team as part of either a thematic review or a FRR/FRA. Impairment policy, credit grading
policy, valuation policy, and credit review policy documents can also be included.
For High Impact covered banks, the Central Bank identified weaknesses in the adequacy of
covered banks’ policy documentation in relation to provisioning. The Central Bank required
covered banks to improve their policies/documentation through the publication of
Impairment Provisioning and Disclosure Guidelines in December 2011. These guidelines
have resulted in banks updating their provisioning documentation/policies and processes
to include, inter alia, the treatment of forborne loans, the widening of impairment triggers
and increased disclosure in their annual accounts.
For Medium High Impact and Medium Low Impact credit institutions – on a quarterly basis,
credit institutions submit impairment provisions, nonperforming loans and write-off
information to the Central Bank which is reviewed by the examination teams for any
material movements and trends. Any material movements are queried with the relevant
credit institution and inform the Central Bank’s supervisory engagement.
IRELAND
INTERNATIONAL MONETARY FUND 183
The frequency and depth of analysis for the larger High Impact banks is sound and
provides the supervisor with an opportunity to assess bank’s documentation. Equally, the
desk based review for Medium-High banks is adequate.
EC7 The supervisor assesses whether the classification of the assets and the provisioning is
adequate for prudential purposes. If asset classifications are inaccurate or provisions are
deemed to be inadequate for prudential purposes (e.g. if the supervisor considers existing
or anticipated deterioration in asset quality to be of concern or if the provisions do not fully
reflect losses expected to be incurred), the supervisor has the power to require the bank to
adjust its classifications of individual assets, increase its levels of provisioning, reserves or
capital and, if necessary, impose other remedial measures.
Description and
findings re EC7
As part of the Central Bank’s assessment of asset classification and the adequacy of
provisioning in High Impact banks, it reviews related policy documents on an annual basis
as well as monthly/quarterly management information on a regular basis. It reviews the
quality and appropriateness of the information. A list of documentation obtained and
reviewed includes:
Annually
1. Impairment Policy
2. Credit Policy
3. Collateral Valuation Policy
4. Credit Grading Management & Procedures
5. Year-end Impairment papers presented to Risk Committee
6. Loan loss projection reports
Monthly/Quarterly
1. Interim impairment papers presented to Risk Committee
2. Credit information packs (classification of assets, provisioning & asset quality trends
supported by management commentary)
3. Review quality of information furnished to risk committees and boards
4. Management information specific to distressed loans
5. Internal audit reports – quality assurance & controls
6. Quarterly Summary Financial Return – a quarterly return details information on loan
portfolios (Drawn/Undrawn; Geography; Sectoral; Grades; Arrears; Impairment;
Provisions; etc.)
7. External market information relating to SME, Residential Mortgages, Real Estate and
Corporate
Supervisors meet regularly with Heads of Function in Credit, Risk, Credit Review, Asset
Restructuring and Internal Audit.
Having reviewed documentation and management information, the Central Bank analyses
asset quality trends across banks and highlights areas of concern where provisions are
deemed inadequate to cover potential losses. On a number of occasions, this has
prompted asset quality file reviews. In addition supervisors have, on occasion, highlighted
their concerns to the banks’ external auditors.
A full risk assessment is presented to the Central Bank RGPs. In this regard, the Central
Bank has the power to require banks to increase their capital where it is concluded that
loan loss provisioning does not fully reflect losses expected to be incurred.
IRELAND
184 INTERNATIONAL MONETARY FUND
Medium High Impact / Medium Low Impact Credit Institutions:
On a quarterly basis, credit institutions submit information on impairment provisions,
nonperforming loans and write-offs to the Central Bank, which is reviewed by the
examination teams for any material movements and trends. Any material movements are
queried with the relevant credit institution and inform the Central Bank’s supervisory
engagement.
Deficiencies identified by the Central Bank in a bank’s management of credit risk (including
provisioning) may be addressed through the measures included in Article 136 of
2006/48/EC (as transposed by Regulation 70 of S.I. 661 of 2006), among others, as detailed
in CP11.
Prudential Capital Assessment Review (PCAR) - 2011
The PCAR assessed the capital requirements of the covered banks arising for expected base
and potential stressed loan losses over a three year time horizon (2011-2013). As a result of
the exercise Covered banks’ provision projections were deemed inadequate and all were
required to raise additional capital to cover projected loan losses under a stress case
scenario.
EC8 The supervisor requires banks to have appropriate mechanisms in place for regularly
assessing the value of risk mitigants, including guarantees, credit derivatives and collateral.
The valuation of collateral reflects the net realizable value, taking into account prevailing
market conditions.
Description and
findings re EC8
The Central Bank’s primary focus in this area is in relation to the valuation of real estate,
noting that this is the most common form of collateral on which the banks place reliance
for value. Little reliance is placed on un-collateralised guarantees due to the significant
destruction of wealth in the economic downturn.
In the 2011 guidance paper ‘Valuation Processes in the Banking Crisis – Lessons Learned –
Guiding the Future’ the Central Bank provided industry enhanced guidance for provisioning
which applies to all credit institutions. While the paper has the status of guidance, the
Central Bank considers that the guidelines and recommendations contained therein
represent appropriate process and procedures for credit institutions in considering
property security valuation. The Central Bank does, as a matter of course, scrutinise the
application of these guidelines as part of its ongoing supervision.
As part of the Central Bank’s on-site file reviews, supervisors observed that there was
inconsistent assessment of collateral value both across and within institutions. They made
recommendations that banks review, in the context of the guidance document, their
collateral valuation approach. Policies were sought to be developed and implemented
where they were absent. These file reviews covered all impact categories of banks, with a
greater focus on the higher impact banks.
The Central Bank evaluates the appropriateness of mechanisms to assess the value of risk
mitigants in Lower Impact banks using a combination of a desk-top approach and, where
appropriate, onsite interview of the CRO (on a biennial basis at a minimum, as per the
PRISM requirements). The effectiveness of credit risk mitigants is subject to extensive
discussion with the bank, including an understanding of credit derivatives in place and
assessment of the effectiveness of guarantees and collateral as credit risk mitigants.
The Central Bank’s loan file reviews focus heavily on the realism of recovery expectations.
IRELAND
INTERNATIONAL MONETARY FUND 185
Inherent in this is the quality of the collateral assessment. Examples of loan files reviews
where supervisors subsequently challenged the banks’ mechanisms for regularly assessing
collateral include a number of High Impact banks.
EC9 Laws, regulations or the supervisor establish criteria for assets to be:
(a) identified as a problem asset (e.g. a loan is identified as a problem asset when there
is reason to believe that all amounts due, including principal and interest, will not be
collected in accordance with the contractual terms of the loan agreement); and
(b) reclassified as performing (e.g. a loan is reclassified as performing when all arrears
have been cleared and the loan has been brought fully current, repayments have
been made in a timely manner over a continuous repayment period and continued
collection, in accordance with the contractual terms, is expected).
Description and
findings re EC9
High Impact Banks
The Central Bank monitors problem asset identification in the following ways:
? Quality of the grading model inputs.
? Frequency of loan reviews – e.g. are loans reviewed at least annually.
? Level of overdue credit reviews.
? Challenge the quality of credit assessment through loan file reviews (this would
include the assessment of credit grade, collateral valuation, repayment capacity &
debt analysis).
? Assess the loan review process and relevant controls.
? Bank policies to identify emerging credit risk.
Medium High Impact and Medium Low Impact Banks
Assessment of a particular exposure as a “problem asset” and any subsequent re-
classification of such an exposure as “performing” does not, in effect, take place at a
granular or individual loan level in Medium High Impact and Medium Low Impact firms. A
high-level general assessment does, however, take place with regard to overall exposures
on a sovereign or sectoral or specific credit exposure basis, with reference to ongoing
trends in nonperforming loans, loan loss provisions, and credit write-downs. These
discussions are held within the context of a firm’s overall capital sufficiency levels. A desk-
top review by Banking Supervision would incorporate Credit Grade Policy, Credit Review
Policy, Credit Policy, etc. Furthermore, Business Model Analysis (including an assessment of
local knowledge of group models) can be carried out by Banking Supervision support
functions such as the Risk Analytics Unit.
Reclassified as Performing
With regard to mortgage, SME and CRE lenders, the Central Bank has brought increasing
focus during 2011/12 on the movement of problem assets from short term forbearance to
medium/long term resolution options. Its work has focused on the Mortgage Arrears
Resolution Strategy and, more recently, the SME Resolution Strategy. There has been
minimal reclassification of problem loans as performing in the current economic
environment. As the banks begin to reclassify their problem assets to performing, the
Central Bank will monitor and challenge in line with the powers outlined above.
In relation to the reclassification of IRB exposures previously designated as defaulted, the
prudential requirements of Paragraph 47 of Part 4 of Annex VIII of 2006/48/EC requires
that, where no trigger of default continues to apply, the bank should rate the obligor or
facility as they would for a non-defaulted exposure.
IRELAND
186 INTERNATIONAL MONETARY FUND
The Central Bank guidance on restoration of exposure to unimpaired status for IFRS/FRS
26-reporting banks is contained in Section 7 of Part II of the Impairment Provisions for
Credit Exposures (October 2005), and replicated for the covered banks in Section 5.9.6 of
the Impairment Provisioning and Disclosure Guidelines 2011.
Problem Assets (Covered Banks): Ongoing supervision, including a number of specific
initiatives (e.g. AQR; DCOR; Income Recognition and Re-Aging; Data Integrity and
Validation; Loan File Review Deep Dives (across all institutions); On-Site Reviews) have
helped to identify problems and devise mitigation plans where appropriate.
Reclassified as Performing (Covered Banks): Assessments were completed by the Central
Bank in 2012, with the assistance of Ernst and Young, in respect of interest recognition on
impaired loans and arrears re-aging practices within the FMP banks.
EC10 The supervisor determines that the bank’s Board obtains timely and appropriate
information on the condition of the bank’s asset portfolio, including classification of assets,
the level of provisions and reserves and major problem assets. The information includes, at
a minimum, summary results of the latest asset review process, comparative trends in the
overall quality of problem assets, and measurements of existing or anticipated
deterioration in asset quality and losses expected to be incurred.
Description and
findings re EC10
The Central Bank assesses the Credit MIs which go to the Boards of High Impact banks
under a broad range of headings, including, inter alia:
o Asset quality of banks loans across each asset type.
o More detailed analysis on problem sectors.
o Loan loss performance versus projections – variances explained.
o Trend analysis across portfolios.
o Frequency of presentation of MIS to Board and delegated committees.
The Central Bank completes peer analysis across high-risk institutions to identify where
gaps exist. This may prompt a risk mitigation action. In terms of compliance, some banks
provide excellent information to their Boards. In other instances, Central Bank has pointed
to gaps in information being provided to the Board (two High Impact banks) and has
captured appropriate risk mitigation actions for inclusion in the RMP.
The assessment by the supervisor that the bank’s Board obtains timely and appropriate
information on the condition of the bank’s asset portfolio also takes place for Medium
High Impact and Medium Low Impact firms. Elements such as the classification of assets,
the level of provisions and reserves, and major problem assets would be incorporated to
some degree within the assessment of the appropriateness of information included within
the Board Pack.
In addition, note that under Section 3.1 of the Impairment Provisions for Credit Exposures
(October 2005) senior management are specifically responsible for:
? “evaluating the sensitivity and reasonableness of key assumptions used in the
impairment provision assessment and measurement system, this may include the
performance of stress tests to incorporate economic conditions that may affect credit
exposures”
? “providing the board with regular reports on the adequacy of impairment provisions
and amounts written off”
The internal audit/independent credit review functions are required, under 3.3 of the same
document, to conduct biennial reviews of the credit risk assessment process, including the
IRELAND
INTERNATIONAL MONETARY FUND 187
adequacy of provisioning and stress testing, and report back to senior management and
the board on their findings. Any weaknesses identified are required to be addressed “on a
timely basis.”
Central Bank Risk Governance Panel 2011 – for a High Impact institution
Findings: Central Bank reported that the bank’s Board is not presented with bank specific
key credit quality metrics such as book quality, provisions, grade migration and growth etc.
for corporate markets division. The bank does not have a system of tracking SME
forbearance.
Conclusions: Central Bank directed, as an intended outcome, that the bank’s Board should
have sufficient data to perform its oversight role of credit risks and that the Board should
be able to assess the quantum and type of forbearance on the SME book.
Action: In order to achieve that intended outcome, the following RMP actions were out in
place:
The bank is required to ensure that specific data of sufficient granularity is provided to the
Board, including key credit metrics for the Global Restructuring Group portfolio. The bank
is required to devise a system to facilitate tracking, monitoring and reporting of SME
forbearance.
EC11 The supervisor requires that valuation, classification and provisioning, at least for significant
exposures, are conducted on an individual item basis. For this purpose, supervisors require
banks to set an appropriate threshold for the purpose of identifying significant exposures
and to regularly review the level of the threshold.
Description and
findings re EC11
Individual assessment of Significant Exposures is mandated for all IFRS/FRS 26 reporting
banks. These accounting standards apply to all credit institutions. The Central Bank’s
Impairment Provisions for Credit Exposures (October 2005) state that “Exposures should be
assessed for objective evidence, measurement, and recognition of impairment on an
individual basis for individually significant exposures.” The Central Bank does not require
banks to set specific thresholds for the purpose of identifying significant exposures or to
regularly review the level of this threshold. As part of the process to review the provision
policy of High Impact firms, the Central Bank examines the threshold used by credit
institutions for the assessment of individual impairment provisions. As a general rule the
thresholds used by firms have been deemed reasonable. If a situation occurred whereby
the Central Bank believed that the threshold limit was too high, then the credit institution
would be instructed to reduce the threshold.
Supervisors are required to review impairment provision data and credit policies for lower
impact banks in accordance with the Central Bank PRISM supervision engagement model.
For High Impact banks, the Central Bank reviews the following:
Annually
1. Impairment Policy
2. Business Unit impairment Policy Documents
3. Year-end Impairment papers presented to Risk Committee
4. Loan loss projection reports
Monthly/Quarterly
1. Interim impairment papers presented to Risk Committee
2. Credit information packs (classification of assets, provisioning & asset quality trends
IRELAND
188 INTERNATIONAL MONETARY FUND
supported by management commentary)
3. Management information specific to distressed loans
4. Internal audit reports – quality assurance & controls
5. Quarterly Summary Financial Return – a quarterly return from which details
information on loan portfolios (Drawn/Undrawn; Geography; Sectoral; Grades;
Arrears; Impairment; Provisions; etc.)
Individual assessment of Significant Exposures is mandated for all IFRS/FRS 26 reporting
banks in Section 5.1 of the Impairment Provisions for Credit Exposures (October 2005) and
again in Section 5.8 of the Impairment Provisioning and Disclosure Guidelines (2011)
specifically for the covered banks.
Central Bank identified that, for one High Impact institution, individual/specific provisions
were calculated on facilities greater than $10m under group policy. Central Bank advised
the bank of its view that the cut-off of $10m was too high. The bank subsequently
amended its specific provision threshold to $0.
EC12 The supervisor regularly assesses any trends and concentrations in risk and risk build-up
across the banking sector in relation to banks’ problem assets and takes into account any
observed concentration in the risk mitigation strategies adopted by banks and the
potential effect on the efficacy of the mitigant in reducing loss. The supervisor considers
the adequacy of provisions and reserves at the bank and banking system level in the light
of this assessment.
Description and
findings re EC12
The Central Bank assesses concentration risk trends in the covered institutions through
analysis of their management information. Concentration risk has increased for the covered
institutions as a result of the deleveraging process with increasing geographic
concentration to the Irish market. The Central Bank’s focus in assessing trends in
concentration risk is on the banks’ back books, as there is little/no new business being
written by these institutions. The Central Bank regularly assesses trends and concentrations
in risk and risk build-up across the High Impact credit institutions in relation to problem
assets through the quarterly Credit Panel meetings, which are attended by senior Banking
Supervision executives. At these meetings, the Credit Panel evaluates detailed credit risk
data and considers the adequacy of impairment provisions by individual bank and also on a
peer group basis.
CEBS Guidelines on the management of concentration risk under the supervisory review
process (GL31) set out that as “concentration risk is not fully addressed in the context of
Pillar 1”, banks must address “any resultant underestimation of risk…by allocating capital,
where necessary, through the framework of Pillar 2.” Hence, as part of the ICAAP process,
banks are expected to make an assessment of the level of capital that is required to
address any shortfall in the Pillar 1 process.
Legal/Regulatory Basis
The CRD has been largely transposed into Irish law by the Central Bank Act 1971, S.I. 661 of
2006, the amended S.I. 395 of 1992 and S.I. 475 of 2009. The Central Bank (Supervision and
Enforcement) Act 2013 enhances the powers of the Central Bank generally in relation to
credit institutions. Particular regard should be had to regulation 66 and 70 of S.I. 661 of
2006. There are also extra powers in this area in the direction making powers in the Central
Bank (Supervision and Enforcement) Act 2013 – see section 37(3) in relation to the disposal
of assets and liabilities. See also section 40(2)(a) of the Act which will give the Central Bank
powers in the area of making regulations on the management of risks to which banks may
IRELAND
INTERNATIONAL MONETARY FUND 189
be exposed to.
Section 5 of Annex V of Directive 2006/48/EC (as amended) requires banks to have written
policies and procedures in relation to concentration risk. It states “The concentration risk
arising from exposures to counterparties, groups of connected counterparties, and
counterparties in the same economic sector, geographic region or from the same activity or
commodity, the application of credit risk mitigation techniques, and including in particular
risks associated with large indirect credit exposures (e.g. to a single collateral issuer), shall be
addressed and controlled by means of written policies and procedures.” These requirements
are further elaborated in Sections 3(5) and 10(18) of Annex V in relation to diversification of
credit portfolios and funding and the various Guidelines issued by CEBS/EBA.
In relation specifically to Large Exposures, Article 106 of 2006/48/EC (as amended),
transposed by Regulation 52 of S.I. 661 of 2006, defines “exposures” as “any asset or off-
balance sheet item referred to in Section 3, Subsection 1 [standardised approach to credit risk
which refers to “claims or contingent claims” on particular exposure classes], without
application of the risk weights or degrees of risk there provided for.” Derivative exposures
may be calculated according to the Original Exposure Method, Market-to-Market Method
or Internal Model Method. All elements entirely covered by Own Funds may, with the
agreement of the Central Bank, be excluded from the determination of “exposures”,
provided that such Own Funds are not included in the bank’s Own Funds for the purposes
of its capital adequacy ratio or in the calculation of other monitoring ratios.
To facilitate this analysis as part of the SREP process, the Central Bank collects data on the
top 100 credit exposures as well as a sector breakdown across the portfolio. This is run
through an internal model, with generic correlations linked to probability of default, to
estimate potential Pillar II requirements/add-ons for ‘name concentration’ (on large
exposures) and ‘sector concentration’. This is compared with the output of the
methods/models banks use within their ICAAP. Where the model used by a bank is
considered inadequate, a Pillar II add-on may be imposed in line with the output of the
Central Bank model until such time as the bank has addressed issues related to their
approach to the measurement of credit concentration risk.
Medium to long term forbearance measures are typically agreed at a later date subsequent
to borrower compliance with short term forbearance measures and receipt of detailed
borrower information.
(1) The Code of Conduct on Mortgage Arrears (CCMA), which came into force in
January 2011, lays out a set of rules governing how credit institutions treat
mortgage borrowers in arrears. This includes the Mortgage Arrears Resolution
Process (MARP), which is used when dealing with arrears and pre-arrears
customers. The 5 steps for the MARP are: communication; financial information;
assessment; resolution and appeals.
(2) As per IAS 39, interest accrued (not collected) enters the income statement while
the loan is still performing and nonperforming. Interest accrued (not collected)
does not enter the income statement if a loan is deemed to be impaired.
(3) This is not covered by a specific regulation. Mortgage interest capitalization is
generally associated with arrears/missed payments being rescheduled. The
impairment and provisioning guidelines apply restrictions to the release of
provisions based on 6 months subsequent performance. Policies vary by bank with
regard to criteria which may apply.
IRELAND
190 INTERNATIONAL MONETARY FUND
The Central Bank of Ireland’s Impairment Provisioning and Disclosure Guidelines
(December 2011) states that the following guidelines are required to be followed by
covered institutions when considering the impact of forbearance measures on the
methodology for assessing impairment:
? Loan pools which are subject to forbearance measures should be separated from the
remaining non-forborne loan pools.
? Non-forborne loan pools may need to be further stratified based on similar risk
characteristics.
? When calculating the collective impairment provisions, particularly for mortgage
portfolios, certain model inputs which are based on historic data may require
management judgment to be applied to adjust historic data to reflect current
economic circumstances and the granting of forbearance measures.
? For example, where a borrower is up to date with their revised terms, having
previously received forbearance measures, the historic roll rates to default may
appear lower than the underlying risk profile of the loan pool.
? The LGD could be higher on forborne loan pools than those applied to the non-
forborne loan pools.
? The PD applied to forborne loan pools will be higher than the non-forborne pools.
The Central Bank also requires the history of PDs relating to such forborne loan
pools to be recorded and disclosed in the annual report over time.
Section 5.9.6 – Restoration of Exposure to Unimpaired Status – states that an impaired
exposure should only be restored to unimpaired status when the contractual amount of
principal and interest is deemed to be fully collectible in accordance with the terms of the
agreement. Objective evidence must exist subsequent to the initial recognition of the
impairment to justify restoration to unimpaired status. Typically, this should take place
when:
? The covered institution has received repayment of the loan’s past due principal and
interest, none of the principal and interest is due and unpaid, and the covered
institution expects repayment of the remaining contractual principal and interest as
scheduled in the agreement;
? The counterparty has resumed paying the full amount of the scheduled contractual
principal and interest payments for a reasonable period and all remaining
contractual payments (including full compensation for overdue payments) are
deemed to be collectible in a timely manner; or
? The exposure becomes well secured and is in the process of collection.
A covered institution’s determination of the ultimate collectability of an exposure should be
supported by a current, well-documented credit evaluation of the counterparty’s financial
condition and other factors affecting the prospects for repayment, including consideration
of the counterparty’s repayment performance and other relevant factors.
The Central Bank leverages off the review and sampling work undertaken by credit
institutions’ external auditors annually when they sign-off on financial statements. Sections
26 and 27 of the Central Bank Act 1997 require that copies of the banks’ audited financial
statements are provided to the Central Bank. Supervisors typically receive and review
annual post-audit reports and management letter reports prepared by external auditors
annually, which contain auditor comments on provisioning and loan quality. External
auditors do not review loan classification and processes for the Central Bank; however, they
will audit loan classification and processes as part of their annual audit.
IRELAND
INTERNATIONAL MONETARY FUND 191
The Central Bank’s Auditor Protocol 2011 provides a framework for annual bilateral and
trilateral meetings between the Central Bank, the credit institution’s external auditor, and
the credit institution to enable both the Central Bank and the auditors of firms to achieve
fulfillment of both parties’ statutory powers. Typically, for High Impact institutions,
supervisors will meet with external auditors before and after the annual financial statement
audit to discuss, inter alia, loan classification and provisioning.
The Banking Supervision Credit Team performs thematic reviews on loan portfolios which
will assess impaired and non-impaired loans. The Central Bank can take supervisory
measures if dissatisfied with loan classifications.
Assessment of
Principle 18
Largely Compliant
Comments Over the course of the last several years, the CBI has allocated considerable resources in an
effort to encourage prudent provisioning practices with a significant focus on the covered
banks. The Central Bank has updated and expanded its guidance regarding provisioning
and valuation practices and performed more frequent and in-depth onsite assessments.
The update guidance by the Central Bank goes beyond that of other authorities in the
region where IFRS is applied. Problem assets, provisions and reserves have been an integral
part of the Central Banks’ engagement with credit institutions through on-site testing of
compliance with the revised Guidelines. The banking sector has also been subject to
various externally led balance sheet exercises. There are a number of examples
demonstrating the impact of the new Guidelines in increasing the conservatism of banks’
loan loss provisioning practices.
The banking sector has gone through a severe crisis and there continues to be significant
stress on banks’ balance sheets. While the Central Bank has expanded its guidance
regarding provisioning practices, it does not have direct legislative power to reclassify
assets and/or increase provisions which impacts its direct influence on provisioning
practices. Also, the Central Bank does not have the legal power to overrule a decision (e.g.
on provisioning) by a bank’s own external auditor. Instead, the Central Bank will rely upon
their powers to increase capital in the event provisions are assessed as inadequate as per
Regulation 70 of SI 661. Furthermore, through the framework set up in the Auditor Protocol
2011, the Central Bank discusses and challenges loan loss provisioning.
In terms of supervisory activities, supervisors monitor and track changes in provisioning
and asset quality through periodic analysis of regulatory returns and ad hoc data requests,
supplemented by annual review of policies. An assessment of asset quality and
provisioning will be performed as part of an FRR or FRA. Supervisory activities should place
greater reliance on onsite verification of bank processes, particularly in terms of: assessing
processes for the early identification of problem assets; application of prudent valuations
for collateral; and, testing assumptions that feed into provisioning models. There was
evidence to suggest this process had commenced with the High Impact banks but was yet
to be extended across the sector (with due regard to proportionality). Below High Impact
banks, an assessment of provisioning is performed via a desk based review. Greater
frequency of onsite supervision will allow an ability to verify bank provisioning practices by
loan sampling and testing of assumptions to ensure they remain consistent with actual
experience and are adjusted in a timely fashion to reflect changes in market conditions and
the economy. Through this process, the supervisor will be better able to deem whether
provisions are adequate for prudential purposes (EC7). Given the updated guidance by the
Central Bank only applies to High Impact banks, a greater onsite presence will allow
IRELAND
192 INTERNATIONAL MONETARY FUND
supervisors the ability to identify approaches which depart materially from the Central
Bank’s guidance but remain compliant with accounting standards.
Principle 19 Concentration risk and large exposure limits. The supervisor determines that banks have
adequate policies and processes to identify, measure, evaluate, monitor, report and control
or mitigate concentrations of risk on a timely basis. Supervisors set prudential limits to
restrict bank exposures to single counterparties or groups of connected counterparties.
52
Essential criteria
EC1
Laws, regulations or the supervisor require banks to have policies and processes that
provide a comprehensive bank-wide view of significant sources of concentration risk.
53
Exposures arising from off-balance sheet as well as on-balance sheet items and from
contingent liabilities are captured.
Description and
findings re EC1
Various European and Irish regulations require credit institutions to have policies and
procedures relating to concentration risk, including off-balance sheet exposures.
Concentration risk regulation includes: Section 5 of Annex V of Directive 2006/48/EC,
Article 106 of Directive 2006/48/EC, and EBA Guidelines on the implementation of the
revised large exposures regime 2009.
Section 5 of Annex V of Directive 2006/48/EC as amended requires banks to have written
policies and procedures in relation to concentration risk. These requirements are further
elaborated in Sections 3(5) and 10(18) of Annex V, in relation to diversification of credit
portfolios and funding, and in the various Guidelines issued by CEBS/EBA.
Paragraph 34 of Guideline 3 of the CEBS Guidelines on the management of concentration
risk under the supervisory review process) which has been endorsed by the CBI, clarifies
that “risk drivers which could be a source of concentration risk should be identified” by banks,
covering “all risk concentrations which are significant to the institution […], including on–
and off- balance sheet positions and committed and uncommitted exposures, and extending
across risk types, business lines and entities.”
In relation specifically to Large Exposures, Article 106 of 2006/48/EC as amended
(transposed by Regulation 52 of SI 661) defines “exposures” as “any asset or off-balance
sheet item referred to in Section 3, Subsection 1 [standardized approach to credit risk which
refers to “claims or contingent claims” on particular exposure classes], without application of
the risk weights or degrees of risk there provided for.”
CEBS Guidelines on the management of concentration risk under the supervisory review
process set out that as “concentration risk is not fully addressed in the context of Pillar 1”,
banks must, address “any resultant underestimation of risk…by allocating capital, where
necessary, through the framework of Pillar 2.” Through the SREP process, the Central Bank’s
52
Connected counterparties may include natural persons as well as a group of companies related financially or by
common ownership, management or any combination thereof.
53
This includes credit concentrations through exposure to: single counterparties and groups of connected
counterparties both direct and indirect (such as through exposure to collateral or to credit protection provided by a
single counterparty), counterparties in the same industry, economic sector or geographic region and counterparties
whose financial performance is dependent on the same activity or commodity as well as off-balance sheet exposures
(including guarantees and other commitments) and also market and other risk concentrations where a bank is overly
exposed to particular asset classes, products, collateral, or currencies.
IRELAND
INTERNATIONAL MONETARY FUND 193
Risk Modeling Unit:
? will examine the approach used by a bank to estimate the capital required in relation
to credit concentration risk
? can also perform an analysis of the level of capital required in relation to credit
concentration risk
To facilitate this analysis as part of the SREP process, the CBI collects data on the top 100
credit exposures as well as a sector breakdown across the portfolio. This is run through an
internal model, with generic correlations linked to PD, to estimate potential Pillar II
requirements/add-ons for ‘name concentration’ (on large exposures) and ‘sector
concentration’. This is compared with the output of the methods/models banks use within
their ICAAP. Where the model used by a bank is considered inadequate, Pillar II add-ons
may be imposed in line with the output of the CBI model until such time as the bank has
addressed issues related to their approach to the measurement of credit concentration risk.
EC2
The supervisor determines that a bank’s information systems identify and aggregate on a
timely basis, and facilitate active management of, exposures creating risk concentrations
and large exposure
54
to single counterparties or groups of connected counterparties.
Description and
findings re EC2
CBI staff reviews bank internal reports and Board minutes to determine the involvement of
the Board and the level of information provided.
The EBA has developed common reporting templates and guidelines in relation to large
exposures reporting pursuant to EU directive 2009/111/EC (CRD II).
The revised large exposures regime has been applied since 31 December 2010. The CBI
achieves compliance with Essential Criteria 2 primarily through the periodic submission of
the Large Exposure and concentration regulatory reports by licensed credit institutions, and
the subsequent review undertaken by CBI supervision teams of the returns. During the
ICAAP process concentrations are reviewed as are management controls and when
necessary and appropriate additional capital add-ons imposed.
The CBI receives quarterly reports on concentrations risk by sector, geography and
industry. The reports are input for analysis conducted by CBI.
EC3
The supervisor determines that a bank’s risk management policies and processes establish
thresholds for acceptable concentrations of risk, reflecting the bank’s risk appetite, risk
profile and capital strength, which are understood by, and regularly communicated to,
relevant staff. The supervisor also determines that the bank’s policies and processes require
all material concentrations to be regularly reviewed and reported to the bank’s Board.
Description and
findings re EC3
The CBI performs Large Exposure return reviews, reviews of risk appetite statements (for
selected credit institutions), reviews of Board Management Information, and selected
reviews of credit institutions’ risk policies and procedures.
The Credit Team and the Examination Teams, through regular reviews of High Impact credit
54
The measure of credit exposure, in the context of large exposures to single counterparties and groups of
connected counterparties, should reflect the maximum possible loss from their failure (i.e. it should encompass actual
claims and potential claims as well as contingent liabilities). The risk weighting concept adopted in the Basel capital
standards should not be used in measuring credit exposure for this purpose as the relevant risk weights were devised
as a measure of credit risk on a basket basis and their use for measuring credit concentrations could significantly
underestimate potential losses (see “Measuring and controlling large credit exposures, January 1991).
IRELAND
194 INTERNATIONAL MONETARY FUND
institutions’ Management Information and credit risk policies (including Risk Appetite
Statements), assess risk concentrations against risk appetite.
For Medium High Impact and Medium Low Impact credit institutions, concentration risk is
assessed by Examination Teams through the large exposure regulatory returns, and (on a
less frequent basis) via FRAs, through review of RAS and ICAAP portal submissions through
which credit institutions identify their risk appetite and management of concentration risk.
Guideline 5 of the CEBS Guidelines on the management of concentration risk under the
supervisory review process requires banks to “set top-down and group-wide concentration
risk limit structures (including appropriate sub-limits across business units or entities and
across risk types) for exposures to counterparties or groups of related counterparties, sectors
or industries, as well as exposures to specific products or markets. The limit structures and
levels should reflect the institution’s risk tolerance and consider all relevant interdependencies
within and between risk factors. The limit structures should cover both on- and off- balance
sheet positions and the structure of assets and liabilities at consolidated and solo levels. The
limit structures should be appropriately documented and communicated to all relevant levels
of the organization.”
Article 124 of 2006/48/EC as amended (as transposed by Regulation 66(1)-(3) of S.I. 661)
provides the legal basis for supervisory review and assessment, supplemented by CEBS
Guidelines on Supervisory Review and Assessment contained in Section 5 of CEBS
Guidelines on the management of concentration risk under the supervisory review process
(GL31).
The CBI’s Impairment Provisions for Credit Exposures paper of 2005 is a requirement for all
licensed credit institutions. The paper places various requirements on credit institutions vis-
à-vis credit concentration risk, namely:
o As part of the measurement of portfolio provisions, credit institutions should
be cognizant of credit concentration risk. Credit risk concentrations are based
on similar or positively correlated risk factors, which, in times of stress, have
an adverse effect on the creditworthiness of each of the individual
counterparties making up the concentration. Such concentrations include, but
are not limited to: significant exposures to an individual counterparty or
group of related counterparties; credit exposures to counterparties in the
same economic sector or geographic region; credit exposures to
counterparties whose financial performance is dependent on the same
activity or commodity; and indirect credit exposures arising from a credit
institution’s credit risk mitigation techniques (e.g. exposure to a single
collateral type or to credit protection provided by a single entity).
o A credit institution should have in place effective internal policies, systems
and controls to identify, measure, monitor, and control their credit risk
concentrations. The internal policies, systems and controls should be clearly
documented and should include a definition of the credit risk concentrations
relevant to the credit institution and how they and their corresponding limits
are calculated. A credit institution’s management should conduct periodic
stress tests of its major credit risk concentrations and review against
expectations.
EC4
The supervisor regularly obtains information that enables concentrations within a bank’s
portfolio, including sectoral, geographical and currency exposures, to be reviewed.
IRELAND
INTERNATIONAL MONETARY FUND 195
Description and
findings re EC4
All licensed credit institutions are required to identify, aggregate and report single name
credit concentrations and concentrations to connected counterparties to the CBI on a
quarterly basis through the large exposures return for an example. These requirements are
on a statutory basis and are set out in Section 5 of CRD, Articles 106-119) and in the CBI
paper of December 2010 Large Exposures Return Notes on Compilation. Credit institutions
are required to:
1. Submit details of Group (G) and Unconnected (U) exposures. All large exposures (i.e.
those exposures greater than 10% of own funds) should be reported up to a
maximum of 70. This will be divided into a maximum of 30 to non-credit institutions,
20 to credit institutions and 20 to sovereigns. If there are less than 70 large
exposures, sufficient exposures should be reported to bring the total number of
exposures up to 30 to non-credit institutions, 20 to credit institutions and 20 to
sovereigns. Where there are not sufficient exposures to bring the number reported
up to 70 this must be indicated in the Notes section of the return. For institutions
that report on a Group Consolidated basis, the number of exposures reported
should be 50 for non-credit institutions, 30 for credit institutions and 30 for
sovereigns.
2. Submit details of connected clients
3. Submit quarterly reports on credit exposures broken down by sectors, industry,
geography.
Reporting formats for Large Exposures, Related Party Lending and the Report on sectoral
limits have been prescribed by the Central Bank under Section 117(3)(a) of the Central Bank
Act 1989 in the case of Large Exposures pursuant to Article 110 of 2006/48/EC as amended
(transposed by Regulation 56 of S.I. 661 of 2006). These reports are submitted quarterly.
Funding concentration risk reporting is required monthly from the higher risk banks, as
identified by PRISM. These reports are without prejudice to the rights and powers of the
Central Bank to otherwise request specific information at any point in time.
The CEBS Guidelines on the management of concentration risk under the supervisory
review process highlight the currency risks that may emerge from a concentration on
foreign currency funding and on lending to foreign borrowers whose sources of income are
in a mismatched currency.
CBI does regularly receive details on credit exposure by sector and geography for retail
credit institutions via the QSFR. Outputs are analyzed by Credit Team and presented
quarterly at the Credit Panel, a meeting of senior Central Bank staff and management from
various divisions.
EC5
In respect of credit exposure to single counterparties or groups of connected
counterparties, laws or regulations explicitly define, or the supervisor has the power to
define, a “group of connected counterparties” to reflect actual risk exposure. The supervisor
may exercise discretion in applying this definition on a case by case basis.
Description and
findings re EC5
The CBI has the discretion under the “EBA Guidelines on the Implementation of the Large
Exposures Regime” to define an exposure as connected.
Article 4(45) of Directive 2006/48/EC as amended defines a “Group of Connected Clients”,
and this definition is referenced in S.I. 661 of 2006 – “Group of Connected Clients” means:
(a) two or more natural or legal persons, who, unless it is shown otherwise, constitute a
single risk because one of them, directly or indirectly, has control over the other or
others; or
IRELAND
196 INTERNATIONAL MONETARY FUND
(b) two or more natural or legal persons between whom there is no relationship of control
as set out in point (a) but who are to be regarded as constituting a single risk because
they are so interconnected that, if one of them were to experience financial problems,
in particular funding or repayment difficulties, the other or all of the others would be
likely to encounter funding or repayment difficulties.”
The CBI requires banks to apply the CEBS Guidelines on the implementation of the revised
large exposures regime (2009), Part I of which elaborates on the concepts and identification
of relationships of “control” and “economic interconnectedness.” Paragraph 24 of the
Guidelines clarifies that “in cases of divergence between the opinion of the institution and
that of the competent authority, it is the competent authority which decides whether a client
must be regarded as part of a group of connected clients.”
EC6 Laws, regulations or the supervisor set prudent and appropriate
55
requirements to control
and constrain large credit exposures to a single counterparty or a group of connected
counterparties. “Exposures” for this purpose include all claims and transactions (including
those giving rise to counterparty credit risk exposure), on-balance sheet as well as off-
balance sheet. The supervisor determines that senior management monitors these limits
and that they are not exceeded on a solo or consolidated basis.
Description and
findings re EC6
The CBI has fully implemented the large exposures regime as set out in the CRD, and
transposed it into Irish law. This regime defines any exposure in excess of 10% to be a large
exposure and limits the exposure to any individual client or group of connected clients to a
maximum of 25% of own funds. The regime includes both on- and off-balance sheet, and
where there is an exposure to underlying assets, a credit institution shall assess the scheme,
its underlying exposures, or both. For that purpose, a credit institution shall evaluate the
economic substance of the transaction and the risks inherent in its structure. All large
exposures are reported to the Central Bank on a quarterly basis and are assessed for any
significant changes in exposures and for new exposures that have been added since the
previous reporting period.
The Large Exposures and Related Party Lending Reports must be signed by a director
before submission to the Central Bank, thus ensuring that they are cognizant of and
monitoring the exposures. In addition, any related party lending must be approved by the
Board or a subcommittee established for the purposes of related party lending that reports
directly to the Board, and loans to a related party exceeding €1m require the prior approval
of the Central Bank.
The Large Exposure regime allows the CBI to determine a group of connected
counterparties where there is a divergence of opinion between the credit institutions and
the CBI. This is set out in paragraph 24 of the CEBS Guidelines on the implementation of
the revised large exposures regime, published 11 December 2009. This determination is
done on a case-by-case basis.
The CBI checks credit institutions’ compliance on a quarterly basis with large exposure
limits. This review is done to ensure that these limits are not exceeded.
The general principle is that all banks on an individual basis must comply with the Large
55
Such requirements should, at least for internationally active banks, reflect the applicable Basel standards. As of
September 2012, a new Basel standard on large exposures is still under consideration.
IRELAND
INTERNATIONAL MONETARY FUND 197
Exposures requirements of the CRD, unless this requirement for solo compliance is waived
under Article 69 of 2006/48/EC as amended (as transposed by Regulation 14 of S.I. No.661
of 2006). Where the waiver has been applied, measures must be taken by the group to
ensure the “satisfactory allocation of risks within then group.”
Regulation 57(1) of S.I. 661 of 2006 (transposing Article 111 of 2006/48/EC as amended)
states that “A credit institution shall not incur an exposure to a client or group of connected
clients the value of which, after taking into account the effect of any credit risk mitigation in
accordance with Regulations 52, 58, 59, 60 and 60A, exceeds 25 per cent of its own funds.”
In addition Regulation 57(2) states “If a client is an institution or a group of connected clients
that includes one or more institutions, that value shall not exceed the higher of 25 per cent of
the credit institution’s own funds or €150,000,000. However, the sum of the value of
exposures, after taking into account the effect of any credit risk mitigation in accordance with
Regulations 52, 58, 59, 60 and 60A, to all groups of connected clients that are not institutions
shall not exceed 25 per cent of the credit institution’s own funds.” The Regulation goes on to
state that if the binding limit is €150,000,000, this should not exceed a reasonable limit in
terms of the credit institution’s own funds and should not be higher than 100 per cent,
except if allowed by the Central Bank (Central Bank) on a case-by-case basis. In line with
the CRD, the Central Bank has partially or fully exempted some exposures (e.g. high credit
quality exposures) from the limits above.
Article 106 of 2006/48/EC as amended (transposed by Regulation 52 of S.I. No.661 of 2006)
defines “exposures” as “any asset or off-balance sheet item referred to in Section 3,
Subsection 1 [standardized approach to credit risk which refers to “claims or contingent
claims” on particular exposure classes], without application of the risk weights or degrees of
risk there provided for.” Derivative exposures may be calculated according to the Original
Exposure Method, Market-to-Market Method or Internal Model Method. All elements
entirely covered by Own Funds may, with the agreement of the Central Bank, be excluded
from the determination of “exposures”, provided that such Own Funds are not included in
the bank’s Own Funds for the purposes of its capital adequacy ratio or in the calculation of
other monitoring ratios. Specific exclusions from exposures are outlined in Article 106(2) of
2006/48/EC as amended (Regulation 52(b) of S.I. 661 of 2006). Guidance on how to
measure exposure to clients or groups of connected clients in the case of schemes with
underlying assets is provided in Part II of the CEBS Guidelines on the implementation of the
revised large exposures regime, 2009.
Guideline 1 of the CEBS Guidelines on the management of concentration risk under the
supervisory review process requires that the “management body should understand and
review how concentration risk derives from the overall business model of the institution. This
should result from the existence of appropriate business strategies and risk management
policies.”
Article 109 of 2006/48/EC as amended transposed by Regulation 52 of S.I. No.661 of 2006
mandates that supervisors “shall require that every credit institution have sound
administrative and accounting procedures and adequate internal control mechanisms for the
purposes of identifying and recording all large exposures and subsequent changes to them.”
Article 124 of 2006/48/EC as amended (as transposed by Regulation 66(1)-(3) of S.I. 661
provides the legal basis for supervisory review and assessment, supplemented by CEBS
IRELAND
198 INTERNATIONAL MONETARY FUND
Guidelines on Supervisory Review and Assessment contained in Section 5 of the CEBS
Guidelines on the management of concentration risk under the supervisory review process.
EC7
The supervisor requires banks to include the impact of significant risk concentrations into
their stress testing programmes for risk management purposes.
Description and
findings re EC7
The CBI has imposed EBA Guidelines on concentration risk and stress testing, and assesses
compliance with these guidelines through periodic reviews of High Impact credit
institutions’ stress testing programs during SREPs. These reviews are undertaken by the
Risk Analytics Unit of Banking Supervision. These typically feed into RGPs, and where
necessary RMPs. For Medium High Impact credit institutions, the Risk Analytics Unit also
undertakes a review of the stress testing programs (including the impact of risk
concentrations) as part of the FRA.
The CBI has adopted the CEBS Guidelines on the management of concentration risk under
the supervisory review process which specifically addresses concentration risk within stress
testing in Guidelines 2, 4, 7, 12, 16 and 19 and the CEBS Guidelines on Stress Testing which
also covers concentration risk.
As part of the assessment of stress testing and reverse stress testing, supervisors consider
whether banks consider scenarios which test the ability to withstand impacts on entities to
which the bank has high concentration. Depending on the business model, this might focus
on scenarios and mitigation around withdrawal of funding from the parent, default of top
exposures, operational events around key systems, etc.
As part of the 2011 SREP, a number of weaknesses were identified in a High Impact credit
institution’s stress testing framework, one area being their ability to pick up risk
concentrations. As part of the RMP, in developing their framework, the credit institution
was required to “introduce scenarios that will assist in the identification of interdependencies
between exposures which may only become apparent during stressed conditions. This is to
assist in identification of 'hidden' concentrations. This should include impact of breakdowns in
correlations and significant shocks to specific sectors.”
Additional
criteria
AC1
In respect of credit exposure to single counterparties or groups of connected
counterparties, banks are required to adhere to the following:
(a) ten per cent or more of a bank’s capital is defined as a large exposure; and
(b) twenty-five per cent of a bank’s capital is the limit for an individual large exposure to
a private sector nonbank counterparty or a group of connected counterparties.
Minor deviations from these limits may be acceptable, especially if explicitly temporary or
related to very small or specialized banks.
Description and
findings re AC1
Regulation 54 of S.I. No 661 of 2006 (transposing Article 108 of 2006/48/EC as amended)
states that a bank’s “exposure to a client or group of connected clients shall be considered a
large exposure where its value is equal to or exceeds 10% of its Own Funds.”
Regulation 57(1) of S.I. No 661 of 2006 transposing Article 111 of 2006/48/EC as amended
states that “A credit institution shall not incur an exposure to a client or group of connected
clients the value of which, after taking into account the effect of any credit risk mitigation in
accordance with Regulations 52, 58, 59, 60 and 60A, exceeds 25 per cent of its own funds.”
IRELAND
INTERNATIONAL MONETARY FUND 199
In addition Regulation 57(2) states “If a client is an institution or a group of connected clients
that includes one or more institutions, that value shall not exceed the higher of 25 per cent of
the credit institution’s own funds or €150,000,000. However, the sum of the value of
exposures, after taking into account the effect of any credit risk mitigation in accordance with
Regulations 52, 58, 59, 60 and 60A, to all groups of connected clients that are not institutions
shall not exceed 25 per cent of the credit institution’s own funds.” The Regulation goes on to
state that if the binding limit is €150,000,000, this should not exceed a reasonable limit in
terms of the credit institution’s own funds and should not be higher than 100 per cent,
except if allowed by the Central Bank on a case-by-case basis. In line with the CRD, the
Central Bank has partially or fully exempted some high credit quality exposures from the
limits above.
The CBI allows deviations from these limits for a limited period of time under Regulation
57(5) of S.I. No.661 of 2006 (transposing Article 111(4) of 2006/48/EC as amended) on an
exceptional basis, provided the exposure is reported without delay to the Central Bank.
Assessment of
Principle 19
Compliant
Comments
Principle 20 Transactions with related parties. In order to prevent abuses arising in transactions with
related parties
56
and to address the risk of conflict of interest, the supervisor requires banks
to enter into any transactions with related parties
57
on an arm’s length basis; to monitor
these transactions; to take appropriate steps to control or mitigate the risks; and to write
off exposures to related parties in accordance with standard policies and processes.
Essential criteria
EC1
Laws or regulations provide, or the supervisor has the power to prescribe, a comprehensive
definition of “related parties.” This considers the parties identified in the footnote to the
Principle. The supervisor may exercise discretion in applying this definition on a case by
case basis.
Description and
findings re EC1
In 2010 the CBI introduced a Code of Practice on Lending to Related Parties which was
imposed on all credit institutions on a legislative basis. The code sets out an extensive list
of connected persons and clients for the purpose of limiting related party lending including
spouse, partners, children, people between whom there is such a level of
interconnectedness they must be regarded as a single risk etc. Additionally, the code
defines a related party as a director, senior manager, a significant shareholder of the credit
institution or an entity in which the credit institution has a significant shareholding as well
as a connected person of any of these persons.
56
Related parties can include, among other things, the bank’s subsidiaries, affiliates, and any party (including their
subsidiaries, affiliates and special purpose entities) that the bank exerts control over or that exerts control over the
bank, the bank’s major shareholders, Board members, senior management and key staff, their direct and related
interests, and their close family members as well as corresponding persons in affiliated companies.
57
Related party transactions include on-balance sheet and off-balance sheet credit exposures and claims, as well as,
dealings such as service contracts, asset purchases and sales, construction contracts, lease agreements, derivative
transactions, borrowings, and write-offs. The term transaction should be interpreted broadly to incorporate not only
transactions that are entered into with related parties but also situations in which an unrelated party (with whom a
bank has an existing exposure) subsequently becomes a related party.
IRELAND
200 INTERNATIONAL MONETARY FUND
The CBI has prescribed a comprehensive definition of ‘related party’ in its RPL Code which
applies to prudential requirements and regulatory reporting to the CBI.
The RPL Code applies only to lending (which includes loans, quasi loans or credit
transactions which results in an exposure or potential exposure, including guarantees) to
related parties, but there are other laws and regulations (e.g. Companies Acts, accounting
standards) in Ireland which address requirements and public disclosures regarding
transactions other than lending. However, these other laws are not enforceable by the CBI
because the legislators in Ireland have allocated responsibility to the Central Bank for the
enforcement of financial services legislation and Central Bank regulatory requirements. The
legislators have assigned responsibility for the enforcement of other laws/requirements
referred to above to other agencies e.g. ODCE for company law, the RABs and IAASA for
oversight of auditors, IAASA is the competent authority under the Transparency Directive
Regulations for checking certain Issuers’ compliance with reporting under the relevant
reporting framework.
The RPL Code came into force on 1 January 2011. It was imposed pursuant to Section 117
of the Central Bank Act 1989 on banks incorporated in the State licensed under Section 9
of the Central Bank Act 1971 and on building societies authorized under the Building
Societies Act 1989. It also applies to designated credit institutions registered under the
Asset Covered Securities Act 2001. Separately from the RPL Code, the reporting
requirements described in Section 7 of the RPL Code were imposed pursuant to Section
117(3) (a) of the Central Bank Act 1989.
The RPL Code contains the following definitions that are of relevance to understanding the
‘related parties’ captured by the RPL Code:
Related Party: A related party is defined as:
(i) a director,
(ii) a senior manager, or
(iii) a significant shareholder of the credit institution, or
(iv) an entity in which the credit institution has a significant shareholding, as well as
(v) a connected person of any of the aforementioned persons.
Senior Management: Members of management of the institution or persons who report
directly to the Board of Directors or the chief executive (howsoever described) of the credit
institution.
Significant Shareholder: A person who holds, either themselves or in aggregate with their
connected persons, a significant shareholding. Governments are excluded from this
definition.
Significant Shareholding: 10% or more of the shares or voting rights in the credit institution
or business.
Connected Persons and Clients:
(a) a spouse, domestic partner or child (whether natural or adopted) of a person;
(b) two or more natural or legal persons who, unless it is shown otherwise, constitute a
single risk because one of them, directly or indirectly, has control over the other or
others; or
(c) two or more natural or legal persons between whom there is no relationship of
IRELAND
INTERNATIONAL MONETARY FUND 201
control as set out in point (b) but who are to be regarded as constituting a single
risk because they are so interconnected that, if one of them were to experience
financial problems, the other or all of the others would be likely to encounter
repayment difficulties.
Notes relating to differences between Basel definition and RPL Code definitions of
‘transactions’ captured:
The RPL Code applies only to lending, and thus aims to capture credit risk. It includes lease
agreements, derivatives and write-offs.
The RPL Code does not cover service contracts.
The RPL Code does not specifically cover asset purchases and sales (although it captures
Repos) or construction contracts.
The RPL Code only deals with lending; it does not address claims or borrowings.
In terms of exposures captured by the code it covers all loans, defined as loans, quasi-loans
or credit transactions which result in an exposure or potential exposure, including
guarantees. Therefore in terms of related parties definition and coverage of credit exposure
the code is very extensive.
There is no evidence to suggest that service contracts, asset purchases or sales, or claims or
borrowings are prevalent in the Irish Banking sector and therefore the CBI is of the view
that its RPL Code captures the vast majority of the Related Party transactions. However, as
stated previously, there are other laws and regulations (e.g. Companies Acts, accounting
standards) in Ireland which address requirements and public disclosures regarding
transactions other than lending. For example, The Companies Acts include the following
rules in respect of Substantial Property Transactions:
? The Companies Act prevents directors or persons connected to directors from
purchasing certain non-cash assets from the company at a price which is other
than arm’s length and without express permission from the members of the
company in general meeting
? Non-cash assets are defined as being property or an interest in property other
than cash.
? The thresholds are as follows:
o €63,487 (IR£50,000); or
o 10% of the value of the net assets per the latest set of financial statements
or if there are no financial statements prepared the called-up share capital
of the company
However, if the asset is valued at less than €1,270 (IR£1,000) then it is exempt from the
terms of this section altogether.
Although the accounting standards cover some of these issues, they are not enforceable by
the CBI and they do not address other requirements of the RPL concerning arms-length
requirements, etc.
The code also applies significant qualitative and quantitative requirements on credit
institutions such as:
Qualitative
1. A credit institution cannot grant a loan to a related party on more favourable
IRELAND
202 INTERNATIONAL MONETARY FUND
terms than a loan to a non-related party;
2. A loan to a related party, or a variation in the terms of such a loan requires the
prior approval of the Board or a sub-committee of the Board established
specifically to deal with related party lending;
3. Any loan in excess of €1m requires the prior approval of the Central Bank. the
assessment of such requests includes an assessment of the terms and conditions
of the loan;
4. Policies and processes must be established by the credit institution to prevent (i)
members of staff of the credit institution benefitting from lending to a related
party and (ii) persons related to the borrower from being part of the process of
granting and managing a loan to such a borrower.
5. An obligation on senior management to report at least quarterly to the Board of
any deviations from a policy, process or limit requirement of the code. Any such
deviations must also be reported to the Central Bank within five business days of
the deviation being identified
6. The credit institution shall not (i) engage in a practice, (ii) enter into an
arrangement, (iii) execute a document, or (iv) structure or restructure a loan in
order to avoid its obligations under the code.
Quantitative
The code imposes severe restrictions on a credit institution’s exposures to related parties:
1. Exposures to any one of the credit institution’s directors or senior management,
and persons connected to them, including exposures to any business in which the
director or senior manager has a significant shareholding 0.5% of Own Funds. The
aggregate of such exposures shall not exceed 5.0% of Own Funds
2. Exposure to one of its significant shareholders including exposures to businesses
in which the significant shareholder has a significant shareholding. 5.0% of Own
funds, aggregate not to exceed 15% of Own Funds.
3. Exposures to a client or group of connected clients in which the credit institution
has a significant shareholding. 5.0% of Own funds, aggregate not to exceed 15%
of Own Funds.
Oversight of the Code
The Central Bank oversees compliance with the code as follows:
1. Assesses all loans in excess of €1m prior to a credit institution being in a position
to grant the loan;
2. All credit institutions must report all related party exposures to the Central Bank
on a quarterly basis; and
As part of its ongoing supervision the Central Bank carries out desk top analysis to ensure
that the policies and processes in place are in compliance with the code and additionally
supplements this with on-site testing to ensure that loans to related parties have followed
the policies and processes.
EC2
Laws, regulations or the supervisor require that transactions with related parties are not
undertaken on more favorable terms (e.g. in credit assessment, tenor, interest rates, fees,
amortization schedules, requirement for collateral) than corresponding transactions with
non-related counterparties.
58
58
An exception may be appropriate for beneficial terms that are part of overall remuneration packages (e.g. staff
receiving credit at favorable rates).
IRELAND
INTERNATIONAL MONETARY FUND 203
Description and
findings re EC2
See EC1.
EC3
The supervisor requires that transactions with related parties and the write-off of related-
party exposures exceeding specified amounts or otherwise posing special risks are subject
to prior approval by the bank’s Board. The supervisor requires that Board members with
conflicts of interest are excluded from the approval process of granting and managing
related party transactions.
Description and
findings re EC3
The RPL Code requires, inter alia:
? Loans to related parties or any variation of the terms require prior Board approval,
or approval by a Subcommittee of the Board established specifically to deal with
related party lending. That Subcommittee is required to report directly to the Board.
Board members with conflicts of interest shall be excluded from the approval
process (Requirement 6(b)).
? Actions in respect of the management of such loans (for example, grace periods,
interest roll-ups, loan write-offs) require prior Board approval or approval by a
Subcommittee of the Board established specifically to deal with related party
lending where that Subcommittee reports directly to the Board (Requirement 6(c)).
? Approval is required from the Central Bank prior to extending loans to a related
party that exceeds €1million (Requirement 6(d)).
? The Board of the credit institution is obliged to put policies and procedures in place
over related party lending, ensure adherence thereto, monitor and report on such
loans. (Requirements 6(e), (f), (g), and (h)).
? Limits are imposed on a credit institution’s lending to related parties, both on an
individual level and on an aggregated basis (Requirement 6(i))
? Detailed quarterly reporting requirements to the Central Bank (requirement 7(a)) are
imposed, including the reporting of deviations from the RPL Code to the Central
Bank (Requirements in section 7 of the RPL Code) within 5 business days of the
discovery of the deviation and furthermore management of the institution is
required to report to its Board on at least a quarterly basis, for timely action by the
Board, any deviation from a policy, process or limits.
? Requirement 6(j) contains an anti-avoidance provision which aims to prevent firms
from engaging in practices, entering arrangements, structuring or restructuring
loans or executing documents in such a manner as to avoid the requirements of the
RPL Code.
EC4
The supervisor determines that banks have policies and processes to prevent persons
benefiting from the transaction and/or persons related to such a person from being part of
the process of granting and managing the transaction.
Description and
findings re EC4
The purpose of the RPL code is to prevent persons benefiting from related party
transactions and/or persons related to such a person from being part of the process of
granting and managing the transaction.
The CBI’s monitoring of compliance with the RPL Code is conducted primarily through RPL
IRELAND
204 INTERNATIONAL MONETARY FUND
reports that are received quarterly and are reviewed by Supervision teams. Additionally,
themed reviews of Loans to Directors in covered banks were conducted. A report was
published in March 2009 and supervisors followed up on the findings of these reviews.
Supervisors compare/check reconciliations between disclosure of Related Party
Transactions in the annual audited financial statements and the quarter-end RPL report
coinciding with year-end for High Impact banks; as per PRISM guidelines those banks rated
lower than High Impact do not routinely conduct a year-end reconciliation. Supervisors
check the public disclosure of Loans to Directors and to Connected Persons
(conditions/directions imposed in August 2009).
Requirements relating to Lending to Related Parties are set out in Sections 6 & 7 of the RPL
Code and are summarized in Criteria 2 & 3 above.
EC5
Laws or regulations set, or the supervisor has the power to set on a general or case by case
basis, limits for exposures to related parties, to deduct such exposures from capital when
assessing capital adequacy, or to require collateralization of such exposures. When limits
are set on aggregate exposures to related parties, those are at least as strict as those for
single counterparties or groups of connected counterparties.
Description and
findings re EC5
See EC1
EC6
The supervisor determines that banks have policies and processes to identify individual
exposures to and transactions with related parties as well as the total amount of exposures,
and to monitor and report on them through an independent credit review or audit process.
The supervisor determines that exceptions to policies, processes and limits are reported to
the appropriate level of the bank’s senior management and, if necessary, to the Board, for
timely action. The supervisor also determines that senior management monitors related
party transactions on an ongoing basis, and that the Board also provides oversight of these
transactions.
Description and
findings re EC6
As set out in Criteria 4 above, the Central Bank’s monitoring of compliance with the RPL
Code is conducted primarily through RPL reports that are received quarterly, which are
reviewed by supervision teams. Additionally, themed reviews of loans to directors in
covered banks were conducted. A report was published in March 2009 and supervisors
followed up on the findings of these reviews. Supervisors compare/check reconciliations
between disclosure of Related Party Transactions in the annual audited financial statements
and the quarter-end RPL report coinciding with year-end. Supervisors also check the public
disclosure of loans to directors and to connected persons (conditions/directions imposed
in August 2009) and the maintenance of Registers (conditions imposed in May 2010). The
Central Bank ensures these ‘Mail Merge’ letters imposing conditions/directions are included
on its website.
EC7
The supervisor obtains and reviews information on aggregate exposures to related parties.
Description and
findings re EC7
There are requirements in section 7 of the RPL Code, imposed pursuant to Section 117(3)
(a) of the Central Bank Act 1989, relating to private, prudential reporting to the Central
Bank on a quarterly basis by credit institutions of lending to related parties. The CBI issued
a template for RPL reporting within its ‘Related Party Lending Return Notes on
Compilation’, which is very detailed and is required on a quarterly basis. The main risk
metrics that are tracked by supervisors are compliance with the limits in Requirement 6(i) of
the RPL Code as set out inEC1. Supervisors also monitor movements in RPL by category of
related party from quarter to quarter. Breaches (if any) of the limits in requirement 6(i) are
IRELAND
INTERNATIONAL MONETARY FUND 205
reported to the Deputy Heads and Heads of Banking Supervision Divisions, including a NIL
Return if there are no breaches. Other metrics, such as quarterly movements, are monitored
by supervision teams. At their discretion supervisors would escalate issues to Deputy
Heads/Head of Division. A reporting matrix is currently being developed which will include
related party lending. This will result in a standardized management reporting format and
will be tailored to the impact ratings under PRISM, i.e. greater detail for High Impact credit
institutions.
Supervisors also review the annual financial statements of banks, which contain public
disclosures on Related Party Transactions.
Assessment of
Principle 20
Materially Noncompliant
Comments
A primary risk in related party lending is the abuse by related parties in borrowing with
preferential rates or terms or receiving higher interest on deposits with the bank. The
reports collected by the CBI do not contain information to monitor this risk. Onsite reviews
are infrequent and do not offset the lack of offsite information which is the primary focus
of CBI supervision to monitor compliance with the RPL requirements
The CBI’s RPL code became effective on January 1, 2011 and was revised in 2013. The RPL
Code focuses on lending, and thus aims to capture credit risk, which represents the most
significant element of related party transactions in the banking system. It includes lease
agreements, derivatives and write-offs. The CBI is therefore satisfied that the RPL Code
captures the vast majority of Related Party Lending transactions. In addition, there are
other laws and regulations (e.g. Companies Acts, accounting standards) in Ireland which
address requirements and public disclosures regarding transactions other than lending.
However, these are not enforceable by the CBI but by other relevant Irish authorities.
The RPL Code does not:
? Cover service contracts.
? Specifically cover asset purchases and sales (although it captures Repos) or
construction contracts.
? Address claims or borrowings (i.e. deposits)
Compliance with the Code is primarily monitored through the reports filed by the banks
supplemented with onsite testing. However, the reports do not contain sufficient
information to monitor terms and conditions of the loans, to determine compliance that
transactions are at arms’ length or received Board approval. Requirement 6(d) of the RPL
code requires prior Central Bank approval for loans over €1million, the Questionnaire for
applications for approval contain details of the terms and conditions of the exposure, the
application must be accompanied by relevant minutes of the credit Committee approval of
the loaned and there must be a confirmation that the loan will be transacted on an arm’s
length basis. The limited extent of onsite testing does not sufficiently offset the reporting
deficiency.
IRELAND
206 INTERNATIONAL MONETARY FUND
Principle 21 Country and transfer risks. The supervisor determines that banks have adequate policies
and processes to identify, measure, evaluate, monitor, report and control or mitigate
country risk
59
and transfer risk
60
in their international lending and investment activities on a
timely basis.
Essential criteria
EC1 The supervisor determines that a bank’s policies and processes give due regard to the
identification, measurement, evaluation, monitoring, reporting and control or mitigation of
country risk and transfer risk. The supervisor also determines that the processes are
consistent with the risk profile, systemic importance and risk appetite of the bank, take into
account market and macroeconomic conditions and provide a comprehensive bank-wide
view of country and transfer risk exposure. Exposures (including, where relevant, intra-
group exposures) are identified, monitored and managed on a regional and an individual
country basis (in addition to the end-borrower/end-counterparty basis). Banks are required
to monitor and evaluate developments in country risk and in transfer risk and apply
appropriate countermeasures.
Description and
findings re EC1
The Country Risk Policy was imposed on all credit institutions as a license condition on 23
August 2013 in accordance with Section 10(3) of the Central Bank Act, 1971 and Section 17
of the Building Societies, Act 1989. A breach of a license condition is enforceable through
the Administrative Sanctions Process (see CP 11 for specific details on the sanctions
process).
The Policy (section 2, “Supervisory Approach”) provides that the CBI, in reviewing the
effectiveness of a credit institution’s management of country risk and the adequacy of
provisions made, will determine compliance with all elements of this essential criterion.
Section 2 provides for the following:
? In determining its supervisory approach, the CBI will have regard to the Basel
Committee’s Core Principles for Effective Banking Supervision. In addition, the CBI
will have regard to the size and complexity of a credit institution’s international
lending and investment activities and other factors set out in the policy in
considering whether the credit institution has appropriate systems to control
Country Risk and maintains adequate provisions for such risk.
? In reviewing the effectiveness of a credit institution’s Country Risk management and
the adequacy of provisions made, the CBI will:
o Determine whether a credit institution’s policies and processes give due
regard to the identification, measurement, evaluation, monitoring, reporting
and control or mitigation of Country Risk. The CBI will also determine if the
policies and processes are consistent with the risk profile, systemic
importance and risk appetite of the credit institution (taking into account
market and macroeconomic conditions), and provide a comprehensive bank-
59
Country risk is the risk of exposure to loss caused by events in a foreign country. The concept is broader than
sovereign risk as all forms of lending or investment activity whether to/with individuals, corporates, banks or
governments are covered.
60
Transfer risk is the risk that a borrower will not be able to convert local currency into foreign exchange and so will
be unable to make debt service payments in foreign currency. The risk normally arises from exchange restrictions
imposed by the government in the borrower’s country. (Reference document: IMF paper on External Debt Statistics –
Guide for compilers and users, 2003.)
IRELAND
INTERNATIONAL MONETARY FUND 207
wide view of Country Risk exposure. Exposures (including, where relevant,
intra-group exposures) should be identified, monitored and managed on a
regional and an individual country basis (in addition to the end-
borrower/end-counterparty basis). Credit institutions are required to monitor
and evaluate developments in Country Risk and take appropriate mitigating
action when necessary.
o Determine whether a credit institution’s strategies, policies and processes for
the management of Country Risks have been approved by the credit
institution’s Board on an annual basis, and determine that the Board oversees
management in a way that ensures that these policies and processes are
implemented effectively and fully integrated into the credit institution’s
overall risk management process.
o Determine whether credit institutions have information systems, risk
management systems and internal control systems that accurately aggregate,
monitor and report country exposures on a timely basis, and that these
systems ensure adherence to established country exposure limits.
o Review the adequacy of provisioning by credit institutions against Country
Risk.
o Require credit institutions to conduct stress test scenarios and to include
appropriate scenarios into their stress testing programs for risk management
purposes to reflect Country Risk analysis.
o Regularly obtain and review management information on a timely basis on
the Country Risk of credit institutions. The CBI will obtain additional
information, as needed (e.g. in crisis situations).
? Determination by the CBI of compliance by credit institutions is underway.
EC2
The supervisor determines that banks’ strategies, policies and processes for the
management of country and transfer risks have been approved by the banks’ Boards and
that the Boards oversee management in a way that ensures that these policies and
processes are implemented effectively and fully integrated into the banks’ overall risk
management process.
Description and
findings re EC2
The Policy (section 2, “Supervisory Approach”) provides that the CBI, in reviewing the
effectiveness of a credit institution’s management of country risk and the adequacy of
provisions made, will determine that banks’ strategies, policies and processes for the
management of country and transfer risks have been approved by the banks’ Boards and
that the Boards oversee management in a way that ensures that these policies and
processes are implemented effectively and fully integrated into the banks’ overall risk
management process. The role of the Board and senior management is set out at section
3.1 of the Policy.
The Central Bank is conducting reviews to determine compliance.
EC3
The supervisor determines that banks have information systems, risk management systems
and internal control systems that accurately aggregate, monitor and report country
exposures on a timely basis; and ensure adherence to established country exposure limits.
Description and
findings re EC3
The Policy (section 2, “Supervisory Approach”) provides that the CBI, in reviewing the
effectiveness of a credit institution’s management of country risk and the adequacy of
provisions made, will determine that banks have information systems, risk management
systems and internal control systems that accurately aggregate, monitor and report country
exposures on a timely basis; and ensure adherence to established country exposure limits.
IRELAND
208 INTERNATIONAL MONETARY FUND
The Central Bank currently requires reporting on credit exposures by geographical region
in the Quarterly Summary Financial Return covering ROI, UK, USA & ‘Other’ which provides
aggregate data on sector exposure by region.
EC4
There is supervisory oversight of the setting of appropriate provisions against country risk
and transfer risk. There are different international practices that are all acceptable as long
as they lead to risk-based results. These include:
(a) The supervisor (or some other official authority) decides on appropriate minimum
provisioning by regularly setting fixed percentages for exposures to each country
taking into account prevailing conditions. The supervisor reviews minimum
provisioning levels where appropriate.
(b) The supervisor (or some other official authority) regularly sets percentage ranges for
each country, taking into account prevailing conditions and the banks may decide,
within these ranges, which provisioning to apply for the individual exposures. The
supervisor reviews percentage ranges for provisioning purposes where appropriate.
(c) The bank itself (or some other body such as the national bankers association) sets
percentages or guidelines or even decides for each individual loan on the appropriate
provisioning. The adequacy of the provisioning will then be judged by the external
auditor and/or by the supervisor.
Description and
findings re EC4
The Policy (section 3.11) provides for each institution to determine the appropriate level of
provisions in relation to Country Risk (option (c) of the essential criterion). The Policy sets
out general guidelines in relation to the setting of provisions which must be adhered to by
credit institutions. The adequacy of provisioning is subject to review by the CBI.
Determination by the CBI of compliance by credit institutions with these requirements has
commenced following the imposition of the Policy on credit institutions.
EC5
The supervisor requires banks to include appropriate scenarios into their stress testing
programmes to reflect country and transfer risk analysis for risk management purposes.
Description and
findings re EC5
The Policy (section 3.9) provides that credit institutions should conduct stress testing
analysis of their Country Risk exposures in order to monitor actual and potential risks.
EC6
The supervisor regularly obtains and reviews sufficient information on a timely basis on the
country risk and transfer risk of banks. The supervisor also has the power to obtain
additional information, as needed (e.g. in crisis situations).
Description and
findings re EC6
The Policy (section 5) provides for regular reporting to the CBI by credit institutions of their
Country Risk exposures and provisions.
The Central Bank currently receives quarterly data on lending stock by sector and by
country.
Assessment of
Principle 21
Largely Compliant
Comments
The country risk policy, which has the enforceability of a regulation, was imposed on banks
at the end of August, 2013. The policy imposes requirements on the banks that comply
with the requirements of the Core Principle. Testing of compliance with the Country Risk
Policy commenced in Q3 2013 (one inspection to test adherence to the policy has been
completed with a further inspection ongoing) and further reviews will form part of the
IRELAND
INTERNATIONAL MONETARY FUND 209
Credit Team’s Engagement Plan for 2014.
Notwithstanding that the Country Risk Policy is new; the CBI has been conducting reviews for
some time in relation to Sovereign Risk (a subset of Country risk) as part of its concentration
risk assessments. In two cases issues were identified which resulted in Pillar II capital add-
ons amounting to more than €1.5bn.
Principle 22 Market risk. The supervisor determines that banks have an adequate market risk
management process that takes into account their risk appetite, risk profile, and market
and macroeconomic conditions and the risk of a significant deterioration in market
liquidity. This includes prudent policies and processes to identify, measure, evaluate,
monitor, report and control or mitigate market risks on a timely basis.
Essential criteria
EC1
Laws, regulations or the supervisor require banks to have appropriate market risk
management processes that provide a comprehensive bank-wide view of market risk
exposure. The supervisor determines that these processes are consistent with the risk
appetite, risk profile, systemic importance and capital strength of the bank; take into
account market and macroeconomic conditions and the risk of a significant deterioration in
market liquidity; and clearly articulate the roles and responsibilities for identification,
measuring, monitoring and control of market risk.
Description and
findings re EC1
Supervisory and specialist engagement with respect to market risk is dependent on the
impact rating of an institution (as described in CPs 8 &9) however should a M/H or M/L
impact bank have a high level of market risk or a complex nature to its market risk the
treasury team will be asked to provide additional support beyond the usual support for
such banks. The top seven institutions by impact score are supervised by a market risk
specialist supporting the supervision team with the remaining banks conducting
supervision and assessment of market risk by the individually assigned supervision team
(the risk specialist for market risk sits within the Treasury Team). The risk specialist deploys
an individual bank and peer analysis of inherent, control and concentration of market risk
by a bottom up methodology. The same materials are available for the examination teams
with the lower impact ratings. To promote the use of these materials and to facilitate the
wider use across the remaining examination teams, twice-yearly meetings are held between
the Treasury Team and those examination teams. These meetings are also set up so that
the Treasury Team can guide the examination teams on specific market risk matters and to
promote best practices among these lower impact assessment banks.
For High Impact banks the treasury team will allocate a treasury analyst (one analyst to 1 or
2 banks). This analyst will conduct all aspects of market risk monitoring and analysis
throughout the year. For M/H and M/L impact banks, a treasury analyst will provide
support at the time of the FRA and for other ad hoc reviews. The supervision team will
monitor risks otherwise, with the support of the treasury team’s risk dashboard, risk
assessment framework and twice yearly meetings with the head of the treasury team.
The Quantitative Risk teams provide additional specialist support in the form of validation
and evaluation of risk models.
At the upper end of the scale (High Impact banks), there is ongoing onsite and offsite
regulatory supervision. Contact with High Impact institutions involves: regular ALCO
attendance; monthly meetings with Head of Treasury/Asset Liability Management (ALM);
and weekly Treasury calls. For institutions rated Medium High Impact and Medium Low
IRELAND
210 INTERNATIONAL MONETARY FUND
Impact, an institution will receive a periodic onsite and offsite work and analysis of
information in accordance with PRISM guidelines. For lower risk impact firms, the Treasury
Team provides a resource to assess the market risk aspects of the FRA. This involves both
onsite and offsite work. In addition, the findings of the risk reviews conducted for the high
impact firms are shared with the examination teams of the lower impact teams firms to
help identify common issues. Quarterly risk dashboards are also submitted by the lower
impact banks which aid risk monitoring. Evidence of this was provided during the mission.
Market risk is also assessed by way of periodic thematic/risk reviews. For example, during a
recent review in 2012 of 7 High Impact banks’ ALCO role and effectiveness, banks were
assessed on governance across both market and liquidity risk. This review addressed
governance by the Board and senior management; experience and skills; the understanding
of risk and challenges to risk management; identification of responsibility, resourcing and
reporting of risk management; the appropriateness and effectiveness of behavioural
assumptions, IRRBB and stress testing; and the quality and discussion of management
information circulated to the committee and an assessment of market risk that is conveyed
to the Board members of the bank. A risk review on structural market risk was concluded in
May 2013.
Directive 2006/49/EC provides the basis for the regulation of market risk and banks are
required to apply all EBA (formerly CEBS) market risk guideline documents and bulletins.
Directive 2006/48 and Directive 2006/49 have been largely transposed into Irish law by the
Central Bank Act 1971, S.I. 661 of 2006, the amended S.I. 395 of 1992 and S.I. 475 of 2009 in
relation to banks. Particular regard should be given to Regulations 66 and 70 of S.I. 661 of
2006. Regulation 66 allows the Central Bank to review the arrangements, strategies,
processes and mechanisms implemented by credit institutions to comply with the Directive
2006/49/EC (S.I. 661/2006) and evaluate the risks to which credit institutions are or might
be exposed. Regulation 70 enables the Central Bank to require any credit institution “that
does not meet the requirements of [any law of the State giving effect to the [Recast Credit
Institutions Directive]] to take the necessary actions or steps at an early stage to address the
situation”
Among the guidance documents used to focus the work of supervisors are:
• EBA “High level principles for Risk Management” – February 2010
• EBA “Guidelines on stress testing” – August 2010
• BCBS “Principles for sound stress testing and supervision” – May 2009
• BCBS “Principles for the Management and Supervision of Interest Rate Risk” – July
2004
• BCBS “Revisions to the Basle II Market Risk Framework” – February 2011
Market risk is analysed using the above listed documents as a foundation. These principles
give guidance to best market practice by the application of a system of identification,
measurement and assessment of market risk of the firm. The sources of material market
risk (IRBBB, basis, currency, credit spreads and derivatives), once identified, are subject to
the control structure of the firm within its own limit and control framework.
Market risk is analysed under three broad headings:
? Inherent Market Risk
? Quality of Control and Market Risk Processes
? Concentration of Market Risk
IRELAND
INTERNATIONAL MONETARY FUND 211
Inherent Market Risk
? Risk Tolerance
? Product type
? Market Risk Strategy
? Balance Sheet Structure
? Identification of all Market Risk
Quality of Control and Market Risk Processes
? Governance
? Risk/ Capital Model Validation
? Skill and Knowledge
? Limits – Risk Tolerance
? Limits – Monitoring
? Policy and Procedure
? MIS Reporting
? Stress Testing
? New Product Process
? Internal Audit Process
Concentration of Market Risk
? Diversification
? Illiquid Financial Products
? Illiquid and Volatile Financial Products
The Treasury Team has developed a risk dashboard which captures risk metrics for market
risk (traded and non-traded) and liquidity for the High Impact banks. The dashboard is
populated by banks on a monthly or quarterly basis depending on impact and forms the
basis of enhanced supervisory attention for this cohort of banks. The dashboard allows
peer group comparison.
Of the banks supervised, only 24 had a pillar 1 market risk capital requirement at 30 June
2013. Of these only 11 exceeded €1m and only 2 exceeded €100m. In terms of onsite
examinations of market risk, the Treasury Team has conducted two full risk reviews in 2012
for High Impact banks and has either performed or advised on the market risk assessment
of three lower impact banks. The treasury team, under its market risk assessment
framework, also assesses, on a quarterly basis, all high impact banks’ market risk against a
number of sub-component criteria. This involves both onsite and offsite work. Given
current market and macroeconomic conditions, the High Impact banks have received an
elevated amount of attention by the risk specialists in the Treasury Team, supporting offsite
analysis and attending meetings with bank senior management. Analysis of market risk
through onsite reviews will generally be performed by the supervision team supported by
the treasury team. In addition to the work of the Central Bank, external consultants had
been engaged previously to conduct balance sheet analysis of the major banks in the past
which included an evaluation of market risk.
In terms of inherent market risk across the sector, banks have managed down their risk
profile with a scaling back in exposure. Profile of trading books was relatively benign with
few exotic instruments traded and typical trading strategy adopted by banks is to support
customer flow and for hedging purposes.
EC2 The supervisor determines that banks’ strategies, policies and processes for the
IRELAND
212 INTERNATIONAL MONETARY FUND
management of market risk have been approved by the banks’ Boards and that the Boards
oversee management in a way that ensures that these policies and processes are
implemented effectively and fully integrated into the banks’ overall risk management
process.
Description and
findings re EC2
Supervisors determine that banks have an adequate market risk management process in a
number of ways. In the case of the 7 credit institutions covered by the treasury team this is
assessed:
? by reference to preparatory work for the completion of the quarterly Treasury
Probability Risk rating review exercise.
? from the Central Banks internal reviews of returns received from the credit
institutions.
? during the course of supervisors’ engagement with the Treasurer at regular
scheduled meetings.
? during thematic reviews, e.g. the ALCO Thematic Review, the Market Risk Thematic
Review and the Risk Review conducted on an individual credit institution.
? via ad hoc requests for information on topics that may have come to light in other
institutions.
The assessment of market risk in the remaining institutions forms part of the relevant
supervision team’s work. Each team will determine whether or not there is a Trading Book
within these institutions. When a Full Risk Assessment is carried out, the examination teams
will call upon the support of the Treasury Team to assist in its assessment of market risk.
Meetings will be organized with the relevant credit institution with either the direct or
indirect involvement of the Treasury Team, items arising will be followed up. For Medium
High Impact banks these risk assessments are conducted every 2 to 4 years. In the case of
the Medium Low Impact banks, the risk assessments are performed on a sample basis with
c.10% being reviewed annually. Examination teams will use guidance material from PRISM,
and in some cases use the Market Risk Treasury RAG status to guide them through the risk
assessment. The examination teams revert to the Treasury Team with queries where advice
and support is provided.
In 2011, two High Impact banks were subject to a thematic Market Risk Review to establish
the consistency of processes with the Risk Appetite Statement, risk strategy, risk profile and
capital supporting the risk. These reviews also examined the roles and responsibilities of
committees and officers of each bank for the identification, measuring, monitoring and
control of market risk. Thematic reviews are regularly conducted by the Treasury team in
consultation with the bank examination team. These reviews are focused mainly on the
High Impact banks. A Medium High Impact bank may be added for peer review analysis
when required based upon the market risk scope. Currently there is a Structural Market Risk
Review underway on the 7 banks where Treasury Analysts are assigned; this is currently
being finalized.
Directive 2006/49/EC provides the basis for reviewing market risk and S.I. 661 of 2006, the
amended S.I. 395 of 1992 and S.I. 475 of 2009 in relation to banks set out the requirements.
For the High Impact banks subject to enhanced supervision, the level of engagement with
the bank allows the supervisor to review and assess the implementation of market risk
policies and procedures. The level of traded market risk being run is very low for most
banks (as established from risk dashboards and review of banks’ own MI). Of the banks
IRELAND
INTERNATIONAL MONETARY FUND 213
supervised, only 24 had a pillar 1 market risk capital requirement at 30 June 2013. Of these
only 11 exceeded €1m and only 2 exceeded €100m. This has impacted on the focus of
onsite engagement by both the treasury and examination teams. The treasury team has
been directly involved in assessing the market risk of 8 of the 11 banks mentioned above
including all of the top 7.
The depth of onsite testing and verification by supervisors and, in particular with support
from risk specialists, was not at a level and frequency to accurately confirm that policies
and procedures approved by the Board had been effectively implemented.
EC3
The supervisor determines that the bank’s policies and processes establish an appropriate
and properly controlled market risk environment including:
(a) effective information systems for accurate and timely identification, aggregation,
monitoring and reporting of market risk exposure to the bank’s Board and senior
management;
(b) appropriate market risk limits consistent with the bank’s risk appetite, risk profile and
capital strength, and with the management’s ability to manage market risk and which
are understood by, and regularly communicated to, relevant staff;
(c) exception tracking and reporting processes that ensure prompt action at the
appropriate level of the bank’s senior management or Board, where necessary;
(d) effective controls around the use of models to identify and measure market risk, and
set limits; and
(e) sound policies and processes for allocation of exposures to the trading book.
Description and
findings re EC3
In the case of the 7 credit institutions covered by the treasury team:
? Over time and with experience, the supervisor familiarises themselves with the
market risk management environment/structure of the bank by going on-site to
better examine the relevant internal governance structure and to get a fuller
understanding of the information systems capabilities for Market Risk reporting. This
is conducted on a more granular level via Risk Reviews, etc. Risk Reviews are
conducted on the 7 credit institutions where Treasury Analysts are assigned.
? Refer to CP15 EC7 for details on the Central Bank’s IT assessment framework [(a)]
? The supervisor considers the limit size set out in the RAS of the institution. This
might occur during normal scheduled engagement between the supervisor and the
Treasurer, during a themed review, or during the annual RGP exercise. RGPs and
Market Risk Themed Reviews have made specific reference to this aspect. [(b)]
? The supervisor will monitor “exception tracking and reporting” in a number of ways,
e.g. from details in the ALCO pack, attendance at ALCO, attending meetings and
reviews with both Market Risk team and the Internal Audit team, etc. [(c)]
? The risk modeling team will assess the appropriateness and robustness of the risk
measurement model for the quantification of market risk, e.g. has the risk-
measurement model captured a sufficient number of risk factors of their portfolio?
IRELAND
214 INTERNATIONAL MONETARY FUND
Has the risk-measurement model captured nonlinearities risk, correlation risk and
basis risk? In addition, effective controls around the use of models and set limits
have also been assessed, e.g. product type, market risk strategy, risk tolerance (or
risk limits setting), model validation. [(d)]
? Supervisors determine that policies exist for allocation of exposures to the trading
book through ad-hoc review of an institution’s trading book policy statement and an
assessment of the RAS. From the RAS, the supervisor can assess the allocation of
appropriate limits. Market risk policies must adhere to the EBA guidance documents,
and the operation of the processes that measure and monitor market risk in the
trading book. [(e)]
The Financial Risk Review is the principal activity to assess whether policies and procedures
establish an appropriately controlled market risk environment. The FRR/FRA provides the
supervisor an opportunity to engage a bank’s Chair and representatives from senior
management regarding the control environment for market risk. Preparation for these
meetings and conducting the FRR/FRA will include analysis of a range of information
sources, including market risk policies.
EC4
The supervisor determines that there are systems and controls to ensure that banks’
marked-to-market positions are revalued frequently. The supervisor also determines that all
transactions are captured on a timely basis and that the valuation process uses consistent
and prudent practices, and reliable market data verified by a function independent of the
relevant risk-taking business units (or, in the absence of market prices, internal or industry-
accepted models). To the extent that the bank relies on modeling for the purposes of
valuation, the bank is required to ensure that the model is validated by a function
independent of the relevant risk-taking businesses units. The supervisor requires banks to
establish and maintain policies and processes for considering valuation adjustments for
positions that otherwise cannot be prudently valued, including concentrated, less liquid,
and stale positions.
Description and
findings re EC4
It is a minimum requirement of the CRD that the systems and controls ensure MTMs on
trading portfolios are carried out daily. Confirmation of this is received at bilateral meetings
between the CRO or Head of Market Risk in preparation for the annual RGP for High
Impact banks. In addition this aspect is covered in the Treasury Market Risk RAG status
which is reviewed by the Treasury Team quarterly and which contributes to the Market Risk
Probability Risk of that institution.
Each supervisor builds up an understanding of the internal governance of the institution by
reviewing its policies and strategies. The Market Risk RAG status – which is refreshed
quarterly – asks about the availability of daily limit monitoring systems for Market Risk
Management purposes. The BIS principles for Market Risk Management are the
cornerstone and set the expected standards for engagement with the credit institutions.
Therefore both in ongoing engagement and in the more detailed format, i.e. Thematic
Reviews when conducted on selected institutions – daily Mark to Market (MtM) reporting is
the preferred standard. RAG status reviews, Themed Reviews, ALCO attendance, Policy
reviews all combine to ensure that best practice is measured.
The treasury team has been directly involved in assessing the market risk of 8 of the 11
banks with Pillar I market risk capital requirements greater than €1 million, including all of
the top 7. The main activity to assess systems and controls for traded portfolios is largely
through the FRA for lower impact banks, which is a less intensive activity and for market
IRELAND
INTERNATIONAL MONETARY FUND 215
risk typically attended by the risk specialists. However, this is largely a function of the fact
that most banks are running little or no traded market risk. Of the banks supervised, only
24 had a pillar 1 market risk capital requirement at 30 June 2013. Of these only 11
exceeded €1m and only 2 exceeded €100m. Where previous reviews, prior knowledge of
the bank and/or the risk dashboards we receive confirm the lack of traded market risk less
resources are directed to this area. This is monitored to ensure any changes to this are
identified in a timely manner.
The CRD establishes minimum expectations for validation of internal models by an
independent unit within the bank.
EC5
The supervisor determines that banks hold appropriate levels of capital against unexpected
losses and make appropriate valuation adjustments for uncertainties in determining the fair
value of assets and liabilities.
Description and
findings re EC5
Credit institutions are obliged to hold a precise minimum level of capital and to report
compliance with this capital position to the Central Bank monthly as prescribed by the
Central Bank Act 1971, S.I. 661 of 2006, the amended S.I. 395 of 1992 and S.I. 475 of 2009 in
relation to banks.
The Central Bank places primary reliance on the work conducted by the internal and
external auditor to ensure that valuation adjustments are applied as required. As a
secondary measure, supervisors review the findings of the internal/external auditor, make
enquiries if significant adjustments are made, and consequently make judgment on further
action.
EC6
The supervisor requires banks to include market risk exposure into their stress testing
programmes for risk management purposes.
Description and
findings re EC6
Market risk exposures are required to be included within a bank’s stress testing programme
under the requirements of the CRD Annex V point 10 which requires that policies and
processes for the measurement and management of all material sources and effects of
market risks shall be implemented by banks.
In addition, the EBA Guidelines on Stress Testing (GL32), covers trading book risk as well as
the other main risk types.
Assessment of
Principle 22
Largely Compliant
Comments High Impact banks have been subject to enhanced supervisory attention over the course of
the last several years due to heightened risk profile of banks and current market conditions.
For example, supervisors meet with Treasurers on a monthly basis, often perform
monitoring calls weekly, and attend ALCO meetings periodically. Preparation for these
engagements will include receipt and analysis of ALCO packs and MI that is submitted to
the Board. High Impact banks are subject to enhanced monitoring through a risk
dashboard that is populated monthly and reviewed by risk specialists and supervisors.
These activities provide the supervisor opportunity to assess the inherent risk profile in
traded portfolios and risk mitigants.
The treasury team has been directly involved in assessing the market risk of 8 of the 11
banks with Pillar I market risk capital requirements greater than €1 million, including all of
the top 7. In all but one case this has involved an element of onsite examination.
Assessment of the control environment for the majority of banks has been performed
IRELAND
216 INTERNATIONAL MONETARY FUND
within the Full Risk Assessment process, which is less frequent than a Financial Risk Review.
In the context of a very limited level of market risk in Irish licensed banks, there is a reliance
on exception reporting to identify risk, and insufficient testing of implementation of
policies and procedures onsite to be able to accurately assess the effective implementation
of controls, especially in regard to verify that marked-to-market positions are prudently
valued and revalued frequently.
CBIs oversight of internal models on an ongoing basis is inadequate to ensure models are
fit for purpose and calculating capital accurately (EC4). While models are approved at the
time of implementation, ongoing oversight of models in terms of validation and stability of
model outcomes not performed on an ongoing basis, unless triggered by an event.
Principle 23 Interest rate risk in the banking book. The supervisor determines that banks have
adequate systems to identify, measure, evaluate, monitor, report and control or mitigate
interest rate risk
61
in the banking book on a timely basis. These systems take into account
the bank’s risk appetite, risk profile and market and macroeconomic conditions.
Essential criteria
EC1
Laws, regulations or the supervisor require banks to have an appropriate interest rate risk
strategy and interest rate risk management framework that provides a comprehensive
bank-wide view of interest rate risk. This includes policies and processes to identify,
measure, evaluate, monitor, report and control or mitigate material sources of interest rate
risk. The supervisor determines that the bank’s strategy, policies and processes are
consistent with the risk appetite, risk profile and systemic importance of the bank, take into
account market and macroeconomic conditions, and are regularly reviewed and
appropriately adjusted, where necessary, with the bank’s changing risk profile and market
developments.
Description and
findings re EC1
The Central Bank imposes regulations and guidelines on Irish licensed banks in respect to
the management of IRRBB. Banks are required to apply all EBA (formerly CEBS) IRRBB
guideline documents and bulletins. Particular regard should be given to Regulations 66 and
70 of S.I. 661 of 2006. As per Directive 2006/48/EC, interest rate risk in the non-trading
book is treated under the ICAAP/SREP framework.
The SREP takes the form of qualitative reviews of the documented processes and resulting
management reports together with on-site assessments of both technical and senior
management. The review of Pillar II ICAAPs conducted by supervisors have a particular
focus on the identification of sources of IRRBB and the adequacy of processes to manage
this risk. Furthermore, Pillar II ICAAP reviews include quantitative assessments of IRRBB
such as structural basis risk, pre-payment risk, yield curve risk, re-pricing risk, etc. The
quantitative reviews conducted as part of SREPs are documented in the RGP reports. The
ICAAP reviews have a particular focus on the identification of interest rate risks and the
adequacy of processes to manage this risk, for example, how banks are to monitor, control,
mitigate and report its IRRBB.
As part of the ICAAP, a high level, independent quantitative assessment by the Central
Bank is conducted to assess the adequacy of banks’ estimated IRRBB capital.
61
Wherever “interest rate risk” is used in this Principle the term refers to interest rate risk in the banking book.
Interest rate risk in the trading book is covered under Principle 22.
IRELAND
INTERNATIONAL MONETARY FUND 217
Volatility of earnings is an important focal point for IR analysis because of the reduced
earnings that pose a threat to a bank's capital adequacy. The type of the IR risks to which
banks are exposed include re-pricing-maturity risk, yield curve risk, basis risk, option risk,
prepayment risk and pipeline risk. Pressure on bank net interest margins is currently a topic
for domestic banks as well as the impact from mortgage tracker products which limit
banks’ ability to re-price the portfolio.
Two types of IRRBB limits have been adopted by banks:
1. Risk perspective ((i.e. limits the total quantum of risk that may be taken):
a. Group treasury limit (i.e., overall portfolio VaR limit, Probable Maximum Loss
limit, etc.);
b. Instrument type limit (i.e., Interest rate limit, FX limit, derivative limits, such as
delta and/or vega limits, etc.);
c. Nominal (Cash) based Limits.
2. Financial perspective (i.e. limits the potential for earnings volatility):
a. Earnings Constraint;
b. Embedded Value Limits;
c. Stop Loss Limits.
The IR risk measures and limits are reported through a bank’s ICAAP portal/report
submission. For those banks that do not submit an ICAAP (Medium Low), a Self-
Assessment Questionnaire is submitted. In these submissions, a bank’s risk appetite, risk
profile, macroeconomic conditions & the risk of a significant deterioration in market access,
management of risk and quantification of risk are reported to the supervisors.
The Central Bank’s supervisory risk framework (PRISM) prescribes the engagement with
banks and is used as guidance to assess IR and the effectiveness of IR management and
control systems in operation. PRISM is graduated according to the impact assessment of
each individual bank and arising from this the prescribed level of engagement is applied.
Supervisors assess the adequacy of risk management which is based on a review of
whether the bank’s framework is in accordance with BCBS principles.
Onsite supervision includes thematic reviews (e.g. in the course of the ALCO Thematic
Review or the Risk Review conducted on an individual credit institution) and regular
scheduled meetings with the Treasurer and Risk Management.
For Medium High Impact and Medium Low Impact institutions when a Full Risk Assessment
is carried out the examination teams call in the support of Treasury in respect of IRRBB.
Meetings will be organised with the relevant credit institution, items arising will be followed
up. These FRAs are carried out in accordance with the PRISM engagement cycle. During the
course of normal engagement by the examination teams they will use guidance material
from PRISM and, in some cases, use the Market Risk Treasury RAG status. The examination
teams revert to the Treasury Team with queries, or seeking advice if deemed necessary.
In addition to the guidance material in PRISM to assess IRRBB, the following material is
used by supervisors:
? BCBS108: Principles for Measuring Interest Rate Risk
? CEBS guidelines on Technical aspects of the management of interest rate risk arising
from non-trading activities under the supervisory review process
? CEBS CP32: CEBS guidelines on stress testing
There has been progress in improving the Interest Rate Risk in Banking Book (IRRBB)
IRELAND
218 INTERNATIONAL MONETARY FUND
frameworks within the Irish banking system. The SREP reviews have had a particular focus
on improving banks' policies, infrastructure and implementation of policy. A less intensive
process is used for lower Impact banks with a less frequent risk assessment and reliance on
self assessment. The ongoing engagement with the High Impact banks has allowed the
supervisor to assess banks’ approach and strategy for mitigating IRR as market conditions
change. A less frequent engagement model for lower Impact banks (as prescribed by
PRISM) is nonetheless supported by quarterly risk dashboards which facilitates monitoring
of risk changes and a twice yearly meeting between the examination team and the head of
the Treasury Team which facilitates exchange of information, including findings of the risk
reviews conducted for the High Impact banks that may be relevant to the M/H and M/L
impact banks. A less frequent engagement model for lower Impact banks (as prescribed by
PRISM) will not typically allow supervisors an opportunity to assess whether banks are
regularly reviewing their strategies and risk profile to make adjustments where necessary in
the context of market developments.
EC2
The supervisor determines that a bank’s strategy, policies and processes for the
management of interest rate risk have been approved, and are regularly reviewed, by the
bank’s Board. The supervisor also determines that senior management ensures that the
strategy, policies and processes are developed and implemented effectively.
Description and
findings re EC2
For High Impact credit institutions covered by the Treasury team, as a bank conducts its
review of policies and processes, supervisors follow developments either through
attendance at ALCO’s or through analysis of ALCO packs. During this review, the supervisor
will assess that policies and processes are appropriate and complete.
The supervisory plan includes attendance at the ALCO meetings of 7 High Impact banks. A
monthly conference/onsite meeting is held to discuss the month-to-month change in risk
profile in line with business flow. ALCO agenda items include the important policies which
will be reviewed by that supervisor.
The supervisor will also conduct either face-to-face meetings or a scheduled conference
call with the Treasurer. On the agenda of these meetings, topics/issues included in these
discussions are sometimes requests for policy documents, and questions on whether they
are implemented effectively. In preparation for these ongoing engagements and for the
FRR, supervisors will obtain and review Board-approved policies and ALCO packs. In
instances where specific Thematic Reviews are being conducted by the Supervisor on the
credit institution, these Board approvals would be specifically requested.
For Medium High Impact and Medium Low Impact Institutions the assessment of IRRBB in
these institutions forms part of the relevant supervision team’s work. When a FRA is carried
out, the supervision team can call in the support of Treasury resources in respect of the
IRRBB exposures if material and applicable. Guidance materials prepared by Treasury are
applied by the supervision team.
Ongoing engagement with High Impact banks subject to enhanced supervision will entail
analysis of changes in policies and processes which can be discussed with senior
management and the Board. For banks assigned an Impact rating lower than High, the
supervisor, with support from the treasury team, will assess whether policies and processes
are effectively implemented as part of the FRA, albeit not to the same extent as for High
Impact banks. Themed risk reviews were conducted for the high impact banks, in 2012 on
ALCO/ALM and in 2013 on Structural Market Risk. This amounted to 12 reviews in total.
These covered all the main aspects of strategy, policies and processes for the management
IRELAND
INTERNATIONAL MONETARY FUND 219
of interest rate risk.
EC3
The supervisor determines that banks’ policies and processes establish an appropriate and
properly controlled interest rate risk environment including:
(a) comprehensive and appropriate interest rate risk measurement systems;
(b) regular review, and independent (internal or external) validation, of any models used
by the functions tasked with managing interest rate risk (including review of key
model assumptions);
(c) appropriate limits, approved by the banks’ Boards and senior management, that
reflect the banks’ risk appetite, risk profile and capital strength, and are understood
by, and regularly communicated to, relevant staff;
(d) effective exception tracking and reporting processes which ensure prompt action at
the appropriate level of the banks’ senior management or Boards where necessary;
and
(e) effective information systems for accurate and timely identification, aggregation,
monitoring and reporting of interest rate risk exposure to the banks’ Boards and
senior management.
Description and
findings re EC3
For High Impact credit institutions the interest rate systems are reviewed for
appropriateness and detail for each individual bank. The supervisor becomes familiar with
the interest rate risk management environment/structure of the bank by going on site to
better understand the relevant internal governance structure and the information systems
capabilities for IRRBB reporting. This is also conducted at a more granular level via Risk
Reviews, etc. Risk Reviews are agreed by the Treasury Team and inserted in the year
planning exercise with time allocated. As an example of the greater level of detail taking
place in a Risk Review: during the last Market Risk/IRRBB Thematic Review, a supervisor
followed a trade(s) from origination to settlement.
Supervisors review model assumptions and periodic reviews both by internal and external
audit.
The Risk Appetite Statement and the attached IRRBB policy document are assessed for
appropriateness for the bank’s business and the formation and utilisation of Board-
approved limits. Supervisors consider the limit size permissioned by the risk appetite
statement of the institution. This might occur during normal scheduled engagement
between supervisors and the Treasurer, during a themed review, or during the annual RGP
exercise. RGPs and Market Risk Themed Reviews have made specific reference to this
aspect.
Supervisors will monitor “exception tracking and reporting” in a number of ways, e.g. from
details in the ALCO pack, attendance at ALCO, attending meetings and reviews with both
Market Risk team or Internal Audit team, etc.
Supervisors review operational risk logs and will examine the effectiveness of risk controls
under the EBA guidelines of operational risk in a market related environment. Supervisors
conduct an analysis of the effectiveness of the particular systems used by the bank.
Supervisors review breaches, triggers and changes in limits in relation to underlying
business flow with the independent risk management function of the bank. The minutes
IRELAND
220 INTERNATIONAL MONETARY FUND
and submissions contained in the ALCO pack are under constant review for effective
information systems for accurate and timely identification, aggregation, monitoring and
reporting of interest rate risk exposure. The Central Bank’s IT assessment framework is set
out at CP15 EC7.
For Medium High Impact and Medium low Impact institutions:
The assessment of IRRBB in these institutions forms part of the relevant examination team
work. When a Full Risk Assessment is carried out, the examination teams call in the support
of the Treasury Team in respect of IRRBB. Meetings will be organised with the relevant
credit institution, and items arising will be followed up. These FRAs follow the PRISM
engagement model. During the course of normal engagement by the examination teams
they will use guidance material from PRISM and in some cases use the Market Risk Treasury
RAG status. The examination teams revert to the Treasury Team with queries, or seeking
advice if deemed necessary.
EC4
The supervisor requires banks to include appropriate scenarios into their stress testing
programmes to measure their vulnerability to loss under adverse interest rate movements.
Description and
findings re EC4
The Central Bank requires banks to test the effect of a 200bps shift (this is compared with
the Central Bank estimate to ensure accuracy) in the yield curve. Banks with more complex
exposures are expected to test the effects of more varied tilts and twists in the yield curve
so that vulnerabilities are appropriately understood.
The stress testing of market risk as it applies to the banking book is assessed by the
supervisor. This assessment determines that this criterion is adhered to for those banks that
are categorised to be of High Impact. For the remaining banks, an assessment is performed
as part of the ICAAP review process. The Quantitative Models team within Banking
Supervision division assess IRRBB stress tests through collection of data on the banking
book profile. This assessment is performed for banks that have a Treasury Analyst assigned.
The requirement for more sophisticated scenarios for more complex banks is not mandated
under the existing requirements. However, where deemed necessary, banks are required to
perform a set of sensitivity tests to examine, for example, various yield curve movements
(parallel, tilt and twist), basis risk and behavior assumptions under various scenarios.
Additional
criteria
AC1
The supervisor obtains from banks the results of their internal interest rate risk
measurement systems, expressed in terms of the threat to economic value, including using
a standardized interest rate shock on the banking book.
Description and
findings re AC1
At a minimum, as part of the ICAAP process, banks are expected to assess the impact of the
standardised interest rate shock, i.e. impact on NPV of assets and liabilities from 200bps
parallel shift. While the standardised shock is a minimum requirement, larger banks would
be expected to run more sophisticated models to measure exposure to IRRBB. This includes
VaR models which consider the various interest rate curves to which the bank is exposed as
well as the effect of issues such as optionality. Similarly, taking account of the principle of
proportionality, larger banks would be expected to monitor their exposure to various
shifts/twists in the yield curve on an ongoing basis.
The Central Bank runs an independent test of the standardised calculation, and also
assesses the effect of observed extreme 1-year movements at each re-pricing bucket.
Where it is assessed as a material risk, banks would be expected to hold Pillar 2 capital to
cover IRRBB.
IRELAND
INTERNATIONAL MONETARY FUND 221
? Directive 2006/48 and Directive 2006/49 have been largely transposed into Irish law
by the Central Bank Act 1971, S.I. 661 of 2006, the amended S.I. 395 of 1992 and S.I.
475 of 2009 in relation to banks.
? Particular regard should be given to Regulations 66 and 70 of S.I. 661 of 2006.
o Regulation 66 allows the Central Bank to review the arrangements, strategies,
processes and mechanisms implemented by the credit institutions to comply
with that Directive and evaluate the risks to which the credit institutions are
or might be exposed.
o Regulation 70 enables the Central Bank to require any credit institution “that
does not meet the requirements of [any law of the State giving effect to the
[Recast Credit Institutions Directive]] to take the necessary actions or steps at
an early stage to address the situation.”
Risk Analytics sent to each bank a detailed questionnaire seeking responses to a series of
questions which examine the inherent interest rate risk in the banking book, the control
and management process, and the concentration of risk under the following headings:
a) Risk Appetite and Tolerance
b) Risk Management Framework
c) Interest Risk Exposure Profile
d) Data Sources
e) Quantification of IRRBB
f) Mitigation of IRRBB
g) Controlling Exposure to IRRBB
h) Stress Testing
i) Monitoring and Reporting of IRRBB
j) Capital Allocation to IRRBB
AC2
The supervisor assesses whether the internal capital measurement systems of banks
adequately capture interest rate risk in the banking book.
Description and
findings re AC2
The Central Bank periodically issues an IRRBB questionnaire where an update on the
internal capital measurement systems is required. This is intended to provide a high level
background on the management of interest rate risk from both a qualitative and
quantitative perspective. Following on from this, the Central Bank gathers information on a
bank’s internal approach to measuring interest rate risk, assesses it for reasonableness, and
compares with an internal Central Bank estimate. Where it is considered material/relevant,
the Central Bank may also engage in onsite discussion with those responsible for the
management of IRRBB in the institution to assess internal understanding, as well as
processes and controls around the risk.
Assessment of
Principle 23
Largely Compliant
Comments The Central Bank determines the adequacy of the management of IRRBB under the Pillar II
SREP process. The SREP reviews have had a particular focus on improving banks' policies,
infrastructure and implementation of policy in relation to IRRBB. The Central Bank’s
methodology for assessing IRRBB involves the use of benchmarks (200 bps parallel shift
and a 99% historical shift) when performing an ICAAP review. For example, in the past 12
months, as part of the SREP process, the Central Bank has assessed IRRBB in a number of
banks across all impact categories (including medium low impact). The assessment
consisted of a combination of both on-site and off-site reviews. Evidence was provided
demonstrating that capital add-ons have been imposed on banks arising from these
reviews where deficiencies were identified.
IRELAND
222 INTERNATIONAL MONETARY FUND
The ongoing engagement with the High Impact banks has allowed the supervisor to assess
banks’ approach and strategy for mitigating IRR as market conditions change.
Ongoing monitoring of changes in a bank’s IRR profile not well developed in offsite
analysis. KRIs within PRISM did not contain metrics related to IRRBB and data is only
submitted once per year. A less frequent engagement model for lower Impact banks (as
prescribed by PRISM) will not typically allow supervisors an opportunity to assess whether
banks are regularly reviewing their strategies and risk profile to make adjustments where
necessary in the context of market developments. A less frequent engagement model for
lower Impact banks (as prescribed by PRISM) is somewhat mitigated by these risk
dashboards and dialogue with the treasury team on matters arising from risk assessments
of the High Impact banks.
The treasury team has operated a market risk assessment framework over the last two
years that assesses the banks’ market risk (including IRRBB) through a combination of risk
monitoring, risk reviews and compliance assessment. Lack of IRRBB metrics on PRISM have
been addressed by inclusion in the risk dashboard that is submitted by banks either
monthly or quarterly depending on impact rating.
Principle 24
Liquidity risk. The supervisor sets prudent and appropriate liquidity requirements (which
can include either quantitative or qualitative requirements or both) for banks that reflect
the liquidity needs of the bank. The supervisor determines that banks have a strategy that
enables prudent management of liquidity risk and compliance with liquidity requirements.
The strategy takes into account the bank’s risk profile as well as market and
macroeconomic conditions and includes prudent policies and processes, consistent with
the bank’s risk appetite, to identify, measure, evaluate, monitor, report and control or
mitigate liquidity risk over an appropriate set of time horizons. At least for internationally
active banks, liquidity requirements are not lower than the applicable Basel standards.
Essential criteria
EC1
Laws, regulations or the supervisor require banks to consistently observe prescribed
liquidity requirements including thresholds by reference to which a bank is subject to
supervisory action. At least for internationally active banks, the prescribed requirements are
not lower than, and the supervisor uses a range of liquidity monitoring tools no less
extensive than, those prescribed in the applicable Basel standards.
Description and
findings re EC1
The Central Bank has prescribed liquidity requirements on authorised credit institutions
under its Regulatory Document “Requirements for the Management of Liquidity Risk”
(“Liquidity Requirements”). The prudential liquidity requirements apply to every credit
institution licenced by the Central Bank on a consolidated basis, irrespective of their activity
being local or international, except where in a very limited number of cases the CBI grants
exemptions according to pre-defined criteria.
These Liquidity Requirements impose quantitative and qualitative prudential requirements
on credit institutions authorised in Ireland that are to be met on an ongoing basis. The
Quantitative Ratios are required to be submitted to the Central Bank as part of the maturity
mismatch calculation report. The mismatch is broken up into seven time buckets:
a. Sight to 8 days;
b. Over 8 days to 1 month;
c. Over 1 month to 3 months;
IRELAND
INTERNATIONAL MONETARY FUND 223
d. Over 3 months to 6 months;
e. Over 6 months to one year;
f. 1 to 2 years; and
g. 2 + years.
The quantitative limits only apply to the first two ratios (sight to 8 days & over 8 days to 1
month). The first ratio (sight to 8 days) needs to be 100% and the second ratio (8 days to 1
month) needs to be 90%. All other ratios are monitored (see 6.3 Limits of the Liquidity
Requirements).
For the High Impact and Medium High Impact institutions, the liquidity risk matrix which
determines the liquidity RAG status has been compiled using the Basel standards as stated
below).
The impact rating of a credit institution prescribes the level of supervision, ranging from
ongoing supervision (High Impact) to less intensive (Medium Low Impact). Medium Low
Impact firms are looked at when there is a significant movement in the metrics uploaded to
PRISM or when information comes to the supervisor’s attention that requires supervisory
action. For the Medium Low Impact firms, two meetings per annum are scheduled between
the Treasury Team and the examination team leads to discuss the findings of the
examination teams’ liquidity assessments. These examination team leads use the same RAG
status as used by the Treasury Team for their High Impact firms.
In terms of offsite supervision, only High & Medium-High Impact firms are the regulatory
returns analysis performed. Medium-Low & Low Impact firms are not actively subject to
offsite supervision unless the returns trigger a red flag built into the system. Offsite
supervision is calibrated in a similar way in terms of Impact and for High & Medium Impact
firms the engagement is routine and frequent.
Responsibility for the supervision of liquidity risk is in line with the PRISM engagement
model. Certain High Impact Institutions are assigned a dedicated analyst from the Treasury
Team. Other High Impact institutions receive part of the time of an assigned treasury
analyst. Medium High Impact institutions receive part of the time of an assigned analyst if
deemed necessary. Responsibility for the analysis of liquidity risk in other institutions is
performed by the supervision teams. The Treasury Team is available to provide support and
guidance to the supervision teams in these cases.
Both quantitative and qualitative liquidity requirements must be adhered to by all
authorised credit institutions (both local and international) in Ireland. These are set out in
the following laws, regulations and prudential requirements.
1) Annex XI of CRD, implemented via Reg. 66 of S.I. 661 of 2006
2) Annex V of CRD, implemented via Reg. 66 of S.I. 661 of 2006
3) Central Bank Regulatory Document for Credit Institutions, “Requirements for the
Management of Liquidity Risk”, 29 June 2009
4) Central Bank Corporate Governance Code for Credit Institutions and Insurance
Undertakings. Section 12.3: “A full understanding of the nature of the institution’s
business, activities and related risks.”
The treasury team analyses Liquidity Risk under eight broad headings. These were
formulated using the principles from the paper ‘Basel III: International framework for
liquidity risk measurement, standards and monitoring, (Dec 2010)’.
IRELAND
224 INTERNATIONAL MONETARY FUND
Among the guidance documents used to focus the work of supervisors are:
? EBA ‘Guidelines on Liquidity Cost Benefit Allocation, (Oct 2010)’;
? EBA ‘Guidelines on Liquidity Buffers and Survival Periods, (Dec 2009)’;
? BCBS ‘Principles for Sound Liquidity Risk Management and Supervision, Sept 2008’.
The frequency of reports submitted to the Central Bank is also dependent on the impact of
the credit institution:
1) All licenced credit institutions are required to submit the following liquidity returns
on line via the Central Bank’s Viewpoint IT system:
- Liquidity Return/Maturity Mismatch (weekly/monthly)
- Deposit Protection Return (monthly)
- FINREP (monthly/quarterly)
- Funding Composition Report (monthly for Medium High Impact or
higher/Quarterly for Medium Low Impact or lower)
2) All covered credit institutions are required to submit the following liquidity reports
in addition to the above:
- Guaranteed Liabilities Return (monthly)
- Liquidity Forecasting Analysis (quarterly)
3) All High Impact or Medium High Impact credit institutions are required to submit
the ICAAP portal yearly. This includes the identification, measurement, monitoring,
control and reporting of Pillar 2 risks, i.e. liquidity
4) All Medium Low Impact credit institutions are required to submit a Self-Assessment
Questionnaire yearly. An ICAAP will only be submitted by the credit institution if
requested by the supervisor.
5) All firms involved in Asset Covered Securities are required to submit
- Asset Covered Securities Return (quarterly)
Section 1.4.3 of the liquidity Requirements sets out the instances where branches of EEA
and non-EEA credit institutions may be exempted from the liquidity requirements subject
to certain undertakings by the branch’s head-office and confirmations from the Home
Supervisor. Section 1.4.1 permits, on ‘an exceptional bilateral basis’ an exemption from the
quantitative requirements only to be given to a credit institution. To date, only one Irish
licensed bank has been granted such an exemption.
The legal requirements on the credit institutions to submit the above information to the
Central Bank is stipulated by the following:
1) Central Bank Act, 1971 – Section 23, “Regulation of ratios between assets and
liabilities of holders of licences”
2) ‘Requirements for the Management of Liquidity Risk (June 2009)’, Central Bank.
“Qualitative and Quantitative Requirements”
3) European Communities (Deposit Guarantee Scheme) Regulations 1995 (S.I. 168 of
1995)
4) Credit Institutions (Eligible Liabilities Guarantee) Scheme 2009
5) Memorandum Of Understanding – European Commission, International Monetary
Fund and European Central Bank
6) Basel III/CRD IV – introduction for the first time of international liquidity standards of
minimum liquidity requirements LCR & NSFR ratios, with additional liquidity
monitoring metrics focused on maturity mismatch, concentration of funding and
available unencumbered assets. Currently not a legal requirement; will be in the
future
IRELAND
INTERNATIONAL MONETARY FUND 225
7) Directive 2006/48/EC, implemented via Regulation 66 of S.I. 661 of 2006, Annex XI of
CRD and Annex V of CRD
EC2
The prescribed liquidity requirements reflect the liquidity risk profile of banks (including
on- and off-balance sheet risks) in the context of the markets and macroeconomic
conditions in which they operate.
Description and
findings re EC2
The impact rating of a credit institution on the Irish economy prescribes the level of
supervision as iterated above in criteria 1. The Treasury Team’s approach to analysing
liquidity is shared with the supervision teams of the lower impact banks to ensure a
consistent approach. However, in general these banks have lower levels of liquidity risk and
are less exposed to markets and macroeconomic conditions. For the banks analysed by the
treasury team under the liquidity matrix (8 credit institutions in total), the banks are
analysed in the context of the markets – both on and off balance sheet – and
macroeconomic conditions in which they operate.
The Treasury Team has developed a risk rating framework (risk dashboard) to evaluate the
liquidity risk profile of an authorised credit institution. Under the risk rating framework,
Liquidity Risk is analysed under 8 broad headings as stated above, which takes into account
market and macroeconomic conditions.
Section 3 of the Liquidity requirements requires each credit institution to establish a
liquidity policy, to be reviewed on an ongoing basis. The liquidity policy must include a
“strategy for the ongoing management of liquidity risk that is consistent with the risk
tolerance of the credit institution” (3.1); Scenario analysis is to include institution specific
and market factors and assumptions about the behaviour of a credit institution’s assets,
liabilities and off-balance sheet activities under stress should be reviewed regularly to
ensure their continued appropriateness (3.6). in addition the policy must give regard to
access to funding: market access must ensure sufficient access to funding from a range of
sources in the financial market (3.8).
EC3
The supervisor determines that banks have a robust liquidity management framework that
requires the banks to maintain sufficient liquidity to withstand a range of stress events, and
includes appropriate policies and processes for managing liquidity risk that have been
approved by the banks’ Boards. The supervisor also determines that these policies and
processes provide a comprehensive bank-wide view of liquidity risk and are consistent with
the banks’ risk profile and systemic importance
Description and
findings re EC3
The impact rating of a failure of a credit institution on the Irish economy prescribes the
level of supervision, as iterated above in EC1. Section 3.1 of the Liquidity Requirements
explicitly sets out the expectations for Boards to be responsible for liquidity risk
management in developing a strategy for ongoing management and establishing an ALCO
structure to manage liquidity on a practical level. In this section, the liquidity policy is
required to be reviewed and approved at least annually by the Board. Section 3.4 sets out
the minimum expectations for management information to be provided to the Board with
appropriate and timely information.
Section 3.3 entitled Internal Controls sets out the expectations that reporting of limit
breaches is immediately brought to the attention of ALCO and the Board.
Section 3.6 of the Liquidity Requirements deals with scenario analysis and stress testing
including treatment of assumptions. The procedures regarding scenario analysis, stress
tests and assumptions must include:
? Procedures for the performance and analysis of a range of stress and
IRELAND
226 INTERNATIONAL MONETARY FUND
“what-if” scenarios, considering institution-specific and market factors,
including the frequency of performance;
? Procedures for the action to be taken by management in the event of
certain stress results;
? A timetable for the performance of stress testing and scenario analysis
is to be prepared at the commencement of each financial year and the
outcome of these examinations are to be reported to the Board on an
annual basis; and
? Assumptions about the behaviour of a credit institution’s assets,
liabilities and off-balance sheet activities under stress should be
reviewed regularly to ensure their continued appropriateness in the
context of the credit institutions activities.
The following requirements with regard to stress testing of liquidity must be adopted by
credit institutions:
? Stress testing must be completed on a quarterly basis by all
institutions for both a bank-specific and industry-wide liquidity stress
situation.
? Each institution should consider further whether it is appropriate to
perform both a moderate and severe entity-specific stress test, in
addition to the minimum criteria prescribed above.
? Institutions are to document: (i) an acceptable mismatch between
inflows and outflows under each scenario and (ii) the strategic
responses which would be required and available to the credit
institution in cases where these acceptable mismatches are breached.
For example, if the stress testing identifies an unacceptable gap, an
entity should consider the types of action it would take depending on
the magnitude of the gap, the severity and likelihood of the stress
scenario. These may include:
o Sell appropriate assets or repo assets;
o Requisition the marginal lending facility; or
o Draw down committed lines.
These stress testing requirements are quantitative and are in addition to the qualitative
requirements outlined in section 3.6 of the Requirements. Central Bank teams will examine
the reporting of stress testing results to the Board, as required in section 3.6, as part of
their ongoing work. In addition to this work, the Treasury Team will ensure that the
responsibilities of the Board are carried out – these include developing a strategy for the
ongoing management of liquidity risk that is consistent with the risk tolerance of the credit
institution; assigning a management structure to identify, measure, monitor and control
liquidity risk; approving the liquidity policy; etc.
Certain institutions rated High Impact receive a dedicated analyst from the Treasury Team.
Other High Impact institutions receive part of the time of an assigned treasury analyst.
Medium High Impact institutions receive part of the time of an assigned analyst if deemed
necessary. Responsibility for the analysis of liquidity risk in other institutions is performed
by the supervision teams. The Treasury Team is available to provide support and guidance
to the supervision teams in this case.
Under the Treasury Team risk rating framework a bank’s liquidity risk framework is analysed
under the following categories
IRELAND
INTERNATIONAL MONETARY FUND 227
1) Governance and Culture
2) Measurement and Forecasting
3) Liquidity Management
4) Liquidity Contingency Planning
Credit institutions are required to submit to the Central Bank the results of three types of
stress scenarios: 1) idiosyncratic, 2) market wide and 3) combination of both. These are
submitted monthly for High Impact and Medium High Impact institutions, and Quarterly
for Medium Low or Low Impact credit institutions. The legal/regulatory basis for the
supervision of liquidity risk is based on the following:
? Regulation 66 and 70 of S.I. 661 of 2006.
? The liquidity risk framework was formulated using the “Requirements for the
Management of Liquidity Risk (29 June 2009).” The framework also incorporates the
principles of the Basel Committee “Principles for Sound Liquidity Risk Management
and Supervision” – September 2008
? Basel Committee “Principles for sound stress testing and supervision” – May 2009
? BCBS ‘Basel III: International framework for liquidity risk measurement, standards
and monitoring, (December 2010)’.
Among the guidance documents used to focus the work of supervisors are:
? EBA ‘Guidelines on Liquidity Cost Benefit Allocation, (October 2010)’;
? EBA ‘Guidelines on Liquidity Buffers and Survival Periods, (December 2009)’.
? CEBS/EBA guidelines on stress testing (GL32) annex 5, (August 2010).
As part of the SREP (ICAAP) process, reviews of liquidity policy and contingency plans are
carried out yearly.
A recent thematic review was conducted to assess liquidity contingency planning. This
review included a sample of 7 credit institution (local and international). In another recent
review of banks’ ALCOs’ role and effectiveness, banks were assessed on governance across
liquidity risk. This ALCO review addressed a number of areas, including stress testing and
the quality and discussion of management information that is circulated to the ALCO
committee and the Board members of the bank.
EC4
The supervisor determines that banks’ liquidity strategy, policies and processes establish an
appropriate and properly controlled liquidity risk environment including:
(a) clear articulation of an overall liquidity risk appetite that is appropriate for the banks’
business and their role in the financial system and that is approved by the banks’
Boards;
(b) sound day-to-day, and where appropriate intraday, liquidity risk management
practices;
(c) effective information systems to enable active identification, aggregation, monitoring
and control of liquidity risk exposures and funding needs (including active
management of collateral positions) bank-wide;
(d) adequate oversight by the banks’ Boards in ensuring that management effectively
implements policies and processes for the management of liquidity risk in a manner
IRELAND
228 INTERNATIONAL MONETARY FUND
consistent with the banks’ liquidity risk appetite; and
(e) regular review by the banks’ Boards (at least annually) and appropriate adjustment of
the banks’ strategy, policies and processes for the management of liquidity risk in the
light of the banks’ changing risk profile and external developments in the markets
and macroeconomic conditions in which they operate.
Description and
findings re EC4
Assessment for 7 High Impact and one Medium High Impact is an ongoing process, and
involves examination of:
(a) A bank’s risk appetite by monitoring ALCO packs and Board Papers.
(b) Liquidity risk management practises – by attending Alco meetings, meeting
with the Treasurer to discuss ALCO agenda and papers, and by performing
Risk Reviews on aspects of Liquidity Management.
(c) Information systems by analysing MI capability to ensure high standard of
output which displays liquidity risk exposures.
(d)/(e) Board’s policy approval of liquidity policies to ensure that it matches the RAS,
and that these policies are kept under review.
For High Impact banks, both onsite and offsite regulatory supervision is constant. Contact
with High Impact institutions involves: monthly meeting with Head of Treasury /ALM;
weekly liquidity risk calls; and scheduled Risk Reviews. The Treasury Team provides support
to the examination teams of these banks by way of semi-annual meetings, access to the
Treasury Team’s risk reviews and risk assessment framework as well as support for risk
assessments.
The Treasury Team’s onsite work includes a monthly meeting with the Head of ALM to
discuss recent ALCO agenda items and ALCO MI. As previously mentioned, 4 Risk Reviews
will take place during the course of 2013 to deal with the following topics:
? Funds Transfer Pricing;
? Structural Market Risk;
? Contingency Funding Plan; and
? Funding strategy and Liquidity Stress Testing.
Regular meetings are scheduled with heads of functions (ALM, Treasury, Risk, and Internal
Audit) as appropriate to the bank’s risk rating. Regular assessment and testing is conducted
on the quality of liquidity governance, measurement, management, reporting and
performance against liquidity targets. The offsite work involves constant review of funding
and maturity profile in order to gather a strong understanding of the bank’s funding
structure and strategy.
Inherent in this assessment methodology is consistency. Banks can be compared with peers
across the sector. This allows for more efficient identification of best practices or of
emerging trends in banks in a peer group.
For Medium High Impact and lower impact banks, the assessment of liquidity strategy,
processes and policies is done as part of the FRA, the frequency and duration of which is as
per PRISM guidance.
EC5
The supervisor requires banks to establish, and regularly review, funding strategies and
policies and processes for the ongoing measurement and monitoring of funding
requirements and the effective management of funding risk. The policies and processes
include consideration of how other risks (e.g. credit, market, operational and reputation
IRELAND
INTERNATIONAL MONETARY FUND 229
risk) may impact the bank’s overall liquidity strategy, and include:
(a) an analysis of funding requirements under alternative scenarios;
(b) the maintenance of a cushion of high quality, unencumbered, liquid assets that can
be used, without impediment, to obtain funding in times of stress;
(c) diversification in the sources (including counterparties, instruments, currencies and
markets) and tenor of funding, and regular review of concentration limits;
(d) regular efforts to establish and maintain relationships with liability holders; and
(e) regular assessment of the capacity to sell assets.
Description and
findings re EC5
The requirements are set out in Sections 3 and 8 of the Liquidity Requirements where the
CBI requires each credit institution to establish a liquidity policy, which will be reviewed as
part of the ongoing regulation of the institution.
While HQLA can be used in the calculation of the liquidity mismatch ratio, there is no
stipulation in the rules for a minimum HQLA as long as there are sufficient net inflows to
meet the minimum ratio requirements.
As well as the qualitative requirements included in the liquidity policy, Section 5.2 sets out
overriding criteria for determining the characteristics of marketable assets including
concentration and depth of market. Section 3.8 sets out requirements for market access.
Requirements are also set out in the instructions for ICAAP submission, Section 4, Section
5.4 and Section 9.
The Legal/Regulatory Basis is as follows:
? Regulation 66 and 70 of S.I. 661 of 2006.
? Central Bank Requirements for the Management of Liquidity Risk (June 2009).
Imposed via :
Quantitative Requirements:
o Central Bank Act 1971, Section 23
o Building Societies Act 1989, Section 39
o Trustee Savings Bank 1989, Section 31
Qualitative Requirements:
o EC (Licensing and Supervision of Credit Institutions) Regulation
1992 (Regulation 16 S.I. 395 of 1992)
? Quantitative Requirements & Qualitative Requirements are also imposed as
conditions to which all credit institutions are subject to:
o Central Bank act 1971 Section 10,
o Building Societies Act 1989 Section 17
o Trustee Savings Bank 1989 Section 12
o Asset cover securities Act 2001 Section 16
? Directive 2006/48/EC, implemented via Regulation 66 of S.I. 661 of 2006, Annex XI of
CRD and Annex V of CRD:
o Annex XI, Section 1(e)
o Annex V, Section 10
EC6 The supervisor determines that banks have robust liquidity contingency funding plans to
handle liquidity problems. The supervisor determines that the bank’s contingency funding
plan is formally articulated, adequately documented and sets out the bank’s strategy for
IRELAND
230 INTERNATIONAL MONETARY FUND
addressing liquidity shortfalls in a range of stress environments without placing reliance on
lender of last resort support. The supervisor also determines that the bank’s contingency
funding plan establishes clear lines of responsibility, includes clear communication plans
(including communication with the supervisor) and is regularly tested and updated to
ensure it is operationally robust. The supervisor assesses whether, in the light of the bank’s
risk profile and systemic importance, the bank’s contingency funding plan is feasible and
requires the bank to address any deficiencies.
Description and
findings re EC6
The Central Bank requires each credit institution to establish a Contingency Funding Plan
(section 3.9 of the Liquidity Requirements), developed by management and approved by
the Board of Directors as part of the liquidity policy which will be reviewed as part of the
ongoing regulation of the institution. At a minimum, the CFP is to:
? Identify the triggers that are used as signs of an approaching crisis and who has
responsibility for monitoring and reporting on these triggers, e.g. a predetermined
drop in deposits, a predetermined decline in the value of shares, or a higher cost of
funding vis-à-vis other credit institutions;
? Outline individual responsibilities in the event of the credit institution experiencing
liquidity problems, in particular the person with responsibility for liaison with the
media, shareholders and the Central Bank should be outlined;
? Outline procedures for timely and relevant information flows to senior management
in the event of a crisis;
? Outline procedures for making up cash flow shortfalls will be outlined e.g. selling
assets, establishing new lines of funding etc., in both normal and stressed
conditions;
? Outline identify and quantify all sources of funding by preference of use in various
scenarios extending from normal circumstances to a severe industry stress;
? Address strategy with respect to altering the behaviour of assets and liabilities;
? Address circumstances when the plan should be utilised; and
? Outline names, contact details and geographical location of personnel responsible
for contingency planning.
The extent of review of a credit institutions contingency funding plan is dependent on the
impact of the credit institution. The Treasury Team has developed a risk rating framework
to evaluate the liquidity risk profile of an authorised credit institution for Medium High
Impact or higher (eight broad headings).
For the 8 banks assessed by the Treasury Team, a Risk Review of CFPs is one of the four
scheduled reviews to be conducted in 2013. Prior to this, as part of the team’s liquidity risk
assessment framework, CFPs were reviewed as part of the probability risk scoring process.
The more detailed 2013 reviews will add more depth and peer comparisons.
As with all such reviews, the review document will be made available to the examination
teams of Medium High Impact and Medium Low impact banks, and discussed with them at
the semi-annual meetings with the Treasury Team.
Contingency planning is covered by the PRISM guidance material on liquidity risk and
forms part of the material reviewed by examination teams when conducting FRA, the
frequency of which are determined by the impact rating of the bank, as per PRISM. The
Treasury Team’s Liquidity Risk Assessment Framework is also used for some of these banks
IRELAND
INTERNATIONAL MONETARY FUND 231
and has specific metrics on CFP.
EC7 The supervisor requires banks to include a variety of short-term and protracted bank-
specific and market-wide liquidity stress scenarios (individually and in combination), using
conservative and regularly reviewed assumptions, into their stress testing programmes for
risk management purposes. The supervisor determines that the results of the stress tests
are used by the bank to adjust its liquidity risk management strategies, policies and
positions and to develop effective contingency funding plans.
Description and
findings re EC7
The Central Bank both requires banks to conduct a variety of stress tests and also assesses
whether the results of these are used by the banks to inform CFP and setting of Risk
Appetite.
Section 8 of the Liquidity Requirements stipulates the frequency and nature of stress tests
to be performed by credit institutions including: stress tests must be completed on a
quarterly basis for both bank specific and industry-wide stress situations; and moderate
and severe scenario is considered where appropriate. The assumptions need to be
documented. Section 3.8 details the various parameters a bank needs to consider.
A series of Risk Reviews is scheduled by the Treasury Team for 2013 onwards and includes
CFP, Liquidity Stress Testing and Funding Strategy. These will add to the quality of the
assessment. These will also be used to inform the assessment of the Medium High Impact
and lower impact banks.
Also, each institution is required to submit a monthly liquidity return and a Treasury
Funding Report. This information is analysed in terms of funding composition, behavioural
assumptions on cash flow of both assets and liabilities, monitoring of liquidity ratios and
EBA stress test results (idiosyncratic, systematic and combined).
EC8 The supervisor identifies those banks carrying out significant foreign currency liquidity
transformation. Where a bank’s foreign currency business is significant, or the bank has
significant exposure in a given currency, the supervisor requires the bank to undertake
separate analysis of its strategy and monitor its liquidity needs separately for each such
significant currency. This includes the use of stress testing to determine the
appropriateness of mismatches in that currency and, where appropriate, the setting and
regular review of limits on the size of its cash flow mismatches for foreign currencies in
aggregate and for each significant currency individually. In such cases, the supervisor also
monitors the bank’s liquidity needs in each significant currency, and evaluates the bank’s
ability to transfer liquidity from one currency to another across jurisdictions and legal
entities.
Description and
findings re EC8
FMP banks (3 High Impact institutions) with any sizable foreign currency transformation
requirements are either deleveraging that part of the portfolio or have matched that part of
the balance sheet. The FMP banks are monitoring and reporting foreign currency exposure
quarterly to the Troika and Central Bank. None of the non-FMP banks have significant
foreign currency transformation requirements.
The COREP return requires banks to submit their Foreign Exchange Risk Total Positions in
Non-Reporting Currencies to the Central Bank. This return also shows the net position per
currency. Foreign currency is not regarded as significant (“significant” being >5%). The
banks’ ability to transfer liquidity from one currency to another across legal entities is only
analysed for covered institutions.
IRELAND
232 INTERNATIONAL MONETARY FUND
The qualitative requirements are set out in Section 3 of the Central Bank, regulatory
document for credit institutions “Requirements for the Management of Liquidity Risk (29
June 2009).” The Central Bank requires each credit institution to establish a liquidity policy,
which will be reviewed as part of the ongoing regulation of the institution. At a minimum
the policy is to include:
3.7 Foreign exchange
- Document limits placed on foreign currency mismatches
individually and/or in aggregate
- Document Limits placed in cases where the currency is not freely
available
- Analysis of foreign currency liquidity under various scenarios
The quantitative requirements are set out in Section 7 (“Foreign exchange business”) of the
Central Bank regulatory document for credit institutions, “Requirements for the
Management of Liquidity Risk (29 June 2009).” The Central Bank requires the credit
institution to report the liquidity position in all currencies combined. Balances and flows
denominated in the foreign currencies should be converted into the operational currency,
for the purpose of completing the quarterly prudential liquidity return.
As part of the CRDIV/CRR, from Q1 2014, credit institutions will be required to submit
separate liquidity returns on a significant currency basis, i.e. where the institution has
aggregate liabilities in a foreign currency amounting to or exceeding 5% of the institutions
total liabilities, or has a significant branch as defined in CRDIV in a host Member State
using a foreign currency. The credit institutions shall monitor their liquidity needs
separately for each currency. This analysis and reporting requirement will be completed
under a stressed scenario. Maturity mismatches for significant foreign currencies will be
analysed as part of the Central Bank’s analysis of the CRR Maturity Ladder reporting
template, due to be submitted by institutions in 2014.
Each quarter, the Irish covered banks (3 High Impact banks) submit comprehensive liquidity
forecasting analysis as part of the EU-IMF Financial Support programme for Ireland. This
includes balance sheet and FX funding gap (USD/GBP) forecasting out to end of 2014.
Additional
criteria
AC1
The supervisor determines that banks’ levels of encumbered balance-sheet assets are
managed within acceptable limits to mitigate the risks posed by excessive levels of
encumbrance in terms of the impact on the banks’ cost of funding and the implications for
the sustainability of their long-term liquidity position. The supervisor requires banks to
commit to adequate disclosure and to set appropriate limits to mitigate identified risks.
Description and
findings re AC1
The Central Bank does not impose specific limits on asset encumbrance. Levels of
encumbrance are monitored via the risk dashboards and discussed with the banks. What
may be an acceptable level of asset encumbrance will vary from case to case. In some cases
it may be a function of a bank’s funding model e.g. covered bond bank. In some cases it
may be a function of temporary reliance on secured central bank funding while a
deleverage programme is executed. The banks report the level of asset encumbrance
monthly – this information is contained in the “Dashboard” received from the High Impact
banks. The topic of “Asset Encumbrance” has also been raised in recent papers circulated
by the ESRB. These papers involve proposals to increase the level of reporting and
regulation on “Asset Encumbrance”, but falls short of requiring limits to be applied and
positions of these banks against limits to be reported. The paper provides implementation
IRELAND
INTERNATIONAL MONETARY FUND 233
dates for commencement of this new regulation by the relevant National Supervisory
Authorities at a time in the future. The Central Bank will be working to comply with these
new standards and implementation dates. Separately, one High Impact bank was given an
RMP for delivery by end March 2013 to improve their management and internal reporting
of asset encumbrance. They have completed this RMP to the satisfaction of Banking
Supervision.
Banking Supervision applies a maturity mismatch approach to the monitoring of liquidity
risk of each credit institution as outlined in Central Bank – ‘Requirements for the
Management of Liquidity Risk (June 2009)’. The approach set out in the ‘Requirements’
requires credit institutions to analyse their cash flows under various categories and place
them in predetermined time bands depending on the time cash is received and paid out.
The prudential liquidity ratios focus on the first two time bands, 0-8 days and over 8 days
to 1 month, and the composition of available liquid assets to create sufficient liquidity to
cover expected outflows including behavioral assumptions. These statutory Liquidity Ratios
are set at 100% and 90% respectively. The Central Bank has the discretion on a case-by-
case basis to impose liquidity requirements on an institution, which may require it to
maintain maturity mismatch ratios different from the standard limits imposed.
Section 5.4 “Encumbered Assets” of the Central Bank regulatory document for credit
institutions, “Requirements for the Management of Liquidity Risk (29 June 2009)”, details
the treatment of Encumbered Assets for liquidity reporting purposes. Encumbered assets
consist of:
? securities pledged as collateral and not available to the institution for the period that
they constitute collateral;
? securities transferred by the reporting credit institution as part of a sale and
repurchase agreement for the duration of the agreement;
? receivables that are currently nonperforming/impaired and on which impairment has
been identified on individual loans;
? low grade securities; and
? shares in affiliated companies.
The Central Bank requires credit institutions to report liquidity ratios across various time
bands each week/month/quarter depending on the impact, e.g. High Impact credit
institutions are required to submit weekly and monthly liquidity returns online.
Each institution is also required to submit a Treasury Funding Report. This is submitted
monthly for institutions with dedicated Treasury analyst. For all other institutions, it is
submitted quarterly/monthly depending on the supervision team requirement. This
information is analysed in terms of funding composition.
In addition, Annex V, Section 10, of Directive 2006/48/2006: “Credit institutions shall
distinguish between pledged and unencumbered assets that are available at all times, in
particular during emergency situations. They shall also take into account the legal entity in
which assets reside, the country where assets are legally recorded either in a register or in an
account as well as their eligibility and shall monitor how assets can be mobilised in a timely
manner.”
As well as the above, supervisors closely monitor liquidity mismatches and forecasting in
the covered institutions, and the possible necessity for Emergency Liquidity Assistance.
Each quarter, the Irish covered banks (i.e. 3 High Impact banks) which have existing
IRELAND
234 INTERNATIONAL MONETARY FUND
drawings from the Central Bank, or have had such drawings in the past six months, are
deemed High Liquidity Risk probability. Banking Supervision, working with the Financial
Markets Division, monitors the availability of each credit institution’s collateral for ECB
monetary operations such as the MRO and LTRO.
The Treasury Team risk rating framework (as detailed above) evaluates the unencumbered
assets under the heading “8. Funding Composition and Stability” for High Impact and
Medium High Impact banks. This is not performed for Medium Low Impact banks as
supervision is carried out on a reactive basis.
Legal/Regulatory Basis
? Requirements for the Management of Liquidity Risk (June 2009), Central Bank
document – Section 4.2 “Limits and Monitoring Ratios”
? Basel III/CRD IV – introduction for the first time of international liquidity standards of
minimum liquidity requirements LCR & NSFR ratios, with additional liquidity
monitoring metrics focused on maturity mismatch, concentration of funding and
available unencumbered assets
? Directive 2006/48/EC, Annex V and Annex XI, implemented via Regulation 66 of S.I.
661 of 2006
Practical Example
1) Thematic Review on Funds Transfer Pricing was completed in early 2013.
2) Unencumbered liquid assets are submitted weekly/monthly via the liquidity return
online.
3) “Use of Collateral” report is received from the Central Bank Organisational Risk
division weekly. This report details the collateral used in the ECB.
As stated above, there is no system-wide process initiated by Banking Supervision which
requires that levels of encumbrance on balance sheets are maintained within acceptable
limits. However, the banks report to the Central Bank the level of asset encumbrance
monthly – this information is contained in the “Dashboard” received from the High Impact
banks.
Assessment of
Principle 24
Compliant
Comments The Central Bank has prescribed liquidity requirements for authorized credit institutions
which are not lower than Basel standards. Supervision of liquidity risk is in line with the
PRISM engagement model. The Bank requires each credit institution to establish and
maintain a liquidity strategy and liquidity policy. Central Bank requires each credit
institution to establish a contingency funding plan, developed by management and
approved by the Board. Frequency of reports submitted to the Central Bank is dependent
on the impact of the credit institution. The Central Bank requires banks to conduct a variety
of stress tests and also assesses whether the results of these are used by the banks to
inform Contingency Funding Planning and setting of Risk Appetite.
Principle 25 Operational risk. The supervisor determines that banks have an adequate operational risk
management framework that takes into account their risk appetite, risk profile and market
IRELAND
INTERNATIONAL MONETARY FUND 235
and macroeconomic conditions. This includes prudent policies and processes to identify,
assess, evaluate, monitor, report and control or mitigate operational risk
62
on a timely basis.
Essential criteria
EC1
Law, regulations or the supervisor require banks to have appropriate operational risk
management strategies, policies and processes to identify, assess, evaluate, monitor, report
and control or mitigate operational risk. The supervisor determines that the bank’s strategy,
policies and processes are consistent with the bank’s risk profile, systemic importance, risk
appetite and capital strength, take into account market and macroeconomic conditions,
and address all major aspects of operational risk prevalent in the businesses of the bank on
a bank-wide basis (including periods when operational risk could increase).
Description and
findings re EC1
The CBI requires that banks manage operational risk in line with the CRD, which states that:
? “Credit institutions shall have a well-documented assessment and management
system for operational risk with clear responsibilities assigned for this system. They
shall identify their exposures to operational risk and track relevant operational risk
data, including material loss data. This system shall be subject to regular
independent review.
? The operational risk assessment system must be closely integrated into the risk
management processes of the credit institution. Its output must be an integral Part
of the process of monitoring and controlling the credit institution's operational risk
profile.
? Credit institutions shall implement a system of management reporting that
provides operational risk reports to relevant functions within the credit institution.
Credit institutions shall have procedures for taking appropriate action according to
the information within the management reports. Policies and processes to evaluate
and manage the exposure to operational risk, including to low-frequency high-
severity events, shall be implemented. Without prejudice to the definition laid down
in Article 4(22), credit institutions shall articulate what constitutes operational risk
for the purposes of those policies and procedures.
? Contingency and business continuity plans shall be in place to ensure a credit
institution's ability to operate on an ongoing basis and limit losses in the event of
severe business disruption.”
Recognizing that supervisors must be satisfied that banks have robust and effective
operational risk policies and procedures in place that are suitable for their business, the CBI
has designed an Operational Risk Assessment Methodology that provides supervisors with
a practical means for the assessment of operational risk in a banking environment. It
provides a step-by-step process to help scope, plan and manage an operational risk
examination and specific guidance to assess operational risk across four dimensions:
1. Operational Risk Management Framework: Recognizing the criticality of assessing
the robustness of bank’s [own] Operational Risk Framework, the CBI’s Methodology
focuses on:
- The completeness of a bank’s Framework
62
The Committee has defined operational risk as the risk of loss resulting from inadequate or failed internal
processes, people and systems or from external events. The definition includes legal risk but excludes strategic and
reputational risk.
IRELAND
236 INTERNATIONAL MONETARY FUND
- The quality of each component of the bank’s Framework
- The effectiveness of the bank’s Framework in practice
2. Operational Risk Exposure: Recognizing that a bank’s Operational Risk Management
Framework should ensure that all material risks are identified and managed, the
CBI’s framework provides supervisors with the tools and guidance to:
? Identify the major risks that a bank faces and to assess exposure to
different risk types
? Form an objective view of aggregate risk exposure as a challenge to a
bank’s own assessment
? Identify risks that are unacceptably high, poorly managed or absent from
the bank’s Framework
3. Regulatory Compliance: As compliance with Operational Risk Regulation is a
minimum, the CBI’s framework enables supervisors to:
? Determine which regulatory requirements apply to the bank they are
supervising
? Assess compliance with those requirements
4. Capital Adequacy: The methodology includes guidance and tools to enable
supervisors to:
? Assess and challenge the adequacy of Operational Risk capital levels
? Determine when a Pillar 2 capital add-on may be appropriate (training has
been provided to Supervisors in relation to same)
The assessment framework, has been rolled-out and is embedded in the PRISM framework.
The methodology recognizes differences in the scale and structure of institutions and
provides guidance on priority areas of assessment where particular types of operational risk
are deemed prevalent across the industry. This guidance is refreshed annually. While the
exact scope of an assessment is decided by individual supervisors and management, any
full assessment is expected to address those priority areas.
In terms of the frequency with which operational risk is assessed on-site, reviews are
undertaken as part of a FRR/FRA. These are completed on an ongoing basis for High
Impact institutions and every two to four years for Medium High Impact institutions.
Reviews are carried out on a spot basis for Medium Low Impact institutions.
The Assessment Methodology was implemented in mid-2012. A revision was released in Q1
2013 and the document will be reviewed and revised annually.
CRD (2006/48/EC) - Title V, Chapter 2, Section 4: ” Minimum Own Funds Requirements for
Operational Risk” and the related Annex V and Annex X states:
“The scope of the review and evaluation referred to in paragraph (1) shall be that
of the requirements of the [Recast Credit Institutions Directive].
[…]
Regulation 70 allows for the Central Bank to require a bank to take necessary
actions and steps “requiring the reduction of the risk inherent in the activities,
products and systems of credit institutions.”
The CBI, under these provisions, has applied an Operational Risk Assessment Methodology
IRELAND
INTERNATIONAL MONETARY FUND 237
to ensure that Banks have adequate and sound Operational Risk management practices.
The assessment methodology has, in turn, been derived from a series of regulatory
guidance and best practice sources including:
o CRD (2006/48/EC) – Title V, Chapter 2, Section 4: “Minimum Own Funds
Requirements for Operational Risk” and the related Annex V and Annex X.
o GL10 Guidelines on the implementation, validation and assessment of
Advanced Measurement &Internal Ratings Based Approaches.
o GL21 Compendium of Supplementary Guidelines on implementation issues of
operational risk.
o GL25 Guidelines on operational risk mitigation techniques.
o GL32 Guidelines on Stress Testing.
o GL35 Guidelines on the management of operational risks in market-related
activities.
o GL45 EBA Guidelines on AMA extensions and changes.
o BCBS Principles for the Sound Management of Operational Risk.
o BCBS Operational Risk - Supervisory Guidelines for the Advanced
Measurement Approaches.
EC2
The supervisor requires banks’ strategies, policies and processes for the management of
operational risk (including the banks’ risk appetite for operational risk) to be approved and
regularly reviewed by the banks’ Boards. The supervisor also requires that the Board
oversees management in ensuring that these policies and processes are implemented
effectively.
Description and
findings re EC2
The CBI requires banks to manage operational risk in line with CRD requirements as set out
above, which require that “The management body shall approve and periodically review the
strategies and policies for taking up, managing, monitoring and mitigating the risks the credit
institution is or might be exposed to, including those posed by the macroeconomic
environment in which it operates in relation to the status of the business cycle.” The
Corporate Governance Code requires:
? The Board shall establish a documented risk appetite for the institution. The appetite
shall be expressed in qualitative terms and also include quantitative metrics to allow
tracking of performance and compliance with agreed strategy. The risk appetite
should be subject to annual review by the Board.
? The Board shall ensure that the risk management framework and internal controls
reflect the risk appetite, and that there are adequate arrangements in place to
ensure that there is regular reporting to the Board on compliance with the risk
appetite.
? The (Board) Risk Committee shall oversee the risk management function.
? The (Board) Risk Committee shall ensure the development and ongoing
maintenance of an effective risk management system within the financial institution
that is effective and proportionate to the nature, scale and complexity of the risks
inherent in the business.
As set out in CP14, supervisors are responsible for assessing bank compliance with the
Corporate Governance Code. In addition, the Operational Risk Assessment Methodology
which, as set out in EC1, is the principal assessment tool applied by the Central Bank,
directs supervisors to specifically assess the role of the Board of Directors and management
in defining, regularly reviewing and monitoring adherence to operational risk policies,
procedures and risk appetite. Guidance for assessing the core risk processes that should be
in place is also set out. In each case supervisors are provided with guidance to assess the
completeness of the firm’s framework, policies and process as well as guidance to assess
IRELAND
238 INTERNATIONAL MONETARY FUND
the quality of those components and their practical effectiveness. Criteria for specific
assessment of the role of the Board and management are also defined
EC3
The supervisor determines that the approved strategy and significant policies and
processes for the management of operational risk are implemented effectively by
management and fully integrated into the bank’s overall risk management process.
Description and
findings re EC3
The Operational Risk Assessment Methodology is premised on the need to assess the
practical substance of a firm’s Operational Risk Framework as well as the quality of its
design. Supervisors are provided with guidance on assessing the consistency and
robustness of the implementation of the framework and guided to take a clear view on its
effectiveness. This point of assessment is built into all components of the Methodology and
supervisors do assess and determine the effectiveness of strategy, policies and processes.
EC4
The supervisor reviews the quality and comprehensiveness of the bank’s disaster recovery
and business continuity plans to assess their feasibility in scenarios of severe business
disruption which might plausibly affect the bank. In so doing, the supervisor determines
that the bank is able to operate as a going concern and minimize losses, including those
that may arise from disturbances to payment and settlement systems, in the event of
severe business disruption.
Description and
findings re EC4
The Operational Risk Assessment Methodology defines taxonomy of different operational
risk types in line with Basel II categories. For each risk type, supervisors are provided with
guidance to assess the inherent risk exposure, the quality and effectiveness of controls and
mitigants and residual exposure. Specific guidance is provided to help supervisors
understand where risks are liable to manifest in the firm, the functions within the firm that
should be addressing those risks and the types of controls and mitigants that should be in
place. Supervisors are required to set out their judgment of each risk in the scope of their
assessment and, for consistency and comparability, a common mechanism for rating each
risk type from inherent to residual risk is set out.
A range of different Business Continuity Management and Disaster Recovery type risks are
identified (IT/Communications failure; damage to physical assets; industrial relations
disputes; etc.) in the taxonomy. Clear guidance is provided (as described above) to enable
supervisors develop a view of the robustness of Firm’s provisions and mechanisms to
prevent and recover from disruption. That guidance has been developed in line with known
best practice and standards in the financial services industry and includes provisions
concerning Business Continuity Management and Disaster Recovery organization,
contingency planning and testing.
Specific provisions for the assessment of payment and settlements systems are included in
the revised (Q1 2013) version of the assessment methodology.
EC5
The supervisor determines that banks have established appropriate information technology
policies and processes to identify, assess, monitor and manage technology risks. The
supervisor also determines that banks have appropriate and sound information technology
infrastructure to meet their current and projected business requirements (under normal
circumstances and in periods of stress), which ensures data and system integrity, security
and availability and supports integrated and comprehensive risk management.
Description and The CBI has engaged a third party provider, to assist in the development of an assessment
methodology and framework for reviewing the IT capability of Irish licensed credit
IRELAND
INTERNATIONAL MONETARY FUND 239
findings re EC5 institutions.
The Risk Taxonomy and risk assessment guidance within the Operational Risk Assessment
Methodology identifies a range of risk types related to Information Technology. Specific
risk types concerning the robustness of IT systems, data integrity, disaster recovery, and
information security have been identified along with the guidance to enable supervisors to
effectively assess those risks and related controls and mitigants. Further, assessment of the
robustness of the firm's IT infrastructure is identified as a ‘priority risk’ within the
Methodology meaning that it should form part of any full assessment undertaken.
Particular emphasis is placed on analyzing the complexity of systems and related business
operations and any potential fragilities that exist.
EC6
The supervisor determines that banks have appropriate and effective information systems
to:
(a) monitor operational risk;
(b) compile and analyze operational risk data; and
(c) facilitate appropriate reporting mechanisms at the banks’ Boards, senior
management and business line levels that support proactive management of
operational risk.
Description and
findings re EC6
The Assessment Methodology aims to enable a supervisor assess the robustness of a firm’s
Operational Risk MI and supporting systems across a number of dimensions:
- The adequacy and robustness of a technology supporting a firm’s bottom-up risk
processes;
- A firm’s ability to monitor operational risk levels across key areas of exposure;
- A firm’s ability to capture loss events and near miss events; and
- The quality of a firm’s internal MI for management, Operational Risk/ Risk
Committees and the Board itself.
Key areas of assessment focus include:
- Risk and Control Self-Assessment toolset (or equivalent). Specific assessment criteria
are set for such tools and surrounding processes.
- Loss Capture Database. Again Supervisors are provided with guidance to assess the
robustness of loss data capture and the processes and procedures underpinning
same.
- Operational risk MI and metrics – Specific guidance is provided in terms of assessing
both completeness and quality and, importantly, in terms of assessing the
appropriate use of information generated (effectiveness).
In addition to assessing the robustness of these tools, supervisors utilize the information
they hold to support assessment of a banks operational risk profile and the quality and
effectiveness of its operational risk management.
As set out in EC1, supervisors carry out assessments as part of the annual FRR, as part of
the cycle of Financial Risk Assessments and as bank and external factors dictate (i.e. when
operational risks levels are elevated due to significant events or near misses and/or when
external factors increase operational risk exposure).
EC7 The supervisor requires that banks have appropriate reporting mechanisms to keep the
IRELAND
240 INTERNATIONAL MONETARY FUND
supervisor apprised of developments affecting operational risk at banks in their
jurisdictions.
Description and
findings re EC7
Firms are required to report Operational Risk Capital levels (and as required the underlying
analyses including operational risk events and developments driving those capital
assessments) to the Central Bank. A new operational risk reporting framework which
requires both quarterly and semi-annual reporting to the CBI has been implemented.
Reporting requirements will provide supervisors with structured information and data
concerning banks operational risk exposure and management and will enable supervisors
to cross-compare and benchmark banks.
EC8
The supervisor determines that banks have established appropriate policies and processes
to assess, manage and monitor outsourced activities. The outsourcing risk management
programme covers:
(a) conducting appropriate due diligence for selecting potential service providers;
(b) structuring the outsourcing arrangement;
(c) managing and monitoring the risks associated with the outsourcing arrangement;
(d) ensuring an effective control environment; and
(e) establishing viable contingency planning.
Outsourcing policies and processes require the bank to have comprehensive contracts
and/or service level agreements with a clear allocation of responsibilities between the
outsourcing provider and the bank.
Description and
findings re EC8
The CBI has in place specific standalone guidelines to assess new outsourcing
arrangements put in place by banks (and the contracts underlying same) and the processes
involved in third-party selection (in line with EBA guidelines). The Operational Risk
Assessment Methodology includes specific assessment provisions (also in line with EBA
guidelines and other best practice) to enable supervisors to determine that banks are
effectively considering, and putting in place procedures to manage and monitor, the risks
associated with outsourcing deals and that adequate (bank and provider) contingency
arrangements exist to assure business continuity in the event that the third party provider
encounters operational difficulties in delivering against their commitments to the bank. The
Methodology also provides guidance on the types of measures (Service Level Agreements,
etc.) that supervisors should expect to see in place in banks for the ongoing management
and monitoring of service and operational quality.
Additional
criteria
AC1 The supervisor regularly identifies any common points of exposure to operational risk or
potential vulnerability (e.g. outsourcing of key operations by many banks to a common
service provider or disruption to outsourcing providers of payment and settlement
activities).
Description and
findings re AC1
The Assessment Methodology specifically identifies a range of priority risk types that
supervisors should consider in full assessments. This group of items reflects the Central
Bank’s view of risks that are currently prevalent across the industry and so merit specific
attention. It is intended that the list of priority risks will be reviewed and revised at least
annually (including the Q1 2013 revision of the Methodology).
IRELAND
INTERNATIONAL MONETARY FUND 241
As set out in EC1, supervisors carry out assessments as part of the annual FRR, as part of
the cycle of Financial Risk Assessments and as bank and external factors dictate (i.e. when
operational risks levels are elevated due to significant events or near misses and/or when
external factors increase operational risk exposure).
Assessment of
Principle 25
Largely Compliant
Comments A detailed operational risk policy has been implemented and a number of onsite reviews
conducted. A report to be filed by banks has been implemented and the first reports are to
be filed as of September 30, 2013. Effectiveness and adequacy of monitoring cannot be
fully assessed at this review due to the recent implementation of the report that will play an
important role in monitoring compliance.
Principle 26 Internal control and audit. The supervisor determines that banks have adequate internal
control frameworks to establish and maintain a properly controlled operating environment
for the conduct of their business taking into account their risk profile. These include clear
arrangements for delegating authority and responsibility; separation of the functions that
involve committing the bank, paying away its funds, and accounting for its assets and
liabilities; reconciliation of these processes; safeguarding the bank’s assets; and appropriate
independent
63
internal audit and compliance functions to test adherence to these controls
as well as applicable laws and regulations.
Essential criteria
EC1
Laws, regulations or the supervisor require banks to have internal control frameworks that
are adequate to establish a properly controlled operating environment for the conduct of
their business, taking into account their risk profile. These controls are the responsibility of
the bank’s Board and/or senior management and deal with organizational structure,
accounting policies and processes, checks and balances, and the safeguarding of assets
and investments (including measures for the prevention and early detection and reporting
of misuse such as fraud, embezzlement, unauthorized trading and computer intrusion).
More specifically, these controls address:
(a) organizational structure: definitions of duties and responsibilities, including clear
delegation of authority (e.g. clear loan approval limits), decision-making policies and
processes, separation of critical functions (e.g. business origination, payments,
reconciliation, risk management, accounting, audit and compliance);
(b) accounting policies and processes: reconciliation of accounts, control lists,
information for management;
(c) checks and balances (or “four eyes principle”): segregation of duties, cross-checking,
dual control of assets, double signatures; and
(d) safeguarding assets and investments: including physical control and computer access.
63
In assessing independence, supervisors give due regard to the control systems designed to avoid conflicts of
interest in the performance measurement of staff in the compliance, control and internal audit functions. For
example, the remuneration of such staff should be determined independently of the business lines that they oversee.
IRELAND
242 INTERNATIONAL MONETARY FUND
Description and
findings re EC1
The CRD sets out broad requirements that set the platform for a bank’s internal control
framework. Under Article 22 of EU Directive 2006/4/EC banks are required to have
“transparent and consistent lines of responsibility, effective processes to identify, manage,
monitor and report the risk it is exposed to, and adequate internal control mechanisms,
including sound administrative and accounting procedures.”
Section 16 of S.I.395 of 1992 transposes the EC (Licensing and Supervision of Credit
Institutions) Regulations 1992. It requires that “every credit institution authorised by the
Central Bank shall manage its business in accordance with sound administrative and
accounting principles and shall put in place and maintain internal control and reporting
arrangements and procedures to ensure that the business is so managed.” Section 16 of
S.I.395 of 1992 also requires that “every credit institution shall have robust governance
arrangements including:
(a) a clear organisational structure with well defined, transparent and consistent lines of
responsibility;
(b) effective processes to identify, manage, monitor and report the risks it is or might be
exposed to;
(c) adequate internal control mechanisms;
(d) sound administrative and accounting procedures; and
(e) remuneration policies and practices that are consistent with and promote sound and
effective risk management.
Every credit institution shall ensure that the arrangements, processes and mechanisms
referred to (above) are comprehensive and proportionate to the nature, scale and complexity
of the activities of the institution.”
The Central Bank’s Corporate Governance Code requires banks to have “adequate internal
control mechanisms, including sound administrative and accounting procedure, IT systems
and controls, remuneration policies and practices that are consistent with and promote sound
and effective risk management” (Section 6.3).
Through the interaction of the Code and regulations, the Central Bank requires banks to
have internal control frameworks that are adequate for the operating environment.
Section 12.1 of the Code is the most specific requirement in relation to the role of the
Board which states that the board of each institution is responsible for:
- the effective, prudent and ethical oversight of the entity;
- setting the business strategy for the institutions; and
- ensuring that risk and compliance are properly managed in the
institution.
The Code and Regulations do not necessarily specify the full responsibilities of the Board in
relation to all aspects of this EC (a) – (c), nonetheless, the Regulations do require the
controls to be in place and in conjunction with the Code requires the Board to be generally
responsible for the prudential oversight of the institution.
Where the Central Bank considers that a credit institution does not have an appropriate
balance of skills and resources of back office, control and operational management, it has
the power to require credit institutions to comply with deficiencies in its compliance with
the CRD via Regulation 70 of S.I.661 of 2006. Also, through the Central Bank’s power to
place conditions on specific banking licenses (Section 10 of the Central Bank Act 1971), it
IRELAND
INTERNATIONAL MONETARY FUND 243
can require a credit institution to provide a greater balance in the skills and resources of
the back office, control functions and operational management relative to the business
origination units.
EC2
The supervisor determines that there is an appropriate balance in the skills and resources
of the back office, control functions and operational management relative to the business
origination units. The supervisor also determines that the staff of the back office and
control functions have sufficient expertise and authority within the organization (and,
where appropriate, in the case of control functions, sufficient access to the bank’s Board) to
be an effective check and balance to the business origination units.
Description and
findings re EC2
The Corporate Governance Code (section 14.5) requires the Boards of credit institutions to
ensure that key control functions such as risk management are independent of business
units and have adequate resources and authority to operate effectively. Credit Institutions
submit a compliance statement to the Central Bank annually identifying any deviation from
the Code. Supervisors assess compliance with Section 14.5 through day-to-day supervision,
receipt and review of the ICAAP portals followed by a SREP full risk assessment, and via the
review of credit institutions’ annual compliance statements.
The Central Bank has recently developed guidance for supervisors to assist in assessing the
balance between back office/control and front office/business functions. The guidance has
assisted supervisors making their assessments of staff in control functions.
Supervisors typically receive and review Post-Audit Reports and Management Letter
Reports written up by external auditors annually. These reports highlight internal control
and management reporting observations which are used by supervisors to identify
weaknesses, with potential follow up with the credit institution. These external audits also
review and sample, inter alia, accounting policies, processes, checks and balances,
reconciliation of accounts, control lists, segregation of duties, cross-checking, and sign-offs.
As per PRISM requirements, supervisors meet with credit institutions’ CFO (at a minimum
annually for High Impact firms, and every 18 months for Medium High Impact firms). This
engagement will discuss, inter alia, the finance function, its access to the board, and its
expertise and authority within the organisation. PRISM also requires supervisors to
periodically meet with the Head of Internal Audit, external auditors and a senior non-
executive director, all of which would discuss bank controls and operational management.
Supervisors for High Impact and Medium High Impact credit institutions review Board and
governance forum packs and minutes on a monthly or quarterly basis to monitor internal
controls. The review of Medium Low Impact credit institutions depends on the frequency of
Board meetings and the business activity of the bank and review of packs ranges from
monthly to bi-annually.
In addition to reporting of breaches that banks are required to submit to the Central Bank,
supervisors will perform onsite reviews, with a minimum frequency determined by PRISM.
Supervisors will go beyond the minimum engagement model when required as evidenced
through the attention dedicated to the major banks (i.e. High Impact). The onsite review -
such as a Full Risk Assessment (FRA) or a Financial Risk Review (FRR) - will provide the
supervisor the opportunity to make an accurate and comprehensive assessment of the
skills, resourcing and authority of the back office in relation to the front office.
The Central Bank has demonstrated sound practices to evaluate the effectiveness of a
IRELAND
244 INTERNATIONAL MONETARY FUND
bank’s internal control functions through an appropriate mix of offsite and onsite activities.
For Medium Low impact banks supervisors make judgments on the internal control
functions based on interactions with the firms including meetings with the Senior
Management Team – CRO and CFO at a minimum every 18 months and ongoing
interaction with finance and compliance functions. Supervisors also review internal audit
reports on liquidity and ICAAP on an annual basis. Supervisors may request internal audit
to complete work on specific risk areas and depending on the quality of response we will
make a judgment on effectiveness.
For those banks where the impact rating is below Medium High, supervisor will typically
rely upon self identification mechanisms, exception reporting and adverse triggers of non-
compliance with the Code or Regulations as the most likely sources of identifying
weaknesses in the effectiveness in control functions. Engagement with bank senior
management such as the CRO, CFO, Head of Internal Audit will not typically be undertaken
(unless where risks have been identified) to test and challenge the skills and resources of
back office functions as an effective means of performing a check and balance to the
business units. For the lower impact rated institutions, the Central Bank deploys a
significantly reduced range of supervisory activities to assess a bank’s control functions i.e.
desk top review of self annual compliance statement. The Central Bank does not require a
bank to have an Internal Audit function and in the case of lower Impact banks, there is the
option to utilise the services of a Group IA function. While the Central Bank does not
specifically require banks to have an Internal Audit function, all Irish licensed banks either
have a local internal audit function or are explicitly covered by the group internal audit
function.
EC3
The supervisor determines that banks have an adequately staffed, permanent and
independent compliance function
64
that assists senior management in managing effectively
the compliance risks faced by the bank. The supervisor determines that staff within the
compliance function are suitably trained, have relevant experience and have sufficient
authority within the bank to perform their role effectively. The supervisor determines that
the bank’s Board exercises oversight of the management of the compliance function.
Description and
findings re EC3
There is no specific requirement within the Corporate Governance Code or Regulations for
banks to maintain a permanent compliance function, however, the Central Bank applies the
EBA Guidelines on Internal Governance (GL44) in which Section 28 requires credit
institutions to establish a compliance function, and to implement a compliance policy
which should be communicated to all staff. It states that “in smaller and less complex
institutions this function may be combined with or assisted by the risk control or support
functions.” It requires that the “compliance function should ensure that the compliance
policy is observed and reported to the management body.” It also states that “the
compliance function should verify that new products and new procedures comply with the
current legal environment and any forthcoming changes.” GL44 is not binding in Irish law
but the Central Bank has communicated to credit institutions that it requires full
compliance. The Central Bank is currently codifying GL44, with a due date of 2013
(dependent on binding technical standards).
64
The term “compliance function” does not necessarily denote an organizational unit. Compliance staff may reside in
operating business units or local subsidiaries and report up to operating business line management or local
management, provided such staff also have a reporting line through to the head of compliance who should be
independent from business lines.
IRELAND
INTERNATIONAL MONETARY FUND 245
Through ongoing engagement with credit institutions, the Central Bank determines
whether banks have an adequately staffed, permanent and independent compliance
function that assists senior management in managing effectively the compliance risks faced
by the bank.
Irish licensed, High Impact and Medium High Impact banks have compliance functions in
place; Medium Low Impact banks typically have a compliance officer in place.
The Corporate Governance Code (section 14.5) requires the Board to ensure that key
control functions such as compliance are independent of business units and have adequate
resources and authority to operate effectively. At a minimum, Credit Institutions are
required to submit a compliance statement to the Central Bank annually identifying any
deviation from the Code which is reviewed by supervisors.
The Central Bank assesses the fitness and probity of incoming Heads of Compliance
through the Fitness and Probity Standards 2011 and the Central Bank Reform Act 2010.
Under the Code, the Head of Compliance is deemed to be “Pre-approval Control Function”
(PCF12), which requires the pre-approval by the Central Bank prior to appointment. The
process of approval/non-approval entails a desk-top review of the applicant’s CV,
education and experience, previous regulatory/criminal history. Applicants for such
positions will be interviewed by the Central Bank as deemed necessary. This is carried out
by the Central Bank’s Regulatory Transactions Division in conjunction with Banking
Supervision.
The assessment of the suitability of a compliance function is typically performed through
the course of a FRR/FRA, where supervisors would meet with the Head of Compliance,
review any relevant documents, including the compliance policy, terms of reference,
compliance plan, organisational charts, resourcing analyses, in addition to compliance
updates provided to senior management and the bank’s board. Routine monitoring of a
bank’s compliance function is also performed through review of board packs and the firm’s
Annual Compliance Statement in accordance with Section 25 of the Corporate Governance
Code for Credit Institutions and Insurance Undertakings, which is signed off by members of
the bank’s board.
Supervisory teams for High Impact banks have regular engagement, typically quarterly,
with the Head of Compliance to review, inter alia, regulatory issues, the progress of RMP
and any other compliance issues. This ongoing engagement would also inform the
supervisory assessment of the effectiveness, independence and adequacy of resourcing of
the compliance function. These engagements with the higher impact banks was evidenced
to be not only frequent but intrusive and challenging.
The lower Impact banks will also not typically receive ongoing engagement but will be
subject to periodic assessment, desk review and exception reporting.
EC4
The supervisor determines that banks have an independent, permanent and effective
internal audit function
65
charged with:
65
The term “internal audit function” does not necessarily denote an organizational unit. Some countries allow small
banks to implement a system of independent reviews, e.g. conducted by external experts, of key internal controls as
an alternative.
IRELAND
246 INTERNATIONAL MONETARY FUND
(a) assessing whether existing policies, processes and internal controls (including risk
management, compliance and corporate governance processes) are effective,
appropriate and remain sufficient for the bank’s business; and
(b) ensuring that policies and processes are complied with.
Description and
findings re EC4
Through ongoing engagement and themed inspections with credit institutions, the Central
Bank determines if banks have an adequately staffed, permanent and independent internal
audit function.
Supervisors assess compliance with the audit requirements of the Corporate Governance
Code through day-to-day supervision, receipt and review of the ICAAP portal followed by a
FRR/FRA, and via the review of credit institutions’ annual compliance statements.
There is not an explicit legal requirement stating that banks must have an internal audit
function or to appoint a Head of Internal Audit. The Central Bank does however have the
power to require credit institutions to comply with deficiencies in its compliance with the
CRD via Regulation 70 of S.I. 661 of 2006. Also, through the Central Bank’s power to place
conditions on specific banking licences (Section 10 of the Central Bank Act 1971), it can
require a credit institution to have an independent, permanent and effective internal audit
function.
Notwithstanding the above, all High Impact licenced banks in Ireland have a local internal
audit function in place. Medium High Impact and Medium Low Impact banks are permitted
to rely on the internal audit function of their parent. In High Impact banks, the Head of
Internal Audit is permanent and independent position.
High Impact credit institutions are required to establish an audit committee (Section 18.1 of
the Corporate Governance Code). Medium High Impact and Medium Low Impact credit
institutions may in certain circumstances rely on the board to act as an audit committee, or
if it is part of a wider group, it may rely on a group audit committee. Some Medium High
Impact banks and some Medium Low Impact banks rely on their parent’s internal audit
function.
The Corporate Governance Code (Section 19) stipulates general requirements of the audit
committee such as :
o the circulation of meeting agendas;
o detailed minutes of meetings;
o the appointment of audit committee members;
o the attendance at audit committee meetings;
o the review of audit committee membership; and
o the reporting of the audit committee to the board.
The Central Bank applies the EBA Guidelines on Internal Governance (GL44).
? Section 29 requires that the internal audit function “shall assess whether the quality
of an institution’s control framework is both effective and efficient.” It states that “the
internal audit function should have unfettered access to relevant document and
information in all operational and control units.” It adds that “the internal audit
function should evaluate the compliance of all activities and units of an institution
with its policies and procedures.”
IRELAND
INTERNATIONAL MONETARY FUND 247
? Section 29 requires that internal audit is not combined with any other function, and
that it “should assess whether existing policies and procedures remain adequate and
comply with legal and regulatory requirements.” It states that “internal audit work
should be performed with an audit plan and detailed audit programs following a risk
based approach. It states that “the audit plan should be approved by the audit
committee or the management body.” It adds that “internal audit should report
directly to the management body and or its audit committee its findings and
suggestions for material improvements to internal controls.”
? Finally, “all audit recommendations should be subject to a formal follow-up procedure
by the respective levels of management to ensure and report their resolution.” GL44 is
not binding in Irish law but the Central Bank has communicated to credit institutions
that it requires full compliance.
For High Impact and Medium High Impact banks, supervisors are required to meet with
internal audit at least annually. Additionally, PRISM requires supervisors of High Impact and
Medium High Impact firms to meet with a senior non-executive director every year.
Medium Low Impact firm supervisors are required to meet with a senior non-executive
director every 18 months. If a risk is identified, or a supervisor determines the need, internal
audit will be more actively assessed.
The Central Bank has also carried out a review of the Effectiveness of Internal Audit
Functions in 2011. The objective of the review was as follows:
1. To assess whether the internal audit function was fulfilling its pivotal role as
the so-called “third line of defence” within a credit institution in carrying out
independent evaluation and validation of the system of internal controls
through risk-based audit procedures; and whether, in turn, the Central Bank is
able to place reliance on this function;
2. To provide feedback/observations in the form of a letter to the industry on
findings from the review based on conclusions drawn from the examination
of the institutions selected for inclusion in the review and to issue a press
release;
3. To inform the development of the Central Bank’s supervisory framework in
relation to internal governance.
The review covered 11 credit institutions and 11 insurance undertakings. Overall the review
findings demonstrated that, at that time, institutions were broadly in line with Good
Practice Standards. In 9 of the 11 credit institutions covered within the scope of the review,
it was concluded that the Central Bank can place reliance on the Internal Audit Function to
fulfil adequately its pivotal role as a “third line of defence” within the institution to
independently evaluate and validate the system of internal controls through risk-based
audit procedures.
EC5
The supervisor determines that the internal audit function:
(a) has sufficient resources, and staff that are suitably trained and have relevant
experience to understand and evaluate the business they are auditing;
(b) has appropriate independence with reporting lines to the bank’s Board or to an audit
committee of the Board, and has status within the bank to ensure that senior
management reacts to and acts upon its recommendations;
(c) is kept informed in a timely manner of any material changes made to the bank’s risk
IRELAND
248 INTERNATIONAL MONETARY FUND
management strategy, policies or processes;
(d) has full access to and communication with any member of staff as well as full access
to records, files or data of the bank and its affiliates, whenever relevant to the
performance of its duties;
(e) employs a methodology that identifies the material risks run by the bank;
(f) prepares an audit plan, which is reviewed regularly, based on its own risk assessment
and allocates its resources accordingly; and
(g) has the authority to assess any outsourced functions.
Description and
findings re EC5
As part of the Central Bank’s Financial Risk Reviews, carried out annually for High Impact
banks and Full Review Assessments once every two years for Medium High Impact Banks,
banks’ compliance with the EC5 (a) requirement (for internal audit to have sufficient
resources that are suitably experienced and trained) is assessed through desk-top reviews
of staffing levels at internal audit functions, reviews of internal audit reports, and interviews
with the head of internal audit. Supervisors High and Medium High banks meet with the
head of internal audit annually (for High Impact) and biennially (for Medium High Impact)
and internal audit staffing is discussed.
Supervisors review the banks’ annual audit plans and completion (or not) of the plan.
As part of Full Review Assessments, supervisors assess banks’ compliance with EC5(b) and
the general governance and reporting lines of internal audit to the Board - Supervisors
require internal audit functions to report directly to the board and not to line of business
heads.
Banks’ compliance with EC5(c) is assessed by the Central Bank through periodic meeting
with the Head of Internal Audit (for High Impact and Medium High Impact banks).
Supervisors typically require internal audit to periodically review the bank’s risk
management strategy, policies and processes, and report on these to the internal Audit
Committee and/or Board.
Banks’ compliance with EC5(d) is assessed by the Central Bank through a desktop review
(for High Impact and Medium High Impact banks) of internal audit terms of reference to
ensure that internal audit has full access to and communication with any member of staff
as well as full access to records.
Banks’ compliance with EC5(e) is assessed by the Central Bank through periodic meeting
with the Head of Internal Audit (for High Impact and Medium High Impact banks).
Supervisors typically require that internal audit completes an annual audit plan which is
typically based on its assessment of the material risks and controls.
For High Impact and Medium High Impact banks, banks’ compliance with EC5(f) is assessed
through desktop reviews of annual audit plans, sufficiency of internal audit resources to
complete the audit plan, and assessments of how much of audit plans are actually
completed. Additionally, for High Impact banks, supervisors periodically meet with the
Head of Internal Audit to discuss amongst other things the audit plan.
The supervisory teams covering High Impact and Medium High Impact credit institutions
IRELAND
INTERNATIONAL MONETARY FUND 249
(except in the case of one High Impact bank which only receives audits which receive a
“non-satisfactory” rating) require banks to provide them with all internal audit reports and
will follow up, particularly where weaknesses are identified.
For Medium Low Impact credit institutions, there is no requirement to meet with the Head
of Internal Audit; however, this can be arranged as and when SREP/FRAs are completed.
The quality of internal audit arrangements for these firms is considered within the firm’s
Governance Risk rating, and in so doing supervisors must consider the quality of a bank’s
group Internal Audit structures where these are relied upon.
Additionally, supervisors also review Audit Committee packs periodically.
The Central Bank demonstrated several examples of onsite and offsite activities to assess
the effectiveness of the internal audit function, some routine and others more ad hoc used
to good effect. The examples demonstrated the ability of the supervisor to ensure banks
had adequate control functions commensurate with the risk profile of the operations and
where necessary to take action.
Assessment of
Principle 26
Largely compliant
Comments The Central Bank determines whether banks have adequate internal control mechanisms
and robust governance arrangements in place through a range of activities, both routine
and ad hoc. For the High Impact banks (which represent the bulk of retail assets),
supervisors maintain an awareness of the activities in each of the key business units and are
able to assess the inherent risk profile and undertake assessments of the control
environment. The Central Bank evidenced several examples of onsite and offsite activities
to assess the effectiveness of the internal audit function. The examples demonstrated the
ability of the supervisor to ensure banks had adequate control functions commensurate
with the risk profile of the operations and where necessary to take action.
For banks with an Impact rating below Medium High, the supervisory activities to assess
the effectiveness of the internal control function will rely upon periodic assessment (i.e. Full
Risk Assessment), desk based review of exception reporting.
While there is also no explicit legal/regulatory requirement for banks to establish an
internal audit function or appoint a head of internal audit, the Central Bank can require that
a function or head of Internal Audit be put in place by means of a license condition.
However, in practice, all Irish licensed banks either have a local Internal Audit function or
are covered by a group Internal Audit function.
Principle 27 Financial reporting and external audit. The supervisor determines that banks and
banking groups maintain adequate and reliable records, prepare financial statements in
accordance with accounting policies and practices that are widely accepted internationally
and annually publish information that fairly reflects their financial condition and
performance and bears an independent external auditor’s opinion. The supervisor also
determines that banks and parent companies of banking groups have adequate
governance and oversight of the external audit function.
Essential criteria
IRELAND
250 INTERNATIONAL MONETARY FUND
EC1
The supervisor
66
holds the bank’s Board and management responsible for ensuring that
financial statements are prepared in accordance with accounting policies and practices that
are widely accepted internationally and that these are supported by recordkeeping systems
in order to produce adequate and reliable data.
Description and
findings re EC1
Credit institutions in Ireland are subject to the requirements of the Companies Acts 1963 to
2012 in respect of financial reporting. Banks are required to prepare financial statements in
accordance with accounting policies and practices as per the Companies Act (Section 202).
It is within the Companies Act that responsibilities for the preparation of financial
statements reside and there is no specific provision in this regard in the Central Bank’s
powers.
In addition to the Companies Acts requirements the Central Bank through Section 21.6(d)
of the Corporate Governance Code holds the bank’s Board responsible for preparation of
financial statements. The Code sets out that it is the responsibility of the Audit Committee
to review any financial announcements and reports and recommend to the board whether
to approve the institution’s annual accounts (including, if relevant the group accounts).
All publicly quoted EU incorporated companies must prepare their consolidated financial
statements in accordance with IFRS as endorsed by the European Commission. The relevant
legislation regarding IFRS is S.I. 116 of 2005 (the requirements regarding preparation of
financial statements are generally found within the Companies Acts). In other instances
there is a choice whether to prepare accounts based on IFRS or Irish generally accepted
accounting principles (GAAP). The relevant legislation is Part V of the Companies Act 1963,
(particularly sections 148 to 150C inclusive, which deal with requirements regarding both
Individual (parent company) and Group accounts under either IFRS or local GAAP).
In accordance with Section 202 of the Companies Act 1990 management of the company is
responsible for the preparation of the Books of Account. The Books of Account must:
? Correctly record and explain the transactions of the company;
? Enable the financial position of the company to be determined with reasonable
accuracy at any time;
? Enable the directors to ensure that the annual financial statements comply with the
requirements of the Companies Acts 1963 to 2012, and relevant accounting
standards;
? Enable the annual financial statements of the company to be readily and properly
audited;
? Be kept on a continuous and consistent basis and entries should be made in a timely
manner and should be consistent from one year to the next;
? Give a true and fair view of the state of affairs of the company and explain its
transactions; and
? Be kept in written form or in other form that may be readily accessible and
convertible into written form.
The Books of Account must contain:
? Entries of all monies received and expended by the company and the matters in
66
In this Essential Criterion, the supervisor is not necessarily limited to the banking supervisor. The responsibility for
ensuring that financial statements are prepared in accordance with accounting policies and practices may also be
vested with securities and market supervisors.
IRELAND
INTERNATIONAL MONETARY FUND 251
respect of which the receipts and expenditure takes place;
? A record of all assets and liabilities of the company; and
? Further specific information depending on whether the company’s business involves
dealing with goods or the provision of services.
Companies within Ireland have the option of preparing “Companies Act Individual
Accounts” (section 149 of the Companies Act, 1963) or financial accounts under the
requirements of the IFRS (section 149A of the Companies Act, 1963).
Companies Act Individual Accounts may be prepared using Generally Accepted Accounting
Standards in UK and Ireland, as issued by theFinancial Reporting Council (FRC), which have
largely converged with IFRS.
Section 5(1) of S.I. 294 of 1992 European Communities (Credit Institutions: Accounts)
Regulations (CI Accounts Regulations) similarly requires that credit institutions prepare
financial statements under section 149 of the Companies Act 1963 as modified by the CI
Accounts Regulations or IFRS.
Under Section 205A of the Companies Act 1990 Irish companies are required to include a
statement as to whether the financial statements have been prepared in accordance with
applicable accounting standards, and that where there is any material departure from
applicable accounting standards, the effect of the departure and the reasons for it are
noted in the individual accounts and, where relevant, in the group accounts. Where a
company fails to comply with these requirements, each company or other entity that forms
all or part of that undertaking is guilty of an offence.
Banking Supervision correspond with all credit institutions (generally during Q2) seeking
certain information, including copies of audited financial statements. Financial statements
are not reviewed to determine compliance with IFRS/local GAAP, as this is assumed from
sign-off by external auditors, and IAASA is the competent authority for enforcing
accounting standards in Ireland in accordance with the Transparency Directive regulations.
Nevertheless, issues of concern with the accounts can be raised with the auditors as
required.
While the Central Bank has no stipulations in relation to the preparation of financial
statements and the application of accounting practices, through its supervision it will hold
banks to the standards established in the Companies Act.
EC2
The supervisor holds the bank’s Board and management responsible for ensuring that the
financial statements issued annually to the public bear an independent external auditor’s
opinion as a result of an audit conducted in accordance with internationally accepted
auditing practices and standards.
Description and
findings re EC2
The requirement that the Board and management be responsible for ensuring that financial
statements are issued annually to the public and bear an independent auditor’s opinion in
accordance with internationally accepted auditing standards is set out in the Companies
Act 1963 rather than a requirement set out by the Central Bank.
Under Section 148(1) of the Companies Act 1963 the directors of every company shall on a
date not later than 18 months after the incorporation of the company and subsequently
once at least in every calendar year prepare accounts for the company for each financial
year (to be known and in this Act referred to as ‘individual accounts’). These accounts are
IRELAND
252 INTERNATIONAL MONETARY FUND
required to be laid before the members of the company in the AGM for inspection under
Section 159(1).
Under sections 193(1) and (2) of the Companies Act 1990 the auditor of a company shall
make a report to the members of the company on the individual accounts examined by
them and all group accounts, and shall be read at the annual general meeting of the
company and shall be open to inspection by any member.
Section 13 of S.I. 294 of 1992 European Communities (Credit Institutions: Accounts)
Regulations (CI Accounts Regulations) requires that the auditor shall make a report in
accordance with section 193 of the Companies Act 1990 and that a bank shall not be
subject to an exemption from obtaining an audit.
Regulation 54(1) of The European Communities (Statutory Audits) (Directive 2006/43/EC)
Regulations 2010 (S.I. 220 of 2010) requires that all statutory audits are carried out in
accordance with international auditing standards.
The Financial Reporting Council (FRC) issues auditing standards, based on those standards
issued by the International Auditing and Assurance Standards Board, modified to take into
account legislative requirements within the UK and Ireland. These standards are referred to
as International Standards on Auditing (UK and Ireland) and are comparable to
International Standards on Auditing in all material respects.
International Standard on Auditing (UK and Ireland) 700, “The Auditors Report On Financial
Statements” (as revised in June 2013), requires the auditor to include a statement as to
whether the audit has been conducted in accordance with International Standards on
Auditing (UK and Ireland) as part of the auditor’s report.
EC3
The supervisor determines that banks use valuation practices consistent with accounting
standards widely accepted internationally. The supervisor also determines that the
framework, structure and processes for fair value estimation are subject to independent
verification and validation, and that banks document any significant differences between
the valuations used for financial reporting purposes and for regulatory purposes.
Description and
findings re EC3
The Central Bank, during both on-site and off-site reviews, assesses whether the valuations
used for regulatory purposes are reliable and prudent. Where the Central Bank determines
that valuations are not sufficiently prudent, the Central Bank requires the bank to make
adjustments to its reporting for capital adequacy or regulatory reporting purposes. Any
differences in valuation practices between the financial statements and prudential reporting
would be identified as part of the annual reconciliation process whereby credit institutions
are required to reconcile annual financial statements with key COREP and FINREP
templates.
The Central Bank would expect listed credit institutions to apply IFRS while non-listed
entities would be expected to apply a recognised standard (GAAP or IFRS). It should be
noted that credit institutions that use the standardised approach to calculate credit risk will
use valuations based on accounting standards. Credit institutions on the IRBA will use their
internal valuations to calculate credit risk.
Companies within Ireland have the option of preparing “Companies Act Individual
Accounts” (section 149 of the Companies Act, 1963) or financial accounts under the
IRELAND
INTERNATIONAL MONETARY FUND 253
requirements of the IFRS (section 149A of the Companies Act, 1963). Valuation
requirements, which are consistent under both reporting regimes, are subject to external
audit.
Credit institutions are required to file prudential returns based on the following:
? EBA guidelines on supervisory reporting (COREP – solvency; FINREP – financial
information; Large Exposures).
? The Central Bank of Ireland guidelines on supervisory reporting (Liquidity,
Impairment return, QSFR, Sectoral Return, Related Party Lending Return, etc.).
The FINREP return is based on the accounting standards used in the annual audited
financial statements. Classification of the different types of securities portfolios for FINREP
reporting purposes follow the same criteria both in terms of classification and valuation
rules as those applied in the annual financial statements, i.e. securities are allocated and
transferred across these portfolios in line with IFRS/ local GAAP.
When IFRS were introduced in Ireland in 2005, the Central Bank, in unison with other
banking regulators across Europe, required that ‘prudential filters’ be applied for regulatory
reporting purposes – the COREP returns incorporate these. Prudential filters are
adjustments to IFRS based figures required by Banking Supervisors to make IFRS based
numbers suitable for regulatory purposes. Prudential filters must also be applied to local
GAAP based figures as local GAAP have converged with IFRS. The Central Bank issued
letters to credit institutions on 24 December 2004, 21 July 2005 and 29 September 2005
advising them of Central Bank requirements for prudential filters. Letters were also issued
on 18 February 2009 regarding pensions and on 22 December 2006, 22 and 23 February
2007 regarding dividends.
EC4
Laws or regulations set, or the supervisor has the power to establish the scope of external
audits of banks and the standards to be followed in performing such audits. These require
the use of a risk and materiality based approach in planning and performing the external
audit.
Description and
findings re EC4
Section 193 of the Companies Act, 1990 sets out the scope of the external audit. Regulation
54(1) of The European Communities (Statutory Audits) (Directive 2006/43/EC) Regulations
2010 (SI220 of 2010) requires that all statutory audits are carried out in accordance with
international auditing standards.
The Financial Reporting Council (FRC) issues auditing standards, based on those standards
issued by the International Auditing and Assurance Standards Board, modified to take into
account legislative requirements within the UK and Ireland. These standards are referred to
as International Standards on Auditing (UK and Ireland) and are comparable to
International Standards on Auditing in all material respects.
The Central Bank currently does not have the power to formally establish the scope of an
external audit of a bank or to establish the standards to be followed in performing such
audits. In practice, the Central Bank has relied upon its supervisory efforts to influence the
scope of external audit with good effect.
Additionally if the CBI has a specific area of concern it can undertake one of the following:
? Carry out an on-site examination in the area of concern;
? Issue an RMP to the bank to rectify the situation. Such RMPs can also include the
requirement for the firm to initiate an independent assessment of the area of
IRELAND
254 INTERNATIONAL MONETARY FUND
concern; and/or
? Implement a skilled persons’ review of the area of concern.
Section 27E of CBA 1997 allows the Central Bank to commission a report from an auditor of
any regulated entity, or an affiliate of the auditor, on all or any of the following:
a) the regulated firm’s accounting or other records;
b) the systems (if any) that the regulated firm has in place to ensure that the firm acts
prudently in the interests of its members and the interests of those to whom the
firm provides financial services;
c) any other matter in respect of which the Central Bank requires information about the
firm, or the firm’s activities, to enable the Central Bank to perform a function
imposed on it by or under an Act.
Under Section 47(2) of the Central Bank Act, 1989 the auditor of a bank may be requested
to furnish a report on whether the bank has or has not complied with a specified obligation
of a financial nature under the Central Bank Acts.
Background information:
? In June 2011 the Central Bank communicated with the Irish Banking Federation (IBF),
Irish Insurance Federation (IIF) and Dublin International Insurance and Management
Association (DIMA) setting out a proposed response in relation the recommendation
by the Comptroller & Auditor General (C&AG). At the same time the Risk,
Governance and Accounting Policy Division established a working group with
relevant audit bodies and IAASA (‘the working group’). The working group has
focused on setting out a proposed framework for how auditors should provide
assurance on the internal governance arrangements of regulated entities. Significant
progress has been achieved in setting out and agreeing a workable and efficient
framework. Output to date includes the production of initial drafts of internal
governance guidance, guidance for auditors and an initial draft of the auditor’s
assurance report.
? With respect to the legal basis, Risk, Governance and Accounting Policy Division
sought to implement a generally applicable standing requirement on auditors in
respect of assurance over internal governance via an amendment to the Central
Bank Act, 1997. Powers have been included in the Central Bank (Supervision &
Enforcement) Act 2013.
In addition to the guidance for industry the Central Bank will, together with the working
group, develop specific guidance for Auditors in relation to the provision of assurance over
internal governance. At a minimum this guidance will set out:
? the scope and required form of reporting;
? the nature and extent of testing to be performed by the auditor; and
? communication protocols between the auditor and Central Bank in relation to
findings.
Skilled Persons’ Reports
Part 2 of the Central Bank (Supervision and Enforcement) Act 2013 provides the Central
Bank with the right, for the purposes of the proper and effective regulation of a financial
service provider, to request a report on any matter as required by the Central Bank. The
person preparing the report must be sufficiently skilled to prepare such reports and must
be nominated or approved by the Central Bank, and therefore the Central Bank is not
limited to only using the External Auditor to provide the report.
IRELAND
INTERNATIONAL MONETARY FUND 255
EC5
Supervisory guidelines or local auditing standards determine that audits cover areas such
as the loan portfolio, loan loss provisions, nonperforming assets, asset valuations, trading
and other securities activities, derivatives, asset securitizations, consolidation of and other
involvement with off-balance sheet vehicles and the adequacy of internal controls over
financial reporting.
Description and
findings re EC5
Local auditing standards and Practice Notes determine that audits cover the areas listed in
EC5.
The FRC issued Practice Note 19(I) The Audit of Banks in the Republic of Ireland in June
2008. The FRC publishes Practice Notes to provide additional guidance for auditors.
International Standards on Auditing (UK and Ireland) as issued by the FRC have general
application to all audits. Practice Notes assist auditors to apply these standards to
particular circumstances and industries. Practice Notes are persuasive rather than
prescriptive and are considered indicative of good auditing practice. The Practice Notes are
supplementary to the International Standards on Auditing (UK and Ireland).
The Irish PNs relevant to regulated entities were developed by the Accountancy Bodies in
Ireland, with advice and assistance from the Central Bank, under the auspices of the
Institute of Chartered Accountants in Ireland (ICAI). They were then issued by the FRC.
Other Engagement with Auditing Bodies
Additionally the Central Bank engages with the Consultative Committee of Accountancy
Bodies – Ireland (‘CCAB-I’) regarding issues of mutual interest to the Central Bank and
auditors, for example, proposed new requirements on auditors arising from EU Directives,
domestic legislation or Central Bank requirements and to assist auditors in the
development of guidance (Practice Notes, Miscellaneous Technical Statements, Information
Notes) to assist auditors of regulated entities.
CCAB-I comprises the Association of Chartered Certified Accountants, the Chartered
Institute of Management Accountants, the Institute of Certified Public Accountants and the
Institute of Chartered Accountants in Ireland.
Finally the Head of Risk, Governance and Accounting Policy Division is a member of the
APB’s Irish Stakeholders Group which was established by the FRC to communicate with
relevant stakeholders in Ireland.
Risk, Governance and Accounting Policy Division
The Head of the Risk, Governance and Accounting Policy Division of the Central Bank is a
member of the Board of IAASA.
In relation to auditing standards Risk, Governance and Accounting Policy Division seeks to:
? assess the implications of new auditing standards and legislation impacting on the
supervision of financial institutions and financial stability;
? influence debate during the course of the development of these standards and
legislation;
? monitor developments within Europe and internationally through participation at
EBA and IOSCO standing committees and working groups and provide briefings as
required on same;
? prepare discussion and consultation papers on key issues arising;
IRELAND
256 INTERNATIONAL MONETARY FUND
? proactively seek to develop policy initiatives which will result in more effective and
efficient regulation e.g. auditor assurance project;
? produce and maintain “Frequently Asked Questions” documents in order to provide
clarity in relation to key issues for the Central Bank; and
? provide technical advice, training and interpretation of issues to the supervision
teams within the Central Bank.
Supervisors, as part of the Auditor Protocol meetings would give their opinion with respect
to the adequacy of impairment provisioning levels or otherwise and request auditors to
take this into account.
EC6
The supervisor has the power to reject and rescind the appointment of an external auditor
who is deemed to have inadequate expertise or independence, or is not subject to or does
not adhere to established professional standards.
Description and
findings re EC6
The Central Bank does not have the power to remove an auditor. This power is reserved for
shareholders under company law. It is a matter for the Director of Corporate Enforcement
to enforce company law while IAASA is the ultimate oversight body responsible for
enforcing auditing standards. The Quality Assurance divisions of the Recognised
Accountancy Bodies (i.e. those Prescribed Accountancy Bodies whose members may be
recognised as auditors under companies legislation) also have a role in monitoring
auditors. The Central Bank requested that it be granted a power to remove an auditor of a
regulated firm within the Central Bank (Supervision and Enforcement) Bill 2011 but this was
rejected by the Department of Finance. While the Central Bank does not have the power to
remove an auditor from office immediately, the Central Bank is able to prevent an auditor
from being put in office and prevent the auditor from being reappointed in the next report
period.
The Central Bank has a power to veto the appointment or re-appointment of an auditor of
a bank or the filling of a casual vacancy of auditor. Section 46(2) of the Central Bank Act,
1989 provides that, where the Central Bank is of the opinion that it would not be in the
interest of depositors or of the ‘orderly and proper’ regulation of banking, the Central Bank
has the power to issue a Direction to the bank not to appoint or not to reappoint a named
person to the office of auditor, or the directors not to fill a casual vacancy with a named
person as auditor.
A credit institution is required to provide the Central Bank with at least 15 days’ notice prior
to filling the post of the auditor of the firm (Section 46(1) of the Central Bank Act 1989).
This power enables the Central Bank to direct the bank not to appoint the proposed
auditor.
Per Section 160(1) of the Companies Act, 1963, every company is required to appoint an
auditor or auditors to hold office from the conclusion of the AGM of the Company until the
conclusion of the next AGM of the Company. Whilst the Central Bank is not able to remove
an auditor from office during the year, the Central Bank is entitled to prevent the auditor
from being reappointed for the next reporting period thus effectively removing that
auditor from office.
The Central Bank is the central competent authority for the purposes of the Transparency
Directive, but IAASA has been designated as the competent authority for the purposes of
the financial reporting monitoring and enforcement role (i.e. Article 24(4)(h) of the
Directive). Thus, IAASA – through its Financial Reporting Supervision Unit – is responsible
IRELAND
INTERNATIONAL MONETARY FUND 257
for monitoring whether the periodic financial reporting (annual and half yearly reports) of
Issuers comply with framework requirements set out in the Directive as transposed into
Irish law and for taking appropriate action where non-compliance is identified.
If the Central Bank suspects that poor quality audits have been performed on a regulated
entity, there is a legal ‘gateway’ under which a complaint can be made to the relevant
Recognised Accountancy Body and to IAASA. Section 33AK(5)(w) of the Central Bank Act,
1942 provides the Central Bank with a legal ‘gateway’ to disclose confidential information
to the auditor of an individual supervised entity, subject to subsection 33(1), in accordance
with the Supervisory Directives.
Section 33AK(5)(x) of the Central Bank Act, 1942 provides the Central Bank with a similar
legal ‘gateway’ to disclose confidential information concerning auditors to ‘Oversight
Bodies’ i.e. the ‘Recognised Accountancy Bodies’ and IAASA. Note that this provision does
not extend to the ‘accountant’ members of the ‘Prescribed Accountancy Bodies’. It has
been used to lodge complaints regarding auditors to the Recognised Accountancy Bodies
who then assess the complaint in accordance with its own monitoring and disciplinary
procedures.
Although IAASA currently only carries out an oversight role over the Prescribed
Accountancy Bodies, it has the power under existing legislation to intervene in the
investigation and disciplinary procedures of the Prescribed Accountancy Bodies. IAASA has
the power under Section 23 of the Companies (Auditing and Accounting) Act 2003 to
conduct its own enquiries following the receipt of a complaint or on its own initiative. It has
the power under Section 24 of the Companies (Auditing and Accounting) Act 2003 to
conduct its own investigations if, in its opinion, it is appropriate or in the public interest to
do so. IAASA has carried out enquiries in the past but there is no public information
available on any Investigations that may be in progress.
There is no evidence that the Central Bank has used its power to veto the appointment of
an auditor in the past. Neither has it taken legal action against external auditors for
negligence relating to a poor quality audit, because the Central Bank has no jurisdiction
regarding the oversight of auditors – if there is a suspicion of a poor quality audit the
Central Bank has a legal gateway (Section 33AK(5)(x)) to disclose confidential information
to the relevant authorities (the Recognised Accountancy Body and to IAASA).
EC7
The supervisor determines that banks rotate their external auditors (either the firm or
individuals within the firm) from time to time.
Description and
findings re EC7
Regulation 77 of the European Communities (Statutory Audits) (Directive 2006/43/EC)
Regulations 2010 (S.I. 220 of 2010) sets out the rotation requirements for the key audit
partner or partners on public interest entity engagements. The partner responsible for
carrying out the engagement must rotate after having completed 7 years on the
engagement. The partner is prohibited for involvement with the client for 2 years after the
date of rotation.
“key audit partner” or “key audit partners” means:
a) the one or more statutory auditors designated by a statutory audit firm for a
particular audit engagement as being primarily responsible for carrying out the
statutory audit on behalf of the audit firm, or
b) in the case of a group audit, at least the one or more statutory auditors designated
by a statutory audit firm as being primarily responsible for carrying out the statutory
IRELAND
258 INTERNATIONAL MONETARY FUND
audit at the level of the group and the one or more statutory auditors designated as
being primarily responsible at the level of material subsidiaries, or
c) the one or more statutory auditors who sign the audit report.
In addition to the application of the International Standards on Auditing (UK and Ireland)
auditors are required to apply the Ethical Standards for Auditors as issued by the FRC which
are based on the Code of Ethics for Professional Accountants developed by the
International Ethics Standards Board for Accountants.
APB Ethical Standard 1 “Integrity, Objectivity and Independence” requires the audit
engagement partner to identify and assess the circumstances which could adversely affect
the auditor’s objectivity (‘threats’), including any perceived loss of independence, and to
apply procedures (‘safeguards’) which will either:
(a) eliminate the threat; or
(b) reduce the threat to an acceptable level (that is, a level at which it is not probable
that a reasonable and informed third party would conclude that the auditor’s
objectivity and independence either is impaired or is likely to be impaired).
APB Ethical Standard 3 (ES3), “Long association with the audit engagement”, provides
requirements and guidance on specific circumstances arising out of long association with
the audit engagement, which may create threats to the auditor’s objectivity or perceived
loss of independence. It gives examples of safeguards that can, in some circumstances,
eliminate the threat or reduce it to an acceptable level. In circumstances where this is not
possible, the auditor either does not accept or withdraws from the audit engagement, as
appropriate.
ES3 requires partner rotation after 5 years and prohibits involvement with the firm for a
further 5 years in the case of a listed entity. In practice the audit partner of a public interest
entity would adhere to the stricter 5 year rotation period required under ES3 rather than
the 7 year rotation period required by Regulation 77 of the European Communities
(Statutory Audits) (Directive 2006/43/EC) Regulations 2010 (S.I. 220 of 2010).
Supervisors of banks rated High Impact generally seek information on the rotation of
engagement partners. However, this is generally not the case for Medium High Impact and
Medium Low Impact credit institutions.
EC8
The supervisor meets periodically with external audit firms to discuss issues of common
interest relating to bank operations.
Description and
findings re EC8
The following table sets out the requirements for supervisors in respect of meetings with
external auditors by impact category for the purposes of meeting their engagement
activities under PRISM:
Impact High Medium-High Medium-Low Low
Required
Frequency
At least annual At least annual Every 18 months Not required
(Branches
are not
separate
legal entities
requiring an
audit)
IRELAND
INTERNATIONAL MONETARY FUND 259
Supervisors of High Impact firms are not required to hold meetings in addition to those
under the Auditor Protocol for the purposes of completing the PRISM engagement
activities. Auditor Protocol (Paragraph 9) sets out the expectation that there will be at least
two formal meetings per year, to take place at the pre-audit stage and the post-audit
stage. The Auditor Protocol applies in the first instance to High Impact firms under PRISM.
Since October 2011 the Central Bank established a working group which includes the
following representatives:
? the IAASA
? the Big 4 Accounting Firms (PWC, Deloitte, KPMG and Ernst & Young);
? the Institute of Chartered Accountants Ireland; and
? ACCA Ireland.
Additionally the Central Bank engages with the Consultative Committee of Accountancy
Bodies – Ireland (‘CCAB-I’) regarding issues of mutual interest to the Central Bank and
auditors, for example, proposed new requirements on auditors arising from EU Directives,
domestic legislation or Central Bank requirements and to assist auditors in the
development of guidance (Practice Notes, Miscellaneous Technical Statements, Information
Notes) to assist auditors of regulated entities.
EC9 The supervisor requires the external auditor, directly or through the bank, to report to the
supervisor matters of material significance, for example failure to comply with the licensing
criteria or breaches of banking or other laws, significant deficiencies and control
weaknesses in the bank’s financial reporting process or other matters that they believe are
likely to be of material significance to the functions of the supervisor. Laws or regulations
provide that auditors who make any such reports in good faith cannot be held liable for
breach of a duty of confidentiality.
Description and
findings re EC9
The specified circumstances under which the auditor has a duty to report to the Central
Bank under prescribed enactments differ slightly depending on the type of regulated
entity. However in general the duty extends to any fact or decision concerning the
regulated entity (or closely linked entity) of which the auditor becomes aware while
carrying out the audit where the auditor has reason to believe that:
? There are matters affecting the continuous functioning of the firm or that the firm
may not be able to fulfill its obligations to repay customers;
? There are indications of a material breach of financial services law or regulations or
of any related, condition, requirement, code, guideline, notice or direction issued
under such law/regulations;
? There are material defects in the accounting records, or in the systems of control;
? There are material inaccuracies in or omissions from any returns of a financial nature
made by the regulated firm to the Central Bank; or
? The auditor intends to issue a qualified audit opinion or to resign and not seek re-
election as auditor.
Auditors are provided with legal protection from liability under Section 47(6) of the Central
Bank, 1989 where such reports are made.
International Standard of Auditing (UK and Ireland) 250 Section B – “The Auditor’s Right
And Duty To Report To The Regulators In The Financial Sector” – addresses the auditor’s
‘right’ and ‘duty’ to report to regulators in the financial sector.
IRELAND
260 INTERNATIONAL MONETARY FUND
The auditor’s duty to report relates to those circumstances where the auditor is
required by legislation to report certain matters to regulators. There is legal protection
for auditors whereby they do not contravene the duty of confidentiality owed to their
clients in fulfilling the duty to report to regulators (provided they act in good faith).
These obligations are set out in Sections 47 and 47A of the Central Bank Act, 1989 and
Regulations 7, 8 and 9 of the Supervision of Credit Institutions, Stock Exchange Member
Firms and Investment Business Firms Regulations (also known as the ‘Post-BCCI’
Regulations – relates to ‘closely linked’ entities). [This has been amended to include
electronic money institutions within the meaning of a credit institution – Regulation 3(3) of
the European Communities (Electronic Money) Regulations, 2002 [S.I. 221 of 2002] and
UCITS – Article 50a of Directive 85/611/EEC].
Central Bank Act 1997 – Auditor’s duty to report
27B This subsection places a mandatory annual requirement on the auditor to report as
to whether circumstances have arisen which would require the auditor to report to
the Central Bank under a prescribed enactment and whether, where required, the
financial service provider has complied with the requirement to provide a
compliance statement.
27C Under this subsection the auditor is required to provide copies of any reports
provided to the Board or Management or a ‘Nil Return’ (confirmation that no
report has been issued by the external auditor) to the Central Bank.
27D Whenever an auditor of a regulated financial service provider that is a company
provides the Director of Corporate Enforcement with a report or other document
the auditor must also provide the Central Bank with a copy of that report or
document at the same time as, or as soon as practicable after, the original is
provided to the Director of Corporate Enforcement. Note the auditor is only
required to report to the Director of Corporate Enforcement ‘indictable offences’
which come to their attention during the course of the audit.
27E This subsection provides the Central Bank with a very wide-ranging enabling
power (additional to any other powers that the Central Bank has under ‘prescribed
enactments’ that govern the different types of regulated firm) whereby the Central
Bank may commission the auditor to report on a number of matters.
27F Under this subsection the Central Bank may request a copy of any record or
document provided to or obtained by the auditor during the course of their audit.
27H This subsection provides auditors and affiliates with certain immunities from
liability (additional to any legal protections provided under ‘prescribed
enactments’) and gives them legal protection regarding their duty of
confidentiality to their clients so long as they do not act in bad faith in disclosing
information to the Central Bank.
Additional
criteria
AC1
The supervisor has the power to access external auditors’ working papers, where necessary.
Description and
findings re AC1
The Central Bank has such powers. Section 27F of the CBA 1997 provides that the Central
Bank may:
“by notice in writing, require an auditor of a regulated financial service provider, or an
affiliate of the auditor, to provide the Bank with a copy of any record or information
IRELAND
INTERNATIONAL MONETARY FUND 261
provided or obtained by the auditor or affiliate in connection with an audit of the financial
service provider’s accounts that is in the possession of the auditor or affiliate.”
The intention behind this power was to enable the Central Bank to seek access to the
working papers of the auditor in relation to such information.
Assessment of
Principle 27
Largely Compliant
Comments It is within the Companies Act that responsibilities for the preparation of financial
statements reside and there is no specific provision in this regard in the Central Bank’s
powers. In addition to the Companies Acts requirements the Central Bank through Section
21.6(d) of the Corporate Governance Code holds the bank’s Board responsible for
preparation of financial statements. The Code sets out that it is the responsibility of the
Audit Committee to review any financial announcements and reports and recommend to
the board whether to approve the institution’s annual accounts (including, if relevant of the
group accounts).
The Central Bank does not have the power to reject and rescind the external auditor as
required by EC6. This power is reserved for shareholders under company law. It is a matter
for the Director of Corporate Enforcement to enforce Company Law while IAASA is the
ultimate oversight body responsible for enforcing auditing standards. While the Central
Bank does not have the power to remove an auditor from office immediately, the Central
Bank is able to prevent an auditor from being put in office and to prevent the auditor from
being reappointed in the next report period. In practice, the banks consult widely with the
Central Bank regarding their audit arrangements and all banks appoint well recognized
audit firms.
Existing legislation does not provide the Central Bank with the power to influence the
scope of the external audit or establish the standards for such an audit. Supervisors
appeared to have reasonable success in influencing the scope of external audits through
engagement with the external auditor and the bank. In addition, the CBI seeks to influence
accounting and auditing standards through its activities within the European Supervisory
Authorities (EBA, EIOPA, ESMA). The CBI also inputs into the audit Practice Notes which
have some impact on how audits are completed.
Principle 28 Disclosure and transparency. The supervisor determines that banks and banking groups
regularly publish information on a consolidated and, where appropriate, solo basis that is
easily accessible and fairly reflects their financial condition, performance, risk exposures,
risk management strategies and corporate governance policies and processes.
Essential criteria
EC1
Laws, regulations or the supervisor require periodic public disclosures
67
of information by
banks on a consolidated and, where appropriate, solo basis that adequately reflect the
bank’s true financial condition and performance, and adhere to standards promoting
comparability, relevance, reliability and timeliness of the information disclosed.
Description and
findings re EC1
Under Irish law, there are two different types of disclosures that impact credit institutions in
relation to providing transparent information on the financial condition and performance
67
For the purposes of this Essential Criterion, the disclosure requirement may be found in applicable accounting,
stock exchange listing, or other similar rules, instead of or in addition to directives issued by the supervisor.
IRELAND
262 INTERNATIONAL MONETARY FUND
of the entity: (i) those required in the financial statements of the entity; and (ii) those
required under Pillar III of the CRD.
(i) Financial Statements
Section 202 Companies Act 1990 (as Amended) requires, inter alia, that directors of
companies (including credit institutions) keep proper books of accounts and that these
accounts should give a true and fair view. Similar requirements are found in Section 76 of
the Building Societies Act, 1989 (as amended).
Credit institutions licensed by the Central Bank of Ireland produce their financial statements
in accordance with either (i) IFRS as issued by the IASB and endorsed by the European
Commission or (ii) Local (UK & Ireland) (Local GAAP) issued by the FRC (formerly the ASB)
and promulgated by the Institute of Chartered Accountants in Ireland. All publicly quoted
EU incorporated companies must prepare their consolidated financial statements in
accordance with IFRS as endorsed by the European Commission. In other instances there is
a choice whether to prepare accounts based on IFRS or Irish GAAP. The relevant legislation
governing ‘Accounts and Audit’ is Part V of the Companies Act 1963.
The financial statements of credit institutions are required to be audited. Until June 2012,
auditing standards in the UK and Ireland were developed by the Auditing Practices Board
(APB) which reported directly into the FRC Board. As part of the restructuring of the FRC,
these matters now fall under the direct remit of the FRC Board and its Codes and Standards
Committee, with the input and advice of the Audit and Assurance Council.
IAASA is the independent competent authority in Ireland with statutory responsibility for
examining whether the annual and half-yearly financial reports of Issuers coming within the
remit of the Transparency Directive are drawn up in accordance with the relevant reporting
framework. Issuers that come within the Transparency Directive Regulations (S.I. No. 277 of
2007) are entities whose securities have been admitted to trading on a regulated market
situated, or operating, within the EEA. IAASA does not undertake this role for any other set
of financial statements. The Central Bank has no role in this area.
The Central Bank monitors that the credit institutions it supervises have issued financial
statements under IFRS/Local GAAP and that these financial statements have an auditor’s
opinion expressing the opinion on whether they give a true and fair view. Banking
Supervision requests copies of annual accounts signed off by external auditors, generally
during Q2 each year.
(ii) Pillar III of the CRD
Annex XII of the CRD requires banks to make certain disclosures, i.e. Pillar 3 disclosures.
Pillar 3 sets out disclosure requirements regarding capital and risk management. The CRD
was transposed into Irish law via S.I. 660 and 661 of 2006 European Communities (Capital
Adequacy of Credit Institutions) Regulations, 2006. Part 11 of S.I. 661 of 2006 sets out the
Pillar 3 disclosure obligations applicable to credit institutions.
In addition, Section 17 of the Central Bank Act 1971 also requires holders of banking
licenses to maintain any records as may be specified by the Central Bank from time to time.
Section 18 requires the holders of banking licenses to provide the Central Bank with
information and returns concerning the relevant business carried on by the credit
institution as the Central Bank specifies from time to time.
IRELAND
INTERNATIONAL MONETARY FUND 263
In terms of bank public disclosures of financial information, the Central Bank does not play
a role in assessing whether the financial statements of credit institutions are compliant with
accounting standards.
However, in terms of checking for credit institutions’ Pillar III disclosures, the Central Bank
has a procedure in place with an operational checklist to review compliance. While the
Central Bank expects credit institutions subject to the CRD Pillar 3 requirements to comply
in full with same, the market discipline nature of the Pillar 3 disclosures has lead Ireland to
adopt a non-prescriptive approach to the practical aspects of the publication of Pillar 3
information such as timelines, presentation formats, verification of disclosures.
Regulation 16 of SI 661 of 2006 provides that EU based parents of credit institutions must
comply with the provisions of Part 11 on the basis of their consolidated financial situation
and states that significant subsidiaries need only disclose certain more limited information.
The Central Bank considers that subsidiaries of EU parent institutions that represent 5% or
more of group assets and/or have a market share in any sector or group of connected
sectors, which is greater than or equal to 20%, constitutes a significant subsidiary.
The Central Bank monitors that the credit institutions it supervises provide adequate and
complete Pillar III disclosures where applicable by checking for disclosures of key solvency
and risk information against its own checklist.
EC2
The supervisor determines that the required disclosures include both qualitative and
quantitative information on a bank’s financial performance, financial position, risk
management strategies and practices, risk exposures, aggregate exposures to related
parties, transactions with related parties, accounting policies, and basic business,
management, governance and remuneration. The scope and content of information
provided and the level of disaggregation and detail is commensurate with the risk profile
and systemic importance of the bank.
Description and
findings re EC2
The Central Bank monitors whether the credit institutions it supervises have issued financial
statements under IFRS/Local GAAP, and on whether these financial statements have an
auditor’s opinion expressing the opinion that they give a true and fair view. Banking
Supervision requests copies of annual accounts signed off by external auditors, generally
during Q2 each year.
Related party transactions disclosures in the financial statements are compared with
reports submitted by credit institutions under the Central Bank’s Code on Lending to
Related parties (see CP20), while Pillar 3 disclosures are compared with quantitative
information submitted by credit institutions in its regular supervisory returns, which provide
an ongoing reflection of the firm’s business activities.
As noted earlier the market discipline nature of the Pillar 3 disclosures has led Ireland to
adopt a non-prescriptive approach to the practical aspects of the publication of Pillar 3
information such as timelines, presentation formats, and verification of disclosures.
Although the Central Bank is not the competent authority for enforcing compliance with
disclosure standards (IAASA is the competent authority as set out in EC4), the Central Bank
monitors that the credit institutions it supervises provide adequate and complete Pillar III
disclosures where applicable by checking for disclosures of key solvency and risk
information against its own internal checklist.
IRELAND
264 INTERNATIONAL MONETARY FUND
Credit institutions are required to make public disclosures of related party transactions.
Conditions were imposed on banks and directions on building societies by the Central Bank
in August 2009 requiring public disclosure of lending to connected persons in their annual
financial statements. The Companies Acts 1963 to 2012 include requirements for the
company to make certain disclosures in respect of related party lending under sections
relating to Directors’ remuneration and transactions (including details of lending on
‘favourable’ terms to connected persons). The Building Societies Act 1989 requires building
societies to make certain disclosures regarding transactions with Directors.
Disclosures are required regarding related party transactions that are material and which
have not been conducted under normal market conditions by Directive 2006/46/EC. This
was implemented in Ireland by Statutory Instrument (S.I.) 450 of 2009 for Irish incorporated
companies and by amendments to S.I. 294 of 1992 for credit institutions. Accounting
standards (International Accounting Standard (IAS) 24/ Financial Reporting Standard (FRS)
8) also contain disclosure requirements on Related Party Disclosures.
Regulation 7 of S.I. 294 of 1992/European Communities (Credit Institutions: Accounts)
Regulations 1992 requires credit institutions to disclose information on related parties,
remuneration and details of group undertakings.
Disclosures by the covered banks had significant disclosure of material in relation to
impairment and provisions broken down into considerable detail.
EC3
Laws, regulations or the supervisor require banks to disclose all material entities in the
group structure.
Description and
findings re EC3
IAS 27 (Consolidated and Separate Financial Statements), IAS 28 (Investment in Associates)
and IAS 31 (Interests in Joint Ventures) for credit institutions who produce their financial
statements under IFRS and FRS 2 (Accounting for Subsidiary Undertakings) and FRS 9
(Associates and Joint Ventures) for credit institutions who produce their financial
statements under Local GAAP provide relevant accounting standard requirements for credit
institutions to disclose material entities in the group structure in their financial statements.
Regulation 7 of S.I. 294 of 1992/European Communities (Credit Institutions: Accounts)
Regulations 1992 requires credit institutions to disclose information of group undertakings.
It should be noted that for supervisory purposes, the scope of consolidation is the CRD
rather than IAS/IFRS consolidation. Accordingly, the group structure relates to the scope
under CRD consolidation. Nevertheless, examination teams are cognisant of the IAS/IFRS
group financial statements, where applicable.
Credit institutions submit high-level information on subsidiaries under the CRD scope of
consolidation as part of regular supervisory returns. These can be crosschecked against
organisation charts on record.
Similarly, the CBI can crosscheck the list of subsidiaries in Pillar 3 disclosures against the
high-level information on subsidiaries under the CRD scope of consolidation as part of
regular supervisory returns.
EC4
The supervisor or another government agency effectively reviews and enforces compliance
with disclosure standards.
IRELAND
INTERNATIONAL MONETARY FUND 265
Description and
findings re EC4
IAASA is the independent competent authority in Ireland with statutory responsibility for
examining whether the annual and half-yearly financial reports of Issuers coming within the
remit of the Transparency Directive are drawn up in accordance with the relevant reporting
framework. Issuers that come within the Transparency Directive Regulations (S.I. No. 277 of
2007) are entities whose securities have been admitted to trading on a regulated market
situated, or operating, within the EEA. IAASA does not undertake this role for any other set
of financial statements. The Central Bank has no role in this area.
All financial statements of credit institutions licensed by Central Bank are audited by “Big 4”
audit firms and they are required to provide an opinion as to whether the financial
statements give a true and fair view.
In terms of checking for credit institutions’ actual Pillar III disclosures, the Central Bank has
a procedure in place with an operational checklist to assess compliance. However, this
checklist relates to quantitative information only available to the Central Bank from other
sources e.g. supervisory returns and does not include qualitative information. If Credit
institutions fail to provide adequate Pillar III disclosures, similar to other non-compliance
issues, the Central Bank may take enforcement procedures based on non-compliance with
CRD requirements. To date, there has been no requirement to undertake enforcement
procedures.
EC5
The supervisor or other relevant bodies regularly publishes information on the banking
system in aggregate to facilitate public understanding of the banking system and the
exercise of market discipline. Such information includes aggregate data on balance sheet
indicators and statistical parameters that reflect the principal aspects of banks’ operations
(balance sheet structure, capital ratios, income earning capacity, and risk profiles).
Description and
findings re EC5
The Central Bank regularly publishes information on the banking system via its own
publications and providing data to be included in third party publications.
The Central Bank publishes and provides commentary on a broad range of financial
developments in Ireland. Publications include the Monthly Statistics, a quarterly report on
sectoral developments in private sector credit, investment funds, securities issues and
quarterly financial accounts. The Central Bank also publishes an aggregated balance sheet
of the covered banks providing details of liabilities covered by the government guarantee.
The Central Bank has also published mortgage arrears data recently. Examples of other
recent publications are:
? Macro Financial Review
? Money and Banking Statistics
? Securities Issues of Irish Resident Entities
? Quarterly Financial Accounts for Ireland
? Irish Locational Banking Statistics
? Trends in Business Credit and Deposits Q4 2012
The Central Bank contributes to IMF publications on financial soundness indicators for
deposit takers. The Financial Soundness Indicators were developed by the IMF, together
with the international community, with the aim of supporting macro prudential analysis
and assessing strengths and vulnerabilities of financial systems.
In addition, the Central Bank contributes to an ECB publication of indicators of financial and
solvency/risk parameters as part of its annual assessment of financial stability within the EU.
This data contains information on the aggregate consolidated profitability, balance sheets
IRELAND
266 INTERNATIONAL MONETARY FUND
and solvency of EU banks, and refer to all EU Member States. The banks are divided into
three size groups: small, medium-sized and large. In addition, the data provides
information on foreign-controlled institutions active in EU countries.
Additional
criteria
AC1
The disclosure requirements imposed promote disclosure of information that will help in
understanding a bank’s risk exposures during a financial reporting period, for example on
average exposures or turnover during the reporting period.
Description and
findings re AC1
In order to produce financial standards that give a true and fair view, a credit institution
would need to provide an income statement and statement of financial position under IAS
1 (Presentation of Financial Statements) for credit institutions applying IFRS and a profit
and loss account under FRS 3 (Reporting Financial Performance) and balance sheet under
various FRSs for credit institutions applying Local GAAP that would provide this detail.
In order for a credit institution to issue a set of financial statements that provide a true and
fair view, it would need to comply with inter alia: (i) IFRS 7 (which is the same as FRS 29
(Local GAAP)) – Financial Instruments: Disclosure. The objective of this IFRS is to require
entities to provide disclosures in their financial statements that enable users to evaluate:
a) the significance of financial instruments for the entity’s financial position and
performance; and
b) the nature and extent of risks arising from financial instruments to which the entity is
exposed during the period and at the end of the reporting period, and how the
entity manages those risks.
Assessment of
Principle 28
Compliant
Comments Credit Institutions licensed by the Central Bank of Ireland produce their financial statements
in accordance with either IFRS or Local GAAP. IAASA is the independent competent
authority in 'Ireland with statutory responsibility for examining whether the annual and
half-yearly financial reports of Issuers coming within the remit of the Transparency
Directive are drawn up in accordance with the relevant reporting framework. Issuers that
come within the Transparency Directive Regulations (S.I. No. 277 of 2007) are entities
whose securities have been admitted to trading on a regulated market situated, or
operating, within the EEA.
Pillar 3 disclosures are typically included in banks’ annual reports and include both
qualitative and quantitative disclosures including approaches to risk management and
portfolio composition.
Part of the routine activities within the supervision framework is for supervisors to assess
annual financial disclosures. This is typically a desk-top review to evaluate transparency,
accuracy and consistency with regulatory returns. The Central Bank will ensure that the
financial statements have an auditor’s opinion expressing the opinion as to whether they
give a true and fair view.
The Central Bank regularly publishes information on the banking system via its own
publications and providing data to be included in third party publications.
Principle 29 Abuse of financial services. The supervisor determines that banks have adequate policies
and processes, including strict customer due diligence (CDD) rules to promote high ethical
IRELAND
INTERNATIONAL MONETARY FUND 267
and professional standards in the financial sector and prevent the bank from being used,
intentionally or unintentionally, for criminal activities.
68
Essential criteria
EC1
Laws or regulations establish the duties, responsibilities and powers of the supervisor
related to the supervision of banks’ internal controls and enforcement of the relevant laws
and regulations regarding criminal activities.
Description and
findings re EC1
AML/CFT
The CBI was appointed competent authority under theCJA2010 for supervision and
enforcement of compliance by credit and financial institutions with obligations imposed by
the CJA2010. The CBI is therefore responsible for securing compliance by c.10, 000
regulated financial services firms with AML/CFT obligations.
CBI has powers (See EC8) to enforce compliance by designated persons which it supervises
with the requirements of the CJA2010, including
a. pursue administrative sanction or criminal action in respect of:
i. A breach of CJA2010 or
ii. A failure to execute a direction
b. give directions under S. 71 of the CJA2010 to discontinue or take certain
actions
Financial Sanctions
The CBI is the competent authority for the purposes of EU Financial Sanctions in Ireland.
Ireland designates the CBI as competent authority by identifying it as such in the relevant
annex to each EU Financial Sanctions Regulation. EU Financial Sanctions refer to economic
and financial restrictive measures, including targeted financial sanctions, which are imposed
by EU Council Regulations and which are required to be applied by all persons and entities
doing business in the EU, including nationals of non-EU countries, and also by EU nationals
and entities incorporated or constituted under the law of an EU Member States when doing
business outside the EU. The terms EU Financial Sanctions Regulations and EU Financial
Sanctions Statutory Instruments are to be construed accordingly.
The legislation governing the operation of financial sanctions within the State consists of a
series of statutory instruments and directly effective EU Regulations, which impose
obligations to apply freezing, prohibitive and reporting measures. However, the manner in
which the obligations under the EU Regulations have been given effect within the State
does not:
(a) provide an appropriate sanctions regime for non-compliance with obligations
imposed by the EU Regulations and the domestic statutory instruments; or
(b) impose obligations to put in place the infrastructure (i.e. policies, processes, systems,
records etc.) necessary to identify, prevent and detect financial assets owned by, or
financial transactions involving, sanctioned parties.
68
The Committee is aware that, in some jurisdictions, other authorities, such as a financial intelligence unit (FIU),
rather than a banking supervisor, may have primary responsibility for assessing compliance with laws and regulations
regarding criminal activities in banks, such as fraud, money laundering and the financing of terrorism. Thus, in the
context of this Principle, “the supervisor” might refer to such other authorities, in particular in Essential Criteria 7, 8
and 10. In such jurisdictions, the banking supervisor cooperates with such authorities to achieve adherence with the
criteria mentioned in this Principle.
IRELAND
268 INTERNATIONAL MONETARY FUND
These deficiencies have been raised at the appropriate levels within the Department of
Finance, up to and including the Minister for Finance. Work is ongoing between the CBI
and the Department of Finance to identify a statutory and regulatory resolution to these
deficiencies in the near term.
It is of note that all EU persons and entities are obliged to inform the competent authorities
of any information at their disposal which would facilitate the application of freezing
requirements in accordance with EU Financial Sanctions Regulations. This includes details
of any accounts frozen (account holder, number, value of funds frozen), and other details
which may be useful e.g. data on the identity of designated persons or entities and, where
appropriate, details of incoming transfers resulting in the crediting of a frozen account in
accordance with the specific arrangements for financial and credit institutions, attempts by
customers or other persons to make funds or economic resources available to a designated
person or entity without authorization, and information that suggests the freezing
measures are being circumvented. They are also obliged to co-operate with competent
authorities in verification of information. Where appropriate, they could also provide details
concerning persons and entities having names that are very similar or identical to
designated parties. EU Financial Sanctions Regulations provide that where freezing action is
undertaken or where information is provided to the Competent Authority pursuant to their
obligations under EU Financial Sanctions obligations in good faith and without negligence,
such actions will not give rise to liability of any kind on the part of the natural or legal
person or entity or body implementing it, or its directors or employees. Failure to comply
with EU Financial Sanctions regulations is a criminal offence, which is enforced by An Garda
Síochána in collaboration with the Director of Public Prosecutions.
Other criminal activities
Criminal activities are considered to be primarily matters for An Garda Síochána who have
the legal powers to deal with such activities and to whom the CBI has the power to refer
such matters. As a result, the focus of banking supervisors on such activities as part of their
ongoing supervisory engagement with credit institutions is very limited. Such engagement
that does take place tends to be high level and largely reactive (i.e. post occurrence of an
event) rather than being a proactive approach. To the extent that criminal activities, such as
fraud, take place in credit institutions, banking supervisors would be made aware either
directly by the credit institution or through liaison with internal audit or the provision of
internal audit reports (this excludes Medium Low Impact institutions where the
engagement model does not require meetings to be held with internal audit).
The CBI also has summary prosecution powers under certain legislation where it is the
competent authority. Further, under section 33AK of the Central Bank Act 1942 (as
amended) the CBI is obliged to make a report to An Garda Síochána (and other law
enforcement agencies where appropriate) where it suspects that a criminal offence may
have been committed by a supervised entity. The CBI would coordinate with law
enforcement if they are pursuing criminal action.
EC2
The supervisor determines that banks have adequate policies and processes that promote
high ethical and professional standards and prevent the bank from being used,
intentionally or unintentionally, for criminal activities. This includes the prevention and
detection of criminal activity, and reporting of such suspected activities to the appropriate
authorities.
Description and As part of their AML/CFT Risk Assessment, Prudential Supervisors request confirmation
from firms that policies and procedures have been put in place to achieve compliance with
IRELAND
INTERNATIONAL MONETARY FUND 269
findings re EC2 their obligations under the CJA2010, evidencing same through confirmation of the name of
official/committee approving and date approved. An overview of supervisory activity is
provided at EC5.
As part of its in-depth inspection work program the AML/CFT team reviews the
appropriateness and adequacy of policies and procedures in relation to AML/CFT risk.
Chapter 6, Part 4 of CJA2010 imposes obligations on designated persons (definition of
which includes credit and financial institutions) to have policies and procedures in place for
the detection and prevention of ML/TF.
EC3
In addition to reporting to the financial intelligence unit or other designated authorities,
banks report to the banking supervisor suspicious activities and incidents of fraud when
such activities/incidents are material to the safety, soundness or reputation of the bank.
69
Description and
findings re EC3
Section 38 of the Supervision and Enforcement Act of 2013 states that a person appointed
to perform a pre-approval controlled function, shall, as soon as it is practicable to do so,
disclose to the CBI information relating to an offense under any provision of financial
services legislation which he or she believes will be of material assistance to the CBI.
EC4
If the supervisor becomes aware of any additional suspicious transactions, it informs the
financial intelligence unit and, if applicable, other designated authority of such transactions.
In addition, the supervisor, directly or indirectly, shares information related to suspected or
actual criminal activities with relevant authorities.
Description and
findings re EC4
AML/CFT:
S63 (2) & (4) of the CJA2010 imposes an obligation on competent authorities (including the
CBI) to report to An Garda Síochána or the Revenue Commissioners knowledge or
suspicion of a designated persons or other persons involvement in money laundering or
terrorist financing.
Other:
Section 33AK(3) of the Central Bank Act 1942 (as inserted by Section 26 of Central Bank
and Financial Services Authority Act 2003) imposes an obligation on the supervisor to
report to the relevant authority (including An Garda Síochána and the Revenue
Commissioners) any information relevant to that body that leads the Central Bank to
suspect that:
(A) a criminal offence may have been committed by a supervised entity, or
(B) a supervised entity may have contravened a provision of company law or
competition law.
A report is not required where the supervised entity has already made the necessary
disclosures.
EC5
The supervisor determines that banks establish CDD policies and processes that are well
documented and communicated to all relevant staff. The supervisor also determines that
such policies and processes are integrated into the bank’s overall risk management and
69
Consistent with international standards, banks are to report suspicious activities involving cases of potential money
laundering and the financing of terrorism to the relevant national centre, established either as an independent
governmental authority or within an existing authority or authorities that serves as an FIU.
IRELAND
270 INTERNATIONAL MONETARY FUND
there are appropriate steps to identify, assess, monitor, manage and mitigate risks of
money laundering and the financing of terrorism with respect to customers, countries and
regions, as well as to products, services, transactions and delivery channels on an ongoing
basis. The CDD management programme, on a group-wide basis, has as its essential
elements:
(a) a customer acceptance policy that identifies business relationships that the bank will
not accept based on identified risks;
(b) a customer identification, verification and due diligence programme on an ongoing
basis; this encompasses verification of beneficial ownership, understanding the
purpose and nature of the business relationship, and risk-based reviews to ensure
that records are updated and relevant;
(c) policies and processes to monitor and recognize unusual or potentially suspicious
transactions;
(d) enhanced due diligence on high-risk accounts (e.g. escalation to the bank’s senior
management level of decisions on entering into business relationships with these
accounts or maintaining such relationships when an existing relationship becomes
high-risk);
(e) enhanced due diligence on politically exposed persons (including, among other
things, escalation to the bank’s senior management level of decisions on entering
into business relationships with these persons); and
(f) clear rules on what records must be kept on CDD and individual transactions and
their retention period. Such records have at least a five year retention period.
Description and
findings re EC5
Overview ECs5-7
The CJA2010 which came into force on 15 July 2010, was enacted to transpose the EU’s
Third Money Laundering Directive and its implementing directive into Irish Law. The
CJA2010 addressed deficiencies in Ireland’s AML/CFT regime identified in the 2006 FATF
Mutual Evaluation Report, and consolidated existing legislation in this area. With the
enactment of the Criminal Justice Act 2013 in June 2013, which further strengthened
legislation in a small number of areas, Ireland successfully exited the FATF third round
Mutual Evaluation Report process.
The key obligations of the CJA2010 with which designated persons (of which credit
institutions are one category) are required to comply are set out in Part 4 of the CJA2010
and are summarized as follows:
? Chapter 3 Customer Due Diligence imposes obligations on designated persons to
identify and verify customers, identify beneficial ownership, and apply enhanced due
diligence requirements to higher risk relationships.
? Chapter 4 Reporting of suspicious transactions imposes obligations on designated
persons to identify and report suspicious transactions.
? Chapter 6 Policies and Procedures imposes obligations on designated persons to
have policies and procedures in place for the prevention and detection of money
laundering/terrorist financing (ML/TF) activities. This includes but is not limited to
having in place policies and procedures for:
o the assessment of ML/TF risk
IRELAND
INTERNATIONAL MONETARY FUND 271
o internal controls for management/mitigation of such risks
o monitoring of compliance with policies and procedures
o maintenance of records
o ensuring that all relevant personnel are instructed in the law and can
adequately fulfill their duties on behalf of the designated person
? Chapter 7 Special provisions applying to credit and financial institutions imposes a
number of miscellaneous obligations e.g. prevention of anonymous accounts.
? Core Guidelines have been published by the Department of Finance to which
designated persons may have regard when interpreting and applying the CJA2010.
? Section 60(2) of the CJA2010 appoints the Central Bank as Competent Authority for
the supervision of credit and financial institutions regarding compliance with
requirements arising under the CJA2010. The Central Bank has confirmed that it will
have regard to the Core Guidelines issued by the Department of Finance when
assessing compliance with the CJA2010.
? Reporting of suspicious transactions are made by credit and financial institutions
directly to the financial intelligence units of the Irish police force (“An Garda
Síochána”) and the Revenue commissioners, who have responsibility for the
investigation and disposition of those reports.
The Criminal Justice Act 2013 which, was passed into law on 14
th
June 2013 makes
amendments to the CJA2010 to align it with FATF recommendations. Specifically, these
amendments relate to:
? the application of enhanced CDD measures in higher risk situations;
? the application of a minimum level of due diligence rather than no measures in low
risk situations where simplified CDD applies;
? the making of Suspicious Transaction reports on grounds of “reasonable suspicion”
rather than “real risk” of money laundering;
? the keeping of CDD records up to date;
? the completion of CDD on existing customers;
? the reduction in the occasional transaction threshold for occasional wire transfers;
? the allocation of responsibility for the registration and monitoring of Trust &
Company Service Providers-subsidiaries of credit and financial institutions.
Supervisory Activity:
As provided for under the CJA2010, and Financial Action Task Force (FATF)
recommendations, the CBI has taken a risk based approach to supervising the regulated
population. This approach and the supporting supervisory engagement model were
formally approved within the CBI on 4 February 2013, and is integrated into the CBI
prudential supervisory engagement model under PRISM. To this end the supervised
population has been classified by PRISM impact rating, with appropriate supervisory tools
deployed against each classification.
A program to monitor compliance with CJA 2010 has been in place since July 2010. The
program was further developed in 2012 to integrate into the CBI prudential supervisory
engagement model under PRISM. The current program was formally approved within the
CBI on 4
th
February 2013 and implemented immediately.
IRELAND
272 INTERNATIONAL MONETARY FUND
Overview of activity since September 2010:
Impact rating Activity
High impact firms
? Full onsite inspection: 2013 – 3 firms
? Thematic onsite inspection: 2012 – 1
firm
? Desktop inspection – 2011 – 1 firm,
2012 – 1 firm
? Offsite review through risk assessment
questionnaire: 2013 – 3 firms
Medium High impact firms
? Full onsite inspection: 2010 – 1 firm,
? Thematic onsite inspection: 2011 – 1
firm, 2012 – 1 firm
? Desktop inspection – 2011 – 1 firm
? Offsite review through risk assessment
questionnaire: 2013 – 9 firms
Since September 2010, the CBI has conducted 8 onsite inspections. Of these, in-depth
inspections were conducted on 4 banks (combined balance sheet representing c.40% of
gross sector assets). Additionally the CBI has conducted offsite reviews through risk
assessment questionnaires covering 21 banks, providing high-level intelligence on the
status of AML controls for nearly all regulated entities within the sector. The questionnaire
facilitates an analysis of AML/CFT risk through an evaluation of (i) the inherent risk posed
by the bank’s business model, (ii) the firm’s AML/CFT control framework and (iii) the track
record of the firm in management operational risk. Branches of foreign banks have not
been reviewed. The results of the supervisory programme for 2013 are being used by the
CBI to develop a baseline on the level of compliance for the sector. Where inspections or
assessments have been completed, the CBI has communicated suspected deficiencies to
the banks and where gaps have been confirmed remediation plans have been put in place.
As yet no enforcement action in terms of ASP or criminal prosecution has been taken
against the sector. Total staff dedicated to CJA2010 compliance numbers seven and is
supported by other supervisory staff.
The CBI has not issued policy guidance to banks on the implementation of CJA2010. The
Department of Finance published on its website high level cross-sectoral guidance (the
“Core Guidelines”). In the Core Guidelines it makes reference to the fact that the guidance
does not constitute secondary legislation and firms must always refer directly to the
CJA2010 when ascertaining their statutory obligations. The CBI was centrally involved in the
development of the cross-sectoral Core Guidelines. The Core Guidelines are very detailed in
nature and reflect CBI views on the interpretation of the CJA2010, hence the statement by
the CBI at the time of publication that the CBI “will have regard to these guidelines in
assessing compliance by designated persons with the Act.
The CBI intends to issue a communication to the banking sector detailing any recurring
themes and/or best practice from recent inspections.
IRELAND
INTERNATIONAL MONETARY FUND 273
EC5
As part of the 4 in-depth inspections conducted since 2010, CDD was reviewed. The reviews
included an assessment of the appropriateness and adequacy of the firm’s approach to
CDD including risk assessment, governance, risk management and control.
As part of their AML/CFT Risk Assessment, Prudential Supervisors request confirmation
from firms that they can demonstrate compliance with their obligations under the CJA2010
in relation to CDD including:
i. Assessment of AML/CFT risk presented by the firm’s business model
ii. Policies and procedures that reflect risk based approach to CDD
iii. Independent testing of application of policies and procedures
iv. Provision of MI to senior management on AML/CFT KPIs
v. Testing of outsourcing and third party reliance arrangements
vi. Ongoing monitoring of accounts, evidencing same through confirmation of the
name of official/committee approving and frequency of reporting and latest date
approved.
Chapter 3 of Part 4 of the CJA2010 sets out the CDD obligations to be fulfilled by
designated persons which addresses each of the essential elements (a) through (f) of EC5
above.
Chapter 6 of Part 4 of the CJA2010 imposes obligations upon designated persons in
relation to internal policies, procedures, training and record retention. Included in Part 4 is
an obligation under Section 54(2) “to assess and manage the risks of money laundering or
terrorist financing.”
Additional guidance in respect of these obligations is set out in the Core Guidelines
published on the Department of Finance website. In particular, Section III of the Core
Guidelines provides additional guidance in respect of S54(2) on what is expected of
designated persons in the assessment and management of the risk to a business of misuse
for money laundering or terrorist financing purposes.
EC6
The supervisor determines that banks have in addition to normal due diligence, specific
policies and processes regarding correspondent banking. Such policies and processes
include:
(a) gathering sufficient information about their respondent banks to understand fully the
nature of their business and customer base, and how they are supervised; and
(b) not establishing or continuing correspondent relationships with those that do not
have adequate controls against criminal activities or that are not effectively
supervised by the relevant authorities, or with those banks that are considered to be
shell banks.
Description and
findings re EC6
As part of its in-depth inspection work program the AML/CFT team reviewed the
appropriateness and adequacy of the firm’s approach to correspondent banking including
IRELAND
274 INTERNATIONAL MONETARY FUND
risk assessment, governance, risk management and control. This is supported by on-site
sample testing of key controls.
As part of their AML/CFT Risk Assessment, Prudential Supervisors request confirmation
from firms that they can demonstrate compliance with their obligations under the CJA2010
in relation to establishing and maintaining correspondent banking relationships, evidencing
same through confirmation of the name of official/committee approving and date
approved.
Section 38, Chapter 3 of Part 4 of CJA2010 imposes an obligation on designated persons to
perform enhanced customer due diligence in respect of correspondent banking
relationships. There is no specific obligation within this section to terminate existing
relationships however there is an over-riding requirement under Section 54 of CJA2010 for
a designated person to adopt policies and procedures to prevent the commission of
ML/TF.
EC7
The supervisor determines that banks have sufficient controls and systems to prevent,
identify and report potential abuses of financial services, including money laundering and
the financing of terrorism.
Description and
findings re EC7
As part of its in-depth inspection work program the AML/CFT team review the
appropriateness and adequacy of the firm’s approach to identification and reporting of
suspicious transactions, the governance, risk management and control of this process. This
is supported by on-site sample testing of key controls.
As part of their AML/CFT Risk Assessment, Prudential Supervisors request confirmation
from firms that they can demonstrate compliance with their obligations under the CJA2010
in relation to identification and reporting of suspicious transactions including:
i. governance,
ii. processes and procedures
iii. management information
Firms must provide evidence for same through confirmation of the name of
official/committee approving and date approved.
Chapter 4 of Part 4 of the CJA2010 places obligations on designated persons to identify
and report suspicious transactions.
In addition, Section 19 of the Criminal Justice Act 2011 (CJA2011) makes it an offence for a
person not to report to An Garda Síochána, information which he knows or believes might
be of material assistance in preventing the commission of certain offences or amongst
other things secure the conviction of any persons for those relevant offences. These certain
offences are contained in the schedule to the CJA2011 and include offences related to
banking, theft, fraud and money laundering and terrorist offences.
EC8
The supervisor has adequate powers to take action against a bank that does not comply
with its obligations related to relevant laws and regulations regarding criminal activities.
Description and
findings re EC8
Within the CJA2010, for all relevant sections, failure to comply with the obligations
imposed under such sections is defined as a criminal offence.
CBI has powers to enforce compliance by designated persons which it supervises with the
requirements of the CJA2010, including
IRELAND
INTERNATIONAL MONETARY FUND 275
a. pursue administrative sanction* or criminal action in respect of:
i. A breach of CJA2010 or
ii. A failure to execute a direction
b. give directions under S. 71 of the CJA2010 to discontinue or take certain
actions
*Section 33AN of the Central Bank Act, 1942 provides for certain prescribed contraventions
to be subject to civil enforcement powers of the CBI (Administrative Sanctions Procedure
(ASP)). S114(4) of the CJA 2010 includes an amendment of the Central Bank Act 1942 to
include contraventions of Part 4 of the CJA2010 as prescribed contraventions under Section
33AN.
EC9
The supervisor determines that banks have:
(a) requirements for internal audit and/or external experts
70
to independently evaluate
the relevant risk management policies, processes and controls. The supervisor has
access to their reports;
(b) established policies and processes to designate compliance officers at the banks’
management level, and appoint a relevant dedicated officer to whom potential
abuses of the banks’ financial services (including suspicious transactions) are
reported;
(c) adequate screening policies and processes to ensure high ethical and professional
standards when hiring staff; or when entering into an agency or outsourcing
relationship; and
(d) ongoing training programmes for their staff, including on CDD and methods to
monitor and detect criminal and suspicious activities.
Description and
findings re EC9
All areas:
The CBI does not have a specific requirement to require banks to establish an internal audit
function or to appoint a head of internal audit, however, banks are required to put in place
adequate internal control mechanisms and robust governance arrangements (see CP26).
This requirement emanates from the Corporate Governance Code 2010 which has been
imposed as a condition on the license of each of the banks. Furthermore, the CBI could
impose an obligation to have such functions in place (if they are not in place or not
adequately in place) using regulation 70 of S.I. 661 of 2006. The internal audit function is
expected to independently evaluate the relevant risk management policies, processes and
controls. However, the extent to which they evaluate the risk management policies,
processes and controls in relation to criminal activities is not prescribed.
Supervisors have access to internal audit reports.
The EBA Guidelines on Internal Governance (GL44) require banks to establish a compliance
function. The EBA guidelines are applicable to all Irish licensed banks. The CBI is currently
working on codifying GL44 in 2013. The Fit & Proper Standards 2011 and the Central Bank
70
These could be external auditors or other qualified parties, commissioned with an appropriate mandate, and
subject to appropriate confidentiality restrictions.
IRELAND
276 INTERNATIONAL MONETARY FUND
Reform Act 2010 provide the Central Bank with the power to reject the appointment of the
head of compliance as well as the power to remove incumbent compliance heads if
deemed necessary. There is no requirement to appoint a relevant dedicated officer to
whom potential abuses of the banks’ financial services are reported. In the absence of a
dedicated officer it would be expected that the compliance officer would fulfill this role.
AML/CFT:
As noted earlier, Chapter 6 of Part 4 of the CJA2010 imposes general obligations upon
banks in relation to policies, procedures, etc. The Core Guidelines include specific guidance
as to measures that firms should take to demonstrate compliance with the CJA2010 which
aligns with the elements described in items (b) through (d) of EC9 above. There is nothing
in the CJA2010 or the guidance that specifically requires internal audit or other expert
evaluation of a designated persons AML/CFT control framework; however, it is expected
that reliance can be placed on the general obligations applicable to credit institutions
described above.
1. General
All High Impact Irish licensed banks have appointed a local internal audit head and
function. Medium High Impact and Medium Low Impact banks are permitted to rely on the
internal audit function of their parent.
All banks have either a compliance officer or a compliance function (see CP26).
Material outsourcing relationships are assessed by Banking Supervision in relation to the
extent of adherence to the EBA Guidelines. Certain key functions (PCFs) require compliance
with fitness and probity requirements of the Central Bank.
2. AML/CFT
As part of its in-depth inspection work program the AML/CFT team review the
appropriateness and adequacy of the firm’s overall framework for management of
AML/CFT risk addressing elements (a) through (d) of the essential criteria above.
Specifically the program assesses and tests the implementation of an appropriate
governance structure for management of AML/CFT risk, including:
(a) clear definition of the roles and responsibilities of each line of defense
(b) clear definition of escalation and signoff processes for key risks (e.g. high-risk
customers take-on; transaction screening criteria; suspicious transaction reporting)
(c) implementation of comprehensive training program tailored to the role being
fulfilled
(d) adherence to legislative requirements relating to outsourcing or third party reliance,
including ongoing testing of those relationships
As part of their AML/CFT Risk Assessment, Prudential Supervisors request confirmation
from firms that they can demonstrate compliance with their obligations under the CJA2010
in relation to the establishment of an effective governance structure for management of
AML/CFT risk in relation to the following areas:
i. Implementation of effective organizational structure
ii. Implementation of training re CJA2010
IRELAND
INTERNATIONAL MONETARY FUND 277
iii. Implementation of plan for ongoing training
iv. Implementation of program of testing of key controls
v. Provision of MI to senior management on AML/CFT KPIs
vi. Testing of outsourcing and third party reliance arrangements
Firms must provide evidence of same through confirmation of the name of
official/committee approving and frequency of reporting and latest date approved.
EC10
The supervisor determines that banks have and follow clear policies and processes for staff
to report any problems related to the abuse of the banks’ financial services to either local
management or the relevant dedicated officer or to both. The supervisor also determines
that banks have and utilize adequate management information systems to provide the
banks’ Boards, management and the dedicated officers with timely and appropriate
information on such activities.
Description and
findings re EC10
Adequacy of reporting has been reviewed as part of the AML inspections conducted by the
CBI in the past three years. Deficiencies noted were communicated to the banks’
management. The CBI will adjust its monitoring program based on findings of the current reviews.
The revised program/strategy will see an additional in-depth inspection being conducted in
2014 and onsite thematic inspections in 2015. The CBI intends to issue a communication to
the banking sector detailing any recurring themes and/or best practice from recent
inspections.
EC11
Laws provide that a member of a bank’s staff who reports suspicious activity in good faith
either internally or directly to the relevant authority cannot be held liable.
Description and
findings re EC11
The Supervision and Enforcement Act 2013 sets the requirement.
Chapter 4 of Part 4 of the CJA2010 sets out the obligations in relation to the reporting of
suspicious transactions. S47 of this Chapter 4 provides an exemption from liability to
persons making reports in accordance with these obligations.
In addition, Section 19 of the CJA2011 makes it an offence for a person not to report to An
Garda Síochána, information which he knows or believes might be of material assistance in
preventing the commission of certain offences or amongst other things secure the
conviction of any persons for those relevant offences. These certain offences are contained
in the schedule to the CJA2011 and include offences related to banking, theft, fraud and
money laundering and terrorist offences. Employees are protected from penalization for
disclosing certain information.
EC12
The supervisor, directly or indirectly, cooperates with the relevant domestic and foreign
financial sector supervisory authorities or shares with them information related to
suspected or actual criminal activities where this information is for supervisory purposes.
Description and
findings re EC12
Domestic:
The CBI is a member of the Money Laundering Steering Committee, a committee chaired
by the Department of Finance with responsibility for coordinating and progressing national
AML/CFT initiatives.
International:
The CBI is a member of the EBA’s AML Committee where it contributes to development of
EU supervisory policy and intra-agency collaboration.
The CBI was significantly involved in the drafting and finalizing of a home-host protocol to
be used by colleges of supervisors collaborating on the AML/CFT supervision of cross-
IRELAND
278 INTERNATIONAL MONETARY FUND
border payment institutions. It is currently working with a number of EU regulators (Nordic
Regulators, Germany, and UK) on developing an implementation framework for this
protocol.
EC13
Unless done by another authority, the supervisor has in-house resources with specialist
expertise for addressing criminal activities. In this case, the supervisor regularly provides
information on risks of money laundering and the financing of terrorism to the banks.
Description and
findings re EC13
This role does not currently fall within the responsibilities of the Central Bank.
Assessment of
Principle 29
Materially Noncompliant
Comments Anti-Money Laundering legislation was strengthened in 2010 through the CJA 2010 which
was further amended in 2013. The scope of the legislation is comprehensive.
The CBI has conducted 8 onsite inspections which includes 4 in-depth onsite inspections. In
addition, offsite reviews have been conducted on 21 banks through the use of a risk
assessment questionnaire. The questionnaire facilitates an analysis of AML/CFT risk
through an evaluation of (i) the inherent risk posed by the bank’s business model, (ii) the
firm’s AML/CFT control framework and (iii) the track record of the firm in management
operational risk.
Work remains for the CBI in monitoring compliance:
a) The current legislative framework, the CJA 2010, is comprehensive and provides the
CBI with significant powers to enable it to assert its supervisory authority. However, the
framework (Section 107 of the CJA 2010) also envisages the approval of guidelines for
the purposes of guiding designated persons (banks) on the application of Part 4 of the
CJA 2010 Such guidelines which would provide valuable assistance in fleshing out the
expectations in relation to compliance with the legislation; the CBI should work with
Justice to provide guidance to banks. . Such guidelines would also provide greater
clarity to designated persons as to the standards expected in relation to interpreting
“reasonable measures” and “due diligence.” In addition, the CBI should issue
communications following its inspections setting out principal findings and its
expectations as to how compliance with the CJA 2010 can be demonstrated.
b) Branches of foreign banks have not been inspected or reviewed for compliance with
the CJA 2010.
c) Reviewing whether the balance, to date, of onsite and offsite is adequate to determine
verify compliance.
IRELAND
INTERNATIONAL MONETARY FUND 279
Recommended Actions
A. Recommended Actions to Improve Compliance with the Basel Core
Principles
Reference Principle Recommended Action
Principle (2) - Amend existing legislation to detail the framework for Central
Bank independence. Also address reasons for removal of
Commission members to be similar to Governor.
- Take steps to fill vacancies in BSD.
Principle (5)
- Consider options for improving the CBI’s ability to conduct fit
and proper reviews during licensing of banks owned by
unregulated parents.
- Study enforceability of special conditions to the license that
must be accepted by parent company at time of approval to
enhance CBI enforcement authority.
Principle (9)
- Consider the distribution of resources and supervisory tasks across
Medium Low and Low Impact ratings
- Consider expanding KRIs in PRISM to include a broader suite of risk
metrics i.e. operational risk and IRRBB
Principle (15) - For banks accredited to use internal models, annual assessment that
banks comply with supervisory standards (e.g. validation)
- Implementation of framework to assess IT across regulated banks
Principle (17)
- Increase frequency and loan sample size for Medium Low banks
Principle (18)
- Greater frequency and depth of onsite reviews of loan loss
provisioning practices (e.g. testing of assumptions against
experience, recognition of default, prudent valuations)
Principle (20) - Amend the RPL code to include asset sales, deposits and other
areas addressed in CP. Also expand information in RPL
regulatory reports so that a more complete offsite compliance
assessment may be made.
Principle (27) - Enact legislation giving the Central Bank the power to reject or rescind
external auditors.
Principle (29)
- Expand supervisory scope to include branches of foreign banks,
- Statutory guidelines, approved as envisaged by Section 107 of the CJA
2010, should be issued. Review the current balance between onsite
and offsite reviews. Currently emphasis is heavily weighted on offsite.
IRELAND
280 INTERNATIONAL MONETARY FUND
Authorities' Response to the Assessment
1. Recognition of Financial Sector Reform and Strengthening of Supervision of Credit
Institutions
The Irish authorities wish to express their appreciation to the IMF and its Mission team for their
detailed assessment of Ireland’s compliance with the Basel Core Principles for Effective Banking
Supervision.
We welcome the IMF’s acknowledgement of the continued strengthening of the supervisory process
through substantial changes to both regulation and legislation, achieved in collaboration with our
external partners under Ireland’s financial support programme, in a challenging environment, which
included the restructuring and stabilisation of the Irish banking sector.
A risk based supervisory approach to banking supervision was implemented by the Central Bank in
2011 by means of a new risk assessment framework. This framework was accompanied by a
substantial increase in resources and encompasses a much more intrusive approach than existed
previously. Our supervisory regime is determined further by our assessment of the impact risk of
each credit institution and our resources are allocated to conduct supervisory engagement further
to that assessment. In addition, significant changes to the legal framework have been achieved,
which have resulted in enhanced powers for the Central Bank.
2. Specific Comments on IMF Findings and Ratings
While the Irish Authorities are generally in agreement with the report, the Irish Authorities would
make the following comments in relation to those Core Principles which have been rated by the IMF
as Materially Non-Compliant:
CP 2 Independence
The Irish authorities are pleased to note that there was no observed political interference with the
Central Bank of Ireland. While we are disappointed with the IMF finding regarding CP2, we note
that this relates to hypothetical concerns regarding a small number of legislative provisions from
within the corpus of Irish financial services law, rather than any manifest experience of the Central
Bank’s statutory or regulatory independence being compromised.
The independence of the Irish Central Bank is a core pillar of the Irish financial system and is
essential for both the system’s effectiveness and its international credibility. For this reason, when
introducing reforming legislation to restructure the Central Bank following the financial crisis, the
Government took great care to reaffirm the Central Bank’s independence. To underline this point,
the Government has further introduced a range of measures to strengthen the powers of the Central
Bank and to extend its remit into new areas of responsibility such as bank resolution.
IRELAND
INTERNATIONAL MONETARY FUND 281
While the Irish authorities do not fully agree with the IMF view under this category, we will consider
the recommendation for a more detailed framework for Central Bank independence in the context
of any future review of the statutory basis of the Central Bank.
CP 9 Supervisory Techniques and Tools
Ireland’s approach to supervision is risk based and starts with the premise that all firms are not
equally crucial in the banking system and the wider economy. Supervisory efforts and resources are
focused on those firms whose failure would have a significant impact upon the banking system, the
economy, the taxpayer and the consumer. This approach to supervision is in keeping with the IMF’s
and the Basel Committee’s principle of proportionality.
The IMF has rated Core Principle 9 as being Materially Non-Compliant. However, the specific issues
raised by the IMF mainly relate to potential calibration issues with the supervisory engagement
model for the least risky and non-systemically important cohort of Irish licensed banks i.e. medium
low impact banks. This cohort of 10 non-retail institutions comprises 3% of total Irish banking
system assets, does not take retail deposits, comprises 2% of all Irish corporate deposits, is not
involved in retail lending, and transacts with counterparties who are predominantly business to
business and intra-group. Moreover, although the IMF views the Medium Low Impact engagement
model as heavily reactive with light data validation/verification, this description is only accurate for
low impact credit institutions, i.e. branches of EU Banks operating in Ireland, which are primarily
under foreign prudential supervision. No Irish licensed bank has been categorised as low impact.
The Central Bank will follow the two recommendations made by the IMF relating to CP 9. We will
review the distribution of resources and supervisory tasks across medium low and low impact credit
institutions as the Single Supervisory Mechanism (“SSM”) enters into force. As part of our
implementation of the SSM requirements we will adhere to the requirements of the SSM
Supervisory Manual which sets out the processes, procedures and methodology for the supervision
of both Significant and Less Significant institutions, including supervisory tasks and KRIs.
CP 20 Related Party Transactions
Related party transactions in the Irish banking system are predominantly in respect of lending rather
than service contracts or deposits, and accordingly the Central Bank has tailored its supervisory
regime to capture higher risk transactions in this area. The supervisory approach includes a Code of
Practice (“the Code”) to which all licensed credit institutions must adhere and a detailed reporting
framework is in place to ensure that the requirements set out in the Code are being met on an on-
going basis. The framework also includes on-site testing, lending limits and the requirement for the
prior approval of the Central Bank for transactions over €1m.
While the Irish Authorities therefore do not entirely agree with the IMF’s rating of Materially Non-
Compliant in relation to related party transactions, the Central Bank will undertake an evaluation of
related party transactions and will evidence any potential risks outside the scope of the current
Code. The Code will be amended accordingly.
IRELAND
282 INTERNATIONAL MONETARY FUND
CP 29 Abuse of Financial Services
The Irish Authorities will follow the IMF recommendations in relation to CP 29. In relation to
Guidelines envisaged by Section 107 of the Criminal Justice Act 2010, the Central Bank will request
that the appropriate authority, the Minister for Justice, issues such guidelines. Furthermore, the
Central Bank will communicate its principal findings to the banking sector following the Anti-Money
Laundering reviews undertaken in 2013. The Irish Authorities also note the comments regarding the
balance between onsite and offsite reviews and will undertake a review to ensure the appropriate
balance exists.
The Irish Authorities acknowledge that branches of foreign banks have not been inspected, and
while this is considered to be consistent with our risk focused approach to AML supervision, branch
inspections will be performed.
3. Concluding Authorities’ Comments on IMF Findings and Ratings
The Irish Authorities acknowledge the importance of continually monitoring and seeking to improve
the regulatory framework and supervisory practices and remain strongly committed to so doing.
To that end, the Irish Authorities will evaluate and consider the IMF’s recommendations, in the
context of the IMF’s endorsement of Ireland’s supervisory approach, as reflected in the compliant
rating for CP 8. We are currently preparing to implement the SSM requirements from 4 November
2014. The Single Supervisory Mechanism will fundamentally alter the manner in which credit
institutions are supervised within the euro area and will consequently change the way in which the
Central Bank supervises credit institutions in Ireland.
doc_279864107.pdf
Ireland has significantly enhanced the legal framework to support banking supervision and implemented a risk-based supervisory approach, and compliance with the Basel Core Principles for Effective Banking Supervision (BCPs) is satisfactory.
©2014 International Monetary Fund
IMF Country Report No. 14/135
IRELAND
DETAILED ASSESSMENT OF OBSERVANCE OF BASEL CORE
PRINCIPLES FOR EFFECTIVE BANKING SUPERVISION
This Detailed Assessment of Observance of Basel Core Principles for Effective Banking
Supervision on Ireland was prepared by a staff team of the International Monetary Fund. It is
based on the information available at the time it was completed in April 2014.
Copies of this report are available to the public from
International Monetary Fund ? Publication Services
PO Box 92780 ? Washington, D.C. 20090
Telephone: (202) 623-7430 ? Fax: (202) 623-7201
E-mail: [email protected] Web:http://www.imf.org
Price: $18.00 per printed copy
International Monetary Fund
Washington, D.C.
May 2014
IRELAND
DETAILED ASSESSMENT OF OBSERVANCE
BASEL CORE PRINCIPLES FOR EFFECTIVE
BANKING SUPERVISION
Prepared By
Monetary and Capital
Markets Department
This Detailed Assessment Report was prepared in the
context of an IMF stand-alone Reports on the
Observance of Standards and Codes (ROSCs)
mission in Ireland during September-October, 2013,
led by Antonio Pancorbo, IMF, and overseen by the
Monetary and Capital Markets Department, IMF.
Further information on ROSCs can be found athttp://www.imf.org/external/NP/rosc/rosc.aspx
April 2014
IRELAND
2 INTERNATIONAL MONETARY FUND
CONTENTS
GLOSSARY _________________________________________________________________________________________ 3
INTRODUCTION __________________________________________________________________________________ 4
INFORMATION AND METHODOLOGY USED FOR ASSESSMENT _______________________________ 6
INSTITUTIONAL AND MARKET STRUCTURE - OVERVIEW _____________________________________ 9
PRECONDITIONS FOR EFFECTIVE BANKING SUPERVISION __________________________________ 10
A. Macroeconomic Overview _____________________________________________________________________ 10
B. Overview of the Banking Sector _______________________________________________________________ 12
C. Bank Resolution _______________________________________________________________________________ 14
D. Accounting and Auditing _____________________________________________________________________ 15
E. Payment Systems Framework in Ireland _______________________________________________________ 15
F. Trade in Irish Securities ________________________________________________________________________ 16
G. Financial Safety Net (Deposit Insurance) ______________________________________________________ 16
H. Exceptional Liquidity Assistance (ELA) _________________________________________________________ 17
I. Recovery and Resolution _______________________________________________________________________ 17
SUMMARY OF THE RESULTS ___________________________________________________________________ 18
A. Summary Compliance with the Basel Core Principles _________________________________________ 23
DETAILED ASSESSMENT ________________________________________________________________________ 28
A. Detailed Assessment of Compliance with the Basel Core Principles ___________________________ 29
B. Prudential regulations and requirements _____________________________________________________ 119
RECOMMENDED ACTIONS ____________________________________________________________________ 279
A. Recommended Actions to Improve Compliance with the Basel Core Principles _____________ 279
AUTHORITIES' RESPONSE TO THE ASSESSMENT ____________________________________________ 280
BOX
1. The 2012 Revised Core Principle ................................................................................................ 7
IRELAND
INTERNATIONAL MONETARY FUND 3
GLOSSARY
AML Anti-Money Laundering
ASB Accounting Standards Board
ASP Administrative Sanctions Procedure
BCBS Basel Committee for Banking Supervision
BCP Business Continuity Plan
BCPs Basel Principles for Effective Banking Supervision
CBCIR Central Bank and Credit Institutions (Resolution) Act 2011
CDD Customer Due Diligence
CBI Central Bank of Ireland
CJA 2010 Criminal Justice Act 2010
COREP Common Reporting
CP Core Principle
CRD Capital Requirement Directive
CRR Capital Requirement Regulation
CT1 Core Tier 1 Capital
CTF Counter Terrorist Finance
DGS Deposit Guarantee Scheme
DOF Department of Finance
DTA Deferred Tax Asset
EBA European Banking Authority
EC Essential Criteria
ECB European Central Bank
FATF Financial Action Task Force
FMP Financial Measures Program
FRA Full Risk Assessment
FRR Financial Risk Review
FSB Financial Stability Board
ICAAP Internal Capital Adequacy Assessment Process
KRI Key Risk Indicator
PRISM Probability Risk and Impact System
RABs Recognized Accountancy Bodies
RMP Risk Mitigation Program
RPL Related Party Lending
S.I. Statutory Instrument
SRC Supervisory Risk Committee
SREP Supervisory Review and Evaluation Process
SRU Special Resolutions Unit
IRELAND
4 INTERNATIONAL MONETARY FUND
Introduction
1. Ireland has significantly enhanced the legal framework to support banking supervision
and implemented a risk-based supervisory approach, and compliance with the Basel Core
Principles for Effective Banking Supervision (BCPs) is satisfactory. This reflects the continued
strengthening of the supervisory process undertaken by the authorities, which have been achieved
in a challenging environment. The financial crisis and subsequent state intervention has transformed
the Irish banking system and while acute crisis conditions have abated there is continued elevated
stress within the system and vulnerabilities persist. Added to this is the continued pressure on
industry to meet forthcoming higher regulatory standards, most notably the new Capital
Requirements Directive and Regulations (CRD IV/CRR). In addition to substantial regulatory and
legislative changes, the supervisory authorities have also had to adjust to the challenges of
transition brought by re-design of the regulatory architecture.
2. The Central Bank of Ireland (the Central Bank) has implemented the foundation for a
risk-based supervisory approach. In 2011 the Central Bank implemented a new framework for
banking supervision called Probability Risk and Impact System (PRISM) to provide a structured
framework for banking supervision. PRISM is the tool the Central Bank utilizes to employ resources
based on the risk profile of the bank and its systemic significance. PRISM is based on: (i) a multi-step
process to identify, measure and grade the banks’ risk profile and risk management processes, (ii) a
blend of onsite and offsite activities supported, and (iii) a follow-up system to track corrective action.
3. The authorities have made significant progress in strengthening the legal framework
and supervisory structure to support banking supervision. The Central Bank Reform Act 2010
combined the functions of the Financial Services Authority of Ireland into the Central Bank. The
Central Bank has responsibility for licensing, regulating and supervising banks in Ireland. The Central
Bank (Supervision and Enforcement) Act 2013 was enacted in July 2013 (with a commencement date
of August 1, 2013) and it enhances the Central Bank’s enforcement authority by harmonizing the
requirements across all the financial sectors supervised by the Central Bank. The Enforcement Act
also provides the Central Bank regulation-making powers on conduct of business and corporate
governance and also increases the amount of administrative sanction fines for an individual and a
firm. The Central Bank Credit Institution Resolution Act (CBCIR) was enacted in 2011. The Act
establishes a resolution regime and the Central Bank established a Special Resolution Unit to make
the legislation operational. The Central Bank was designated as the competent authority under the
Criminal Justice (Money Laundering and Terrorist Financing) Act (CJA) 2010 for supervising
compliance with the act by banks. In 2010 the Central Bank issued the Code of Practice on Lending
to Related Parties (RPL) and the Corporate Governance Code.
4. A risk–based supervisory approach has been implemented based on consolidated
supervision, and PRISM, a process to profile banks by risk. Within PRISM, banks are assigned
one of four Impact ratings: High, Medium High, Medium Low, and Low. PRISM allows the Central
Bank a framework to adopt a consistent way of thinking about risk across supervised institutions
and to allocate resources based on impact and probability.
IRELAND
INTERNATIONAL MONETARY FUND 5
5. The Central Bank has increased resourcing with a more intrusive approach to
supervision. The PRISM framework allows for a structured approach to resource allocation and
planning of supervisory activities. Built into PRISM is an ongoing monitoring capability that will pick
up changes in risk profile through the use of financial ratios that, if triggered, will prompt
supervisory attention/intervention. The risk rating in PRISM is updated after a supervisory activity is
completed and in this way it is an ongoing measure of risk. Impact in PRISM measures the impact to
the system of an individual bank failing. Banks that maintain a predominantly retail banking
footprint are viewed as representing the greatest risk to the system and are assigned High Impact
ratings. Resources, supervisory attention and intrusiveness are increased where the impact rating is
higher and resources are prioritized for the High Impact banks. High Impact banks receive ongoing
monitoring through offsite supervision, frequent onsite reviews, and ongoing engagement with
bank senior management. As the Impact rating decreases, the level of supervision also decreases.
6. However, some issues require continued attention. The issues include: reviewing the
provisioning requirements to determine whether they accurately reflect the current market
conditions, continued implementation of the Criminal Justice (Money Laundering and Terrorist
Financing) Act 2010 (as amended) (CJA 2010), strengthening the monitoring of compliance with the
related party lending code, and amending legislation to codify the operational independence of the
Central Bank.
7. While there is no observed political interference, the Central Bank is encouraged to
seek legislative changes to codify and foster the independence of the Central Bank. This could
be achieved by stipulating in the Central Bank Act the exact conditions under which the Commission
can be dismissed or removed by the Minister for Finance. Other legislative changes that would
ensure independence include: (i) providing the Central Bank the authority to revoke a license or
deny a licensing application without having to seek approval by the Minister, (ii) not including the
Secretary General of the Department of Finance on the Central Bank commission, and (iii) eliminate
the need for the Minister to approve the levy schedule.
8. There is a need to expand the coverage of related party transactions covered by the
RPL Code and strengthen the Central Bank monitoring of compliance with the code. The RPL
Code is comprehensive but only covers lending transactions and not, for example, asset purchases
or deposits. Additionally, the Central Bank monitoring of compliance relies to a large extent on
offsite review of reports filed by the banks. However, the reports do not provide information on the
terms of the loans or dates of approval by the Board.
9. Supervision of AML/CFT compliance in banks should be strengthened. The CJA 2010 is
comprehensive, and with the implementation of the Criminal Justice Act 2013 it was further
strengthened. The Central Bank has enhanced its supervisory approach to AML/CFT compliance and
has conducted in-depth onsite inspections and offsite analysis through the collection of risk
assessment questionnaires. The CJA 2010 is comprehensive but the Central Bank’s position would be
strengthened if statutory guidelines, approved as envisaged by Section 107 of the CJA 2010, were
issued. The extent of onsite reviews and the supervisory action following the reviews to enforce
compliance should be reviewed to ensure that an appropriate base line, premised on sufficient
IRELAND
6 INTERNATIONAL MONETARY FUND
onsite testing, is established and that strong corrective action requirements are implemented.
Additionally, branches of member state banks should be subject to AML monitoring.
10. Currently the Central Bank Banking Supervision Divisions are operating below
approved staffing level. The Central Bank operates under Civil Service pay scales and hiring rules
which makes the salaries un-competitive with industry. Civil Service provides job security and other
benefits that may offset the pay differential but increasingly bank supervision requires highly skilled
staff as bank products and risk measurement techniques become more complex. The Central Bank is
encouraged to review its turnover rates in skilled staff and determine reasons for turnover, consult
other central banks to gauge how they attract skilled staff and determine how they achieved
exemption from Civil Service pay limitations. It is also important to review advancement
opportunities tailored to technical experts.
11. This assessment of the Basel Core Principles (BCP) was conducted
1
from September 25
to October 10, 2013 as part of the ROSC of the financial system of Ireland undertaken by the
International Monetary Fund (IMF)
1
. It reflects the regulatory and supervisory framework in place
as of the date of the assessment. It is not intended to represent an analysis of the state of the
banking sector or crisis management framework.
Information and Methodology Used for Assessment
12. This assessment has been prepared according to the Revised Core Principles (BCP)
Methodology issued by the BCBS (Basel Committee of Banking Supervision). The current
assessment was thus performed according to a revised content and methodological basis as
compared with the previous BCP assessment carried out in 2006. It is important to note that the two
assessments will not be directly comparable, as the revised BCP have a heightened focus on risk
management and its practice by supervised institutions and its assessment by the supervisory
authority, and is therefore a more demanding measure of the effectiveness of a supervisory
framework (see box for more information on the Revised BCP).
13. The Irish authorities chose to be assessed against the Essential and Additional Criteria
but to be graded against only the Essential Criteria. To assess compliance, the BCP Methodology
uses a set of essential and additional assessment criteria for each principle. The smaller number of
additional criteria (AC) are recommended best practices against which the Irish authorities chose to
be assessed but not graded, as provided for in the assessment methodology. The assessment of
compliance with each principle is made on a qualitative basis. A five-part grading system is used:
compliant; largely compliant; materially noncompliant; noncompliant; and non-applicable. This is
explained below in the detailed assessment section. The assessment of compliance with each Core
Principle (CP) is made on a qualitative basis to allow a judgment on whether the criteria are fulfilled
1
The assessment was conducted by Christopher Wilson, IMF and José Tuya, Consultant.
IRELAND
INTERNATIONAL MONETARY FUND 7
in practice. Effective application of relevant laws and regulations is essential to provide indication
that the criteria are met.
Box 1. The 2012 Revised Core Principles
The revised BCPs reflect market and regulatory developments since the last revision, taking account of
the lessons learnt from the financial crisis in 2008-2009. These have also been informed by the experiences
gained from FSAP assessments as well as recommendations issued by the G-20 and FSB, and take into account
the importance now attached to: (i) greater supervisory intensity and allocation of adequate resources to deal
effectively with systemically important banks; (ii) application of a system-wide, macro perspective to the micro-
prudential supervision of banks to assist in identifying, analyzing and taking pre-emptive action to address
systemic risk; (iii) the increasing focus on effective crisis preparation and management, recovery and resolution
measures for reducing both the probability and impact of a bank failure; and (iv) fostering robust market
discipline through sound supervisory practices in the areas of corporate governance, disclosure and
transparency.
The revised BCPs strengthen the requirements for supervisors, the approaches to supervision, and
supervisors’ expectations of banks. The supervisors are now required to assess the risk profile of the banks
not only in terms of the risks they run and the efficacy of their risk management, but also the risks they pose to
the banking and the financial systems. In addition, supervisors need to consider how the macroeconomic
environment, business trends, and the build-up and concentration of risk inside and outside the banking sector
may affect the risk to which individual banks are exposed. While the BCP set out the powers that supervisors
should have to address safety and soundness concerns, there is a heightened focus on the actual use of the
powers, in a forward-looking approach through early intervention.
The number of principles has increased from 25 to 29. The number of essential criteria has expanded from
196 to 231. This includes the amalgamation of previous criteria (which means the contents are the same), and
the introduction of 35 new essential criteria. In addition, for countries that may choose to be assessed against
the additional criteria, there are 16 additional criteria.
While raising the bar for banking supervision, the Core Principles must be capable of application to a
wide range of jurisdictions. The new methodology reinforces the concept of proportionality, both in terms of
the expectations on supervisors and in terms of the standards that supervisors impose on banks. The
proportionate approach allows assessments of banking supervision that are commensurate with the risk profile
and systemic importance of a wide range of banks and banking systems
14. The assessment was carried out on the basis of the legal framework governing the
regulation and supervision of banks, principally the Central Banking Acts, the CJA 2010 and
other relevant regulations and guidelines. A review of prudential returns, licensing
IRELAND
8 INTERNATIONAL MONETARY FUND
documentation, and supervisory analysis records was also performed. The Team also examined on-
site supervision reports and off-site analysis documentation. In addition, BCP assessors held
extensive meetings with officials of the Central Bank, the Department of Finance, Financial
Intelligence Unit, and additional meetings with auditing firms and sector participants from domestic
and international banks. The authorities provided a self-assessment of the CPs rich in quality and
comprehensiveness, as well as detailed responses to additional questionnaires, and facilitated access
to supervisory documents and files, staff and systems.
15. The standards were evaluated in the context of the Irish financial system’s structure
and complexity. The CPs must be capable of application to a wide range of jurisdictions whose
banking sectors will inevitably include a broad spectrum of banks. To accommodate this breadth of
application, a proportionate approach is adopted within the CP, both in terms of the expectations
on supervisors for the discharge of their own functions and in terms of the standards that
supervisors impose on banks. An assessment of a country against the CPs must, therefore, recognize
that its supervisory practices should be commensurate with the complexity, interconnectedness, size,
and risk profile and cross-border operation of the banks being supervised. In other words, the
assessment must consider the context in which the supervisory practices are applied. The concept of
proportionality underpins all assessment criteria. For these reasons, an assessment of one
jurisdiction will not be directly comparable to that of another.
16. The assessment does not include the Irish Credit Union Sector. The Central Bank
considered that it was not appropriate at the time of the mission to conduct an assessment due to
the significant amount of legislative and regulatory developments which have been recently
implemented as part of Ireland’s financial sector reform commitments under the EU-IMF financial
support program for Ireland.
17. The BCPs are an independent benchmark and compliance determinations are not
adjusted for local legislation. The EU has implemented a number of rules and supervisory
practices that member states must follow, some of these practices may not meet the BCP
requirements. The authorities highlighted some of these discrepancies, particularly as they relate to
the supervision of EU banking branches that require less host involvement than required by the
BCPs.
18. The mission appreciated the very high quality of cooperation received from the
authorities. The mission extends its thanks to staff of the Central Bank who provided excellent
cooperation, including extensive provision of documentation and access.
IRELAND
INTERNATIONAL MONETARY FUND 9
INSTITUTIONAL AND MARKET STRUCTURE -
OVERVIEW
19. The Central Bank Reform Act, 2010, created a new single unitary body – the Central
Bank of Ireland - responsible for both central banking and financial regulation. The new
structure replaced the previous related entities, the Central Bank and the Financial Services Authority
of Ireland and the Irish Financial Services Regulatory Authority. The Central Bank of Ireland has
overall prudential responsibility for the authorization, regulation and supervision of Credit
Institutions operating in Ireland. Credit Institutions regulated by the Central Bank of Ireland include
Banks, Building Societies and Designated Credit Institutions. In addition, the Central Bank of Ireland
is responsible for oversight of liquidity, Anti-Money Laundering and conduct of business for
branches of non-Irish licensed banks operating in Ireland.
20. The Central Bank of Ireland is an economic and sectoral regulatory authority charged
with the regulation and supervision of financial services in the State; and, as such, a public
body subject to administrative law. In particular, the Central Bank exercises a number of key
functions in relation to financial regulation: first, the function of making rules or setting standards;
second, the function of licensing persons who wish to engage in regulated financial services activity;
and thirdly, the disciplinary or enforcement function.
21. The objectives in supervising Credit Institutions are twofold: (i) to foster a stable
banking system; and (ii) to provide a degree of protection to depositors with individual credit
institutions. As set out in the Central Bank Act 1942 (as amended) the Bank shall perform its
functions and exercise its powers in a way that is consistent with-
a. The orderly and proper functioning of financial markets,
b. The prudential supervision of providers of financial services, and
c. The public interest and the interest of consumers.
22. In relation to the prudential supervision of providers of financial services the Central
Bank of Ireland operates a risk based approach to supervision. In 2011 the Central Bank of
Ireland introduced a new framework for the supervision of regulated firms called Probability Risk
and Impact System (PRISM) to provide a structured framework for credit institution supervision.
23. The Constitution of Ireland vests the sole and exclusive power of making laws for the
State in the Oireachtas (the National Parliament: consisting of the President, a House of
Representatives called Dáil Éireann and a Senate called Seanad Éireann). Primary legislation
consists of Acts of the Oireachtas, also called statutes, which are enacted by the Oireachtas in a
particular manner. Acts of the Oireachtas are passed by both Houses of the Oireachtas, and signed
into law by the President. Primary legislation which concerns the financial services market in the
State, and in particular the securities market or industry, is invariably initiated by the Minister for
IRELAND
10 INTERNATIONAL MONETARY FUND
Finance. The Central Bank cannot itself initiate primary legislation which is an aspect of the
constitutional and parliamentary system.
PRECONDITIONS FOR EFFECTIVE BANKING
SUPERVISION
A. Macroeconomic Overview
24. Ireland has pulled back from a severe banking crisis with the support of the EU-IMF
program. The program that began in December 2010 followed an exceptionally deep banking crisis
at a public cost of €64.1 billion (some 40 percent of GDP). Policy implementation has generally been
strong, the fiscal framework has been strengthened, the financial sector has been stabilized, and
spreads on Irish sovereign bonds have fallen to their lowest level since early 2010. However, risks to
economic recovery remain large: Public debt is high and still growing; the banking system is not yet
serving financing needs, including of the job-intensive SME sector; households must contend with
heavy debts and depleted net wealth; high unemployment compounds the financial distress,
undermines skills, and drives emigration; the euro area crisis creates uncertainty for exports, financial
markets, and fixed investment.
25. Credit risk remains high as a result of weak profitability and revenue. Overall financing
conditions for non-financial corporations (NFCs) have weakened. The volume of new lending by Irish
banks to NFCs has remained below 12 percent of GDP since 2011, below the pre-bubble level of
around 20 per cent in 2003-05. Nominal interest rates on NFC loans up to €1 million are higher
suggesting higher real interest rates for small and medium enterprises (SMEs), which are particularly
sensitive to bank lending conditions because they have few other sources of finance. Developments
in the commercial property market are relevant to NFCs as real estate provides an important asset
and source of collateral for them.
26. NFC debt levels are high, but debt owed to Irish banks is falling. This is due to net loan
repayments, write-downs of bad debts and transfers of loans to the state-run National Asset
Management Agency (NAMA). NAMA was created in 2009 to acquire nonperforming, property-
related loans from the domestic banking sector. NFC sector’s net debt remained stable because of
corresponding acquisitions of debt instrument assets. Given that bonds and other debt securities are
not a significant component of Irish corporate finance, a wider range of financing sources than Irish
banks could potentially mitigate the effects of domestic financial sector risks on firms. High
indebtedness raises the sensitivity of Irish firms to interest rate shocks. Interest rate changes are
transmitted rapidly to NFCs because of the prevalence of floating-rate loans and short-term lending.
27. Mortgage arrears remain a key risk to financial stability. The overall level of mortgage
arrears on both owner occupier and buy-to-let mortgages is a cause for concern and is high relative
to other developed-country banking crises. Unemployment is a significant driver of mortgage
arrears. Changes to employment conditions are likely to be modest and may relieve arrears only
marginally.
IRELAND
INTERNATIONAL MONETARY FUND 11
28. In early 2013, the Central Bank of Ireland announced measures, including the
publication of performance targets for the main mortgage banks, to address the mortgage
arrears problem. Additionally, new legislation alters the personal insolvency arrangements in
Ireland substantially. Changes include a reduced bankruptcy term, from twelve years to three, and
the introduction of non-judicial insolvency procedures for dealing with both secured and unsecured
debt. Preliminary estimates suggest 15,000 people could avail of the main non-judicial settlement
arrangements within 12 months, with a further 3,000 applying for bankruptcy.
29. Mortgage arrears have increased significantly since 2009. The total outstanding
balance on all mortgage loans in arrears of more than 90 days was €27.3 billion at end-June
2013. The acceleration in longer-term arrears is of particular concern from a financial stability
perspective. Overall, recent data show that while there has been a decline in the formation of new
arrears in recent months, the number of longer-term arrears cases has increased significantly.
30. At end-June 2013, 12.7 percent of accounts of principal dwelling houses (PDH) were
90 days or more in arrears, an increase of 9.4 percentage points since the data were first
collected at end-September 2009. At end-June 2013, 7.4 per cent of the total stock of PDH
accounts was more than 360 days in arrears, and just over half of these were more than 720 days in
arrears. In relation to buy-to-let (BTL) accounts, the 90-days arrears rate was 20.4 per cent at end-
June, while more than 12.9 per cent of all BTL accounts were 360 days or more in arrears.
31. Banks thus far have concentrated on altering the repayment terms of a mortgage loan
on either a temporary or permanent basis. At end-June 2013 there were almost 80,000 PDH
accounts classified as restructured, of which 53 per cent were not in arrears. The large number of
restructured accounts not in arrears suggests that mortgage lenders have been proactive in
managing ‘pre-arrears’ cases, in an effort to slow early arrears formation. Of the total stock of
142,892 PDH accounts 90 days or more in arrears at end-June, 37,048 or 26 per cent were classified
as restructured.
32. Overall, conditions in the residential property market remain fragile. Despite house
price increases in recent months, mortgage lending remains at low levels and residential property
construction remains at long-term lows. Furthermore, the national figures hide the fact that a two-
tier property market has emerged. The market in the metropolitan area of Dublin, where supply is
reported to be at its lowest level since early 2007, appears to be stabilizing. Prices in Dublin have
registered year-on-year growth each month since the start of 2013 and rents are increasing at a
greater pace than in other areas. However, prices outside of Dublin continue to decline. Commercial
property is of additional relevance from a financial stability perspective at present, given, for
instance, the exposure of NAMA to the market.
33. Irish households’ balance sheets remain vulnerable due to high levels of debt and the
challenges in servicing it. Financial accounts data show a decrease in household net worth during
the first three months of 2013, following consecutive quarters of growth in the latter half of 2012.
The household sector remains highly indebted. In absolute terms, household debt is in the region of
IRELAND
12 INTERNATIONAL MONETARY FUND
€172 billion, which equates to over 200 per cent of disposable income and over 100 per cent of
GDP. This makes the household sector in Ireland among the most indebted in Europe.
34. Personal consumer expenditure has declined in recent years, contributing to the drag
on domestic economic activity. Despite emerging signs of recovery since, the exceptionally weak
level of consumer demand in the first quarter of the year means a drop in consumer spending
seems likely for the year as a whole. The latest forecasts indicate modest growth in consumption for
2014, on the back of an improving labour market, which should help reduce the drag on economic
activity.
35. The Department of Finance projects the government deficit to narrow from 7.3 per
cent of GDP in 2013 to 2.9 per cent in 2015 (meeting the three per cent deficit target required
under the external assistance program and EU fiscal framework). The recent liquidation of IBRC
and replacement of government-issued Promissory Notes with a portfolio of longer-term non-
amortizing Irish government bonds should help return the public finances to a sustainable position.
The Department of Finance forecasts average nominal GDP growth of 2.6 per cent per annum over
the years 2013 to 2015. The path of output growth falling below forecast constitutes a risk of not
meeting the three per cent deficit target set for 2015. Lower growth would worsen the state of the
public finances given the size of the debt ratio.
B. Overview of the Banking Sector
36. Irish banks’ balance sheets have continued to reduce across the industry, driven by on-
going deleveraging by the retail banks and repayments levels exceeding the volume of new
business written. There has been a slight increase in net interest income for domestic retail banks
in the 2013 interim reports although they are yet to return to profitability. International banks report
reduced net interest income in the past year. The only sector to record a profit in March 2013 is
international wholesale.
37. In terms of banks’ solvency position, while the core tier 1 ratios for the domestic banks
continue to deteriorate, they remain above the 7% target level under Basel III. The Irish
domestic banks also remain above the 10.5% target imposed under Ireland external support
program with the EU and IMF. The majority of the international retail banks received capital
injections from their parents in 2013 in line with Central Bank requirements. The international
wholesale banks average CT1 ratio is skewed significantly (due to two institutions with considerably
larger CT1 ratios), however, they still hold a very healthy ratio (30.07%) when these institutions are
excluded. On aggregate, both domestic and international institutions are meeting their minimum
CRD capital requirements (8%).
38. The stock of impaired mortgages and SME loans has continued to rise and is the main
short-term risk. Mortgage arrears have been driven by the fall in property prices, the elevated
unemployment rate and the extensive output loss associated with the crisis since 2008. Data show
12.7 per cent of the total stock of primary dwelling loans were in arrears for more than 90 days in
June 2013, compared with 12.3 per cent in March 2013. A second challenge involves the domestic
IRELAND
INTERNATIONAL MONETARY FUND 13
banking sector reconfiguring its business models to focus on the core business of lending to the real
economy. After nearly a decade of decline, Irish bank margins remain very narrow and banks are still
reliant on central-bank funding.
39. Cost-to-income ratios continue to remain under pressure. Costs associated with
restructuring and the establishment of loan workout units has been considerable. In an environment
of balance sheet consolidation and a lower income base, domestic banks need to rationalize
operations further in order to return to a stable, profitable business model.
40. Domestic banks benefited from a decline in the flow of impaired loans, which,
however, remain the single biggest determinant of overall losses. The gains from debt buybacks
and revaluations on NAMA transfers realised in 2011 were not as significant in 2012. Anaemic
income prospects and the unresolved mortgage arrears problem mean that the short-term outlook
for bank profitability remains weak.
41. The deleveraging of banks’ balance sheets under the Financial Measures Program
(FMP) remains on track and at a lower cost than initially foreseen. The focus on the sale of
overseas assets, together with previous transfers of commercial property type assets to NAMA, has
resulted in smaller and more concentrated loan books. Irish loans now account for more than two
thirds of the total, while the relative share of mortgage lending has increased to over 58 per cent.
42. The ratio of provisions to nonperforming loans increased marginally in the second
quarter of 2013. Differences persist between individual institutions reflecting varying sectoral and
geographic exposures. High cover ratios are necessary given the scale of the Irish nonperforming
loan problem in order to meet potential losses.
43. Progress in tackling mortgage arrears has been slow. The focus of lending institutions
has often been on forbearance measures. The number of accounts over two years in arrears
increased by 43 per cent between Q3 2012 and Q2 2013 to 4.3 per cent of outstanding mortgage
accounts. In this regard, the Central Bank of Ireland outlined new measures to address mortgage
arrears on 13 March 2013, including the publication of performance targets for the main mortgage
lenders. Banks will be required to meet specific targets for proposing and concluding sustainable
solutions for borrowers in arrears over 90 days.
44. A review of the Code of Conduct on Mortgage Arrears has been completed with the
new code coming into effect since July 1st 2013. Among the issues dealt with are the restrictions
placed on contacting borrowers, the definition of a non-cooperative borrower and the
circumstances under which lenders can offer distressed borrowers an arrangement which provides
for the removal of tracker interest rates, but only as a last resort, where the only alternative option is
repossession of the home. Other initiatives which have been implemented to facilitate resolutions
include the introduction of legislation to address the Dunne judgment and the establishment of the
Insolvency Service of Ireland to administer the new debt settlement arrangements outlined in the
Personal Insolvency Act.
IRELAND
14 INTERNATIONAL MONETARY FUND
45. Basel III will be phased in on a gradual basis in the EU until 2019 and is expected to
reduce the banks’ headline capital ratios. The regulatory changes that contribute most to the
reduction are the treatment of deferred tax assets, pension-fund deficits, and shortfalls on
provisions for expected losses. anks’ published pro-forma ratios show an average common equity
tier 1 ratio of around nine per cent for the domestic banks. This ratio includes €5.3 billion in
Government preference shares which remain eligible until December 2017.
C. Bank Resolution
46. IBRC was formed in 2011 through the merger of Anglo Irish Bank and Irish Nationwide
Building Society, both of which had been taken fully into public ownership. Promissory Notes
were issued by the Irish State to Anglo Irish Bank and Irish Nationwide Building Society in 2010 to
ensure compliance with regulatory capital requirements. The Promissory Notes were obligations
with a non-standard amortising structure and represented Irish sovereign debt. IBRC subsequently
used the Promissory Notes (combined with other assets) to access exceptional liquidity assistance
(ELA) lending from the Central Bank of Ireland.
47. On February 7th 2013, the Irish Bank Resolution Corporation Act 2013 was passed by
the Parliament of Ireland, the Oireachtas, and signed into law by the President, providing for
the winding up of IBRC under a special liquidation regime. As a result, the Central Bank of
Ireland took ownership of the collateral held against exceptional liquidity assistance lending to IBRC
of €39.45 billion, consisting of Promissory Notes, National Asset Management Agency (NAMA)
bonds and other assets.
48. NAMA, through a newly established special purpose vehicle, acquired the floating
charge over IBRC’s assets from the Central Bank of Ireland, and issued government
guaranteed NAMA bonds to the Central Bank of Ireland in exchange. In addition, a
consequence of the liquidation was the termination of IBRC’s market repo of the 5.4 per cent Irish
2025 bond, which was also acquired by the Central Bank of Ireland. The liquidation resulted in the
Central Bank of Ireland acquiring, on behalf of the Eurosystem, the assets it held as collateral against
standard Eurosystem borrowing by IBRC of €333 million. The excess value of this collateral over the
amount of lending extended to IBRC was returned to the special liquidator. The Central Bank did not
suffer any loss on its lending to IBRC under exceptional assistance lending.
49. The Central Bank of Ireland will sell the bonds as soon as possible providing that
conditions of financial stability permit. The disposal strategy will maintain full compliance with
the prohibition on monetary financing enshrined in the EU's Treaty on the Functioning of the
European Union. The transaction contributes to financial stability by allowing IBRC to be resolved in
a definitive manner, ending its reliance on exceptional liquidity arrangements, and replacing the
related non-standard Promissory Notes with standard government bonds.
IRELAND
INTERNATIONAL MONETARY FUND 15
D. Accounting and Auditing
50. Company law requires listed entities to prepare their group financial statements in
accordance with International Financial Reporting Standards (IFRS) as endorsed by the
European Union. All other entities have the option to adopt either local Generally Accepted
Accounting Principles (GAAP) or IFRS. Accordingly listed Irish licensed credit institutions prepare
their group financial statements in accordance with IFRS. They have the option to adopt local GAAP
or IFRS at the entity level. However please note that, in the main, local GAAP has converged with
IFRS.
51. Company law requires auditors in Ireland (including auditors of Irish licensed credit
institutions) to apply International Standards of Auditing (UK and Ireland) as issued by the
FRC. These standards are based on the International Standards on Auditing as issued by the
International Auditing and Assurance Standards Board (‘IAASB’), supplemented with additional
standards and guidance to address specific UK and Irish legal and regulatory requirements; and
additional guidance that is appropriate in the UK and Irish national legislative, cultural and business
context. In addition auditors are required to comply with Ethical Standards published by the FRC,
professional ethics requirements in legislation and any standards of professional conduct issued by
the auditor’s own Recognized Accountancy Body. Failure to apply these standards may result in
disciplinary actions from the auditor’s applicable oversight bodies.
52. The Irish Auditing and Accounting Supervisory Authority (‘IAASA’) oversees how the
‘Prescribed Accountancy Bodies’ (‘PABs’) exercise supervision of all their members (auditors,
accountants and students), including inspecting audit firms and audit work, as well as
investigation of complaints and disciplining where appropriate. Members of the PABs are
regulated by the PABs themselves subject to the Bye-Laws of the institutions to which they belong.
Thus the PABs are the primary supervisors of members of the Accountancy Bodies with IAASA
having a secondary, less active, ‘oversight’ role. This is a model of State supervised regulation rather
than direct regulation.
E. Payment Systems Framework in Ireland
53. The clearing and settlement of retail payments in Ireland is conducted through two
companies, namely The Irish Retail Electronic Payments Clearing Company Limited (IRECC)
and the Irish Paper Clearing Company Limited (IPCC), each of which constitutes a payment
system for the purposes of Part 11 of the Central Bank Act, 1972. IPCC clears paper payment
instruments, mainly cheques, while IRECC clears retail electronic payment instruments (both debit
and credit). Settlement takes place in TARGET2. IRECC and the IPCC operate under the auspices of
the Irish Payment Services Organization Limited (IPSO), the representative body of the Irish
payments industry. Regular contact is maintained by the Central Bank of Ireland with IPSO and with
each of the two clearing companies in order to promote sound co-operation and communication
IRELAND
16 INTERNATIONAL MONETARY FUND
within the industry generally and to deal with any issues requiring the attention of the Central Bank,
as overseer. The Central Bank is also represented on the Board of IPSO and on the Boards of each of
the clearing companies, primarily in an observer capacity.
54. The Central Bank is directly engaged in the oversight of the domestic retail payments
system. The oversight process involves the regular monitoring of developments and planned
changes in payment systems, assessing them against applicable oversight principles/standards and,
where necessary, fostering change. The focus of the Central Bank is on promoting payment and
settlement systems that are safe and efficient, and that can be assessed on a fair and equitable basis
by all credit institutions with a requirement to do so. As regards the oversight of cross-border
payment and securities settlement systems, the Central Bank is engaged in cooperative oversight
arrangements (mainly pertaining to oversight assessments and the development of oversight
standards).
F. Trade in Irish Securities
55. Trade in Irish securities––Government Bonds, equities and other securities–– are all
settled in infrastructures physically located outside Ireland. Irish Government Bonds are settled
in Euroclear Bank in Belgium while equities and other securities are settled in the Euroclear UK and
Ireland Crest system in the United Kingdom. The Central Bank provides euro settlement services for
securities settled in the CREST system. There are no central counterparties (CCPs), Central Securities
Depositories (CSDs) or Trade Repositories (TRs) located in Ireland.
G. Financial Safety Net (Deposit Insurance)
56. Deposits held with banks, building societies and credit unions authorised in Ireland are
protected by the Deposit Guarantee Scheme (DGS) in the event of a credit institution being
unable to repay deposits. All eligible deposits up to a limit of €100,000 per person per institution
are guaranteed to be repaid by the DGS. DGS protection includes deposits held at branches of
authorised Irish institutions operating in other EU member states. In general the DGS protects
deposits belonging to individuals, small companies, partnerships, clubs, associations, schools etc. It
excludes deposits belonging to large and medium sized companies, public authorities, insurers,
pension funds, collective investment schemes, banks and certain other financial institutions.
57. The DGS is obliged to issue compensation to depositors duly verified as eligible within
20 working days of a credit institution failing. The DGS is administered by the Central Bank of
Ireland and is funded by the credit institutions covered by the scheme. Each credit institution is
required to maintain a Deposit Protection Account (DPA) equivalent to 0.2 per cent of their total
deposits, in order to fund the DGS. The DGS was established under the terms of the European
Communities (Deposit Guarantee Schemes) Regulations, 1995 (S.I. No.168 of 95) and amended by
European Communities (Deposit Guarantee Schemes) (Amendment) Regulations, 2009 (S.I. No. 228
of 2009).
IRELAND
INTERNATIONAL MONETARY FUND 17
H. Exceptional Liquidity Assistance (ELA)
58. One of the functions of the Central Bank, similar to other central banks, is to grant
Exceptional Liquidity Assistance to a credit institution when this is deemed necessary for
financial stability purposes. ELA is one of the ways that the Central Bank of Ireland has responded
to the financial crisis. This is distinct and separate from regular funding operations carried out for
monetary policy implementation purposes through the ECB. The Central Bank Act 1942 provides the
statutory basis for the Bank to provide emergency liquidity assistance. Section 5B(d) provides the
Bank with a general power to lend against security to credit institutions, which may be exercised in
pursuit of the Bank’s financial stability objective provided by Section 6A(2)(a) of the 1942 Act.
59. In recent years the Bank has provided Exceptional Liquidity Assistance (ELA) to the
banking system for financial stability purposes. At end-December 2012, the Bank had extended
ELA of €40 billion (€11.5bn in 2009, €49.5bn in 2010 and €42bn in 2011). In February 2013, on the
liquidation of IBRC, the Bank’s ELA operations ceased.
I. Recovery and Resolution
60. The Central Bank Credit Institution Resolution Act (CBCIR) was enacted in 2011 and
establishes the resolution regime. The Special Resolution Unit (SRU) was established within the
Central Bank to operationalize this legislation. An essential aspect of the legislation is the
requirement for the SRU to be operationally separate from the supervisory areas. The CBCIR does
not apply to institutions covered by the Credit Institutions (Stabilization) Act 2010 (‘CISA’) – this
emergency legislation was introduced during the banking crisis to deal with domestic banks
requiring State support. While this Act remains in place, the CBCIR will not apply to those banks
covered by CISA. CBCIR does apply to credit unions, IFSC licensed banks and foreign owned banks
licensed to operate in the jurisdiction.
61. The CBCIR permits the Central Bank to request recovery plans from institutions. In
addition it confers powers on the Bank to resolve credit institutions where recovery is deemed not
to be likely. Resolution action is taken by the Central Bank under powers vested in the Governor. The
Governor instructs the SRU team to lead any such action on the Bank’s behalf, with support from the
supervisory functions. The CBCIR is relatively new legislation and has not yet been used to resolve
an authorised credit institution in this jurisdiction. The recovery plan aspect of the legislation has yet
to be fully implemented. It should be noted that the Central Bank implementation may be deferred
pending a review of the proposed arrangements under an EU proposed Directive on Crisis
Management and Bank Resolution.
IRELAND
18 INTERNATIONAL MONETARY FUND
SUMMARY OF THE RESULTS
Responsibility, Objectives, Powers, Independence, Accountability and Cooperation (CPs 1-3)
62. The Central Bank is the sole authority responsible for the supervision of the banking
system. The legislation describes the Central Bank objective as “the proper and effective regulation
of financial services and markets.” In addition to safety and soundness of prudential supervision, the
Central Bank is responsible for monitoring bank compliance with consumer protection regulation
and AML/CFT legislation.
63. The Central Bank is vested with discretionary powers to address areas of weaknesses
or non-compliance that are buttressed by a recently enhanced regulatory framework. The
legislative enhancements include the Central Bank Reform Act 2010 and the Central Bank
(Supervision and Enforcement) Act 2013 which strengthen the fit and proper monitoring regime, the
Central Bank information gathering authority and broaden the range of matters subject to
enforcement such as corporate governance, systems and control and minimum competency
requirements. Another significant piece of legislation is the Criminal Justice (Money Laundering and
Terrorist Financing) Act 2010 (CJA2010) that establishes requirements for banks and makes the
Central Bank the competent authority for monitoring compliance.
64. The Central Bank is currently operating below its approved staffing levels. The prompt
staffing of vacancies would enhance the Central Bank ability to conduct its activities.
65. The Central Bank has authority to issue enforceable policies and codes to regulate the
banking system; in addition, it can directly impose license conditions through existing
legislation. For example, the Central Bank has, inter alia, issued a code on related party lending,
placed requirements on banks to address operational risk, established an approval/notification
process for significant acquisitions, and increased requirements on banks to monitor country risk. In
the area of AML/CFT the CJA 2010 is comprehensive but the Central Bank’s position would be
strengthened if statutory guidelines, approved as envisaged by Section 107 of the CJA 2010, were
issued.
66. Although there is no observed interference, certain legal provisions in relation to the
role of the Minister for Finance raise concerns over independence. The Minister for Finance may
remove a member of the Central Bank Commission “if in the Minister’s opinion it is necessary or
desirable to do so to enable the Commission to function effectively.” The legislation does not
establish a concrete definition of conditions that must be met before the Minister may evoke this
option. Other areas of concern include the need to obtain Ministerial approval to increase industry
levies to fund banking supervision. Although the Central Bank is the licensing authority it must seek
Ministerial approval to deny an application for a banking license or to revoke a license.
IRELAND
INTERNATIONAL MONETARY FUND 19
Ownership, Licensing, and Structure (CPs 4-7)
67. The Central Bank grants banking licenses to entities which may have unregulated
corporate parents, domestically and cross-border. As a result, the newly licensed bank operates
under a ring-fence regime from the time it opens due to the lack of supervisory authority by the
Central Bank over the parent. The Central Bank lacks authority to perform fit-and-proper reviews on
management of the unregulated parent and to take enforcement action on parent. Until the
enactment of the Central Bank (Supervision and Enforcement) Act 2013, almost at the time of the
BCP assessment, the Central Bank also lacked authority to require submission by the parent of
information needed for supervision. Options to address the lack of access to parent may include at
time of licensing imposing restrictions on the license and require agreement from parent company
and management to provide the Central Bank the information and to comply with fit-and-proper
requirements.
Methods of Ongoing Supervision (CPs 8-10)
68. The PRISM model is the centerpiece of the supervisory framework which is used to
assign bank risk ratings and allocate supervisory resources and determines supervisory
intensity and frequency. Activities such as onsite reviews and intrusive supervision techniques are
mainly allocated to High Impact banks. The supervisory approach for banks that fall into the two
lower impact categories (Medium-Low and Low) relies heavily on reactive processes. A primary
concern is whether the calibration of PRISM is appropriate. Offsite supervision processes are largely
automated, where there is a reliance on triggers of financial ratios rather than analysis of regulatory
returns. In addition, the quality, frequency and depth of qualitative data to assess risk are limited (as
is onsite activity). In the case of Low Impact banks, no minimum frequency of onsite reviews and
engagement with banks are prescribed by PRISM. A reactive approach to supervision for this cohort
of banks and a reliance on exception reporting does not allow for sufficient opportunity to
accurately identify, assess and mitigate risk in a bank. A build up of risks across a number of lower
impact banks in aggregate could create vulnerabilities in the banking system and, moreover, could
create reputational risk for the Central Bank and a threat to the integrity of banking system. A more
proactive approach would mitigate this risk.
69. Focusing the supervisory process primarily on the impact of a failure will distort the
allocation of resources since the supervisory approach is supposed to be
preventive/corrective to maintain safety and soundness and not on the impact of resolution.
Supervisory activities to identify risk insufficient for banks with an impact rating below High,
particularly the two lower impact ratings. More attention needs to be paid to verification of self-
assessment of compliance with regulations and assessment of risk profile. Setting up the supervisory
scope should focus on bank-specific risks, so even between high risk banks there should be a
difference in activities being performed and greater flexibility in the suite of supervisory activities.
70. The Central Bank employs a mix of off- and on-site supervisory activities. Built into
PRISM is an ongoing monitoring capability that will pick up changes in risk profile through the use
of financial ratios and key risk indicators (KRIs) that, if triggered, will prompt supervisory
IRELAND
20 INTERNATIONAL MONETARY FUND
attention/intervention. KRIs are categorized into five risk areas: capital, liquidity, credit, business
model/strategy and market risk. There are, however, no KRIs for and interest rate risk in the banking
book and only a single indicator for market risk. The KRIs form a key feature of exception reporting
framework designed for lower impact rated banks where analysis of regulatory returns is automated.
The KRIs should be expanded to ensure all material risks are monitored to detect changes in risk
profile.
Corrective and Sanctioning Powers of Supervisors (CP 11)
71. The Central Bank is equipped with sufficient discretionary enforcement powers to
address areas of weaknesses in banks or their non-compliance with applicable laws,
regulations or supervisory instructions. The Central Bank (Supervision and Enforcement) Act 2013
provides the Central Bank with expanded authority to require preventive and corrective action over
a broad range of activities.
72. A well designed enforcement process is in place and it is linked to PRISM to ensure
supervisory action is initiated promptly when a situation is identified. A risk mitigation program
(RMP) is utilized when the Central Bank identifies an issue that the bank must remediate. The RMP
sets out the basis of the issue, the prescribed action, the required outcome and sets the timeline to
achieve correction.
73. The Central Bank follows an Administrative Sanctions Procedure (ASP) when bringing
possible enforcement action. The Central Bank may issue a supervisory warning and the ASP
permits the Central Bank to enter into settlements with firms and persons concerned in the
management of the firm and following an Inquiry to impose a range of sanctions, from a caution or
reprimand to fines and the disqualification of individuals from being concerned in the management
of a regulated financial service provider.
Consolidated and Cross-Border Banking Supervision (CPs 12- 13)
74. The Central Bank applies prudential standards on a group wide basis where it is
responsible for consolidated supervision. The Central Bank undertakes supervisory activities to
understand the overall structure of the banking group for which it is ultimately responsible and
supervises and monitors material activities, including nonbanking activities conducted by entities in
the wider group, both domestic and cross-border. The Central Bank collects and analyses financial
and other information which it considers adequate to ensure effective consolidated supervision of
banking groups. The central bank takes action when risks arising from the banking group and other
entities in the wider group are identified as potentially jeopardizing the safety and soundness of the
bank and banking group. Home-Host relationships are working well particularly supervisory
colleges.
Corporate Governance (CP 14)
IRELAND
INTERNATIONAL MONETARY FUND 21
75. The Central Bank has issued a Corporate Governance Code which goes beyond the
minimum requirements of the CRD and sets out the corporate governance obligations which
must be adhered to by all financial institutions. The Code provides detailed guidance across a
number of elements of corporate governance such as the role of the Board, role of senior
management and requirement for an annual compliance statement. The Central Bank also has
extensive powers as regards the fitness and probity of the directors and holders of certain senior
management positions.
Prudential Requirements, Regulatory Framework, Accounting and Disclosure (CPs 15-29)
76. Supervisors evaluate the adequacy of risk management strategies, policies, processes
and limits established by a bank through periodic risk assessments and engagement with
bank senior personnel. For onsite risk reviews, the Central Bank has dedicated Credit, Treasury, Risk
Analytics (Quantitative Models Unit & Portfolio Analytics and Stress testing Unit) and Business
Model Analytics teams which analyze credit institution’s risk management processes. These teams
are also used in assessing offsite reporting by banks. Under the Central Bank’s risk-based approach
to supervision, the level of monitoring and frequency of analysis performed by the specialist teams
varies according to the size, scale and complexity of the institution according to its PRISM impact
rating. For the highest impact banks, frequency of these engagements is on-going and actions are
updated in the risk mitigation programs within PRISM which is an effective system for tracking the
status of issues and remediation. Where onsite activities are not performed, unless an event occurs,
considerable reliance is placed on self assessments to make ongoing assessments of risk
management. The range of qualitative and quantitative information to assess the status of risk
management such as business continuity was not sufficient to reliably monitor the robustness of
arrangements on an ongoing basis.
77. To assess asset soundness and credit risk management, resources are heavily weighted
towards the High Impact banks which are the banks of greatest systemic importance and the
largest exposure to credit risk. Routine supervisory activities for High Impact banks provide the
supervisor with a variety of inputs to assess credit risk management processes against changes in
market and macroeconomic conditions. Analysis of regulatory data and enhanced reporting
requirements enable the supervisor to detect changes in risk profile on an ongoing basis. Equally,
for High Impact banks, the routine supervisory activities are adequate to make an assessment of the
Board’s involvement in developing and regularly approving the credit risk management strategy and
significant policies and processes. It was evidenced that supervisors are going beyond routine tasks
and minimum activities prescribed by PRISM.
78. Where an onsite review of loans files is performed, the supervisor (with the assistance
of credit risk specialists) has the opportunity to assess whether senior management has
implemented the credit risk strategy approved by the Board and whether underwriting
practices are consistent with policy and prudent for market conditions and the economic
environment. The frequency and depth of onsite credit risk reviews for lower risk institutions and
the allocation of credit risk specialists to assist in the assessment process could be enhanced to form
an accurate and timely assessment of the credit risk environment. For the banks assigned PRISM
IRELAND
22 INTERNATIONAL MONETARY FUND
Impact ratings of below High (especially Medium Low and Low), the variance analysis might not
necessarily provide insight into the application of credit risk management processes until after risks
have begun to crystallize resulting in breaching Central Bank triggers for supervisory attention.
79. The Central Bank has updated and expanded its guidance regarding provisioning and
valuation practices and performed more frequent and in-depth onsite assessments. Over the
course of the last several years, the Central Bank has allocated considerable resources in an effort to
encourage prudent provisioning practices with a significant focus on the covered banks. The update
guidance by the Central Bank goes beyond that of other authorities in the region where IFRS is
applied. The banking sector has also been subject to various externally led balance sheet exercises.
There are a number of examples demonstrating the impact of the various activities in increasing the
conservatism of banks’ loan loss provisioning practices.
80. Supervisory activities should place greater reliance on onsite verification of bank
processes, particularly in terms of: assessing processes for the early identification of problem
assets; application of prudent valuations for collateral; and, testing assumptions that feed
into provisioning models. There was evidence to suggest this process had commenced with the
covered banks but was yet to be extended across the sector (with due regard to proportionality).
Greater frequency and depth of analysis though onsite reviews will allow the supervisor an ability to
more accurately verify bank provisioning practices by loan sampling and testing of assumptions to
ensure they remain consistent with actual experience and are adjusted in a timely fashion to reflect
changes in market conditions and the economy. Through this process, the supervisor will be better
able to deem whether provisions are adequate for prudential purposes.
81. In 2010 the Central Bank issued a Code of Practice on Lending to Related Parties. The
code establishes requirements for transactions with affiliates to be at arms’ length and has a broad
definition of related parties. However, only lending transactions are covered by the Code and items
such as asset purchases and deposit terms are excluded.
82. A country risk policy was issued in August 2013 and is in the process of
implementation. The policy is comprehensive and the Central Bank is in the process of developing
monitoring procedures and conducting reviews. One bank examination has been conducted (with
another examination ongoing) to test compliance and another was in-process at time of the BCP
assessment. Monitoring compliance with the policy will require improved reporting by the banks,
incorporation into the PRISM process and reviews of bank compliance. Additionally banks will need
to implement the internal processes to meet the policy requirements.
83. A detailed operational risk policy has been implemented and a number of onsite
reviews conducted. A report to be filed by banks has been implemented and the first reports are to
be filed as of September 30, 2013.
84. Anti-Money Laundering legislation was implemented in 2010. The scope of the
legislation is comprehensive and the Central Bank is in the process of implementing its
monitoring and enforcement program. While the Central Bank has a strategy in place to deliver
IRELAND
INTERNATIONAL MONETARY FUND 23
supervisory coverage, elements of this strategy remain to be implemented to accomplish effective
supervision in this area including analysis of data from risk assessments and in-depth inspections to
(a) underpin the publication of the findings from the in-depth inspections, (b) inform sector wide
risk mitigation actions and (c) identify targets for thematic inspections. While the CJA 2010 is
comprehensive the Central Bank’s position would be strengthened if statutory guidelines, approved
as envisaged by Section 107 of the CJA 2010, were issued. In addition, to the onsite inspections
carried out, compliance assessments, in the form of risk assessment questionnaires have been
carried out on 21banks.
A. Summary Compliance with the Basel Core Principles
Core Principle Grade Comments
1. Responsibilities, objectives and powers C
The CBI is the primary regulator of the Irish financial
system. Its objectives include proper and effective
regulation of financial institutions and markets,
while ensuring that consumers of financial services
are protected.
2. Independence, accountability, resourcing
and legal protection for supervisors
MNC Although there is no observed interference, the
legislation provides for the approval of the Minister
for Finance for: setting the levy structure to fund
supervision, denying a license application,
involuntary revocation of a banking license.
The CBI is the licensing authority but must receive
Minister for Finance consent to deny a license
application or revoke a license approved based on
false information.
The Minister may remove Commission members for
specified reasons which are broad in nature and
interpretation. The Secretary General of the
Department of Finance sits on the CBI Commission
in an ex-officio capacity.
3. Cooperation and collaboration C The CBI is responsible for the regulation of financial
service providers and markets in Ireland, and
ensuring financial stability.
4. Permissible activities C No additional comments.
5. Licensing criteria C The CBI issues licenses to banks owned by
unregulated entities. These banks are ring-fenced
since the CBI lacks authority to perform fit and
proper reviews on senior management in the
unregulated parent, or take enforcement action
against the unregulated parent.
6. Transfer of significant ownership C No additional comments.
7. Major acquisitions LC Requirement for major acquisition reviews was
implemented in August 2013. Too early for a record
of compliance and enforcement to be reviewed.
IRELAND
24 INTERNATIONAL MONETARY FUND
Core Principle Grade Comments
8. Supervisory approach C The CBI employs a mix of off- and on-site
supervisory activities. The PRISM model is the
centerpiece of the supervisory framework which is
used to assign bank risk ratings and allocate
supervisory resources and determines supervisory
intensity and frequency of supervisory activities.
9. Supervisory techniques and tools MNC A primary concern is whether the calibration of
PRISM is appropriate for the mix of onsite and
offsite supervision for Medium Low and Low Impact
banks. Analysis of regulatory returns should be
strengthened as well as greater focus on testing and
sampling of risk management processes.
10. Supervisory reporting C No additional comments.
11. Corrective and sanctioning powers of
supervisors
C
The CBI has an adequate range of supervisory tools
to bring about timely corrective actions. Its
enforcement powers were recently enhanced by the
introduction of the Central Bank (Supervision and
Enforcement) Act 2013. This gives the Central Bank
greater information gathering powers and also
provides for new sanctions and increased monetary
penalties under the Administrative Sanctions
Procedure.
12. Consolidated supervision C
The CBI undertakes supervisory activities to
understand the overall structure of the banking
group for which it is ultimately responsible and
supervises and monitors material activities
(including nonbanking activities conducted by
entities in the wider group, both domestic and
cross-border.
13. Home-host relationships C
14. Corporate governance LC
For those banks assigned a rating of Medium-low
and Low, the range and frequency of supervisory
activities to assess governance is not adequate to
assess the robustness of governance (EC2). Does not
appear to be an adequate level of attention to a
board’s stewardship and understanding of risk and
corporate governance (EC8).
15. Risk management process LC
The range of qualitative and quantitative
information to assess the status of business
continuity was not sufficient to reliably monitor the
robustness of arrangements on an ongoing basis
(EC12).
The frequency of onsite testing and verification of
model validation results needs to be enhanced
IRELAND
INTERNATIONAL MONETARY FUND 25
Core Principle Grade Comments
(EC6).
16. Capital adequacy C
No additional comments.
17. Credit risk LC
The frequency and depth of onsite credit risk
reviews for lower risk institutions and the allocation
of credit risk specialists to perform file reviews is not
sufficient to maintain an accurate assessment of
credit risk for these credit institutions (EC3). For the
banks assigned PRISM Impact ratings of Medium
Low and Low, the variance analysis might not
necessarily provide insight into the application of
credit risk management processes until after risks
have begun to crystallize resulting in breaching
Central Bank triggers for supervisory attention (EC1).
18. Problem assets, provisions, and reserves LC
Greater frequency and depth of onsite reviews of
loan loss provisioning practices (e.g. testing of
assumptions against experience, recognition of
default, prudent valuations)
19. Concentration risk and large exposure
limits
C
No additional comments.
20. Transactions with related parties MNC
Only credit transactions are covered by the
regulation. Compliance monitoring is mainly offsite
(with some onsite testing) but reports filed by banks
lack information to monitor terms, rates and other
requirements of the RPL Code.
21. Country and transfer risks LC
Requirements issued in August 2013. The CBI has
developed a monitoring process and is conducting
initial reviews to determine compliance.
22. Market risk LC
In terms of onsite examinations of market risk,
coverage by the Treasury Team has been limited,
though proportional based on either the complete
absence or very low level of traded market risk in
most banks supervised. Insufficient testing of
implementation of policies and procedures onsite to
accurately assess the effective implementation of
controls, especially in regard to verify that marked-
to-market positions are prudently valued and
revalued frequently. CBI’s oversight of internal
models on an ongoing basis is inadequate to ensure
models are fit for purpose and calculating capital
accurately (EC4).
IRELAND
26 INTERNATIONAL MONETARY FUND
Core Principle Grade Comments
23. Interest rate risk in the banking book LC
While detailed reviews are conducted by the
treasury team on High Impact banks, treasury team
support is provided to lower impact banks as part of
their Full Risk Assessments. As these are less
frequent they are supplemented by the use of the
quarterly risk dashboards and the twice yearly
meetings with the head of the treasury team at
which the main findings of the reviews conducted
on the High Impact Banks are shared. A less
intensive process is used for lower Impact banks
with a reliance on a self assessment.
24. Liquidity risk C
The Bank requires each credit institution to
establish and maintain a liquidity strategy and
liquidity policy. Central Bank requires each credit
institution to establish a contingency funding plan,
developed by management and approved by the
Board.
25. Operational risk LC
First monitoring reports filed by banks as at
September 30, 2013. Effectiveness of monitoring
and enforcement cannot be assessed at this time.
26. Internal control and audit LC
No requirement in regulations for the Board to take
responsibility for establishing the internal control
environment, although the regulations do require
banks to maintain internal controls. For banks with
an Impact rating below High, the supervisory
activities to assess the effectiveness of the internal
control function will rely upon desk based review of
exception reporting without a sufficient suite of
supporting documentation to make an accurate
assessment of the effectiveness of the control
environment required by EC4 and EC5.
27. Financial reporting and external audit LC
The Central Bank does not have the power to reject
and rescind the external auditor as required by EC6.
Existing legislation does not provide the Central
Bank with the power to influence the scope of the
external audit or establish the standards for such an
audit.
28. Disclosure and transparency C
The Central Bank will ensure that the financial
statements have an auditor’s opinion expressing the
opinion that they give a true and fair view.
29. Abuse of financial services MNC
Branches of foreign banks have not been
incorporated in AML compliance reviews.
Additionally, most reviews of compliance have been
through the review of risk assessment
questionnaires sent to banks with limited onsite
testing. While the CJA 2010 is comprehensive the
IRELAND
INTERNATIONAL MONETARY FUND 27
Core Principle Grade Comments
CBI’s position would be strengthened if statutory
guidelines, approved as envisaged by Section 107 of
the CJA 2010, were issued.
The CBI has not issued specific requirements for
internal audit and/or external experts to
independently evaluate the relevant risk
management policies, processes and controls for
AML.
There is no requirement to appoint a relevant
dedicated officer to whom potential abuses of the
banks’ financial services are reported. The CBI is
planning to issue communications following its
inspections setting out principal findings and its
expectations as to how compliance with the CJA
2010 can be demonstrated.
IRELAND
28 INTERNATIONAL MONETARY FUND
Detailed Assessment
85. To determine the observation of each principle, the assessment has made use of five
categories: compliant; largely compliant, materially noncompliant, noncompliant, and non-
applicable. An assessment of “compliant” is given when all EC and ACs are met without any
significant deficiencies, including instances where the principle has been achieved by other means. A
“largely compliant” assessment is given when there are only minor shortcomings, which do not raise
serious concerns about the authority’s ability to achieve the objective of the principle and there is
clear intent to achieve full compliance with the principle within a prescribed period of time (for
instance, the regulatory framework is agreed but has not yet been fully implemented). A principle is
considered to be “materially noncompliant” in case of severe shortcomings, despite the existence of
formal rules and procedures and there is evidence that supervision has clearly not been effective,
the practical implementation is weak or that the shortcomings are sufficient to raise doubts about
the authority’s ability to achieve compliance. A principle is assessed “noncompliant” if it is not
substantially implemented, several ECs are not complied with, or supervision is manifestly
ineffective. Finally, a category of “non-applicable” is reserved for those cases that the criteria would
not relate the country’s circumstances. In addition, a Principle would be considered not applicable
when, in the view of the assessor, the Principle does not apply given the structural, legal and
institutional features of a country.
86. Table 2 below provides a detailed principle-by-principle assessment of the BCP. The
Table is structured as follows:
? The “description and findings” sections provide information on the legal and regulatory
framework, and evidence of implementation and enforcement.
? The “assessment” sections contain only one line, stating whether the system is “compliant,”
“largely compliant,” “materially non-compliant,” “non-compliant” or “not applicable” as
described before.
? The “comments” sections explain why a particular grading is given. These sections are
judgmental and also reflect the assessment team’s views regarding strengths and areas for
further improvement in each principle.
IRELAND
INTERNATIONAL MONETARY FUND 29
A. Detailed Assessment of Compliance with the Basel Core Principles
Supervisory Powers, Responsibilities and Functions
Principle 1 Responsibilities, objectives and powers. An effective system of banking supervision has
clear responsibilities and objectives for each authority involved in the supervision of
banks and banking groups.
3
A suitable legal framework for banking supervision is in place
to provide each responsible authority with the necessary legal powers to authorize banks,
conduct ongoing supervision, address compliance with laws and undertake timely
corrective actions to address safety and soundness concerns.
4
Essential criteria
EC1 The responsibilities and objectives of each of the authorities involved in banking
supervision
5
are clearly defined in legislation and publicly disclosed. Where more than one
authority is responsible for supervising the banking system, a credible and publicly
available framework is in place to avoid regulatory and supervisory gaps.
Description and
findings re EC1
The CBI is the single authority responsible for prudential banking supervision. The CBI’s
responsibilities are defined in Section 6 A (2) (b) of the CBI Act as: “the proper and effective
regulation of financial service providers and markets,” and as such are publicly disclosed.
The Central Bank Act 1942 (CBI Act) states that the CBI has the following objectives: the
stability of the financial system overall; the proper and effective regulation of financial
institutions and markets, while ensuring that the best interests of consumers of financial
services are protected; the efficient and effective operation of payment and settlement
systems; the provision of analysis and comment to support national economic policy
development; and, the discharge of such other functions and powers as are conferred on it
by law. The CBI is responsible for licensing and monitoring anti-money laundering
regulation compliance in banks.
EC 2 The primary objective of banking supervision is to promote the safety and soundness of
banks and the banking system. If the banking supervisor is assigned broader
responsibilities, these are subordinate to the primary objective and do not conflict with it.
Description and
findings re EC2
The responsibilities and objectives of the CBI regarding banking supervision are clearly set
out in legislation and are also published in the CBI’s Annual Report and Strategic Plan. The
stated objectives in supervising Credit Institutions are: (i) to foster a stable banking system
and (ii) to provide a degree of protection to depositors with individual credit institutions.
As a central bank the CBI also has broader responsibilities, including inter alia: monetary
policy (as part of the ESCB): financial market operations; payments and settlements; and
other financial services supervision. Banking supervision is not subordinate to any of these
3
In this document, “banking group” includes the holding company, the bank and its offices, subsidiaries,
affiliates and joint ventures, both domestic and foreign. Risks from other entities in the wider group, for
example nonbank (including non-financial) entities, may also be relevant. This group-wide approach to
supervision goes beyond accounting consolidation.
4
The activities of authorising banks, ongoing supervision and corrective actions are elaborated in the
subsequent Principles.
5
Such authority is called “the supervisor” throughout this paper, except where the longer form “the
banking supervisor” has been necessary for clarification.
IRELAND
30 INTERNATIONAL MONETARY FUND
or to the other responsibilities of the CBI. Banking supervision is adequately funded and
represented by a Deputy Governor. The primary function of the Banking Supervision
Divisions is the onsite and off-site supervisions of all Irish licensed credit institutions.
EC3 Laws and regulations provide a framework for the supervisor to set and enforce minimum
prudential standards for banks and banking groups. The supervisor has the power to
increase the prudential requirements for individual banks and banking groups based on
their risk profile
6
and systemic importance.
7
Description and
findings re EC3
Minimum prudential standards are established through primary legislation (e.g. Central
Bank Acts), secondary legislation (e.g. Statutory Instruments (SI) implementing Directives
such as the CRD) or through regulatory requirements issued by the CBI. Regulatory
requirements may be attached as a condition on the license of an individual bank or of all
banks. The CBI, under Section 10 of the CBI Act 1971, issues regulatory requirements. The
CBI also issues “policy” and “Codes” which are enforceable.
The CBI has powers to impose requirements on banks primarily under regulation 70 of SI
661 of 2006, under Section 10 of the CBI Act 1971 and the CBI (Supervision and
Enforcement) Act 2013. The CBI also notifies appropriate authorities (e.g. Irish police) for
possible criminal sanctions where contraventions of the Central Bank Acts are designated
as a criminal offense. The CBI pursues corrective/enforcement action through an
Administrative Sanctions Procedure (ASP). The CBI may require the bank to implement a
risk mitigation program (RMP) to address more routine issues. For more serious issues a
supervisory warning or direction may be issued. Under Part IIIC of the CBI Act 1942, an
inquiry may be held that may lead to the imposition of sanctions/fines.
The CBI has the ability to increase individual prudential requirements for banks. This
includes powers under the Statutory Instruments implementing the CRD (including inter
alia the ability of the supervisor: to impose additional capital requirements; to impose a
specific provisioning methodology; or to reduce risk profile) and powers under the Central
Bank Act 1971 (to increase minimum prudential standards by imposing additional license
requirements on a bank or banking group under Section 10 of the Act). Regulation 70
enables the CBI to require any credit institution “that does not meet the requirements of any
law of the State giving effect to take the necessary actions or steps at an early stage to
address the situation.”
Regulation 70 has been used to impose additional capital requirements in the case of the
banks subject to the Central Bank’s Prudential Capital Assessment Review (PCAR), most
recently in March 2011 and to re-issue a RMP to an institution that did not
comprehensively address the program in the first instance.
The CBI has imposed additional prudential requirements on individual banks, such as
limiting deposit-taking activities (i.e. no deposits of less than €500,000). In addition, the
CBI’s liquidity requirements, as set out in the “Requirements for the Management of
Liquidity Risk,” were imposed as an additional license requirement on all banks.
6
In this document, “risk profile” refers to the nature and scale of the risk exposures undertaken by a bank.
7
In this document, “systemic importance” is determined by the size, interconnectedness, substitutability, global or
cross-jurisdictional activity (if any), and complexity of the bank, as set out in the BCBS paper on Global systemically
important banks: assessment methodology and the additional loss absorbency requirement, November 2011.
IRELAND
INTERNATIONAL MONETARY FUND 31
EC4 Banking laws, regulations and prudential standards are updated as necessary to ensure that
they remain effective and relevant to changing industry and regulatory practices. These are
subject to public consultation, as appropriate.
Description and
findings re EC4
Banking laws in the EU are continuously updated and generally implemented at European
level by way of Directives. Irish laws are also updated as necessary and EU directives must
be transposed into national law by EU Member States. Member States may choose the
transposition methodology but are subject to review for completeness. As a result, banking
laws are generally developed at EU level and consulted on a trans-European level (e.g. by
the EU Commission) as Directives are developed and passed. As such, they are updated as
necessary in a European context. For example, the Basel Committee for Banking
Supervision (BCBS) Basel II text was implemented via the CRD in the EU. This directive
updated the previously implemented Codified Banking Directive and consolidated banking
capital and prudential requirements. Since 2010 there have been significant revisions to CBI
legislation, including enhancements to enforcement authority in 2013.
EC5 The supervisor has the power to:
(a) have full access to banks’ and banking groups’ Boards, management, staff and
records in order to review compliance with internal rules and limits as well as external
laws and regulations;
(b) review the overall activities of a banking group, both domestic and cross-border; and
(c) Supervise the activities of foreign banks incorporated in its jurisdiction.
Description and
findings re EC5
Section 17A and section 18 of the Central Bank Act 1971 give powers to the CBI to inspect
the books, records and provides access to the management and boards of banks.
The primary legislative powers apply at a consolidated, sub-consolidated or solo level. This
means that authorized CBI officers can inspect the books and records of group
consolidated entities or subsidiaries of foreign-owned banks. The legal provisions are
detailed in S.I. 475 of 2009, in that it sets out when consolidated supervision is applicable.
Part 3 of the CBI (Supervision and Enforcement) Act 2013 has extensive authorized officer
powers and general information gathering powers to “associated enterprises” when the CBI
is the consolidated supervisor. Part 3 of the Act also provides powers, which can be used
outside the State and in relation to “related undertakings” of a regulated financial service
provider.
Supervisory authority extends to all banks operating in Ireland regardless of home country.
EC6 When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is
or is likely to be engaging in unsafe or unsound practices or actions that have the potential
to jeopardize the bank or the banking system, the supervisor has the power to:
(a) take (and/or require a bank to take) timely corrective action;
(b) impose a range of sanctions;
(c) revoke the bank’s license; and
(d) cooperate and collaborate with relevant authorities to achieve an orderly resolution
of the bank, including triggering resolution where appropriate.
Description and
findings re EC6
The CBI may require under regulation 70 of S.I. 661 that, when it has determined that a
bank does not meet the requirements of the CRD, that bank must take the necessary
actions or steps at an early stage to address the situation.
IRELAND
32 INTERNATIONAL MONETARY FUND
(a) As well as enforcement capability (including ASP actions), the measures available to
the CBI under the CRD include the following:
(i) obliging credit institutions to hold own funds in excess of the minimum
level set out in the CRD;
(ii) requiring the reinforcement of the arrangements, processes,
mechanisms and strategies implemented to comply with the CRD
(namely the systems and processes of internal control);
(iii) requiring credit institutions to apply a specific provisioning policy or
treatment of assets, in terms of own funds requirements;
(iv) restricting or limiting the business, operations or network of credit
institutions; and
(v) requiring the reduction of the risk inherent in the activities, products and
systems of credit institutions.
(i) The CBI may, with the consent of the Minister, revoke a license.
(b) Section 45 of the Central Bank (Supervision and Enforcement) Act 2013 provides the
authority of the CBI to issue “directions” requiring the bank to effect corrective
action. A CBI direction may require the bank to dispose of assets, suspend a certain
activity for a period not to exceed 12 months, raise capital, make changes to internal
systems and controls and address violations of law.
(c) The Credit Institutions (Resolution) Act 2011 (CBCIR) establishes the process to deal
with resolution of failed or failing banks. The CBI must apply to court before
resolving a bank. The liquidation is governed by company law and the liquidator is
appointed by the CBI. The CBI and the Minister for Finance are represented on the
liquidation committee.
EC7 The supervisor has the power to review the activities of parent companies and of
companies affiliated with parent companies to determine their impact on the safety and
soundness of the bank and the banking group.
Description and
findings re EC7
The CBI supervises ”Home” banks on a consolidated basis (including all bank and nonbank
subsidiaries), up to and including financial holding companies, and the prudential and
regulatory requirements are imposed at financial holding company or parental level under
the CRD. S.I. 475 of 2009 deals with the ability to review the activities of parent companies
to determine the safety and soundness of the bank concerned, and the overall banking
group.
Foreign-owned subsidiaries are subject to solo supervision, in that they are required to
comply with minimum prudential requirements on a subsidiary basis. EU banking groups
are also subject to home-host cooperation and supervision. Consolidated supervision takes
account of all group companies (including unregulated subsidiaries) and all regulated
entities must comply with the minimum regulatory requirements on a solo basis. Discretion
from this requirement is only available where the subsidiaries are unregulated. For
unregulated parents, the CBI monitors the financial condition through information
obtained from the Irish operation and publicly available financial statements and applies fit
and proper requirements to controlling owners but not to senior management when the
licensing application is reviewed. Additionally, the Irish operation is ring-fenced from the
unregulated parent.
IRELAND
INTERNATIONAL MONETARY FUND 33
S.I. 475 of 2009 deals with the ability to review the activities of parent companies to
determine the safety and soundness of the bank concerned and the overall banking group.
S.I. 475 of 2009 transposes the relevant parts of the CRD in this regard. Furthermore, the
CBI (Supervision and Enforcement) Act 2013 enhances the CBI’s powers in relation to
getting information (general information-gathering power and authorized officer powers)
not just from banks themselves but also from “related persons.” These powers can be
exercised outside the State (subject to appropriate liaison with the appropriate authorities
in the relevant jurisdiction). Also, section 18 of the CBI Act 1971 can be exercised against an
“associated company” or “related body.”
In terms of consolidated position, Regulation 15(a) of S.I. 661 of 2006 provides that parent
credit institutions in the State shall comply with the CRD on the basis of their consolidated
financial situation.
Assessment of
Principle 1
Compliant
Comments
Principle 2 Independence, accountability, resourcing and legal protection for supervisors. The
supervisor possesses operational independence, transparent processes, sound governance,
budgetary processes that do not undermine autonomy and adequate resources, and is
accountable for the discharge of its duties and use of its resources. The legal framework for
banking supervision includes legal protection for the supervisor.
Essential criteria
EC1 The operational independence, accountability and governance of the supervisor are
prescribed in legislation and publicly disclosed. There is no government or industry
interference that compromises the operational independence of the supervisor. The
supervisor has full discretion to take any supervisory actions or decisions on banks and
banking groups under its supervision.
Description and
findings re EC1
The CBI is an independent statutory body that must act in accordance with the Treaty on
the Functioning of the European Union and the ESCB Statute and within the confines of the
statutory regime of Irish financial services law (primarily the Central Bank Act 1942 and the
designated enactments and statutory instruments listed in Schedule 2 of that Act). The CBI
has full regulatory and supervisory powers to supervise the banking system and take
enforcement action without consultation or interference. However, as set out below, there
are situations where the CBI is required to consult with, or in specific circumstances receive
approval from, the Minister for Finance e.g. involuntary revocation of license, application of
levies, and denial of a license application. In relation to industry interference, while the CBI
consults with industry participants or industry representative bodies, such participants do
not have any legislative basis upon which to interfere in the decision-making process of the
Central Bank.
The Governor/Deputy Governor and senior Central Bank Management appear before the
Joint Oireachtas Committee on the performance and discharge of its duties.
The process for the appointment and dismissal of the Governor and Commission of the CBI
is set out in the CBI Act 1942. However, the internal governance structures are not set out
in legislation and are determined by the CBI itself. The Governance Structures of the CBI are
explained in public documents.
The framework by which the CBI establishes and enforces minimum prudential standards
IRELAND
34 INTERNATIONAL MONETARY FUND
for banks is set down in legislation and regulations which are updated when required.
Where deemed necessary, the CBI has the power to take action against a bank, including
imposing financial penalties and ultimately revoking a banking license (the latter can only
be done with the consent of the Minister for Finance). The CBI's decisions can be appealed
to the Irish Financial Services Appeals Tribunal and can also be judicially reviewed.
The CBI must also prepare and submit to the Minister for Finance a strategic plan every
three years which is also laid before the Houses of the Oireachtas (section 32B of the
Central Bank Act 1942).
The CBI is required to prepare a statement relating to the CBI’s performance in regulating
financial services under chapter 2A Article 32L of the Central Bank Act 1942 (inserted by the
Central Bank Reform Act 2010).
EC2 The process for the appointment and removal of the head(s) of the supervisory authority
and members of its governing body is transparent. The head(s) of the supervisory authority
is (are) appointed for a minimum term and is removed from office during his/her term only
for reasons specified in law or if (s)he is not physically or mentally capable of carrying out
the role or has been found guilty of misconduct. The reason(s) for removal is publicly
disclosed.
Description and
findings re EC2
The appointment of the Central Bank Commission (Board), Governor and Deputy Governors
(which include the Deputy Governor for Financial Regulation) are transparent and set out in
the Central Bank Act 1942. This Act also stipulates the circumstances in which the above
can be removed.
Commission Member:
In relation to the appointment of Commission members:
(1) The Commission comprises-
(a) the persons for the time being holding or performing the duties of the
following offices:
(i) Governor;
(ii) Head of Central Banking;
(iii) Head of Financial Regulation;
(iv) Secretary General of the Department of Finance, and
(b) at least 6, but no more than 8, other members appointed by the
Minister.
Section 24B of the Central Bank Act 1942 limits a Commission member to holding the
position for a period of 5 years unless he or she previously ceases to hold that office in
accordance with a provision of this Part. May be renewed once.
Section 25 of the Central Bank Act 1942 provides that the Minister may remove an
appointed member of the Commission from office:
(a) for proven misconduct or incompetence, or
(b) if in the Minister’s opinion it is necessary or desirable to do so to enable the Commission
to function effectively.
Governor
Section 19 of the Central Bank Act 1942 states:
IRELAND
INTERNATIONAL MONETARY FUND 35
The Governor shall be appointed by the President on the advice of the Government. A
person appointed as Governor holds office for 7 years from the date of the person’s
appointment. The President, on the advice of the Government, may appoint a person
holding office as Governor for a further period of seven years to take effect at the end of
the person’s current period of appointment.
Section 21 of the Central Bank Act 1942 states:
(1) The President may, on the advice of the Government, remove the Governor from office
on the ground that the Governor has, because of ill-health, become permanently
incapacitated from carrying out the responsibilities of Governor.
(2) The President may, on the advice of the Government, remove the Governor from office
on one or more specified grounds of serious misconduct.
The current Governor is a number of years into his 7 year contract while the previous
Governor served longer than the 7 year term. The current Governor is the first not to come
from the Secretary General position at The Department of Finance. The recently appointed
Deputy Governor for Financial Regulation and the prior one were from other member EU
states.
EC3 The supervisor publishes its objectives and is accountable through a transparent framework
for the discharge of its duties in relation to those objectives.
8
Description and
findings re EC3
The CBI annually publishes its objectives and the extent of achievement of those objectives.
The CBI must also prepare and submit to the Minister for Finance a strategic plan every
three years. This plan is also laid before the Houses of the Oireachtas (section 32B of the
Central Bank Act 1942).
The CBI is required to prepare a statement relating to the CBI’s performance in regulating
financial services under chapter 2A Article 32L of the Central Bank Act 1942 (inserted by the
Central Bank Reform Act 2010).
Within one month after receiving a performance statement from the CBI, the Minister will
lay it before each House of the Oireachtas.
The Governor or a Head of Function may be requested by a Committee of the Oireachtas to-
(a) attend before the Committee, and
(b) provide that Committee with information relating to the Bank’s
performance statement, the Governor or Head of Function shall-
(i) appear before the Committee, and
(ii) subject to section 33AK(1A), provide the Committee with such
information relating to the performance statement as the
Committee requires.
The CBI published its Annual Performance Statement on its financial regulatory activities for
2012 in April 2013. The Governor/Deputy Governor and senior management have appeared
before the Joint Oireachtas Committee on the performance and discharge of their duties.
EC4 The supervisor has effective internal governance and communication processes that enable
8
Please refer to Principle 1, Essential Criterion 1.
IRELAND
36 INTERNATIONAL MONETARY FUND
supervisory decisions to be taken at a level appropriate to the significance of the issue and
timely decisions to be taken in the case of an emergency. The governing body is structured
to avoid any real or perceived conflicts of interest.
Description and
findings re EC4
The governance of the CBI is structured to ensure that decisions are taken at the
appropriate level and in a timely manner. This is reflected in a number of ways:
The Commission has approved a ‘delegation of powers’ framework together with an
extensive assignment of responsibilities pursuant to section 32A of the Central Bank Act
1942. This framework clearly sets out the decisions that are permitted to be taken by
specified staff, thus ensuring that decisions are taken at the appropriate level. In addition,
the delegation of power should allow for timelier decision-making.
In terms of the decision-making process, two significant committees have been established
by the Central Bank: the Policy Committee and the Supervisory Risk Committee.
The CBI Act 1942 sets out requirements in relation to avoiding conflicts of interest for
specific positions: Commission member (Section 24), Governor (Section 19 & 20), Deputy
Governor (Section 23).
Conflict of Interest
All staff of the Central Bank of Ireland is subject to the Staff Code of Ethics and Behavior
and the Employee Trading Rules. The code of ethics requires that staff do not put
themselves in the position that might give rise to an actual or apparent conflict between
the discharge of their official duties and their personal, financial or other interests. In
addition the code requires that staff, in particular senior officers, should not be active
members of any political party or organization.
The employee trading rules requires staff to abstain from being a party to any economic or
financial transactions that may hinder their independence and impartiality and should
avoid any situation liable to give rise to a conflict of interest. The purpose of the trading
rules is to:
? Maintain standards of conduct within the Central Bank at the highest level of
integrity; and
? Avoid any potential insinuation of insider trading, conflict of interest or other
abuses of confidential information.
EC5 The supervisor and its staff have credibility based on their professionalism and integrity.
There are rules on how to avoid conflicts of interest and on the appropriate use of
information obtained through work, with sanctions in place if these are not followed.
Description and
findings re EC5
The CBI staff is qualified with both supervisory and industry experience. Since the onset of
the financial crisis the CBI has significantly increased its specialist-staff complement in the
areas of risk analytics, credit and treasury.
The CBI ensures that conflict of interest issues do not arise through a number of means
including legislation and internal codes.
In addition to the legislative requirements detailed in EC 4, all staff of the CBI is subject to
the Staff Code of Ethics and Behavior and the Employee Trading Rules. The code of ethics
requires that staff do not put themselves in the position that might give rise to an actual or
apparent conflict between the discharge of their official duties and their personal, financial
or other interests. In addition the code requires that staff, in particular senior officers,
should not be active members of any political party or organization.
IRELAND
INTERNATIONAL MONETARY FUND 37
The employee trading rules requires staff to abstain from being a party to any economic or
financial transactions that may hinder their independence and impartiality and should
avoid any situation liable to give rise to a conflict of interest.
Staff is also required to disclose any shareholdings that they have to ensure transparency
and highlight potential conflicts of interest.
The CBI takes steps to ensure that information which it has provided and which it receives
remains confidential. Staff is required by legislation (the Central Bank Act, 1942 section
33AK) to preserve the confidentiality of information. In addition, internal information
security policies are in place within the Central Bank.
Discussions with industry by the mission disclosed the consensus that CBI staff is
professional, that the CBI has increased its skills base and adds value through the
supervisory process.
EC6 The supervisor has adequate resources for the conduct of effective supervision and
oversight. It is financed in a manner that does not undermine its autonomy or operational
independence. This includes:
(a) a budget that provides for staff in sufficient numbers and with skills commensurate
with the risk profile and systemic importance of the banks and banking groups
supervised;
(b) salary scales that allow it to attract and retain qualified staff;
(c) the ability to commission external experts with the necessary professional skills and
independence, and subject to necessary confidentiality restrictions to conduct
supervisory tasks;
(d) a budget and program for the regular training of staff;
(e) a technology budget sufficient to equip its staff with the tools needed to supervise
the banking industry and assess individual banks and banking groups; and
(f) a travel budget that allows appropriate on-site work, effective cross-border
cooperation and participation in domestic and international meetings of significant
relevance (e.g., supervisory colleges).
Description and
findings re EC6
The CBI applies levies on the banks to fund its regulatory duties/activities. The amount of
the levy must be approved by the Minister. The ability to charge these levies is set out in
the CBI Act 1942. These supervisory activities include both supervisory staff costs and non-
staff costs such as external experts, training etc. The CBI considers that the Banking
Supervision Divisions are adequately resourced to perform their supervisory functions.
The Staffing
(a) The CBI constantly evaluates both the level of staff and the skillsets of these staff to
ensure that the requisite level of resources is available to carry out its duties.
(b) As a Public Sector entity the CBI cannot offer the same level of remuneration and
benefits as is available in the private sector. However, as the CBI operates within a
hierarchical grading structure it has flexibility in relation to the entry point of new
staff within this structure, and therefore has some ability to compete with the private
IRELAND
38 INTERNATIONAL MONETARY FUND
sector. In addition, greater certainty of tenure than the private sector and a defined
benefit pension scheme are tools that can be used to attract staff.
(c) The CBI can, where required, commission external experts to conduct supervisory
tasks. Under the Central Bank (Supervisory and Enforcement) Act 2013 the cost of
these external experts can be applied directly to the banks. The Central Bank
(Supervision and Enforcement) Act 2013 provides extensive new powers in relation
to third-party skilled persons reports (Part 2) and enables the CBI to appoint non-
employees as authorized officers who will be able to use the extensive new
authorized officer powers under this act.
(d) The CBI as an organization has a significant training budget which staff in Banking
Supervision can avail of. In addition, Banking Supervision has its own training budget
which is utilized for specific supervisory training identified as part of its Training
Needs Analysis. Banking Supervision has a training policy and curriculum which set
out Banking Supervision management’s commitment to training, an individual’s
personal responsibility for training, sources of training available and the core
curriculum. This curriculum is kept under ongoing assessment, as are the providers
of such training. Each member of the banking divisions are required to undertake
the core curriculum and can then build on this with more advanced/specialized
training to suit their own personal learning needs and the requirements of their role.
(e) The CBI operates a centralized technology budget. Divisions that wish to implement
new technology projects present a business case to senior management for
assessment.
(f) Banking Supervision has a significant travel budget which facilitates staff
undertaking travel that is relevant to their roles.
Staffing
Category 2010 2012
Front line supervisor 66 49
Projects 4 6
Risk specialists – Supervision Support (credit, treasury,
business model, risk model)
26 24
Stress testing 2 5
Divisional Operations (admin, reporting, policy) 15 12
Special resolutions
Grand Total 113 96
Turnover rate
Category 2011 2012
Front line supervisor 4.5% 1.8%
Projects 0.0% 0.0%
Risk specialists (credit, treasury, business model, risk model) 7.7% 16.7%
Stress testing 0.0% 12.5%
Support (admin, reporting, policy) 13.3% 0.0%
Special resolutions 0.0% 0.0%
IRELAND
INTERNATIONAL MONETARY FUND 39
Grand Total 6.2% 5.6%
There has been a doubling of banking supervision resources since the beginning of the
current financial crisis (i.e. July 2007) with a consequential increase in levies to reflect this.
EC7 As part of their annual resource planning exercise, supervisors regularly take stock of
existing skills and projected requirements over the short- and medium-term, taking into
account relevant emerging supervisory practices. Supervisors review and implement
measures to bridge any gaps in numbers and/or skill-sets identified.
Description and
findings re EC7
Banking Supervision Division management undertakes regular Training Needs Analysis. The
purpose of this exercise is to identify any gaps/weaknesses in the current complement of
staff and to identify future gaps based on the supervisory strategy/plan. The results of this
exercise are utilized to devise training plans and highlight recruitment requirements. The
identified gaps are factored into the individual Performance Management and
Development Plans of staff members. In addition, the Central Bank employs the PRISM
system to determine the impact rating of banks, which is then used to determine the
requisite allocation of staff. The actual level of staff is compared to the model allocation on
an ongoing basis.
EC8 In determining supervisory programmes and allocating resources, supervisors take into
account the risk profile and systemic importance of individual banks and banking groups,
and the different mitigation approaches available.
Description and
findings re EC8
PRISM is the framework through which the CBI determines supervisory programs and
allocates resources, taking into account the risk profile and systemic importance of
individual banks and banking groups, and the different mitigation approaches available.
PRISM assigns all supervised firms to one of four possible impact categories based on a
quantitative assessment of the impact of their failure upon (inter-alia) the
economy/financial stability, the taxpayer and the consumer. These impact categories are
High, Medium High, Medium Low and Low.
Supervisory resources are allocated to each firm on the basis of this impact assessment. A
program of minimum supervisory engagement has been developed for each of the four
impact categories. Resource buffers are in place to supervise above the minimum (i.e. to
take account of the fact that some banks pose a higher probability risk than others
notwithstanding that they may have the same impact categorization.
EC9 Laws provide protection to the supervisor and its staff against lawsuits for actions taken
and/or omissions made while discharging their duties in good faith. The supervisor and its
staff are adequately protected against the costs of defending their actions and/or
omissions made while discharging their duties in good faith.
Description and
findings re EC9
The CBI and its employees have statutory protection from being liable in damages for
actions carried out while performing the functions of the CBI provided that they have not
acted in bad faith. While the CBI does not currently have a formal policy in place in relation
to the provision of costs for staff defending their actions the practice to date has been that
the Central Bank does support it staff.
Section 33AJ of the Central Bank Act 1942 states:
(1) This section applies to the following persons:
(a) the Bank;
(b) the Governor;
IRELAND
40 INTERNATIONAL MONETARY FUND
(ba) the Heads of Function;
(bb) the Secretary General of the Department of Finance, in his or her
capacity as an ex-officio member of the Commission;
(bc) the appointed members of the Commission;
(b) the Registrar of Credit Unions;
(c) the Registrar of the Appeals Tribunal;
(d) employees of the Bank;
(e) agents of the Bank.
(1) A person to whom this section applies is not liable for damages for anything
done or omitted in the performance or purported performance or exercise of
any of its functions or powers, unless it is proved that the act or omission was in
bad faith.
In the past 5 years there have been no cases of litigation taken against the Central Bank of
Ireland arising from its supervisory functions, nor has it had to pay any compensation
arising from this role.
Assessment of
Principle 2
Materially Noncompliant
Comments The Minister may remove an appointed member of the Commission from office if, in the
Minister’s opinion, it is necessary or desirable to do so to enable the Commission to
function effectively. To date the Minister has not utilized this power. The CBI has requested
that this legislative provision be repealed, however the Department of Finance his indicated
that it will not be taking any action on the basis of this request.
The CBI can only revoke a banking license (i.e. where revocation is not being sought by the
license holder) with the prior consent of the Minister for Finance.
The CBI may not deny a license application or revoke a license granted based on false
information without the consent of the Minister of Finance.
The Secretary General of the Department of Finance is a member of the CBI commission.
The CBI must seek approval of the Minister to increase levies imposed on the industry
when it considers that current levels are insufficient to properly perform its function.
The CBI staff are held to equivalent civil/public service pay scale and conditions. Banking
Supervision is currently operating with vacancies and turnover in key skilled positions is
high.
The record shows that there has been no evidence of interference by the Minister for
Finance, through the relevant legislative provisions highlighted above, in the operational
independence of the Central Bank. The legal framework should be amended to document
the practice and ensure its continuity as players change.
Although, as a matter of practice, the CBI reimburses staff for legal expenses, this is done
ex-post.
Principle 3 Cooperation and collaboration. Laws, regulations or other arrangements provide a
framework for cooperation and collaboration with relevant domestic authorities and
foreign supervisors. These arrangements reflect the need to protect confidential
IRELAND
INTERNATIONAL MONETARY FUND 41
information.
9
Essential criteria
EC1 Arrangements, formal or informal, are in place for cooperation, including analysis and
sharing of information, and undertaking collaborative work, with all domestic authorities
with responsibility for the safety and soundness of banks, other financial institutions and/or
the stability of the financial system. There is evidence that these arrangements work in
practice, where necessary.
Description and
findings re EC1
The Central Bank is responsible for the supervision of financial service providers and
markets in Ireland in addition to having responsibility for financial stability. Other relevant
domestic authorities include the Garda Síochána (the Irish Police force), Revenue
Commissioners, Director of Corporate Enforcement, Competition Authority and National
Consumer Agency. In addition, liaising is required from time to time with the Department
of Finance and/or Minister for Finance. There is specific provision in European and
domestic legislation, in addition to agreed protocols with some of these agencies, to allow
for cooperation and sharing of confidential information.
There are formal gateways in domestic legislation to both mandatorily report to and share
information with the relevant authorities. There are informal, non-legal arrangements in
place for cooperation and the sharing of information (e.g. Department of Finance, Office of
the Director of Corporate Enforcement (ODCE)).
In 2008 an MoU was agreed between the Central Bank and the Irish Auditing and
Accounting Supervisory Authority (IAASA). IAASA is the regulatory body charged with
responsibility for oversight of the auditing profession in Ireland. It allows, inter alia, for
exchange of relevant information and cooperation in respect of investigation work of either
party.
An MoU between the Central Bank and the Department of Finance has been in place since
2011 in relation to oversight of the banking sector (this in addition to an MoU on Financial
Stability, in place since 2007), and the State supported credit institutions. It sets out the
respective responsibilities of the parties (and recognizes the statutory functions of the
Central Bank), the general principles for cooperation and information exchange, and
confirms in particular that the provisions of Section 33AK of the Central Bank Act 1942 and
of professional secrecy in the CRD apply.
Section 33AK of the Central Bank Act 1942 is the key piece of legislation regarding
coordination and collaboration between the domestic authorities involved in financial
sector regulation. Sections (3) and (5) are the main sections: Subsection (3) – Requires the
Central Bank to report certain matters to the bodies; and Subsection (5) – Enables the
Central Bank to disclose confidential information to relevant parties.
Section 33AK(3)states:
(a) Subject to subsection (1)(b) and paragraph (b), the Bank shall report, as
appropriate, to-
9
Principle 3 is developed further in the Principles dealing with “Consolidated supervision” (12), “Home-host
relationships” (13) and “Abuse of financial services” (29).
IRELAND
42 INTERNATIONAL MONETARY FUND
(i) the Garda Síochána, or
(ii) the Revenue Commissioners, or
(iii) the Director of Corporate Enforcement, or
(iv) the Competition Authority, or
(iva) the National Consumer Agency, or
(v) any other body, whether within the State or otherwise, charged
with the detection or investigation of a criminal offence, or
(vi) any other body charged with the detection or investigation of a
contravention of-
(I) the Companies Acts 1963 to 2001, or
(II) the Competition Act 2002, or in so far as any
commencement order under that Act does not relate to
the repeal of provisions of the Competition Acts 1991
and 1996, which would otherwise be subsisting those
Acts,
any information relevant to that body that leads the Bank to
suspect that-
(A) a criminal offence may have been committed by a
supervised entity, or
(B) a supervised entity may have contravened a provision
of an Act to which subparagraph (vi) relates.
In terms of EU law, Article 47 of the CRD is the most relevant:
Articles 44(1) and 45 shall not preclude the exchange of information within a
Member State, where there are two or more competent authorities in the same
Member State, or between Member States, between competent authorities and
the following:
(a) authorities entrusted with the public duty of supervising other
financial organisations and insurance companies and the authorities
responsible for the supervision of financial markets;
(b) bodies involved in the liquidation and bankruptcy of credit
institutions and in other similar procedures; and
(c) persons responsible for carrying out statutory audits of the accounts
of credit institutions and other financial institutions; in the discharge
of their supervisory functions.
Articles 44(1) and 45 shall not preclude the disclosure to bodies which
administer deposit-guarantee schemes of information necessary to the exercise
of their functions. In both cases, the information received shall be subject to the
conditions of professional secrecy specified in Article 44(1).
In addition, as regards financial crime, the Central Bank must report to the Gardaí and the
Revenue Commissioners any suspicion it forms of a contravention of Irish anti-money
laundering or terrorist financing laws (Criminal Justice (Anti-Money Laundering and
Terrorist) Financing Act 2010.
Given the Central Bank is responsible for the safety and soundness of banks and financial
stability, an internal framework has been established to facilitate cooperation and sharing
of information between the respective areas. Various committee structures have been
established to support the governance arrangements: the Governor’s Committee, the
Senior Leadership Committee, the Financial Stability Committee, the Supervisory Risk
Committee and the Policy Committee. Key supervision staff attends several Committees, i.e.
IRELAND
INTERNATIONAL MONETARY FUND 43
the Directors of Credit Institutions and Insurance Supervision attends both Supervisory Risk
Committee and Policy Committee.
The Supervisory process also formally takes account of financial stability considerations –
for example, the PRISM framework (see CP8) includes an assessment by the Financial
Stability Division of environmental risk (which includes macro-economic risks and sector-
specific risks. There was evidence to suggest that the feedback loop between financial
stability and bank supervision has been strengthened over the last several years.
In terms of the arrangements for environmental risk (which includes macro-economic risks
and sector-specific risks), there are other domestic authorities with which the Central Bank
collaborates and shares information. These authorities have (i) an interest in the overall
stability of the financial system (e.g. Department of Finance), and (ii) responsibility for
monitoring compliance with other relevant legislation (e.g. company law, data protection,
financial crime and fraud).
Evidence suggested that these arrangements worked in practice:
- Consultation on formal supervisory decisions (e.g. bank license applications,
material M&A activity requiring supervisory approval, responding to formal
Department of Finance Consultations with the Central Bank Governor). The PRISM
framework requires the assessment of Environmental Risk (with subcategories of
Macroeconomic and Sector Specific Environmental Risk). Ratings and rationales on
these are agreed centrally between Financial Stability, Risk division and supervisory
divisions. These assessments are available to supervisors to import (see CP8) and
amend as necessary.
- Reporting breaches of certain regulatory requirements to the Gardaí.
- Reporting suspicions of unlawful conduct, financial crime, and or fraud to the
Gardaí Síochána, Revenue Commissioners, ODCE as appropriate
- Formal consultations with the Minister for Finance where he intends to exercise his
powers in relation to the banking system (e.g. Direction/Transfer Orders provided
for in the CISA 2010).
- Quarterly reporting to the Minister on banks’ compliance with the Credit
Institutions (Financial Support) Scheme 2008.
EC2 Arrangements, formal or informal, are in place for cooperation, including analysis and
sharing of information, and undertaking collaborative work, with relevant foreign
supervisors of banks and banking groups. There is evidence that these arrangements work
in practice, where necessary.
Description and
findings re EC2
The Central Bank is responsible for supervision of banks which are at the head of, or part
of, banking groups which involve foreign supervisory authorities, located both within and
outside the EU. As both a Home and Host supervisory authority, the Central Bank co-
operates and shares relevant information on an ongoing basis with other foreign
supervisory authorities.
In the context of cooperation and sharing of confidential information with foreign
IRELAND
44 INTERNATIONAL MONETARY FUND
supervisors (from a banking supervision perspective), there is provision in European and
domestic legislation for cooperation and sharing of confidential information with
supervisors both within and outside the EU. These are supplemented with other non-legal
(informal) arrangements such as MoUs and ‘multilateral cooperation agreements’ made
with other competent authorities. Examples of Bilateral MoUs include: Bahrain, Belgium,
Canada, Denmark, Dubai, Malaysia and U.S. and examples of Multilateral MoUs include: U.S.
(Federal Reserve Board, OCC and FDIC signed in April 2013).
The Central Bank Act, 1942 – Section 33AK(5), make specific provisions for the sharing of
information with foreign supervisors, particularly subsections (d) & (e).
(5) Subject to subsection (1A), the Bank may disclose confidential information-
[…]
(d) to an authority in a jurisdiction other than that of the State duly
authorized to exercise functions similar to any one or more of the
statutory functions of the Bank and which has obligations in
respect of nondisclosure of information similar to the obligations
imposed on the Bank under this section, or
(e) to any institution of the European Community because of the
State’s membership of the Community, or to the European
Central Bank for the purpose of complying with the Rome Treaty
or the ESCB Statute, or
(6) Any person or entity to whom confidential information is provided under
subsection (3)(a) or (5) shall comply with the provisions on professional
secrecy in the Supervisory Directives in holding and dealing with
information provided to them by the Bank.
The relevant EU law is CRD – Articles 44-52 (Exchange of Information and Professional
Secrecy); 131 & 132 (Supervision). Exchange of information and professional secrecy is
contained with Article 44: Member States shall provide that all persons working for or who
have worked for the competent authorities, as well as auditors or experts acting on behalf
of the competent authorities, shall be bound by the obligation of professional secrecy. No
confidential information which they may receive in the course of their duties may be
divulged to any person or authority whatsoever, except in summary or collective form, such
that individual credit institutions cannot be identified, without prejudice to cases covered
by criminal law. Nevertheless, where a credit institution has been declared bankrupt or is
being compulsorily wound up, confidential information which does not concern third
parties involved in attempts to rescue that credit institution may be divulged in civil or
commercial proceedings.
The other relevant Articles include 46 – 52 which sets out the framework for member states
to cooperate in an effort to strengthen the stability, including integrity, of the financial
system, allowing for the exchange of information between the competent authorities and
the authorities or bodies responsible under law for the detection and investigation of
breaches of company law.
By way of a practical example, formal arrangements are in place where the Central Bank
leads supervisory Colleges in respect of the two High Impact banking groups in Ireland.
These Colleges have been in operation for a number of years and comprise both EU and
non-EU supervisors. The relevant EU supervisor concerned is subject to the provisions of
the CRD in addition to a Multilateral Cooperation Agreement being in place, and MOUs
have been agreed with respect to the relevant non-EU supervisors. The minutes from the
IRELAND
INTERNATIONAL MONETARY FUND 45
Colleges showed good levels of cooperation between the attendees conducting a joint risk
assessment of the group, reaching decisions on capital adequacy, and sharing plans on
future supervisory activities.
Joint Risk Assessment Documents (JRADs) have been agreed in both years. These Colleges
have been overseen by EBA observers. There is also ongoing cooperation and exchange of
information between the various supervisors throughout each year.
The Central Bank is a host member of a number of Colleges, both within and outside the
EU (e.g. UK, Italian, German, US and Canadian banking groups). The Central Bank is a
signatory to MOUs and/or Multilateral Cooperation Agreements in respect of participation
at these Colleges and many involve input into JRAD reports, and agreeing capital decisions.
Cooperation is also ongoing with these supervisors. These Colleges also agree the broad
supervisory plans and work focus for the year ahead.
The Central Bank also works very closely with other supervisors throughout the year and
collaborates on supervisory assessment and approvals. For example, supervisors work
together with other regulators on plans by banks to establish new business, transfer some
or all of their business between jurisdictions, repatriate capital/revenue reserves, develop
liquidity/funding arrangements etc. In practice, for lower risk PRISM Impact banks the
engagement with Home supervisors is mainly centered mainly around the formal college
arrangement, whereas for High Impact banks the engagement is considerably more
frequent, less informal and supervisor to supervisor.
EC3 The supervisor may provide confidential information to another domestic authority or
foreign supervisor but must take reasonable steps to determine that any confidential
information so released will be used only for bank-specific or system-wide supervisory
purposes and will be treated as confidential by the receiving party.
Description and
findings re EC3
In the context of sharing confidential information, safeguards are provided for in law as to
the purposes for which shared information may be used – i.e. the professional secrecy
provisions of the CRD (see below), which are given effect in domestic law through Section
33AK(5) – (The nature and type of such engagement is described in EC1 & EC2 above).
In addition to the legal provisions, on a practical basis the provision of confidential
information is done through MOUs with other authorities. These MOUs require, inter alia,
that confidential information shared will only be used in the performance of regulatory and
supervisory functions and subject to any restrictions agreed, and/or must recognize the
professional secrecy obligations under EU and domestic law.
Sections 33AK(5)(d) & (6) of the Central Bank act 1942 provide that any information shared
of a confidential nature must comply with the professional secrecy provisions of the
supervisory directives (e.g. CRD). Directive 2006/48/EC (‘CRD’) provides, inter alia, for
cooperation and sharing of confidential information between competent authorities, both
within and outside of the EU. These provisions are specifically set out in Articles 44 to 52.
Supervisory teams participate in Colleges and exchange confidential information as
required throughout the supervisory period. These exchanges are governed by the above
legal provisions. In addition, MOUs and Multilateral Cooperation Agreements are also in
place which set out clear principles surrounding sharing of confidential information.
EC4 The supervisor receiving confidential information from other supervisors uses the
confidential information for bank-specific or system-wide supervisory purposes only. The
IRELAND
46 INTERNATIONAL MONETARY FUND
supervisor does not disclose confidential information received to third parties without the
permission of the supervisor providing the information and is able to deny any demand
(other than a court order or mandate from a legislative body) for confidential information
in its possession. In the event that the supervisor is legally compelled to disclose
confidential information it has received from another supervisor, the supervisor promptly
notifies the originating supervisor, indicating what information it is compelled to release
and the circumstances surrounding the release. Where consent to passing on confidential
information is not given, the supervisor uses all reasonable means to resist such a demand
or protect the confidentiality of the information.
Description and
findings re EC4
The Central Bank is subject to strict legal requirements in relation to confidentiality of
information. These are set out in domestic law and require that the Central Bank cannot
provide confidential information except in specified circumstances, i.e. with the consent of
the authority that provided the information; where required for criminal proceedings; or
where it is being provided to another supervisory authority subject to the same
professional secrecy laws. Sections 33AK(5)(d) & (6) of the Central Bank act 1942 provide
that any information shared of a confidential nature must comply with the professional
secrecy provisions of the supervisory directives. Articles 44 to 52 of the EU Directive
provides for cooperation and sharing of confidential information between competent
authorities, both within and outside of the EU.
As referred to in EC3 above, the Central Bank is a signatory to a number of MOUs. These
provide, inter alia, that it can only use confidential information received for certain
purposes, must obtain the permission of the authority that shared it in certain
circumstances, and must inform the other authority of mandatory or legal requests to
disclose and use best endeavours to resist these requests.
The Central Bank is not, at present, subject to the provisions of the Freedom of Information
Act (as is the case with Government Departments and certain public bodies). This
legislation gives the public the right to access documents and records of these bodies,
although there are exemptions to protect information relating to key areas of Government
activity, parliamentary and court matters as well as third party information of a personal,
commercial or confidential nature.
The Central Bank exercises its powers under Section 33AK of the Central Bank 1942 not to
share confidential information. For example, the Central Bank receives requests from
members of the public, other agencies/institutions, media, and parliamentary members to
access information relating to individual banks. This approach and exercise of Central Bank
powers is applied to all confidential information in its possession, whether produced
internally, received from banks, or received from other supervisory authorities.
No examples have been identified of the Central Bank being legally compelled to pass on
information received from another supervisor and having to use best efforts to resist the
demand (or vice versa).
EC5 Processes are in place for the supervisor to support resolution authorities (e.g. central
banks and finance ministries as appropriate) to undertake recovery and resolution planning
and actions.
Description and
findings re EC5
The CBCIR was enacted in 2011. This act establishes an effective resolution regime for
certain institutions at the least cost to the State. The Special Resolution Unit (SRU) was
established within the Central Bank to operationalize this legislation.
IRELAND
INTERNATIONAL MONETARY FUND 47
While operationally separate, both the Supervisory Function and the Special Resolution
Unit (SRU) sit within the Central Bank. This allows for interaction and information sharing at
an earlier stage. A MOU is envisaged between the supervisory and resolution units to
formalize the interaction between the units, especially in the areas of:
? Early notification of distress in an entity (to assist resolution planning)
? Consideration of triggers
? Development of Recovery & Resolution (R&R) plans
The CBCIR Act 2011 does not, however, apply at present to those credit institutions that
come under the remit of emergency legislation introduced during the banking crisis to deal
with those domestic institutions which needed State support. These are the institutions of
greatest systemic importance in this jurisdiction.
These institutions are, however, in receipt of significant State support, and are also subject
to a heightened level of supervisory and legal requirements and oversight. In effect these
institutions have been and will be in a recovery and resolution process for some time. It
would be the intention that if, and when, they come out of the regime of State support
they will be covered under the provisions of the CBCIR Act 2011.
While the Central Bank has not required recovery plans from all credit institutions, recovery
plans have been requested from the two largest banking groups in Ireland. Within Europe
the forthcoming Banking Recovery and Resolution Directive will contain minimum
requirements with respect to recovery and resolution planning for credit institution and
investment firms
In respect of recovery and resolution plans, the CBCIR Act 2011 permits the Central Bank to
request recovery plans from institutions. SRU has prepared draft recovery plan guidelines
for institutions and anticipate that these guidelines will be subject to consultation with
industry and the Minister for Finance prior to being finalized. These guidelines prepared in
line with the discussion paper on the topic produced by the European Banking Authority
(EBA) Sub Group on Crisis Management and will be finalized after the Banking Recovery
and Resolution Directive has been implemented.
The CBCIR Act 2011 is relatively new legislation and has not been required to be used to
resolve a licensed bank in this jurisdiction.
The Deposit Guarantee Scheme is administered by the Payments and Securities Settlements
Division of the Central Bank. An MOU has been agreed between Payments and Securities
Settlements Division, Banking Supervision and the SRU. It sets out the responsibilities of
each party in respect of the operation of the Irish Scheme.
The Deposit Guarantee Scheme (DGS) was established under the terms of:
? The European Communities (Deposit Guarantee Schemes) Regulations, 1995 (S.I.
No.168 of 95) and amended by European Communities (Deposit Guarantee
Schemes) (Amendment) Regulations,2009 (S.I. No. 228 of 2009); and
? The Financial Services (Deposit Guarantee Scheme) Act 2009.
The DGS was invoked for the first time in respect of the liquidation of Irish Bank Resolution
Corporation in February 2013. The liquidation was initiated under special legislation rather
than under the CBCIR Act 2011. The terms of the IBRC Act 2013 provided that a Special
IRELAND
48 INTERNATIONAL MONETARY FUND
Liquidation Order by the Minister for Finance constituted a compensation event for the
purposes of the DGS.
As at 30 April, the DGS had paid out €9.6 million in compensation to 594 eligible
depositors in accordance with the rules of the scheme. The Special Liquidators continue to
review deposits held by customers who also hold loans, to establish if a right of set off
applies. These investigations may identify additional accounts which qualify for DGS
compensation and further payments will be made in due course.
A coordinating committee was established within the Central Bank to oversee the
supervisory and compensation aspects of the liquidation.
Assessment of
Principle 3
Compliant
Comments The Central Bank is responsible for the regulation of financial service providers and markets
in Ireland, and ensuring financial stability. There is provision in European and domestic
legislation for cooperation and sharing of confidential information with supervisors both
within and outside the EU. In addition there are other non-legal (informal) arrangements
such as MoUs and ‘multilateral cooperation agreements’ made with other competent
authorities. Evidence suggested these arrangements were working effectively.
Formal and information arrangements are in place between the relevant authorities to
facilitate cooperation and coordination, importantly between the Central Bank and the
Minister for Finance. An MoU between the Central Bank and the Department of Finance has
been in place since 2011 in relation to oversight of the banking sector and State supported
credit institutions.
The Central Bank leads supervisory colleges for two systemic banking groups in Ireland as
well as participating in joint risk assessments. Evidence showed the process working in
practice to share relevant information, conduct joint risk assessments and coordinate
supervisory activities where possible.
The CBCIR Act 2011 does not currently apply to those credit institutions that come under
the remit of emergency legislation introduced during the banking crisis to deal with those
domestic institutions which needed State support which are the institutions of greatest
systemic importance in this jurisdiction. To mitigate this gap, these institutions which are, in
receipt of significant State support are also subject to a heightened level of supervisory and
legal requirements and oversight. In effect these institutions have been and will be in a
recovery and resolution process for some time. It would be the intention that if, and when,
they come out of the regime of State support they will be covered under the provisions of
the CBCIR Act 2011.
The Central Bank has not required recovery plans from all credit institutions. However,
recovery plans have been requested from the two largest domestic banking groups in
Ireland). Ireland is not a Home supervisor for any G-SIBs.
Principle 4 Permissible activities. The permissible activities of institutions that are licensed and
subject to supervision as banks are clearly defined and the use of the word “bank” in names
is controlled.
Essential criteria
IRELAND
INTERNATIONAL MONETARY FUND 49
EC1
The term “bank” is clearly defined in laws or regulations.
Description and
findings re EC1
The terms “credit institution” and “banking business” are defined in legislation. Only bank
license holders can conduct banking business or hold themselves out as banks. The range
of activities that may be conducted by banks is specified (activities are detailed in Annex 1
of Directive 2006/48/EC). The use of the word “bank” and its derivations are tightly
controlled by the CBI (with prior CBI approval being required where the term bank is
proposed for use by a nonbank organization). Only institutions that are licensed and
subject to supervision as banks (with defined exceptions as set out in the response to EC4)
may accept deposits from the public. The CBI publishes a detailed list of licensed
institutions on a daily basis.
The powers of the CBI in this area are outlined in Sections 7 and 8 of the CBI Act, 1971.
EC2
The permissible activities of institutions that are licensed and subject to supervision as
banks are clearly defined either by supervisors, or in laws or regulations.
Description and
findings re EC2
The activities which may be conducted by banks are set out at Annex I of Directive
2006/48/EC. The Directive requires that ‘Member States shall require credit institutions to
obtain authorization before commencing their activities’.
In addition, banks may also provide the services and activities detailed in Sections A and B
of Annex I to Directive 2004/39/EC of the European Parliament and of the Council of 21
April 2004 on markets in financial instruments (MiFID), when referring to the financial
instruments provided for in Section C of Annex I of that Directive.
Notwithstanding the general range of permissible activities, the activities which may be
undertaken by individual institutions may be restricted by the CBI, particularly when a
banking license is being awarded, to those activities which it is proposed will be
undertaken as set out in the banking license application. Any further activities not detailed
in the banking license application would then require prior CBI approval before they could
be undertaken.
Schedule to S.I. No. 395 of 1992 / European Communities (Licensing and Supervision of
Credit Institutions) Regulations 1992, lists a range of activities which are subject to mutual
recognition by EU regulators when conducted by banks. The only activity that a bank could
not engage in is that in relation to insurance. It may be able to do so through a subsidiary
or parent but the bank itself cannot carry on insurance business.
CRD (2006/48) has been largely transposed into Irish law by the CBI Act 1971, S.I. 661 of
2006, the amended S.I. 395 of 1992 and S.I. 475 of 2009 in relation to banks. Section 7 of
the CBI Act 1971 requires that any person who wishes to carry on “banking business” must
be authorized by the CBI. “Banking business” is defined in section 2(1) of the CBI Act 1971.
EC3
The use of the word “bank” and any derivations such as “banking” in a name, including
domain names, is limited to licensed and supervised institutions in all circumstances where
the general public might otherwise be misled.
Description and
findings re EC3
It is unlawful to carry out banking business or represent oneself as a banker without
holding a banking license (which can only be issued by the Central Bank).
Prior permission of the CBI is required if a company wishes to use the word ‘bank’, ‘banker’
etc. Irish credit institutions or branches of European Economic Area (EEA) credit institutions
operating in Ireland do not require an exemption for trading names with the word bank,
IRELAND
50 INTERNATIONAL MONETARY FUND
banking or banker in the title. There are procedures in place which banking supervision
staff follows in assessing such applications.
Sections 7 and 8 of the CBI Act, 1971 address use of the terms ‘bank’, ‘banker.’
Since 2011, the CBI has approved 11 applications for use of the word ‘Bank’, with one
application being rejected. In addition, the CBI issued a “non-objection” in relation to one
application on the basis that Irish credit institutions or branches of EEA credit institutions
operating in Ireland do not require an exemption for trading names with the word bank,
banking or banker in the title.
EC4
The taking of deposits from the public is reserved for institutions that are licensed and
subject to supervision as banks.
10
Description and
findings re EC4
Section 7 of the Central Bank Act 1971 provides that: ‘Subject to the provisions of this Act, a
person, other than a Bank, shall not, in or outside the State, carry on banking business or hold
himself out or represent himself as a banker or as carrying on banking business or on behalf
of any other person accept deposits or other repayable funds from the public, unless he is the
holder of a license.’
EC5 The supervisor or licensing authority publishes or otherwise makes available a current list of
licensed banks, including branches of foreign banks, operating within its jurisdiction in a
way that is easily accessible to the public.
Description and
findings re EC5
The CBI publishes on its website the following information:
? Register of Credit Institutions (which includes branches of foreign banks, and foreign
banks which provide services on a cross-border basis in Ireland). This is updated on
a daily basis.
? Register of designated credit institutions under the Asset Covered Securities Act
2001. This is also updated on a daily basis.
? An annual list of bank license holders at the end of the previous year.
This data can be easily located by the public as the ‘Registers’ icon appears on opening the
Central Bank Homepage.
Assessment of
Principle 4
Compliant
Comments
Principle 5 Licensing criteria. The licensing authority has the power to set criteria and reject
applications for establishments that do not meet the criteria. At a minimum, the licensing
process consists of an assessment of the ownership structure and governance (including
the fitness and propriety of Board members and senior management)
11
of the bank and its
10
The Committee recognizes the presence in some countries of nonbanking financial institutions that take deposits
but may be regulated differently from banks. These institutions should be subject to a form of regulation
commensurate to the type and size of their business and, collectively, should not hold a significant proportion of
deposits in the financial system.
11
This document refers to a governance structure composed of a board and senior management. The Committee
recognizes that there are significant differences in the legislative and regulatory frameworks across countries
(continued)
IRELAND
INTERNATIONAL MONETARY FUND 51
wider group, and its strategic and operating plan, internal controls, risk management and
projected financial condition (including capital base). Where the proposed owner or parent
organization is a foreign bank, the prior consent of its home supervisor is obtained.
Essential criteria
EC1
The law identifies the authority responsible for granting and withdrawing a banking license.
The licensing authority could be the banking supervisor or another competent authority. If
the licensing authority and the supervisor are not the same, the supervisor has the right to
have its views on each application considered, and its concerns addressed. In addition, the
licensing authority provides the supervisor with any information that may be material to
the supervision of the licensed bank. The supervisor imposes prudential conditions or
limitations on the newly licensed bank, where appropriate.
Description and
findings re EC1
The CBI is the authority for licensing of banks. The denial of a licensing application, requires
the consent of the Minister for Finance. In these cases, the views of the CBI will be
considered by the Minister for Finance.
The CBI is also the competent authority for supervising banks and imposes prudential
conditions on all newly licensed banks. These may be adjusted to reflect the nature and/or
complexity of the bank. The Authorization Team meets with the Supervision team in
advance of and following authorization.
Article 6 of the CRD refers to the requirement for credit institutions to obtain authorization
before commencing their activities. Article 9 refers to those circumstances in which the
competent authority shall not grant authorization.
Section 9(1) of the CBI Act 1971 identifies the CBI as the competent authority for both
granting and withdrawing a license. However, it should be noted that in specified
circumstances Ministerial approval will be required for the withdrawal of a license. Section
9(1) states that “Subject to the provisions of this section, the Bank may, in its discretion, grant
or refuse to grant to any person applying to it for the grant thereof a license authorizing the
holder to carry on banking business.” Section 11(1) of the Central Bank Act 1971 advises that
the Central Bank may revoke a license where the license holder so requests however
Ministerial consent is required in other specified circumstances.
Section 10 of the CBI Act 1971 states that the CBI has the ability to impose
conditions/requirements on all newly-licensed banks where relevant.
Section 18 of the CBI Act 1971 enables the CBI to request that certain information or
regarding these functions. Some countries use a two-tier board structure, where the supervisory function of the
board is performed by a separate entity known as a supervisory board, which has no executive functions. Other
countries, in contrast, use a one-tier board structure in which the board has a broader role. Owing to these
differences, this document does not advocate a specific board structure. Consequently, in this document, the terms
“board” and “senior management” are only used as a way to refer to the oversight function and the management
function in general and should be interpreted throughout the document in accordance with the applicable law within
each jurisdiction.
IRELAND
52 INTERNATIONAL MONETARY FUND
returns are provided to it. These may be requested only where the CBI is of the view that
the information or returns are necessary for the proper performance of its functions.
Section 23 of the Central Bank Act 1971 enables the Central Bank to require credit
institutions to maintain specified ratios.
EC2
Laws or regulations give the licensing authority the power to set criteria for licensing banks.
If the criteria are not fulfilled or if the information provided is inadequate, the licensing
authority has the power to reject an application. If the licensing authority or supervisor
determines that the license was based on false information, the license can be revoked.
Description and
findings re EC2
The CBI has the power to set criteria for licensing banks, reject an application if the criteria
are not fulfilled or if the information provided is not adequate and revoke a banking license
if it was granted based on false information (Ministerial consent is required in this instance).
The CBI also needs Minister for Finance consent to deny an application.
Criteria for authorization
Article 6 of the CRD “Member States shall require credit institutions to obtain authorization
before commencing their activities. Without prejudice to Articles 7 to 12, they shall lay
down the requirements for such authorization and notify them to the Commission.”
Section 9(4) of the CBI Act 1971 states that “An application for a license shall be in such
form and contain such particulars as the Bank may from time to time determine.” This would
allow the CBI to reject an application based on inadequate information.
Section 6(1) of S.I. 395 of 1992 permits the CBI to set a higher capital requirement than €5
million if deemed necessary.
The CBI’s regulatory document entitled “Banking License Application under the CBI Act,
1971 (as amended) – Guidelines on completing and submitting Banking License Applications”
gives guidance on the criteria for applying for a banking license.
Section 9 of the CBI Act 1971 states:
9.-
(1) Subject to the provisions of this section, the Bank may, in its discretion, grant or
refuse to grant to any person applying to it for the grant thereof a license
authorizing the holder to carry on banking business.
(1A) The Bank shall not grant a license under this section to an applicant unless the
applicant satisfies the Bank that-
(a) it is a body corporate,
(b) its registered office and its head office are both located in the State,
(c) it is a credit institution that is authorised for the purposes of the Recast
Credit Institutions Directive,
(d) its business as a credit institution is directed by at least 2 persons who
are of good repute and have sufficient experience to direct that
business, and
(e) those persons’ direction of that business is real and not merely
nominal.
(2) The Bank shall not refuse to grant a license without the consent of the Minister
IRELAND
INTERNATIONAL MONETARY FUND 53
and unless it is satisfied that the grant of the license would not be in the
interest of the orderly and proper regulation of banking, and the Minister shall
not grant his consent to the refusal unless he is satisfied that the grant of the
license would not be in the interest of the orderly and proper regulation of
banking.
Revoke authorisation if granted on basis of false information
Section 11(1) of the CBI Act 1971, which transposes article 17 of the CRD, is key states:
The Bank may-
[…]
(b) with the consent of the Minister, revoke a license if the holder of the license-
[…]
(iv) has obtained the license through false statements or any other
irregular means.
Article 17 of the CRD states that “The competent authorities may withdraw the authorization
granted to a credit institution only where such an institution:
[…]
b) has obtained the authorization through false statements or any other irregular
means.
EC3 The criteria for issuing licenses are consistent with those applied in ongoing supervision.
Description and
findings re EC3
The criteria for issuing licenses are consistent with those applied in ongoing supervision.
The regulatory document entitled “Banking License Application under the Central Bank Act,
1971 (as amended) – Guidelines on completing and submitting Banking License Applications”
states:
“Each potential applicant must assess whether its proposed business model
? Requires a banking license (including meeting the definition of “banking business“ in
the Act)
? Complies with the Central Bank’s requirements; and
? Will comply with the requirements that must be adhered to by credit institutions on an
ongoing basis.”
In addition, the “Checklist for completing and submitting Bank License Applications”
completed by applicants during the application process seeks information on all the criteria
which banks are required to comply with on an ongoing basis. In particular, section 7
requires details of the “Organization of the Applicant and Governance Arrangements.”
Detailed information is also sought on “Risk Oversight” which includes:
? Audit;
? Compliance;
? Risk Management;
? Treasury;
? Financial Control;
? Credit;
? Internal Controls/Policies;
? Anti-Money Laundering Procedures;
? Conflict of Interest;
? Liquidity;
? Outsourcing; and
? Reporting Structures.
IRELAND
54 INTERNATIONAL MONETARY FUND
For example, one of the criteria for issuing licenses is that the proposed corporate
governance structure is in compliance with the Central Bank’s regulatory document entitled
“Corporate Governance Code for Credit Institutions and Insurance undertakings.” All licensed
banks are also required to comply with this code on an ongoing basis and the applicant’s
ability to comply at the outset would be considered as part of the application process.
Where, as part of the banking license application, the applicant bank proposes providing
services into an EU Country on a cross-border basis or branch basis, the CBI writes to the
host country to notify it of the bank’s intention to passport its services into that country.
The notifications are not issued until the entity has received its banking license.
EC4 The licensing authority determines that the proposed legal, managerial, operational and
ownership structures of the bank and its wider group will not hinder effective supervision
on both a solo and a consolidated basis.
12
The licensing authority also determines, where
appropriate, that these structures will not hinder effective implementation of corrective
measures in the future.
Description and
findings re EC4
Bank applicants owned by credit institutions
The CBI reviews the proposed legal, managerial, operational and ownership structures of
both the applicant bank and the group to ensure that the structures at both solo and
group level would not hinder (i) effective supervision on a consolidated basis and/or (ii)
effective implementation of corrective measures in the future.
Bank applicants owned by corporates
In accordance with the CRD, the CBI issues licenses to subsidiaries of unregulated entities.
Those structures may reduce the transparency of transactions between the parent and the
regulated Irish entity. Additionally, the CBI performs fit and proper review on the
controlling owner but not on management of the unregulated parent. To mitigate risks that
may arise from the unregulated parent, the CBI imposes additional conditions at applicant
level to ensure that the proposed legal, managerial, operational and ownership structures
of the bank and its wider group do not hinder supervision. The CBI can impose conditions
such as ring-fencing the Irish entity from the rest of the group or requiring it to submit
specified documentation relating to both it and the group on a regular basis (Section 18 of
the Central Bank Act 1971 requires that the bank shall “provide the Bank, at such times, or
within such periods, as the Bank specifies from time to time, with such information and
returns concerning the relevant business carried on by the person as the Bank specifies from
time to time”).
The CBI also lacks enforcement power over unregulated parent or its management.
Section 8(1) of S.I. 395 of 1992 requires that the CBI consults with the competent authority
in another Member State before it grants an authorization to a credit institution in any case
in which that credit institution is a subsidiary or fellow subsidiary of a credit institution
authorized in that Member State.
Section 9(1) of the CBI Act 1971 requires that the applicant is a body corporate, that its
registered office and its head office are both located in the State, that its business as a
credit institution is directed by at least 2 persons who are of good repute and have
12
Therefore, shell banks shall not be licensed. (Reference document: BCBS paper on shell banks, January 2003.)
IRELAND
INTERNATIONAL MONETARY FUND 55
sufficient experience to direct business, and that those persons’ direction of that business is
real and not merely nominal.
In the period, 2008 to 2013, the following banking licenses have been processed:
? One on behalf of a US corporate - granted
? One conversion of a building society into a licensed credit institution – granted
? Three mortgage banks – granted
One credit institution – granted
EC5 The licensing authority identifies and determines the suitability of the bank’s major
shareholders, including the ultimate beneficial owners, and others that may exert
significant influence. It also assesses the transparency of the ownership structure, the
sources of initial capital and the ability of shareholders to provide additional financial
support, where needed.
Description and
findings re EC5
All qualifying shareholders (greater than 10% shareholding) who are natural persons are
required to submit an Individual Questionnaire (a form completed by the proposed
shareholder that requests information such as prior experience, skills, expertise, other
directorships and shareholdings etc.). This form is reviewed by the Regulatory Transactions
Division within the CBI to determine suitability. Where the shareholder is a company or
bank the CBI seeks detailed financial information on same. It also ensures that the
promoter of the new bank has sufficient funds to establish a bank and to provide
additional capital where required. For unregulated, cross-border parent company, the CBI
lacks authority to perform fit and proper tests on senior management.
The CBI’s “Checklist for completing and submitting Bank License Applications” requires full
details of the owners, ownership structure, sources of initial capital and the ability of
shareholders to provide additional financial support where needed. Sections 2 (Overview of
Parent/Group), 4 (Ownership Structure), 9 (Capital, Funding and Solvency) and 10 (Financial
Information and Projections) are particularly relevant. The CBI ensures that the Applicant
has sufficient funds to meet all regulatory obligations. This is evidenced by financial
statements, etc. The CBI also requests a bank statement of the applicant bank prior to bank
license being issued to ensure that the funds have been lodged.
Regulation 7(1) of S.I. 395 of 1992 requires that the CBI be notified of the identity of all
persons having a qualifying holding in the applicant and the size of the holding in
question.
Regulation 7(2) of S.I. 395 of 1992 requires that the CBI must be satisfied as to the fitness
and probity of all qualifying shareholders such that they will exercise their rights in the
interest of the orderly and proper regulation of credit institutions in the State.
EC6 A minimum initial capital amount is stipulated for all banks.
Description and
findings re EC6
The CBI requires all banks to hold the initial capital amount of €5 million in accordance with
legislation. As part of the CBI’s business model analysis and financial analysis, the team
ascertains how much capital is actually required to support the planned business both on a
base and stressed position. Therefore, in reality, newly licensed banks will be required to
hold much more capital depending on size, strategy, anticipated level of RWAs, etc. The
capital must be in the form of cash. The CBI would require the promoter to have sufficient
funds to cover the share capital required and ongoing capital requirements, and would not
permit the initial disbursement of capital to occur with borrowed funds.
Article 9 of the CRD (as transposed into Irish legislation by Regulation 6(1) of S.I. 395 of
1992) requires that authorization will not be granted unless the bank has initial capital of €5
IRELAND
56 INTERNATIONAL MONETARY FUND
million.
EC7 The licensing authority, at authorization, evaluates the bank’s proposed Board members
and senior management as to expertise and integrity (fit and proper test), and any
potential for conflicts of interest. The fit and proper criteria include: (i) skills and experience
in relevant financial operations commensurate with the intended activities of the bank; and
(ii) no record of criminal activities or adverse regulatory judgments that make a person
unfit to uphold important positions in a bank.
13
The licensing authority determines whether
the bank’s Board has collective sound knowledge of the material activities the bank intends
to pursue, and the associated risks.
Description and
findings re EC7
There is legislation in place and standards governing the fit and proper regime which the
applicant’s proposed board and senior management must undergo. As part of this, the CBI
is responsible for evaluating all of the proposed board members and certain identified
senior management. The criteria used include those listed below. In addition, after the bank
is licensed, the CBI continues to have oversight over the approval of all directors and senior
managers. The CBI also reviews the board as a whole to ensure that it has adequate skill
and expertise.
On 1 October 2010, Part 3 of the CBI Reform Act 2010 introduced a statutory system for
the regulation by the CBI of persons performing controlled functions (CF) or pre-approval
controlled functions (PCF) in regulated financial service providers (including credit
institutions).
There are 18 senior positions in banks which are designated as Pre-Approval Controlled
Functions (PCF). They include functions such as Chief Executive Officer, Directors or Heads
of Compliance, Risk, and Retail Sales. CBI approval is required before appointments may be
made to these positions.
On 1 December 2011, the CBI issued Standards of Fitness and Probity (‘the Standards’)
which apply to all persons performing CFs or PCFs in regulated financial service providers,
including credit institutions. A regulated financial service provider is not allowed appoint a
person to perform a controlled function unless firm is “satisfied on reasonable grounds”
that the person complies with the Standards and that the person has agreed to abide by
the Standards. In order to comply with the Standards, a person is required to be:
a) competent and capable;
b) honest, ethical and to act with integrity; and
c) financially sound.
In relation to the criterion of skills and experience in relevant financial operations
commensurate with the intended activities of the bank, the Standards require the person
applying for a PCF role to have the qualifications, experience, competence and capacity
appropriate to the relevant function. The person must be able to demonstrate that he or
she:
a) has professional or other qualifications and capability appropriate to the relevant
function;
b) has obtained the competence and skills appropriate to the relevant function,
whether through training or experience gained in an employment context;
13
Please refer to Principle 14, Essential Criterion 8.
IRELAND
INTERNATIONAL MONETARY FUND 57
c) has shown the competence and proficiency to undertake the relevant function
through the performance of (i) previous functions which, if carried out at present,
would be subject to this Code, (ii) current controlled functions, or (iii) any role similar
or equivalent to the functions that are covered by this Code. If the person performed
a function in a regulated financial service provider which, if performed at present,
would be subject to this Code, and that regulated financial service provider received
State financial support, consideration shall be given to the competence and skills
demonstrated by that person in that function and to the extent, if any, to which the
performance of his or her function may have contributed to the necessity for such
State financial support.
In relation to criminal activities or adverse regulatory judgments, the relevant standards are:
(1) A person must be able to demonstrate that his or her ability to perform the
relevant function is not adversely affected to a material degree where the
person has, in any jurisdiction:
a) been convicted of an offence either of money laundering or terrorist
financing (or their equivalents);
b) been convicted of an offence which could be relevant to that
person’s ability to perform the relevant function; or
c) had a finding, judgment or order made against him/her involving
fraud, misrepresentation, dishonesty or breach of trust or where the
person is subject to any current proceedings for fraud,
misrepresentation, dishonesty or breach of trust.
(2) The CBI has issued non statutory guidance on the approach to be taken if
holder of a controlled function has been declared bankrupt or have a criminal
conviction. The regulated financial service provider should:
? Seek and obtain signed written confirmation from the person
performing or proposing to perform a CF as to whether or not any of
the circumstances set out in the Standards (e.g. criminal conviction)
apply to that person. Where the person confirms that one of more of
the circumstances apply, the person must be in a position to
demonstrate that his or her ability to perform the CF is not adversely
affected to a material degree by that matter.
? Require from the person concerned any underlying documents
relevant to the matter (for example, a final decision or report and/or
key correspondence).
? Make an assessment based on all of the information received as to
whether the matter is material to the performance of the CF.
The question of what is material to a particular CF, however, is a matter for
the regulated financial service provider. The following matters would be
relevant in assessing the matter:
a) its seriousness
b) the relevance of those to the duties that are to be performed
c) repetition and duration of the behavior;
d) the passage of time since the matter under consideration; and
e) evidence of rehabilitation.
The Fitness and Probity process is assessed at two levels. The initial assessment is
completed by Regulatory Transactions Division, as per above. The second level check is
IRELAND
58 INTERNATIONAL MONETARY FUND
completed by the relevant supervisory division, who take a holistic view in relation to the
applicant’s role in a particular regulated institution.
If the PCF advises that it has worked for entities supervised by other competent authorities
or for other entities supervised by the CBI those other competent authorities and/or
supervision teams are also contacted for any observations/comments they may wish to
make on the applicant PCF.
Article 11 of the CRD (as transposed by Section 9 of the CBI Act 1971) requires that there
must be at least two persons who effectively direct the business of the bank. In addition,
these persons must be of sufficiently good repute and have sufficient experience to
perform such duties.
Under the CBI’s Corporate Governance Code there are additional requirements relating to
board members and certain senior management positions and the overall composition of
the board. For example, the Code requires, inter alia, the following:
? The board of an institution shall be of sufficient size and expertise to oversee
adequately the operations of the institution and shall have a minimum of 5 directors
(7 directors where the institution is deemed to be a “Major” institution)
? The majority of the board shall be independent non-executive directors
? Directors must attend a majority of board meetings
? Each board member shall have sufficient time to devote to the role of director and
associated responsibilities
? The number of directorships held by each director shall be limited.
? Appointments to the board cannot proceed where any potential conflicts of interest
emerge which are significant to the overall work of the board
? Institutions shall review board membership at least once every three years. A formal
review is required every 9 years. The renewal frequency shall consider the balance of
experience and independence sought.
? There also detailed guidelines relating to the following: Chairman, CEO, Independent
Non-Executive Directors, Non-Executive Directors and Executive Directors
In relation to the conflicts of interest, the CBI reviews the directorships, shareholdings and
executive tasks carried out by the individual to ensure that there are no apparent conflicts
of interest. In addition, the bank itself is required to check all applicants’ fitness and probity.
The Guidance advises that “probity may also include individuals ensuring that they act
without conflicts of interest.”
In relation to determining whether or not the “licensing authority determines whether the
bank’s Board has collective sound knowledge of the material activities the bank intends to
pursue, and the associated risks” the Corporate Governance Code also contains a number of
requirements including the following:
? Independent Non-Executive Directors (INEDs) must bring an independent viewpoint
to the deliberations of the board that is objective and independent of the activities
of the management and of the institution
? The Executive Directors, INEDs and Non-Executive Directors shall have a knowledge
and understanding of the business, risks and material activities of the institution to
enable them to contribute effectively
? The Executive Directors, INEDs and Non-Executive Directors shall comprise of
individuals with relevant skills, experience and knowledge (such as accounting,
auditing and risk management)
IRELAND
INTERNATIONAL MONETARY FUND 59
? The CEO shall have relevant financial services expertise, qualifications and
background. He/she shall have the necessary personal qualities, professionalism and
integrity to carry out his or her obligations.
EC8 The licensing authority reviews the proposed strategic and operating plans of the bank.
This includes determining that an appropriate system of corporate governance, risk
management and internal controls, including those related to the detection and prevention
of criminal activities, as well as the oversight of proposed outsourced functions, will be in
place. The operational structure is required to reflect the scope and degree of
sophistication of the proposed activities of the bank.
14
Description and
findings re EC8
All banking license applications are reviewed by the CBI’s Business Model Unit (within
Banking Supervision Division) in conjunction with the authorization team. An assessment is
carried out of whether or not the bank’s proposed strategic and operating plans are
feasible. Usually this review will result in questions going back to the applicant seeking
further details or clarification.
In relation to corporate governance, risk management and internal controls including those
related to the detection and prevention of criminal activities, as well as the oversight of
proposed outsourcing functions, these are assessed in detail using the CBI’s internal
procedures for same. The “Checklist for completing and submitting Bank Licence
Applications” contains detailed information on these areas with supporting documentation.
For example, in relation to outsourcing, there is a checklist of 13 questions to assist the
examiner in assessing the policy in place.
Article 7 of the CRD requires that “applications for authorization to be accompanied by a
program of operations setting out, inter alia, the types of business envisaged and the
structural organization of the credit institution.”
Section 9(4) of the Central Bank Act 1971 requires that “An application for a license shall be
in such form and contain such particulars as the Bank may from time to time determine.”
The “Corporate Governance Code for Credit Institutions and Insurance Undertakings”
includes requirements to ensure that appropriate and robust corporate governance
frameworks are in place and implemented to reflect the risk and nature of those
institutions. The definition of Corporate Governance contained in the Code is as follows:
“Procedures, processes and attitudes according to which an organisation is directed and
controlled. The corporate governance structure specifies the distribution of rights and
responsibilities among the different participants in the organization – such as the board,
managers, shareholder and other stakeholders – and lays down the rules and procedures
for decision-making.”
All requirements in the Code are relevant for ensuring that the applicant has appropriate
governance in place.
Requirement 6.3 of the Code requires that:
“All institutions shall have robust governance arrangements which include a clear
organizational structure with well defined, transparent and consistent lines of
responsibility, effective processes to identify, manage, monitor and report the risks to
14
Please refer to Principle 29.
IRELAND
60 INTERNATIONAL MONETARY FUND
which it is or might be exposed, adequate internal control mechanisms, including sound
administrative and accounting procedures, IT systems and controls, remuneration policies
and practices that are consistent with and promote sound and effective risk management
both on a solo and at group level. The system of governance shall be subject to regular
internal review.”
In addition, section 6 of the CBI’s “Checklist for completing and submitting Bank Licence
Applications” requires full information to be submitted on the legal structure of the
applicant while section 7 requires details of the “Organisation of the Applicant and
Governance Arrangements.” Detailed information is also sought on Risk Oversight which
includes:
? Audit;
? Compliance;
? Risk Management;
? Treasury;
? Financial Control;
? Credit;
? Internal Controls/Policies;
? Anti-Money Laundering Procedures;
? Conflict of Interest;
? Liquidity;
? Outsourcing; and
? Reporting Structures.
EC9 The licensing authority reviews pro forma financial statements and projections of the
proposed bank. This includes an assessment of the adequacy of the financial strength to
support the proposed strategic plan as well as financial information on the principal
shareholders of the bank.
Description and
findings re EC9
All banking license applications are reviewed by the Business Model Unit in conjunction
with the Authorization Team. Together they assess the following:
1. Whether or not the bank has adequate financial strength to support the proposed
strategic plan of the bank; and
2. Financial information on the principal shareholders of the bank.
The application submitted is based on the CBI’s “Checklist for completing and submitting
Bank License Applications” which contains the following specific section dealing with
financials and strategy:
? Section 9 – Capital, Funding and Solvency – includes 5 year projections and solvency
ratios
? Section 10 – Financial Information and Projections – includes previous 3 years of
audited accounts for the group, projected income statement, balance sheet,
prudential ratios and capital structure, projected key financial indicators and stress
test of financials assuming a down turn. (NB: all projected financials are for a period
of 5 years)
In relation to financial information on the principal shareholders the following information
is received:
? Where the shareholder is an individual, an Individual Questionnaire which sets out,
inter alia, details of directorships, past employments and shareholdings. Where the
private shareholder is the owner of a company the financials of the company are
also assessed
IRELAND
INTERNATIONAL MONETARY FUND 61
? Where an individual holds shareholdings or interests in other companies, the
financials of those companies
? Where shareholders are companies, the financial statements for those companies to
ensure that the finances are satisfactory
Article 6 of the CRD requires that “Member States shall require credit institutions to obtain
authorization before commencing their activities. Without prejudice to Articles 7 to 12, they
shall lay down the requirements for such authorization and notify them to the Commission.”
This is transposed into Irish legislation by Section 9(4) of the Central Bank Act 1971 which
states that “An application for a licence shall be in such form and contain such particulars as
the Bank may from time to time determine.”
As part of the CBI’s license application criteria it requires various financial information to be
submitted.
EC10 In the case of foreign banks establishing a branch or subsidiary, before issuing a license,
the host supervisor establishes that no objection (or a statement of no objection) from the
home supervisor has been received. For cross-border banking operations in its country, the
host supervisor determines whether the home supervisor practices global consolidated
supervision.
Description and
findings re EC10
The following process is followed:
? In relation to EEA, the home supervisor sends the CBI a notification form; therefore it
is implicit that the home competent authority has no objection if not stated here.
? In relation to subsidiaries being set up, the CBI contacts (in writing) the home
supervisor for the foreign bank and ascertains if there are any issues with the
subsidiary bank setting up in Ireland. It also requests the following as part of the
banking application (see Section 2 of the “Checklist for completing and submitting
Bank License Applications”):
o Details on the parent/group including: background; ownership/structure
(including details on the organization structure); the legal structure of
each of the entities in the organization structure; details on activities, lines
of business, debt ratings for parent/group; and confirmation that the
board of the parent has approved the submission of the application.
o Confirmation must be submitted that “the supervisory authority in the
country of origin of that bank or group exercises effectively its supervisory
responsibilities on a consolidated basis.”
o The applicant must confirm that they have obtained the prior consent of
their home country supervisory authority
? In relation to cross border operations, a notification is also received advising that a
bank from another EU jurisdiction intends to commence activities in the country on
a cross border basis (notification is in a format agreed at European level). In this
instance it is inherent that the home supervisor practices global consolidated
supervision.
Branches
Regulation 20(1) of S.I. 395 of 1992 (underlying CRD articles 23 and 25) requires that:
“A credit institution authorized and supervised by the competent authority of another
Member State may carry on business in the State by establishing a branch or any other
means in any one or more of the activities set out in the Schedule provided that the
undertaking or provision of these activities is in accordance with the authorization of the
credit institution in that Member State and the requirements of these Regulations are
IRELAND
62 INTERNATIONAL MONETARY FUND
complied with in full.”
Regulation 23(1) requires that where a notification of a branch setting up in Ireland is
received by the CBI, the CBI shall within two months of the receipt of the information notify
the parent credit institution of all the enactments and regulatory provisions applying to the
conduct of banking business or the proposed operations of the branch in the State.
Subsidiaries
Regulation 8(1) of S.I. 395 of 1992 requires that:
“The Bank shall consult the competent authority in another Member State before it grants
an authorization to a credit institution in any case in which that credit institution is a
subsidiary or fellow subsidiary of a credit institution authorized in that other Member
State or is under common control with one or more credit institutions authorized in that
other Member State.”
Cross Border
Regulation 20(1) also covers the provision of activities on a cross border basis. The
regulation does not refer to the host competent authority contacting the home competent
authority to determine whether or not global consolidated supervision is carried out;
however, the fact that the home competent authority issues the notification to the host
competent authority under Article 28 of the CRD means that it is implicit that the parent
bank will be carrying out consolidated supervision as it is subject to the CRD.
Article 24 of the CRD requires that the competent authorities of the home Member State
shall ensure the supervision of the financial institution which is passporting with regards to
own funds, acquiring transactions, prudential supervision, sharing of information and the
right to sanction.
EC11 The licensing authority or supervisor has policies and processes to monitor the progress of
new entrants in meeting their business and strategic goals, and to determine that
supervisory requirements outlined in the license approval are being met.
Description and
findings re EC11
While there are no specific policies and processes for monitoring of newly licensed banks,
there are detailed policies and processes in place for monitoring (i) the business and
strategic goals of all supervised banks and (ii) whether or not all licensed banks are
complying with the requirements imposed on them. The policies and processes differ
depending on the risk impact rating of the bank.
For banks, the minimum engagement under PRISM requires that the business model and
strategic goals of the bank are analyzed as part of a FRA (carried out on different
frequencies depending on impact of the bank). Completion of the minimum engagement
model for relevant banks intensifies where necessary based on the identification or
crystallization of risk.
In addition, supervision teams will prioritize newly licensed banks as part of work plans
within the PRISM requirements.
Assessment of
Principle 5
Compliant
Comments Licenses are granted to cross-border unregulated corporate parents in line with the
requirements of the CRD. The CBI does not perform fit and proper tests on senior
management of the unregulated parent, and cannot take enforcement action on the
IRELAND
INTERNATIONAL MONETARY FUND 63
parent. As a result the banks are ring-fenced from inception.
Principle 6 Transfer of significant ownership. The supervisor
15
has the power to review, reject and
impose prudential conditions on any proposals to transfer significant ownership or
controlling interests held directly or indirectly in existing banks to other parties.
Essential criteria
EC1 Laws or regulations contain clear definitions of “significant ownership” and “controlling
interest.”
Description and
findings re EC1
Significant Ownership; the CBI uses a definition of “Qualifying holding” which is the legal
definition of “significant ownership.” The definition of qualifying holding per Article 4(11) of
Directive 2006/48/EC, which was transposed via Regulation 2(1) of S.I. 395 of 1992; that is,
“a direct or indirect holding in an undertaking which represents 10% or more of the capital or
of the voting rights or which makes it possible to exercise significant influence over the
management of that undertaking.”
Controlling Interest; regulation 4 of S.I. 395 of 1992, Article 4(9) of the
CRD, defines “Control” as including "any power, whether arising from
a contract or agreement or otherwise, whereby one party can direct the affairs
of another and a parent undertaking shall be deemed to control its subsidiaries.
The reference to “one party” could include parties acting in collusion
depending on the particular circumstances concerned.
EC2 There are requirements to obtain supervisory approval or provide immediate notification of
proposed changes that would result in a change in ownership, including beneficial
ownership, or the exercise of voting rights over a particular threshold or change in
controlling interest.
Description and
findings re EC2
Prior approval of the CBI is required for Acquiring Transactions (as defined in Regulation 14
of S.I. 395 of 1992). An Acquiring Transaction refers to an acquisition by one person or
more than one person acting together of a qualifying holding (as defined in the response
to EC1) in a credit institution or an increase in a qualifying holding which results in the
acquirer reaching or exceeding thresholds of 20%, 33% or 50% ownership. The Acquiring
Transaction Notification Form is published on the CBI’s website.
The prior approval of the CBI is required for acquiring transactions in accordance with the
following legislation:
1. Article 19 of the CRD (2006/48/EC) [as amended], which was transposed into
Irish legislation by Regulation 14 of S.I. 395 of 1992 [as amended] and set out
above. This applies to:
? The acquisition, directly or indirectly, of a “qualifying holding” in a
target entity
? The direct or indirect increase in a “qualifying holding” whereby (i)
the resulting holding would reach or exceed the following
“prescribed percentages:” 20%, 33% and 50% of the capital of, or
voting rights in, a target entity or (ii) a target entity would become
the proposed acquirer’s subsidiary
? The disposal, directly or indirectly, of qualifying holdings in a target
entity
15
While the term “supervisor” is used throughout Principle 6, the Committee recognizes that in a few countries these
issues might be addressed by a separate licensing authority.
IRELAND
64 INTERNATIONAL MONETARY FUND
2. Chapter VI of Part II of the CBI Act, 1989 (as amended). While this Act is
mostly superseded by S.I. 395 of 1992 (above) the following types of
transaction still fall to be approved under this Act:
? Acquiring transactions which are not subject to notification and
prudential assessment under S.I. 395 of 1992 – that is, transactions
which represent an increase in shareholding which does not of itself
result in the shareholding reaching or exceeding the prescribed
thresholds. An example would be an increase in a shareholding from
75% to 85%
In the past 12 months there have been 20 approvals under Statutory Instrument No. 395 of
1992.
EC3 The supervisor has the power to reject any proposal for a change in significant ownership,
including beneficial ownership, or controlling interest, or prevent the exercise of voting
rights in respect of such investments to ensure that any change in significant ownership
meets criteria comparable to those used for licensing banks. If the supervisor determines
that the change in significant ownership was based on false information, the supervisor has
the power to reject, modify or reverse the change in significant ownership.
Description and
findings re EC3
The CBI has the legal power to reject applications and reverse a purported acquisition.
Regulation 14(3) of S.I. 395 of 1992 requires that an acquiring transaction notification shall
include sufficient information to enable the CBI to consider the proposed acquisition
against the criteria in paragraphs (1) and (2) of Regulation 14(C) (as set out below), and in
particular shall include information on who the proposed acquirers are, the individuals to
be responsible for management, how the proposed acquisition is to be financed (including
details of any proposed issue of financial instruments) and the structure of the resulting
group. It has not been necessary for the CBI to reject any applications.
Rejection of a Proposal
Regulation 14(G) of S.I. 395 of 1992, transposing Article 19(a) (2) of the CRD, provides that
the CBI may oppose a proposed acquisition when there are reasonable grounds based on a
review of: suitability of acquirer, financial soundness, reputation, experience, possible
impact on compliance with regulation, transparency of structure, whether there are
reasonable grounds to suspect that, in connection with the proposed acquisition, money
laundering or terrorist financing (within the meaning of Article 1 of Directive 2005/60/EC
[Note OJ L 309, 25.11.2005, p. 15.]) is being or has been committed or attempted, or that
the proposed acquisition could increase the risk of money laundering or terrorist financing.
When information provided by the proposed acquirer concerned in its notification under
paragraph (1) or (2) of Regulation 14 is incomplete, or the proposed acquirer has not
provided information in response to a request under paragraph (5) or (8) of Regulation
14(B), the CBI may request additional information.
Regulation 14(I)(2) of S.I. 395 of 1992, transposing Article 21(1) of the CRD, provides that if
a proposed acquirer purports to complete a proposed acquisition in contravention of
paragraph (1) of Regulation 14(I) (i.e. without prior notification to or approval by the
Central Bank), then:
(a) the purported acquisition is of no effect to pass title to any
share or any other interest, and
(b) any exercise of powers based on the purported acquisition of the
holding concerned is void.
IRELAND
INTERNATIONAL MONETARY FUND 65
Provision of false information
While the provision of false information in an application is an offence (Regulation 14(L) of
S.I. 395 of 1992), the legislation does not refer specifically to the powers of the CBI in
circumstances where the CBI has approved a transaction based upon ‘false’ information. If
an issue of provision of false information was discovered prior to CBI approval then the
application could be rejected on the grounds that it was “incomplete.” If it was discovered
post-approval then the Central Bank would go to Court under Regulation 14(M) in order to
have the transaction reversed.
EC4 The supervisor obtains from banks, through periodic reporting or on-site examinations, the
names and holdings of all significant shareholders or those that exert controlling influence,
including the identities of beneficial owners of shares being held by nominees, custodians
and through vehicles that might be used to disguise ownership.
Description and
findings re EC4
Credit institutions are required to provide shareholder information annually to the CBI.
Institutions provide:
1. A list of shareholders or beneficial owners of 10% or more of the share capital.
2. Where shares are registered in the name of a nominee, a list identifying the ultimate
beneficial owner of the shares, where the nominee shares constitute more than 5%
of the shares or of the voting rights attaching to the shares in a credit institution.
This information is reviewed by the supervision teams.
Regulation 14(K) of S.I. 395 of 1992, transposing Article 21 of the CRD, provides that a
credit institution shall, at times specified by the CBI and at least once a year, notify the CBI
of the names of shareholders or members who have qualifying holdings and the size of
each such holding.
EC5 The supervisor has the power to take appropriate action to modify, reverse or otherwise
address a change of control that has taken place without the necessary notification to or
approval from the supervisor.
Description and
findings re EC5
Regulation 14(I)(2) of the S.I. 395 of 1992, transposing Article 21(1) of the CRD, provides
that if a proposed acquirer purports to complete a proposed acquisition in contravention
of paragraph (1) of Regulation 14(I) i.e. without prior notification to or approval by the
Central Bank, then:
(a) the purported acquisition is of no effect to pass title to any share or any other
interest, and
(b) any exercise of powers based on the purported acquisition of the holding
concerned is void.
EC6 Laws or regulations or the supervisor require banks to notify the supervisor as soon as they
become aware of any material information which may negatively affect the suitability of a
major shareholder or a party that has a controlling interest.
Description and
findings re EC6
The suitability of a major shareholder is assessed at the time of acquisition of the holding
as set out in the procedures “Acquiring Transactions – assessing an application to acquire
an interest of greater than 10 per cent in a credit institution” This provides guidance for
assessing suitability and also provides that the requirements set out in Directive
2007/44/EC (as transposed into Irish law by S.I. 395 of 1992) be adhered to in the
assessment of applications by supervisors.
A requirement for banks to provide notification to the CBI on an ongoing basis in relation
to material negative information was imposed by means of a license condition on all banks.
Assessment of
IRELAND
66 INTERNATIONAL MONETARY FUND
principle 6 Compliant
Comments
Principle 7 Major acquisitions. The supervisor has the power to approve or reject (or recommend to
the responsible authority the approval or rejection of), and impose prudential conditions
on, major acquisitions or investments by a bank, against prescribed criteria, including the
establishment of cross-border operations, and to determine that corporate affiliations or
structures do not expose the bank to undue risks or hinder effective supervision.
Essential criteria
EC1 Laws or regulations clearly define:
(a) what types and amounts (absolute and/or in relation to a bank’s capital) of
acquisitions and investments need prior supervisory approval; and
(b) cases for which notification after the acquisition or investment is sufficient. Such
cases are primarily activities closely related to banking and where the investment is
small relative to the bank’s capital.
Description and
findings re EC1
Prior Approval
Credit Institutions are required, by means of a license condition imposed in August 2013,
pursuant to Section 10(3) of the CBI Act 1971 and Section 17 of the Building Societies Act
1989, to seek the prior approval of the CBI for Major Acquisitions.
A Major Acquisition is defined as a transaction in which a credit institution acquires an
interest (this includes an investment) which is equal to or greater than 9% of the Own
Funds of the credit institution in any undertaking that falls outside of the EU Acquiring
Transaction regime. (An Acquiring Transaction refers to an acquisition by a person or more
than one person acting together of a qualifying holding in a credit institution or an increase
in the qualifying holding held resulting in the acquirer reaching or exceeding 20%, 33% or
50%. Major Acquisitions refer to acquisitions by credit institutions.) The CBI’s Policy on
Major Acquisitions also provides for certain other categories of exemption from the
requirement for prior approval but not prior notification.
The CRD, Articles 120-122, as transposed in Ireland via S.I. 661 of 2006 and S.I. 395 of 1992,
stipulate specific limits on holdings by credit institutions in other bodies corporate and
qualifying holdings outside the financial sector and powers of the CBI in enforcing these
limits.
Regulation 62 of S.I. 661 of 2006 (European Communities (Capital Adequacy of Credit
Institutions (Regulations) 2006 is important to note in this regard (as is part 7 of S.I. 661 in
general). It provides that :
? A credit institution shall ensure that it does not have in an undertaking a qualifying
holding the amount of which exceeds 15% of its own funds, unless the undertaking is a
permitted undertaking.
? A credit institution shall ensure that the total amount of the institution’s qualifying
holdings in undertakings (other than permitted undertakings) do not exceed 60% of its
own funds.
? The limits set out in paragraphs (1) and (2) may be exceeded only in exceptional
circumstances.
? Where paragraph (3) applies to a credit institution, the Bank shall require the institution
to increase its own funds or to take other equivalent measures.
IRELAND
INTERNATIONAL MONETARY FUND 67
? For the purposes of this Regulation, a permitted undertaking is one of the following:
o a credit institution;
o a financial institution;
o an undertaking that carries on one or more activities that either are a direct
extension of banking, or involve the provision of services that are ancillary to
banking (such as leasing, factoring, the management of unit trusts and the
management of data processing services).
Regulation 64 of S.I. 661 transposes Article 120 of the CRD concerning qualifying holdings
of credit institutions outside the financial sector.
? Regulation 64(1) provides that the CBI may not apply these limits in paragraphs (1) and
(2) of Regulation 62:
o To holdings in insurance companies or in re-insurance
companies.
o If the CBI provides that 100% of the amounts by which a credit institution’s
qualifying holdings exceed these limits must be covered by Own Funds and
that these shall not be included in the minimum Own Funds calculation under
regulation 19.
? Regulation 64(3) sets out that where these limits in paragraphs (1) and (2) of
Regulation 62 are exceeded, the amount to be covered by own funds shall be the
greater of the excess amounts.
Regulation 15 of S.I. 395 of 1992 should also be noted. It is very similar to regulation 62 of
S.I. 661 of 2006, in that there is no provision for CBI approval. However, Regulation 15(6) is
noteworthy in that it states:
“The Bank may prescribe rules and standards for the application of this Regulation to
credit institutions either generally or in particular.”
Furthermore, Regulation 15(4) permits the CBI, where it has reason to believe that a credit
institution has exceeded the limits, to require credit institutions to increase the amount of
own funds, to dispose of specified shareholdings in a relevant body corporate or to take
other measures specified by the CBI to meet these limits. ‘Relevant body corporate’ for the
purposes of S.I. 395 of 1992 does not include a body corporate that is a credit institution or
a financial institution or insurance or re-insurance companies.
a) Prior-event notification
Credit institutions are required, by means of a license condition imposed in August 2013
pursuant to Section 10(3) of the Central Bank Act, 1971, and Section 17 of the Building
Societies Act, 1989 to provide prior notification to the CBI (prior approval is not required)
of the following:
a) Acquisitions that fall outside of the EU Acquiring Transaction regime which exceed
5% of the Own Funds of the Credit Institution but are less than 9% of Own Funds.
b) Debt restructuring where the overriding purpose is to maximize the amount of
credit that can be recovered;
c) Short term acquisitions that are held for sale investments;
d) Indirect acquisitions by independently managed funds where the transaction is in
line with the funds objectives;
e) Activities of nominee companies established by the credit institution that are
acting on the nominees behalf; and,
IRELAND
68 INTERNATIONAL MONETARY FUND
f) Undertakings falling within Regulations 62, 63(1) and (2) and 64(1) of Statutory
Instrument 661 of 2006 (European Communities (Capital Adequacy of Credit
Institutions) Regulations 2006).
g) The disposal of any undertaking which was previously approved under the Major
Acquisitions regime.
In addition to the above, credit institutions, in respect of which the CBI is the consolidating
supervisor, are required to notify the CBI in advance of major acquisitions (as defined) by
other non-regulated entities within the license holder’s group.
For b) to f) above prior notification is required where the interest being acquired exceeds
5% of the own funds of the credit institution. There is no upper limit.
In addition, from August 2013, Credit institutions are required to notify the CBI of major
acquisitions by other entities in the banking group which are not regulated by the CBI. The
CBI will review such acquisitions in order to satisfy itself that they do not expose the credit
institution to any undue risks or hinder effective supervision. In the event that the Central
Bank is concerned with the risks arising or the impact on supervision resulting from such
acquisitions, it may require the credit institution to take measures to insulate itself from the
acquisition.
Requirements for prior approval and notification were imposed on credit institutions in
August 2013 pursuant to Section 10(3) and Section 18 of the Central Bank Act 1971 and
Section 17 of the Building Societies Act 1989.
In the last five years six “Major Acquisitions” (as defined under a previous regime which had
no legal basis) were approved by the CBI. No applications were denied.
EC2 Laws or regulations provide criteria by which to judge individual proposals
Description and
findings re EC2
CBI Policy sets out criteria for supervisors in assessing Major Acquisitions proposals. The
criteria are as follows:
1. The potential impact of the acquisition on the credit institution.
2. Whether the proposed acquisition will expose the credit institution to undue
risks.
3. Whether the credit institution has the financial, managerial and organizational
capacity to handle the proposed investment. This is particularly important
where the undertaking being acquired is involved in nonbanking related
activities.
4. Whether the acquisition falls within the scope of the credit institution’s
internal control and risk management framework.
5. Whether the proposed acquisition will hinder effective supervision.
6. Whether the proposed acquisition will hinder effective implementation of
corrective measures in the future (i.e. whether the proposed acquisition
creates an obstacle to the orderly resolution of the credit institution).
7. In relation to overseas acquisitions, the effectiveness of supervision in the
host country and the ability of the Central Bank to exercise supervision on a
consolidated basis (including information flows from the host country).
8. The impact, if any, on financial stability.
Criteria by which to judge individual proposals are set out in the Policy which was imposed
on credit institutions in August 2013 pursuant to Section 10(3) of the Central Bank Act 1971
and Section 17 of the Building Societies Act 1989. Items 1 to 5 inclusive have been included
IRELAND
INTERNATIONAL MONETARY FUND 69
in the license condition.
EC3 Consistent with the licensing requirements, among the objective criteria that the supervisor
uses is that any new acquisitions and investments do not expose the bank to undue risks or
hinder effective supervision. The supervisor also determines, where appropriate, that these
new acquisitions and investments will not hinder effective implementation of corrective
measures in the future.
16
The supervisor can prohibit banks from making major
acquisitions/investments (including the establishment of cross-border banking operations)
in countries with laws or regulations prohibiting information flows deemed necessary for
adequate consolidated supervision. The supervisor takes into consideration the
effectiveness of supervision in the host country and its own ability to exercise supervision
on a consolidated basis.
Description and
findings re EC3
The criteria as set out in the Policy by which the CBI will review applications are as follows:
1. Whether the proposed acquisition will expose the credit institution to undue risks.
2. Whether the proposed acquisition will hinder effective supervision.
3. Whether the proposed acquisition will hinder effective implementation of corrective
measures in the future (i.e. will the proposed acquisition create an obstacle to the
orderly resolution of the credit institution).
4. In relation to overseas acquisitions, the effectiveness of supervision in the host
country and the ability of the Central Bank to exercise supervision on a consolidated
basis (including information flows from the host country).
The CBI has the power to prohibit banks from undertaking transactions which fall within
the ambit of the Acquiring Transactions regime.
The requirements of the Policy were imposed on credit institutions in August 2013
pursuant to Section 10(3) of the Central Bank Act 1971 and Section 17 of the Building
Societies Act 1989.
In addition to the Policy on Major Acquisitions, the CBI also requires prior approval for the
following:
? Establishment of a subsidiary outside the EEA where that subsidiary is a bank or
other licensed entity;
? Establishment, formation or taking part in forming a company, other body corporate
or an unincorporated body of persons which is a non-licensed subsidiary, in the
European Economic Area or elsewhere.
? Establishment of a branch in a non-EU(Third Country)
EC4 The supervisor determines that the bank has, from the outset, adequate financial,
managerial and organizational resources to handle the acquisition/investment.
Description and
findings re EC4
There is a requirement in the Policy that supervisors assess whether the credit institution
has the financial, managerial and organizational capacity to handle the proposed
investment.
The requirements of the Policy were imposed on credit institutions in August 2013
pursuant to Section 10(3) of the Central Bank Act 1971 and Section 17 of the Building
Societies Act 1989.
16
In the case of major acquisitions, this determination may take into account whether the acquisition or investment
creates obstacles to the orderly resolution of the bank.
IRELAND
70 INTERNATIONAL MONETARY FUND
EC5 The supervisor is aware of the risks that nonbanking activities can pose to a banking group
and has the means to take action to mitigate those risks. The supervisor considers the
ability of the bank to manage these risks prior to permitting investment in nonbanking
activities.
Description and
findings re EC5
The CBI requires that supervisors, in assessing Major Acquisitions applications, consider
whether the credit institution has the financial, managerial and organizational capacity to
handle the proposed investment. The Policy states that this assessment “is particularly
important where the undertaking being acquired is involved in nonbanking related activities.”
As part of the supervisory review process, the CBI will assess the governance and internal
capital assessment process to determine the level of own funds required. This should
include an assessment of the risks nonbanking activities can pose to a banking group – for
example, analyzing unregulated entities such as special purpose vehicles established for
securitization purposes, assessing their liquidity requirements, level of implicit support,
significant risk transfer, etc. The CBI may impose supervisory measures to address
deficiencies identified.
CBI supervisors are aware of the risks posed by nonbanking (including non-regulated)
entities and activities to banking groups. This is primarily the case for nonbanking activities
which are regulated by other divisions within the CBI, e.g. insurance entities. While the
mitigation of such risks and the approval of acquisitions is the responsibility of the relevant
supervision teams in those divisions, there is regular formal (e.g. internal CBI colleges) and
informal contact between the banking group supervisors (who are the ‘lead regulators’)
and those supervisory teams. This ensures that the banking group supervisors are fully
aware of the risks which those entities pose to the banking group.
The requirements of the Policy were imposed on credit institutions in August 2013
pursuant to Section 10(3) of the Central Bank Act 1971 and Section 17 of the Building
Societies Act 1989
Assessment of
Principle 7
Largely Compliant
Comments In August of 2013 the CBI implemented the legal framework and process to meet the
requirements of this CP. However, currently there is no evidence of the effectiveness of the
process and the regulation.
Principle 8 Supervisory approach. An effective system of banking supervision requires the supervisor
to develop and maintain a forward-looking assessment of the risk profile of individual
banks and banking groups, proportionate to their systemic importance; identify, assess and
address risks emanating from banks and the banking system as a whole; have a framework
in place for early intervention; and have plans in place, in partnership with other relevant
authorities, to take action to resolve banks in an orderly manner if they become non-viable.
Essential criteria
EC1 The supervisor uses a methodology for determining and assessing on an ongoing basis the
nature, impact and scope of the risks:
(a) which banks or banking groups are exposed to, including risks posed by entities in
the wider group; and
(b) which banks or banking groups present to the safety and soundness of the banking
system
IRELAND
INTERNATIONAL MONETARY FUND 71
The methodology addresses, among other things, the business focus, group structure, risk
profile, internal control environment and the resolvability of banks, and permits relevant
comparisons between banks. The frequency and intensity of supervision of banks and
banking groups reflect the outcome of this analysis.
Description and
findings re EC1
PRISM is the methodology used by the Central Bank for determining and assessing on an
ongoing basis the nature, impact and scope of risks to which banks or banking groups are
exposed. The supervisor is required to apply, at a minimum, the engagement model
appropriate for their firm’s impact category as specified under PRISM. While PRISM
prescribes a minimum supervisory plan of activities on a specified frequency, supervisors
can, and do, go beyond the minimum in performing supervision of the banks.
Risk assessment under PRISM is judgment based comprising qualitative and quantitative
assessments as appropriate. Supervisors are required to provide a rationale on the PRISM
system to support their probability risk rating. The 12 point risk rating scale is non-numeric
and, as such, supports the philosophy of judgment based supervision. The rating scale is
divided into four Impact categories of High, Medium High, Medium Low and Low and
within each Impact category the supervisor can assign a positive, negative or neutral rating.
PRISM has ten risk categories: credit; market; operational; insurance; capital; liquidity;
governance; strategy/business model; environment and conduct. Several categories have
sub-categories, such as credit risk, which is broken down into inherent risk, quality of
control and concentration. Inherent risk and quality of controls are assessed within the
same risk category to determine a net risk rating. Each risk category is assigned a rating by
the supervisor which reflects the risk of failure from that risk category. The ten risk
categories form the basis of the overall probability risk rating. Standardized weightings are
assigned to each of the ten risk categories.
With regard to the specific risks identified, business focus is captured under
Strategy/Business Model Risk, the assessment of which derives from the engagement
model task of Business Model Analysis conducted for High Impact banks and from the Full
Risk Assessment (FRA) for Medium High and Medium Low Impact banks.
Group structure is assessed under business model analysis and governance reviews for
High Impact banks and as part of the full risk assessment for Medium High and Medium
Low Impact banks. Structural complexity is considered as part of Governance which
provides supervisors a framework to consider resolvability of banks.
The quality and effectiveness of internal controls is assessed on a per risk basis via the
engagement with the bank and other external stakeholders such as the external auditor. An
assessment of risk management and the control environment at a bank is an integral
component of onsite reviews (Financial Risk review such as a credit risk visit, operational
risk etc. or a Full Risk Assessment). In addition, Risk Management Quality is a discreet sub-
category of Governance in PRISM.
With regard to comparisons between banks, there are pre-determined peer groups within
PRISM. The facility to create customized peer group reports was also provided as part of
PRISM in May 2012. Additionally, specialist treasury and credit teams within the Banking
Supervision divisions prepare detailed packs on a quarterly basis for higher impact banks
which includes peer analysis for liquidity and credit risk.
The minimum frequency and intensity of the supervision of banks and banking groups is a
IRELAND
72 INTERNATIONAL MONETARY FUND
function of its impact categorization (i.e. the assessment of the impact of a bank’s failure
on the economy, the taxpayer and consumers). The impact assessment is purely
quantitative and is conducted on an ongoing basis as new impact metric data become
available (typically on a quarterly basis).
The impact metrics for banks are:
Total balance sheet and off ? -balance sheet size
Concentration of lending ?
Intra ? -financial system assets
Retail deposit base ?
Core Tie ? r 1capital
The minimum engagement plan with banks as prescribed by PRISM is a function of the
Impact on financial stability from a bank failure, rather than the risk of failure of the
individual bank. Banks with a significant domestic presence in terms of deposits and
liabilities are more likely to be assigned a higher Impact rating and as a consequence
receive greater supervisory attention through PRISM.
Within the PRISM model, the assessment of each risk category reflects the risk of failure
attributed to the particular category.
From a resourcing perspective, the impact categorization of a firm determines the
minimum number of supervisors allocated to that firm. Resource buffers are also
determined with reference to the impact category of each firm. These resource buffers are
managed at divisional level to engage with firms above the minimum as required.
Prism is an ongoing assessment and is updated as a result of any onsite or offsite
supervisory activity i.e. Financial Risk Review (equivalent to an onsite examination such as a
credit, market or operational risk review) or through analysis of regulatory returns (FINREP,
COREP). It is therefore intended to be a continuous risk assessment.
The PRISM methodology captures group-wide risks in several key areas depending upon
the nature of the subsidiary. Business Model Risk would capture group-wide risks. In the
circumstance of an insurance subsidiary within a banking group (which is a feature for one
of the Very High Impact banks) the risk from the insurance subsidiary will be included in
several risk categories: the Insurance Risk Category and equally taken into consideration in
the capital section.
The Risk Governance Panel is an opportunity for group issues to be discussed where the
responsible supervisor for each of the regulated entities within the group meet and discuss
ratings, RMPs and future supervisory plans.
In the circumstance where the Central Bank is a Host supervisor, the supervisor will take
into consideration the risk profile of the parent. For example, when rating liquidity risk, the
Central Bank will take into consideration the parent liquidity risk profile especially in the
circumstance when the group pursues a group funding model.
Processes to compare the risk profile of an individual bank against its peer group are
provided for in the PRISM system and predominantly used in preparation for risk
Governance Panels.
Triggers are built into PRISM to alert supervisors if there has been a change in financial
IRELAND
INTERNATIONAL MONETARY FUND 73
ratios – these are Key Risk Indicators (KRIs). Numerous KRIs are built into PRISM covering
the balance sheet and the risk categories of capital, credit, liquidity, market risk and
strategy/Business Model, including (but not limited to):
- Capital. CET1 ratio (solo and consolidated); Balance Sheet Leverage Ratio (solo
and consolidated); Pillar 1 solvency ratio (solo and consolidated).
- Credit. Provisions coverage ratio of impaired assets; largest 10 exposures as a
percentage of total drawn loans to customers
- Liquidity. Wholesale funding as a percentage of total funding (solo and
consolidated); liquid assets as a percentage of total funding; and liquidity ratio
sight to 8 days.
- Market Risk. Market risk capital as a percentage of total capital.
- Business Model/Strategy. Cost to income ratio (solo and consolidated), net
interest income to total loans and advances (solo and consolidated).
Data that feeds into the KRIs is sourced from bank’s submissions across FINREP, COREP,
Liquidity Return, the Quarterly Summary Financial Return (QSFR) and other relevant returns
(Impairment Provisions and Large Exposures).
EC2 The supervisor has processes to understand the risk profile of banks and banking groups
and employs a well defined methodology to establish a forward-looking view of the profile.
The nature of the supervisory work on each bank is based on the results of this analysis.
Description and
findings re EC2
PRISM is the framework supervisors use to understand banks’ risk profiles and to establish
a forward looking view of the profile. The engagement model which is implemented by the
supervisory teams, provides the operational context through which risk assessments are
conducted. In conducting their risk assessments, supervisors have access to different types
of guidance material contained within PRISM regarding the risk assessment process and
engagement with banks. The guidance material is an important part of the methodology to
help ensure consistency.
Risk Guidance Materials have been written for each of the ten probability risk categories
and each of the twenty four sub-categories. The materials are updated on an ongoing basis
to ensure their continued relevance and are designed to support supervisors in making
informed judgments in a structured fashion. For a given sub-category the materials:
(i) explain the sub-category in question;
(ii) outline key questions for the supervisor to consider;
(iii) contain information specific to certain sectors; and
(iv) provide sample characteristics of high, medium high, medium low and low probability
risk for each sub-category.
The guidance materials are web-based, which allows the material to be easily consulted
and/or quickly updated with new information on risk categories, thus maintaining their
relevance. The guidance materials can be accessed through links from the PRISM modules.
Similarly, engagement task guidance is provided for the components of the engagement
model that identify the major stages of the process and key questions to consider. More
detailed processes/procedures can be appended to the guidance, as can useful links which
provides supervisors with an opportunity to broaden their knowledge on the particular
subject of the guidance they are reviewing. The guidance materials are amended to reflect
new supervisory practices to the degree that legislation and experience demand change.
The centrally available assessments (i.e. those generated by Consumer, Financial Stability
IRELAND
74 INTERNATIONAL MONETARY FUND
and Risk Divisions (rather than the supervision teams) in relation to Conduct and
Environmental risks) also provide context against which the risks facing banks can be
assessed and monitored.
Finally, supervisors monitor movements in quantitative KRIs on an ongoing basis via the
PRISM system.
Engagement with institutions is not designed to be an exercise in compliance, but rather a
forward looking assessment of risk. The results and findings from previous supervisory
engagements will direct the focus of future engagements. For covered institutions, this will
include an assessment of how these banks will return to viability. Submission and
assessment of liquidity and capital management plans are a key element of forward
looking analysis performed by supervisors (i.e. three year capital management plan).
Regulation 66 of S.I. 661 of 2006, transposing Article 124 of the CRD, obliges the Central
Bank to review the arrangements, strategies, processes and mechanisms implemented by
credit institutions to comply with the CRD and evaluate the risks to which credit institutions
are or might be exposed taking into account the technical criteria set out in Annex XI of
that Directive.
More generally, Section 5A of the Central Bank Act 1942 (as amended) stipulates in effect
that the Central Bank has the power to do whatever is necessary for, or in connection with,
or reasonably incidental to the performance of its functions. Section 6A of the Central Bank
Act 1942 stipulates that one of those functions is the proper and effective regulation of
financial services providers and markets while ensuring that the best interests of consumers
of financial services are protected.
EC3 The supervisor assesses banks’ and banking groups’ compliance with prudential regulations
and other legal requirements.
Description and
findings re EC3
The Central Bank’s “PRISM” engagement model sets out a strategy for minimum
supervisory engagement. It provides a tool to assist supervisors to undertake systematic
and structured assessment of risks in firms and to ensure compliance with prudential
requirements and legislation including the CRD, EBA guidelines and Central Bank
guidelines.
In addition, the PRISM system has alert functionality, which assists supervisors to prioritize
their work and focus on emerging risks and trends and potential or actual breaches of
regulatory requirements.
There was evidence which showed the Central Bank taking action as a result of its analysis
of bank’s non-compliance with the regulations.
EC4 The supervisor takes the macroeconomic environment into account in its risk assessment of
banks and banking groups. The supervisor also takes into account cross-sectoral
developments, for example in nonbank financial institutions, through frequent contact with
their regulators.
Description and
findings re EC4
The macro-economic environment is assessed for supervisors by the Central Bank’s
Financial Stability Division and Risk Division, working with BSD, as part of their monitoring
of environmental risk. The assessment currently focuses on the following main areas:
1. Risk of disorderly sovereign defaults in the euro area;
2. Domestic sovereign debt sustainability;
3. Economic growth covering:
IRELAND
INTERNATIONAL MONETARY FUND 75
- International risks to Irish economic growth
- Domestic risks to Irish economic growth.
In addition to the macroeconomic risk, the environmental risk assessment attributes ratings
and describes sector specific risk aspects. Currently, the focus is on the following for retail
banks:
1. Business Environment
2. Funding/Liquidity Risk
3. Asset Encumbrance
4. Increasing Regulation
5. Personal Insolvency Bill and Mortgage Arrears Resolution Strategy
6. Taxation
7. Consumer Implications
The above ratings and assessments are updated at a minimum frequency of twice-yearly,
but this is augmented where it is felt that circumstances have changed sufficiently to
require an update. In their assessment of probability risk categories, supervisors take
account of the macro-economic environment and in particular in any review of the balance
sheet, investments, funding/liquidity risk and earnings/income profile. The Central Bank of
Ireland is the single prudential regulator for financial services in Ireland. Risk Division
therefore produces the environmental risk assessments not only for banking but also for
investment firms, insurance and credit unions sector. The cross-sector team produces
analysis of emerging risks which is communicated to supervisors.
EC5 The supervisor, in conjunction with other relevant authorities, identifies, monitors and
assesses the build-up of risks, trends and concentrations within and across the banking
system as a whole. This includes, among other things, banks’ problem assets and sources of
liquidity (such as domestic and foreign currency funding conditions, and costs). The
supervisor incorporates this analysis into its assessment of banks and banking groups and
addresses proactively any serious threat to the stability of the banking system. The
supervisor communicates any significant trends or emerging risks identified to banks and
to other relevant authorities with responsibilities for financial system stability.
Description and
findings re EC5
The responsibility for bank supervision and financial system stability falls under the Central
Bank. Arrangements have been put in place to strengthen the feedback loop between
systemic risk analysis and bank supervision. The Financial Stability Division (FSD) within the
Central Bank publishes a Macro Financial Review twice per year which identifies risks to
financial stability. In forming their view, the FSD will meet with supervisors and the risk
specialist teams that have been involved in meeting with banks throughout the period. The
results of this analysis are updated in Environment Risk as a risk category in PRISM which
the supervisor will consider when assessing a bank.
Supervisors are assisted in their identification, monitoring and assessment of the build-up
of risks, trends and concentrations within and across the banking system as a whole by the
Central Bank’s research work, such as its Research Technical Papers and Economic Letters.
With regard to problem assets, supervisors are assisted in preparation for the PCAR by the
development of loan loss forecast models. The Financial Stability Division initiated the
modelling of Loan Loss Forecasting (LLF), which is delivering improved capability to
forecast loan losses as part of the Central Bank’s oversight and supervisory functions.
Models are being developed for asset classes such as Mortgages, Commercial Real Estate,
IRELAND
76 INTERNATIONAL MONETARY FUND
Corporate, Small and Medium Enterprises (SME), Micro-SME and Non-Mortgage Retail.
Specifically, LLF is delivering a model development framework which:
- is capable of providing an independent and credible estimate of future loan losses,
under various scenarios;
- is capable of being used as the key input to the PCAR;
- can incorporate those areas of specific importance to the Central Bank and key
stakeholders, including overlays, assumptions and policy changes; and
- is ultimately capable of being maintained and updated by the Central Bank,
independent of third party support.
An example of proactively addressing negative implications for Irish financial stability is the
replacement of Loan-to-Deposit Ratios with an Advanced Monitoring Framework (AMF).
The introduction of the AMF removed the requirement for each bank to meet specific
funding targets within prescribed timeframes. Those funding targets may have induced the
banks to take individual actions which had negative implications for Irish financial stability.
The AMF should ensure that the FMP banks will become compliant with Basel III liquidity
requirements in a timely manner and move to a more sustainable funding profile in the
future.
In accordance with Regulation 67 of S.I. 661 of 2006, implementing Article 129 of the CRD,
where the Central Bank is responsible for supervision on a consolidated basis of EU parent
credit institutions and credit institutions by EU parent financial holding companies, it shall:
Coordinate the gathering and dissemination of relevant or essential information in ?
going-concern and emergency situations;
Co ? -ordinate supervisory activities in going concern situations, including in relation to
Articles 123 (Regulation 65 concerning ICAAP), 124 (Regulation 66 of S.I. 661 of 2006
concerning supervisory review) and 136 (Regulation 70 concerning supervisory measures),
and in Annex V of the CRD (concerning the organisation and treatment of risks), in
cooperation with the other competent authorities involved; and
Plan and coordinate supervisory activities in cooperation with the other competent ?
authorities involved, and if necessary with other Central Banks, in preparation for and
during emergency situations, including adverse developments in credit institutions or in
financial markets using, where possible, existing defined channels of communication for
crisis management.
Planning and coordination of supervisory activities referred to above include exceptional
measures in accordance with Article 132(3)(b) of CRD, preparation of joint assessments,
implementation of contingency plans, communication to the public. Furthermore where the
Central Bank is responsible for supervision on a consolidated basis it shall, in accordance
with Article 67(A), further transposing Article 129 of the CRD, make reasonable efforts to
reach a joint decision with the other competent authorities concerned on:
(a) The application of Regulations 65 and 66 of S.I. 661 of 2006 to determine the adequacy
of the consolidated level of own funds held by the group with respect to its financial
situation and risk profile; and
(b) The required level of own funds for the application of Regulation of Regulation 70(4) of
S.I. 661 of 2006 regarding a specific level of additional own funds in cases where
deficiencies are identified with the internal capital adequacy assessment process
(Regulation 65 of S.I. 661 of 2006) and Governance arrangements (Regulation 16 of S.I. 395
of 1992)
IRELAND
INTERNATIONAL MONETARY FUND 77
EC6 Drawing on information provided by the bank and other national supervisors, the
supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability
where appropriate, having regard to the bank’s risk profile and systemic importance. When
bank-specific barriers to orderly resolution are identified, the supervisor requires, where
necessary, banks to adopt appropriate measures, such as changes to business strategies,
managerial, operational and ownership structures, and internal procedures. Any such
measures take into account their effect on the soundness and stability of ongoing business.
Description and
findings re EC6
Section 93(1) of the CBCIR Act 2011 allows the Central Bank to prepare a Resolution Report
where it has previously requested a Recovery Plan from a credit institution. While the
Central Bank received the power to request recovery plans and to produce resolution plans
under the CBCIR Act 2011 in October 2012, a local recovery and resolution plan regime has
not yet been implemented. The Special Resolutions Unit has developed guidelines for the
banks for the production of recovery plans, which would precede the development of
resolution plans.
While there are some national authorities making progress in relation to the production of
recovery plans for G-SIFIs the Central Bank is awaiting EU/international developments in
the area, especially with respect to the CRD, Notwithstanding this and in line with EBA
recommendations, the Central Bank has requested recovery plans from two high impact
credit institutions.
Resolution planning is at only an early stage and has not been fully implemented across all
credit institutions.
EC7 The supervisor has a clear framework or process for handling banks in times of stress, such
that any decisions to require or undertake recovery or resolution actions are made in a
timely manner.
Description and
findings re EC7
The legal basis for resolution handling is derived from: The Credit Institutions and Central
Bank (Resolution) Act 2011; Section 106 of the CBCIR Act 2011 allows the Central Bank to
issue codes of practice relating to the operation of the Act; and Section 107 allows the
Central Bank to issue guidelines or policy statements in relation to the exercise of the
functions conferred by the Act – all of which are subject to prior consultation with the
Minister for Finance. To date, the Central Bank has not used these powers.
The CBCIR Act 2011 provides the Central Bank with the power to take action prior to a bank
failing. Section 9 of the Act sets out a number of conditions which must be met before the
Central Bank can intervene – these are qualitative and quantitative in nature. In the absence
of simple financial triggers for intervention, and recognising the last resort nature of the
powers, the Central Bank has taken a pragmatic approach. Banking Supervision Divisions,
under a draft MoU, will inform the Standing Resolution Committee (SRU) when a bank
begins to exhibit signs of financial or regulatory distress. From this point, the SRU will begin
to plan for a failure. At the point where Banking Supervision Divisions determine that they
have exhausted the supervisory tools and approach, they will inform a Standing Resolution
Committee, which will consider the situation and, where appropriate, recommend that the
SRU begin preparing a resolution case for the Governor to consider.
The framework for resolution planning and handling is yet to be fully implemented. The CBI
has undertaken considerable work in terms of crisis management and supervision in
periods of stress.
EC8 Where the supervisor becomes aware of bank-like activities being performed fully or
partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw
IRELAND
78 INTERNATIONAL MONETARY FUND
the matter to the attention of the responsible authority. Where the supervisor becomes
aware of banks restructuring their activities to avoid the regulatory perimeter, the
supervisor takes appropriate steps to address this.
Description and
findings re EC8
Unauthorized Providers Unit (UPU), a unit within the Enforcement Directorate, deals with
issues of unauthorized activity that are fully outside of the regulatory perimeter, i.e. where
the firm is not a regulated firm. Where an issue arises in relation to unauthorized activity
being conducted by a regulated firm, this is referred to the relevant supervision team for
escalation/close-out.
If the UPU receives a query or complaint in relation to a firm which is alleged to be acting
as a bank or offering banking services in the absence of an appropriate
authorization/license, it writes to the firm seeking clarification of its regulatory status and a
written description of its activities. If the firm is regulated by the Central Bank, and is
alleged to be acting outside of the scope of its authorization, the query will be referred to
the firm’s prudential supervisor for it to take appropriate action. Any allegation of
unauthorized banking which is brought to the attention of the UPU is referred to the Police
(Garda Bureau of Fraud Investigation) pursuant to the Central Bank’s obligations under
Section 33AK.
It is an offence to carry on “banking business” without an authorization; see section 7 of the
Central Bank Act 1971 and section 58(1) of the Central Bank Act 1971 (this area is dealt with
in CP4). Section 59 of that Act states that the Central Bank may bring a summary
prosecution for any offence in this regard. An Garda Síochána prosecute any offences
brought on indictment.
In 2011/2012, a complaint was referred to the Central Bank in respect of two unauthorized
firms. On the basis that these firms were purporting to be based in/operating in Ireland and
were using the word ‘bank’ in their titles, the Central Bank issued a warning (pursuant to
the Central Bank’s statutory powers) to alert the public that neither firm held any
authorization or license, nor were they appropriately licensed in another EEA member state
as a credit institution with authority to provide services in Ireland under a passporting
arrangement.
A further complaint was referred in respect of another entity purporting to be based in
Ireland and using the word ‘bank’ in its title. The UPU wrote to the website registrant and
the entity’s website was removed. This entity was claiming to operate from the premises of
a licensed credit institution in Dublin, so the matter was referred to Banking Supervision for
them to contact the licensed entity to alert them. A warning was not issued in respect of
this entity.
Assessment of
Principle 8
Compliant
Comments The PRISM methodology supports a structured and proportionate approach to supervision
that has a strong linkage between impact and supervisory intensity. The framework allows
for a structured approach to resource allocation and planning of supervisory activities. Built
into PRISM is an ongoing monitoring capability that will pick up changes in risk profile
through the use of financial ratios that, if triggered, will prompt supervisory
attention/intervention. The risk rating in PRISM is updated after a supervisory activity is
completed and in this way it is an ongoing measure of risk.
Impact in PRISM measures the impact to the system of an individual bank failing. Banks
IRELAND
INTERNATIONAL MONETARY FUND 79
that maintain a predominantly retail banking footprint represent the greatest risk to the
system and are assigned High Impact ratings. Resources, supervisory attention and
intrusiveness are increased where the impact rating is higher and resources are directed to
the High Impact banks. High Impact banks receive ongoing monitoring through offsite
supervision, frequent onsite reviews and ongoing engagement with bank senior
management. As the Impact rating decreases, the level of supervision also decreases.
Principle 9 Supervisory techniques and tools. The supervisor uses an appropriate range of
techniques and tools to implement the supervisory approach and deploys supervisory
resources on a proportionate basis, taking into account the risk profile and systemic
importance of banks.
Essential criteria
EC1
The supervisor employs an appropriate mix of on-site
17
and off-site
18
supervision to
evaluate the condition of banks and banking groups, their risk profile, internal control
environment and the corrective measures necessary to address supervisory concerns. The
specific mix between on-site and off-site supervision may be determined by the particular
conditions and circumstances of the country and the bank. The supervisor regularly
assesses the quality, effectiveness and integration of its on-site and off-site functions, and
amends its approach, as needed.
Description and
findings re EC1
The Central Bank employs a mix of on-site and off-site supervision. The Central Bank uses a
variety of information, such as prudential reports (Common Reporting (COREP), Financial
Reporting (FINREP), and Quarterly Summary Financial Return etc.), statistical returns, etc., to
regularly review and assess the safety and soundness of banks, evaluate material risks, and
identify necessary corrective actions.
The Central Bank determines that information provided by banks is reliable and obtains, as
necessary, additional information on the banks and their related entities. Prudential Reports
are reviewed at a high level by a specialist Prudential Reporting team who conduct some
on site testing and in greater detail by the supervision teams.
The supervisory engagement model is determined by PRISM, based on the impact of each
institution (details of the engagement model are set out under CP8), to ensure that Banking
Supervision resources are primarily directed towards those institutions which have the
highest impact. As a result, the on-site presence (which can also include attendance at
internal bank senior management meetings, such as Credit and Treasury meetings) is
significantly higher for the High Impact institutions than for Medium Low Impact
institutions.
The following are the primary engagement tasks through which supervisors identify and
17
On-site work is used as a tool to provide independent verification that adequate policies, procedures and controls
exist at banks, determine that information reported by banks is reliable, obtain additional information on the bank
and its related companies needed for the assessment of the condition of the bank, monitor the bank’s follow-up on
supervisory concerns, etc.
18
Off-site work is used as a tool to regularly review and analyze the financial condition of banks, follow up on
matters requiring further attention, identify and evaluate developing risks and help identify the priorities, scope of
further off-site and on-site work, etc.
IRELAND
80 INTERNATIONAL MONETARY FUND
assess risk and evaluate internal control frameworks:
(a) financial risk reviews and full risk assessments;
(b) business model analysis;
(c) review of the outcome of stress tests undertaken by the bank;
(d) governance reviews, including risk management and internal control systems;
(e) meetings with senior management and Board members;
(f) meetings with internal and external auditors;
(g) horizontal peer reviews; and
(h) model validation reviews.
(i) The Supervisory Review and Evaluation Process (ICAAP review)
(j) participation in supervisory colleges
(k) Thematic reviews
The Central Bank communicates its findings to banks as appropriate and requires banks to
take action to mitigate any particular vulnerabilities that have the potential to affect their
safety or soundness. The Central Bank uses its analysis to determine what follow-up work is
required, if any.
In carrying out this role supervision teams are assisted by specialist units, for example
Credit, Treasury, Business Model Analytics, Financial Reporting, Portfolio Analytics and
Stress testing and Quantitative models amongst others. The minimum level of on-site and
off-site supervision is prescribed for (i) specific review types (such as Financial Risk Reviews
(FRRs)) and (ii) engagement with the Management Team of the banks.
The Supervision Team should at a minimum carry out 6 FRRs for a High Impact firm over a
two year period.
Full Risk Assessments (FRAs) are carried out on a 2-4 year cycle for Medium High
institutions At a minimum, 10% of Medium low banks are subject to a Full Risk Assessment
on an annual basis. In recognition of the important position banks occupy in the financial
services system, the Central bank determined that no Irish licensed bank could be
categorized as Low impact notwithstanding the results of the impact assessment. A number
of branches operate on a cross border basis in Ireland. As the scope of the Central Bank’s
responsibilities for these entities extends only to liquidity, anti-money laundering and
conduct of business these firms have been categorised as Low Impact.
While unscheduled inspections are not carried out (firms are given advance notice of on-
site inspection) specific elements of a review are unscheduled such as requesting
walkthroughs of specific areas (for example systems used for regulatory reporting, booking
trades etc)and selecting loan files.
Thematic inspections are carried out and generally driven by the Consumer Directorate and
more recently the Reporting Unit has been conducting sample testing in selected
institutions.
Banking Supervision carries out thematic reviews in areas such as Regulatory Reporting,
Effectiveness of Risk Committees and Effectiveness of Internal Audit.
The minimum level of supervisory engagement for each bank is determined by PRISM,
with reference to the impact of its failure (further details are set out under CP8). While
IRELAND
INTERNATIONAL MONETARY FUND 81
there is commonality of some engagement tasks regardless of which impact category a
firm is assigned (e.g. meeting with a CEO), the depth and intensity of minimum
engagement is greater for higher impact firms than for lower impact firms. It should be
noted however that notwithstanding the minimum engagement model, Banking
Supervision is resourced to supervise above the minimum engagement model assigned for
each of its firms so it can (and does) engage well above the minimum as determined by
divisional management. With the benefit of the experience of the Irish banking collapse, it
is clear that the firms/firm types which caused the greatest impact as a result of their failure
are now assigned the largest share of resources.
The Legal powers of the CBI in the context of this EC are derived from:
- Section 18 of the Central Bank Act 1971 obliges holders of licences and others to
provide Bank with required information and returns.
- Part 3 of the Central Bank (Supervision and Enforcement) –Act provides powers for
authorised officers
- Regulation 66 of S.I. 661 of 2006, implementing Article 124 of the CRD, obliges the
Central Bank to review the arrangements, strategies, processes and mechanisms
implemented by the credit institutions to comply with the CRD and evaluate the
risks to which the credit institutions are or might be exposed, taking into account
the technical criteria set out in Annex XI of that Directive.
- Regulation 70 of S.I. 661 of 2006, implementing Article 136 of the CRD, enables the
Central Bank to require any credit institution that does not meet the requirements
of [any law of the State giving effect to the [Recast Credit Institutions Directive]
(CRD)] to take the necessary actions or steps at an early stage to address the
situation. Supervisory measures in this regard include requiring credit institutions
to: (i) hold additional own funds; strengthen capital via net profits; reinforce
governance and internal capital adequacy assessment processes; apply specific
provisioning policy; restrict / limit business operations; or reduce risk inherent in
the credit institution’s business products and systems.
The Central Bank regularly assesses its supervisory approach and engagement model. The Central
Bank’s Supervision Support Team continually reviews the quality of supervision via firm specific
reviews, survey reviews etc. Internal Audit also conduct reviews on the implementation of the risk
based approach to supervision. In addition, an independent review commenced in Quarter 2, 2013,
which is due to report towards the end of this year.
EC2
The supervisor has a coherent process for planning and executing on-site and off-site
activities. There are policies and processes to ensure that such activities are conducted on a
thorough and consistent basis with clear responsibilities, objectives and outputs, and that
there is effective coordination and information sharing between the on-site and off-site
functions.
Description and
findings re EC2
The planning module in PRISM sets out the minimum level of engagement with
institutions; this is dependent on the impact category of the institution. PRISM guidance
materials set out the processes to follow in conducting reviews of credit institutions and
the Supervisory Support Team (SST), a unit within the Risk Division, carries out reviews of
the practical implementation of PRISM and the quality of supervision, to ensure that
reviews are conducted on a thorough and consistent basis.
The supervision teams are responsible for on-site and off-site supervision and are
responsible for developing a supervision plan. The Supervision Team is supported by
specialist teams as mentioned in EC1; there is regular and scheduled coordination and
IRELAND
82 INTERNATIONAL MONETARY FUND
information sharing between supervision teams and specialist units.
The Governance Review process set out in PRISM includes the following guidance for review
planning:
- Objective of the Governance Review;
- Stages in the Analysis Process;
- Initial planning;
- Visit preparation;
Firm inspection;
- Visit;
- Analysis, quality assurance and write-up.
The process includes an estimate of the duration of each stage and the appropriate time to spend on-
site and off-site.
EC3
The supervisor uses a variety of information to regularly review and assess the safety and
soundness of banks, the evaluation of material risks, and the identification of necessary
corrective actions and supervisory actions. This includes information, such as prudential
reports, statistical returns, information on a bank’s related entities, and publicly available
information. The supervisor determines that information provided by banks is reliable
19
and
obtains, as necessary, additional information on the banks and their related entities.
Description and
findings re EC3
The CBI uses a mix of information sources to assess the safety and soundness of banks and
the sector. The CBI receives a full suite of regulatory returns including: COREP; FINREP;
Large Exposure; Sectoral Limits; Related Party Lending; Liquidity Returns; Funding Reports;
Impairment Return; Quarterly Summary Financial Return; and Deposit Protection. These
returns are analyzed by supervision staff on a periodic basis, for High and Medium High
Impact banks. To assess the reliability of data, the CBI performs a range of activities. For
example, a high level review of regulatory returns is performed by the Financial Reporting
Unit in Banking Supervision. Once this is conducted, the supervision team will perform a
detailed analysis of the data identifying trends and underlying drivers which will be used in
conjunction with the findings arising from the supervisors’ engagement to probability risk
rate the firm. A combination of detailed analysis of key risk indicators and regulatory
returns is carried out for all banks (irrespective of impact category). For banks in the lower
two Impact categories the analysis of regulatory returns is automated.
In advance of meetings with officers of a bank however, supervisors would review
supplementary data on the returns and request additional relevant information (e.g. MI
data used by the bank, risk appetite statements, risk policies, limits, Board and Board sub-
committee meeting minutes, Board and Committee terms of reference). On average, one
such meeting is held on a quarterly basis with Medium Low banks, the character of which is
robust and intrusive.
The legal basis for the submission of regulatory returns and other supervisory material is
derived from Section 18 of the Central Bank Act 1971 which obliges holders of licenses and
others to provide the Central Bank with required information and returns. Regulation 65
and 66 of the CRD covers the ICAAP and SREP respectively.
19
Please refer to Principle 10.
IRELAND
INTERNATIONAL MONETARY FUND 83
Credit institutions are required under Regulation 72 of S.I. 661 of 206, transposing Article
145 of the CRD, to adopt a formal policy to comply with disclosure requirements and to
have policies for assessing the appropriateness of these requirements, including their
verification and frequency. In accordance with Regulation 72, credit institutions are to
publicly disclose, on at least an annual basis, the information set out in Part 2 of Annex XII
of the CRD concerning technical criteria on transparency and disclosure. The CBI also
receives a multitude of other information which it uses to assess bank risk, including:
? Audit Reports: from Internal and External Audit.
? Internal Capital Adequacy Assessment Process (ICAAP) submissions
? Annual information – such as financial statements, Banking Supervision Assets and
Liabilities return, reconciliation between financial statements and regulatory returns.
? Annual Compliance Statements with Regulatory Codes, e.g. Annual Compliance
Statement with the Corporate Governance Code and Annual Internal Audit on
compliance with the requirements for the management of liquidity risk.
? Publicly available information such as media reports, reports from rating agencies,
analyst reports, etc.
? Pillar III disclosures by institutions.
? Evidence to support the implementation of RMPs.
Key Risk Indicator Review: Once a key risk indicator limit is breached or threshold for same
is breached a detailed analysis is carried out by the supervisor, which can include
requesting further quantitative or qualitative information for the bank, with a detailed
rationale for closure to be provided within the PRISM system. Supervisors will also
determine what the movement suggests about the bank’s risk profile. The depth of
regulatory returns review is determined by the impact category as opposed to inherent risk.
Regulatory Returns Review: Supervisors carry out detailed analytical work on the condition of
High and Medium High banks. A supervisory tool has been developed (banking cube) to
ensure that at a minimum supervisors carry out analysis of movements in excess of
thresholds of all regulatory returns and trend analysis on a quarterly basis. The tool also allows
supervisors to investigate irregular completion of returns (for example supervisors will be
able to review risk weights applied and can investigate when changes are expected).
Supervisors are required to comment on the validity of all movements, to investigate as
necessary and to make judgements about the risk profile of the firm before the return is signed
off. The submission of data by banks is validated through investigative questioning;
recalculating data using regulatory rules (for example limits to Hybrid instruments); and on-
site testing (thematic reviews, full risk assessment and financial risk reviews).
EC4
The supervisor uses a variety of tools to regularly review and assess the safety and
soundness of banks and the banking system, such as:
(a) analysis of financial statements and accounts;
(b) business model analysis;
(c) horizontal peer reviews;
(d) review of the outcome of stress tests undertaken by the bank; and
(e) analysis of corporate governance, including risk management and internal control
systems.
The supervisor communicates its findings to the bank as appropriate and requires the bank
IRELAND
84 INTERNATIONAL MONETARY FUND
to take action to mitigate any particular vulnerabilities that have the potential to affect its
safety and soundness. The supervisor uses its analysis to determine follow-up work
required, if any.
Description and
findings re EC4
The Central Bank uses a variety of tools to regularly review and assess the safety and
soundness of banks and the system such as:
- Reviews of the annual accounts of banks (and, where appropriate, of the
quarterly accounts)
- Business Model Reviews are required every two years for High Impact
institutions. In completing an FRA for Medium High/Low Impact institution (see
CP8) a business model analysis is completed. The objective of the review is to aid
the supervisor in assessing the risks the firm is taking, its vulnerabilities, its capacity
to identify risks/threats and its ability to react appropriately in a timely manner. It
will also identify the operational flexibility of an organisation to respond to major
shocks, e.g. recession, liquidity crisis, etc.
- Reviews of the outcome of stress tests on an annual basis in completing FRA
and ICAAP reviews This supervisory activity is performed for all banks as directed
by the CRD. For banks with an Impact rating of Medium High and Medium Low for
the year when a FRA has not been performed, a self assessment questionnaire is
completed by the bank and supported by aspects of the ICAAP – business plan,
capital plan, risk appetite statement, material changes in the ICAAP etc
- Horizontal peer reviews are conducted by the Treasury and Credit Teams for
High and some Medium High Impact institutions. Peer group analysis reports are
available in PRISM and provide a comparison on KRIs, and show overall trends for
same. It should be noted that some Medium High and Medium Low Impact
institutions do not have relevant peers for comparison purposes
- Governance reviews are required every two years for High Impact institutions. In
completing an FRA for Medium High/Low Impact institutions, a governance review
is conducted. The objective of the review is to establish that the institution is
managed in a sound and prudent manner, if the “seat of control” is the Board and
not a parent company or other affiliate. The supervisors in their assessments also
give consideration to the culture of the Board, the attributes it values in its
directors, its expectations of directors in terms of their engagement and the
interplay between members of the executive and the Board. In addition, corporate
governance is reviewed on an annual basis as part of an ICAAP review and
institutions are required to submit an annual statement of compliance with the
Corporate Governance Code.
- Pillar 3 reports are reviewed when available as part of offsite supervision to inform
the overall risk assessment or supervisory activities.
Following a process where a supervisor has investigated an institution, such as an FRA or a
review/inspection, the findings of the review are communicated to the institution. Initial
findings can be informally communicated at a meeting with the senior management team,
with a formal letter to follow. Where areas of weakness are identified, a RMP is developed
to ensure that the institution takes the appropriate action to mitigate any particular
vulnerability. RMP are authorised either by a RGP or, when no RGP is planned, by a
IRELAND
INTERNATIONAL MONETARY FUND 85
member of the divisional management team. The purpose of the RGP is to bring together a
wide variety of experience and expertise to help supervisors reach high quality judgments
on how to appropriately take forward supervisory activities. If breaches of
regulation/legislation are identified during an inspection, the Supervision Team will
escalate the violation to Divisional Management. The violation will be documented in the
report of the inspection and the Supervision Team will complete an escalation report for
the SRC, with possible referral to the Enforcement Directorate.
EC5
The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and
mitigate any emerging risks across banks and to the banking system as a whole, potentially
including conducting supervisory stress tests (on individual banks or system-wide). The
supervisor communicates its findings as appropriate to either banks or the industry and
requires banks to take action to mitigate any particular vulnerabilities that have the
potential to affect the stability of the banking system, where appropriate. The supervisor
uses its analysis to determine follow-up work required, if any.
Description and
findings re EC5
The objective in Section 6A (2) (a) of the Central Bank Act, 1942 (as amended by the Central
Bank Reform Act, 2010), in relation to the “stability of the financial system overall” gives the
Central Bank of Ireland a leading role in the area of macro-prudential policy. There are also
legislative provisions for co-operating with a range of public bodies whose actions have a
material impact on financial stability, without prejudice to their respective mandates. The
Central Bank of Ireland has employed tools, which are macro-prudential in nature, both
pre-emptively (i.e., imposing sector capital requirements in 2006 in an attempt to curb
mortgage lending) and as a tool of crisis management (i.e., in 2011 imposing capital and
loan-to-deposit requirements) under the Financial Measures Program.
The Central Bank is currently developing a national macro-prudential framework in line
with ESRB recommendations. The Financial Stability Division is undertaking analytical work
to support this framework.
The implementation of Basel III in Europe via an amended CRD and CRR (collectively CRD
IV) will come into force on 1 January 2014 and will allow for the implementation of certain
macro-prudential measures such as additional capital buffers and broader macro-
prudential discretions. The new framework requires Member States to designate an
authority (the “Designated Authority”) responsible for taking measures necessary to
prevent or mitigate systemic risk or macro-prudential risks posing a threat to financial
stability at national level, when appropriate. Although in the Irish case, the Designated
Authority has not yet been formally confirmed, the Department of Finance (DoF) has
indicated its intention to assign the Central Bank of Ireland to this role. The Central Bank is
currently actively engaging with DoF on the transposition of CRD IV and also intends to
issue a revised CRD implementation document on its intended exercise of discretions and
options available to it as competent authority in due course.
As mentioned above, the Central Bank of Ireland Act 1942 provides that the stability of the
financial system overall is one of its key objectives. As part of this, the Central Bank
identifies, assesses and communicates banking risks through the preparation and
publication of the Macro Financial Review conducted by the Financial Stability Division. The
Minister for Finance also has legislative responsibility for financial stability, in terms of
proposing legislation and Government policy that promotes financial stability. The Central
Bank and Department of Finance have an agreed MoU in this area.
Within the Central Bank, the Deputy Governors for Financial Regulation and Central
IRELAND
86 INTERNATIONAL MONETARY FUND
Banking report to the Governor who has overall responsibility for Financial Stability. The
Governor chairs a Financial Stability Committee (FSC). The FSC advises the Governor on
issues central to the fulfillment of the mandate of the Central Bank, to contribute to
financial stability in Ireland and the Euro area. The FSC’s role involves monitoring and
assessing both domestic and international economic and financial developments,
highlighting potential areas of concern relevant to the Irish financial system and drawing
conclusions from the analysis. A key focus of the committee is to identify potential actions
that can be taken to mitigate risks to financial stability and to follow up on past measures.
Formulation of specific actions may be delegated by the Governor to management within
or outside the FSC. Actions may take the form of consideration, implementation, and
review of micro-prudential and/or macro prudential policy instruments.
In addition, the Financial Stability Division in conjunction with the Risk Division provides an
environmental risk assessment for PRISM, which contributes to individual risk scores.
In terms of stress tests, the Central Bank has conducted sector-wide macro stress tests in
the past, but in recent years supervisory stress tests, Asset Quality Reviews, Balance Sheet
Assessments and Data Integrity Verification exercises - under the PCAR process have been
conducted by the Central Bank (with the assistance of external bodies) to determine the
Covered Banks capital requirements. In preparation for the next loan level PCAR exercise in
2014, the Central Bank has undertaken the development of loan loss forecasting models for
four asset classes: residential mortgages, non-mortgage retail, micro SME and
SME/Corporate. The Central Bank communicates its findings to industry through press
releases/conferences and updating the Central Bank web-site. The Central Bank
communicates its findings to banks via meetings with the senior management team and
formal letters or requirements in the case of supervisory stress test results. The Central
Bank requires banks to take actions, such as maintaining capital at a specific level.
In addition, the Financial Stability Division in conjunction with the Risk Division provides an
environmental risk assessment for PRISM, which contributes to individual risk scores.
In terms of stress tests, the Central Bank has conducted sector-wide macro stress tests in
the past, but in recent years supervisory stress tests under the PCAR process have been
conducted by the Central Bank to determine the Covered Banks capital requirements. The
Central Bank communicates its findings to industry through press releases/conferences and
updating the Central Bank web-site. The Central Bank communicates its findings to banks
via meetings with the senior management team and formal letters or requirements in the
case of supervisory stress test results. The Central Bank requires banks to take actions, such
as maintaining capital at a specific level.
EC6 The supervisor evaluates the work of the bank’s internal audit function, and determines
whether, and to what extent, it may rely on the internal auditors’ work to identify areas of
potential risk.
Description and
findings re EC6
The PRISM guidelines for High Impact institutions require the team to meet the Internal
Audit function on an annual basis. Medium High Impact institutions are required to meet
the Internal Audit function every two years. While the minimum engagement model for
Medium Low firms does not prescribe a minimum engagement level with Internal Audit,
notwithstanding, supervisors can and do include such meetings in their supervisory
engagement. Supervisors have met with the Internal Audit functions in 30% of the Medium
Low bank population since PRISM roll-out. PRISM engagement model for Internal Audit as
follows:
IRELAND
INTERNATIONAL MONETARY FUND 87
High – annual
Med high every two years
Med Low/Low – no frequency.
There is no requirement for an IA function in the regulations issued by the Central Bank
although the EBA guidelines GL44 set out the requirements for internal control functions.
For High Impact banks it is expected that an IA function be in place. The PRISM guidelines
for meeting with the Internal Auditor state that the objective of the meeting is to
determine the adequacy of the procedures and satisfy the supervisor as to the effectiveness
of policies and practices followed, and that management takes appropriate corrective
action in response to internal control weaknesses. Central Bank has confirmed to all Irish
licensed banks that EBA guidelines constitute Central Bank guidance and must be complied
with.
Thematic reviews of the effectiveness of Internal Audit functions across the banking system
are also carried out by the Central Bank. Analysing and forming a view of the effectiveness
of the Internal Audit function is a key element of the Governance Review as set out in the
PRISM guidelines. According to the minimum engagement model, Governance Reviews are
required at least every two years for High Impact institutions and as part of an FRA for
Medium High and Medium Low Impact firms. In Q1 2011, the Central Bank carried out a
thematic review of the “effectiveness of the internal audit function” across the banking and
insurance sectors (a sample of banks and insurance entities were included in the review).
Letters issued to the banks involved in Q3 2011.
EC7 The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s
Board, non-executive Board members and senior and middle management (including
heads of individual business units and control functions) to develop an understanding of
and assess matters such as strategy, group structure, corporate governance, performance,
capital adequacy, liquidity, asset quality, risk management systems and internal controls.
Where necessary, the supervisor challenges the bank’s Board and senior management on
the assumptions made in setting strategies and business models.
Description and
findings re EC7
Engagement with the Board is determined by a bank’s impact category. The purpose of
contact with the Board is to develop an understanding and assessment of matters such as
business models, strategy, structure, governance, capital adequacy, liquidity, asset quality,
risk management systems and internal controls. During the meeting with key personnel,
Central Bank staff will advise of the PRISM rating, the key drivers and RMP issues as well as
the forthcoming supervision action plan.
The Central Bank also has robust engagement with institutions where it identifies
weaknesses, for example, where a Board Risk Committee has approved changes to risk
strategies and appetite without due consideration or challenge.
The minimum frequency of engagement with a Board is determined by the impact category
of the institution as follows:
?High Impact – at least on an annual basis, supervisors meet the CEO, CFO, CRO,
Chairman, Senior Non-Executive Director, Internal Audit and External Auditor. In addition,
teams meet with middle management functions, e.g. control functions, treasury, credit, etc.
?Medium High – at least on an annual basis, supervisors meet the CEO, CFO, Chairman,
Senior Non-Executive Director, External Auditor and on a 2-year cycle CRO and Internal
IRELAND
88 INTERNATIONAL MONETARY FUND
Auditor. They also meet with senior and middle management with day-to-day
responsibility for credit, market, operational and liquidity risks.
?Medium Low – with due regard to risk and on a staggered basis, over an 18-24 month
cycle supervisors meet with the CEO, CFO, Chairman, Senior Non-Executive Director and
External Auditor. On a two-year cycle they meet with the CRO.
?Low – not specified (note there are no Irish licensed banks in this rating category).
The Central bank in its engagement with credit institutions will meet with the full board
when presenting results from the RGP. On an annual basis, meetings will be held with
individual Board members i.e. INED and Chair separately.
The power to meet with and question bank staff is set out in Section 17A part (e), of the
Central Bank Act 1971, outlining the powers of authorised persons with respect to holders
of licenses. Section 17A part (e) covers requests to any person who appears to the
authorised person to have information relating to the records, or to the business, of the
license holder or related body, to answer questions with respect to those records or that
business.
There are also new extensive powers provided in the Central Bank (Supervision and
Enforcement) Act 2013 which enhance matters, i.e. Part 3 in relation to Authorised Officers
and a new general information gathering power
While the minimum engagement model with senior management is outlined above, in
practice, supervision teams have contact with and meet senior management on a much
more regular basis for the High impact banks. During meetings with the Board members of
an institution and the senior management team supervisors challenge the current strategy,
including assumptions made in developing the strategy. The typical questions to ask when
challenging the strategy of an institution are set out in the PRISM guidelines.
EC8 The supervisor communicates to the bank the findings of its on- and off-site supervisory
analyses in a timely manner by means of written reports or through discussions or
meetings with the bank’s management. The supervisor meets with the bank’s senior
management and the Board to discuss the results of supervisory examinations and the
external audits, as appropriate. The supervisor also meets separately with the bank’s
independent Board members, as necessary.
Description and
findings re EC8
The PRISM engagement model involves a schedule of ongoing meetings between
supervisors and senior management (CEO, CRO, CFO, Head of Internal Audit) and board
members (Chairman and senior INEDs). The frequency of meetings is determined by the
impact rating of a particular bank. For banks rated Medium-Low and Low, engagement
with bank’s management will not typically take place.
The Central Bank communicates the findings from on-site and off-site reviews via written
letter with a RMP attached. The Central Bank meets with the Board and the Senior
Management Team to discuss the RMP. Supervisors and senior management of the Central
Bank also frequently meet with banks’ senior management and board members in relation
to specific prudential and consumer protection matters, e.g. in relation to recapitalisations;
asset deleveraging; mortgage arrears resolutions and distressed credit operation
capabilities; internal model methods for capital purposes; and new business applications,
amongst other matters.
IRELAND
INTERNATIONAL MONETARY FUND 89
EC9 The supervisor undertakes appropriate and timely follow-up to check that banks have
addressed supervisory concerns or implemented requirements communicated to them.
This includes early escalation to the appropriate level of the supervisory authority and to
the bank’s Board if action points are not addressed in an adequate or timely manner.
Description and
findings re EC9
PRISM requires supervisors to ensure that deadlines for the completion of RMP actions are
met. PRISM allows the supervisor to monitor, track and close RMP actions. Supervisors
follow up on the implementation of RMPs through desk top analysis and on-site
inspections, dependent on the nature of the particular mitigation required. The CBI can also
engage Third party or independent party validation to ascertain the extent to which RMPs
have been implemented. For example, if an institution is required to implement a credit
policy, supervisors will complete a desk top review of the policy and will then visit the
institution to test its implementation.
The planner facility allows the supervisor to see when RMP actions are falling due. As soon
as the supervisor receives an RMP response from a firm, the supervisor is required to
change the action’s status in PRISM to ‘Results Under Review’. Supervisors should review
RMP actions within three weeks of their becoming due, assess their success, change their
status to concluded and provide a closure narrative. PRISM has the facility to generate
reports highlighting to Divisional Management the RMPs that are overdue; these reports
show institutions that are late in meeting RMP deadlines and reviews by supervisors that
have not been completed within the three week requirement. In certain circumstances, for
example when an on-site visit is required, it is possible to extend the review beyond three
weeks. If action points are not addressed, the supervisor escalates internally by following
the Central Bank’s escalation policy. In addition, in certain circumstances the Central Bank
writes to the Board of the bank.
EC10 The supervisor requires banks to notify it in advance of any substantive changes in their
activities, structure and overall condition, or as soon as they become aware of any material
adverse developments, including breach of legal or prudential requirements.
Description and
findings re EC10
The Central Bank has imposed a requirement on credit institutions to notify the Central
Bank in advance of any substantive changes in activities, structure and overall condition. In
addition, there are notification requirements (within regulatory requirements and
legislation) that cover changes in activities, structure and condition.
The legal basis for notifications exist within specific regulatory codes and documents, such
as Corporate Governance Code for Credit Institutions and Insurance Undertakings, the
Code of Practice for Related Party Lending etc. The Central Bank of Ireland’s regulatory
codes and documents set out requirements for banks to notify the Central Bank of
deviations from/breaches of a code or regulatory document; for example, the Corporate
Governance Code requires that “any institution which becomes aware of a material
deviation from this Code shall within 5 business days report the deviation to the Central
Bank, advising of the background and the proposed remedial action.” The Requirements for
the Management of Liquidity Risk requires that “where there are breaches or a credit
institution foresees a possible breach of the liquidity requirements outlined in this paper, the
Financial Regulator must be notified immediately.”
Specific legislation incorporates notification requirements, for example the CRD. Under Regulation
57 (5) of S.I. 661 of 2006, transposing Article 111(4) of the CRD, banks are required to report to the
Central Bank without delay exposures that exceed the limits set out in the CRD for Large
Exposures. In issuing a banking license the Central Bank requires banks to confirm that they will
comply with a set of requirements. In the past the Central Bank has required institutions to confirm
they will comply with the requirement that ‘the expansion of the range of proposed products beyond
IRELAND
90 INTERNATIONAL MONETARY FUND
those in the application to the Central Bank for the banking license will require the prior approval of
the Central Bank’.
EC11 The supervisor may make use of independent third parties, such as auditors, provided there
is a clear and detailed mandate for the work. However, the supervisor cannot outsource its
prudential responsibilities to third parties. When using third parties, the supervisor assesses
whether the output can be relied upon to the degree intended and takes into consideration
the biases that may influence third parties.
Description and
findings re EC11
The power to require a skilled person review has recently been enacted and is contained in
the Central Bank (Supervision and Enforcement) Act 2013.
The Central Bank’s ability to gather information from auditors of regulated financial service
providers is covered by the Central Bank Act 1997 (as amended), specifically Sections 27 (B)
– 27 (F).
The use of third parties is set out in the PRISM guidelines on ‘Skilled Person Reviews’. In
circumstances where the Central Bank has additional firm-specific needs for information
and/or analysis, the supervisor may request the firm to provide a special report prepared
by a third party in accordance with a brief from the Central Bank. The supervisor will
consider the following:
a) the competence and capabilities necessary to prepare the report on the matter
concerned;
b) the ability to complete the report within the period specified by the supervisor;
c) any relevant specialized knowledge, including specialized knowledge of the firm, the
nature of the business carried on by the firm and the matters to be reported on;
d) any potential conflict of interest in reviewing the matters to be reported on, including
any arising from the fact that the matters may raise questions relating to the quality or
reliability of work previously carried out by the proposed reviewer;
e) sufficient detachment, having regard to any existing professional or commercial
relationship, to give an objective opinion; and
f) previous experience in preparing reports under this Part or reports of a similar nature.
During the course of the review the supervisor will have regular meetings with the skilled
person, with progress reports where projects are of longer duration.
EC12 The supervisor has an adequate information system which facilitates the processing,
monitoring and analysis of prudential information. The system aids the identification of
areas requiring follow-up action.
Description and
findings re EC12
The Central Bank of Ireland has implemented three systems to facilitate the processing,
monitoring and analysis of prudential information:
1. Prudential data is submitted to the Central Bank via the online reporting
system. This system has the facility to upload the data submitted by banks, and to
validate and store the data.
2. Viewpoint has the ability to retrieve the prudential information submitted by
institutions. It provides the supervisor with the ability to monitor and analyse
prudential information through the running of numerous reports, from generating
the prudential returns to generating analysis reports. Viewpoint also has a query
system, enabling the supervisor to generate large pieces of information in relation
to specific return items for trend analysis.
IRELAND
INTERNATIONAL MONETARY FUND 91
3. PRISM allows the supervisor to monitor KRIs and aids the identification of
areas requiring follow-up action, with alerts being generated for significant
changes in impact metrics, KRIs, new information becoming available, and activity
being required in relation to risk mitigation issues. Alerts are only closed once a
supervisor has acted upon the alert and provided a narrative within PRISM. PRISM
also generates numerous reports, such as alerts listings (both open alerts and
those closed within 30 days), RMP issues, engagement models, risk profiles, impact
profiles, RGP documents, peer group reports, firm reports and stress test reports.
Additional
criteria
AC1
The supervisor has a framework for periodic independent review, for example by an
internal audit function or third party assessor, of the adequacy and effectiveness of the
range of its available supervisory tools and their use, and makes changes as appropriate.
Description and
findings re AC1
Section 32 (L) 3 of Part IIIA of the Central Bank Act 1942 sets out the legal basis for periodic
independent review: The review of the Bank’s regulatory performance required by subsection
(2)(b) shall include details of the activities carried out during the relevant year by-
(a) the part of the Bank responsible for internal audit.
Following the results of the reports into the Banking Crisis the Central Bank reviewed the
adequacy and effectiveness of the range of its available supervisory tools. The Central Bank
overhauled its approach to supervision with the implementation of PRISM The task of
developing PRISM was assigned to the Risk, Governance and Accounting Policy Division,
which is independent of the Supervisory Divisions. To validate the approach, the Central
Bank hired independent consultants to opine on the adequacy and effectiveness of PRISM.
The rollout of PRISM was completed in November 2012. With this important stage
achieved, the senior management team in regulation wanted to undertake a stock take of
PRISM and see what improvements could be made, given that many supervisory areas had
more than a year’s experience with PRISM. An independent assessment as to how effective
PRISM has been in the delivery of high quality risk based supervision has commenced with
a final report and recommendations being presented to the Governor and Commission at
the January 2014 meeting.
The Central Bank Internal Audit charter states that “the Internal Audit function is an
independent and objective appraisal function, which is required to provide audit assurance
that the system of risk management and internal control is adequate to manage and control
those risks to which the Bank is exposed. It also assists the Bank in its pursuit of efficiency and
effectiveness.” The review of the effectiveness of Supervision tools and their use is captured
under this objective; Internal Audit recommendations cover both of these areas. Internal
Audit’s reviews are supplemented by a second line of defense: the Supervisory Support
team (SST), a unit within the RGP Division.
The principal objective of the SST is to provide senior management with “reasonable
assurance” on the practical implementation of PRISM and the quality of supervision, i.e.
that PRISM is being implemented appropriately in the supervisory divisions and that the
level of supervisory engagement is providing a “reasonable assurance” on the identification
and mitigation of risk.
It is the responsibility of Divisional Management to ensure that all concerns raised by
independent parties are addressed appropriately.
IRELAND
92 INTERNATIONAL MONETARY FUND
Examples of independent reviews conducted recently of the supervisory tools include: the Internal
Audit carried out in first half of 2012 on the use of PRISM in Banking Supervision; the SST review
of the supervision of two banks in Q3 2012; and Independent consultants were hired to opine on the
adequacy and quality of the engagement model, impact metrics models, the risk structures and the
logic behind PRISM during its development.
Assessment of
Principle 9
Materially non compliant
Comments The Central Bank employs a mix of off- and on-site supervisory activities. The PRISM model
is the centerpiece of the supervisory framework which is used to assign bank risk ratings
and allocate supervisory resources and determines frequency and intensity of supervisory
activities. A primary concern is whether the mix of offsite and onsite supervisory activities
prescribed by PRISM for the lower impact ratings is appropriate.
The supervisory approach for banks that fall into Medium Low Impact rating rely heavily on
reactive processes. Analysis of regulatory returns is largely automated using sensitivity
analysis of financial ratios. The quality, frequency and depth of verification of qualitative
data to assess risk are limited. Onsite activity prescribed by PRISM for Medium Low Impact
banks is on a random-spot check basis with limited coverage by risk specialists. In the case
of Low Impact banks (which are all foreign banks branches for which the Central Bank has a
very limited prudential supervision mandate set out in the CRD), no minimum frequency of
onsite or offsite supervision.
A lack of onsite activity which is not supported by a sufficiently detailed offsite analysis
does not facilitate an accurate assessment to identify and mitigate risk. A build up of risks
across a number of lower impact banks in aggregate could create vulnerabilities in the
banking system and, moreover, could create reputational risk for the Central Bank and a
threat to the integrity of banking system. A more appropriate mix of onsite and offsite
supervision practices (with due regard for proportionality) would encourage a more
proactive approach to supervision in an effort to mitigate this risk. In the case of Low
Impact banks (foreign bank branches), an absence of a prescribed supervisory cycle for
offsite and onsite will not facilitate an assessment of risk in the banking system from this
sector.
It is acknowledged that supervisors will, and often do, go beyond the minimum
engagement model prescribed by PRISM. There was evidence of supervisors mitigating risk
when events occurred and addressing risks appropriately. Focusing the supervisory process
primarily on the impact of a failure will distort the allocation of resources since the
supervisory approach is supposed to be preventive/corrective to maintain safety and
soundness and not on the impact of resolution. As a result, supervisory activities to identify
risk insufficient for banks with an Impact rating below High. Materially insufficient for
Medium Low and Low. Activities such as onsite reviews and intrusive supervision
techniques are mainly allocated to High Impact banks. More attention needs to be paid to
verification of self assessment of compliance with regulations and assessment of risk
profile. Setting up the supervisory scope should focus on bank-specific risks, so even
between high risk banks there should be a difference in activities being performed and no
need to perform a full suite of activities.
KRIs are fed into PRISM which are sourced from a number of returns submitted by the
banks across various time buckets (e.g. monthly, quarterly). KRIs are built into capital,
liquidity, credit, business model/strategy and market risk. There are, however, no KRIs for
IRELAND
INTERNATIONAL MONETARY FUND 93
operational risk and interest rate risk in the banking book and only a single indicator for
market risk. The KRIs form a key feature of exception reporting framework especially for
lower impact rated banks) and should be expanded to ensure all material risks are
monitored (there is a separate risk dashboard for High Impact banks that cover a broader
suite of risk metrics for liquidity, and market risk).
While the Central Bank received the power to request recovery plans, a local recovery
planning regime is yet to be fully developed and implemented. Recovery plans for the two
high impact firms have been requested but not received and analysis has not commenced.
Processes for resolution handling not fully developed (EC6). The Central Bank of Ireland has
employed tools, which are macro-prudential in nature, both pre-emptively (i.e., imposing
sector capital requirements in 2006 in an attempt to curb mortgage lending) and as a tool
of crisis management (i.e., in 2011 imposing capital and loan-to-deposit requirements)
under the Financial Measures Program. The implementation of Basel III in January 2014 will
provide the Central Bank further powers to implement certain macro measures such as the
CCyB.
Principle 10 Supervisory reporting. The supervisor collects, reviews and analyses prudential reports
and statistical returns
20
from banks on both a solo and a consolidated basis, and
independently verifies these reports through either on-site examinations or use of external
experts.
Essential criteria
EC1
The supervisor has the power
21
to require banks to submit information, on both a solo and
a consolidated basis, on their financial condition, performance, and risks, on demand and at
regular intervals. These reports provide information such as on- and off-balance sheet
assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk
concentrations (including by economic sector, geography and currency), asset quality, loan
loss provisioning, related party transactions, interest rate risk, and market risk.
Description and
findings re EC1
The CBI requires the submission of various returns by credit institutions on a regular basis.
Both solo and CRD consolidated data are collected. For common reporting (COREP) and
financial reporting (FINREP), the two main regulatory returns, the EBA minimum frequency
for submission of the COREP is six-monthly (CRD), with no frequency specified for FINREP
(CEBS GL06). However, both of these returns are collected quarterly, with monthly
submission by the covered banks.
In general, CBI powers to require reporting from banks derive from the CBI Act 1971,
Section 18, subsections 2 & 3:
(2) A person to whom this section applies shall provide the Bank, at such
times, or within such periods, as the Bank specifies from time to time,
with such information and returns concerning the relevant business
carried on by the person as the Bank specifies from time to time.
(3) A person to whom this section applies shall, at such time or within such
period as the Bank specifies, provide the Bank with such information or
return (not being information or a return specified under subsection (2))
as it requests in writing concerning the relevant business carried on by
20
In the context of this Principle, “prudential reports and statistical returns” are distinct from and in addition to
required accounting reports. The former are addressed by this Principle, and the latter are addressed in Principle 27.
21
Please refer to Principle 2.
IRELAND
94 INTERNATIONAL MONETARY FUND
the person.
N.B. “A person” refers to a license holder, in the case of a bank.
? The CRD, namely S.I. No. 661 of 2006 sets out the requirements for solvency and
large exposures reporting.
? Reporting on the Code of Practice on Related Parties has been specified by the CBI
pursuant to Section 117(3)(a) of the CBI Act 1989.
? The quantitative prudential liquidity requirements are imposed under section 23 of
the CBI Act 1971 or Section 39 of the Building Societies Act 1989.
? The Impairment Return is a condition to which all credit institutions are subject,
pursuant to Section 10 of the CBI Act 1971 or Section 17 of the Building Societies
Act 1989.
EC2
The supervisor provides reporting instructions that clearly describe the accounting
standards to be used in preparing supervisory reports. Such standards are based on
accounting principles and rules that are widely accepted internationally.
Description and
findings re EC2
Full instructions for each return are provided, either by the CBI or by reference to external
bodies such as the EBA for the source of instructions. Most regulatory reports are compiled
under the CRD rules and under IFRS/Irish GAAP. Where reports are required to be prepared
on a different basis, this is clearly stated and instructions are provided.
EC3
The supervisor requires banks to have sound governance structures and control processes
for methodologies that produce valuations. The measurement of fair values maximizes the
use of relevant and reliable inputs and are consistently applied for risk management and
reporting purposes. The valuation framework and control procedures are subject to
adequate independent validation and verification, either internally or by an external expert.
The supervisor assesses whether the valuation used for regulatory purposes is reliable and
prudent. Where the supervisor determines that valuations are not sufficiently prudent, the
supervisor requires the bank to make adjustments to its reporting for capital adequacy or
regulatory reporting purposes.
Description and
findings re EC3
There is a legal requirement for banks to manage their business in accordance with sound
administrative and accounting principles. Reports are compiled under the CRD or IFRS/Irish
GAAP using EBA guidelines and templates. Detailed rules on the calculation and/or
valuation of items to be reported are set out in the directive or the accounting standards,
and banks are obliged to follow these rules in the compilation of regulatory reports. For
solvency purposes the CRD specifies that the reporting entity use valuations as per their
accounting standards regulation 18(1) of SI 661. Compliance with standards is assessed by
supervision teams through both regular monitoring of returns and by review of specific
items. The CBI has developed a framework for the analysis of regulatory returns which
specifies the type and frequency of review of the main returns. This framework is supported
by a suite of reports for use by supervision teams. Valuation methodologies are also
reviewed on an ad hoc basis by other teams in the Banking Supervision Division, e.g. the
Credit team as part of their on-site file reviews.
The CBI has challenged banks’ approaches to valuations, for example in relation to
provisions, and required adjustments for capital adequacy and regulatory reporting
purposes.
Regulation 16 of S.I. No. 395 of 1992 / European Communities (Licensing and Supervision
of Credit Institutions) Regulations 1992 requires that:
(1) Every credit institution authorized by the Bank shall manage its business in accordance
with sound administrative and accounting principles and shall put in place and
IRELAND
INTERNATIONAL MONETARY FUND 95
maintain internal control and reporting arrangements and procedures to ensure that
the business is so managed.
(2) The Bank may direct a credit institution in writing to furnish to it, within a specified
period, such information in relation to the arrangements and procedures referred to in
paragraph (1) as the Bank may require and the credit institution shall comply with
that direction.
(3) Subject to paragraph (4), every credit institution shall have robust governance
arrangements including-
(a) a clear organizational structure with well defined, transparent and
consistent lines of responsibility,
(b) effective processes to identify, manage, monitor and report the risks it is or
might be exposed to,
(c) adequate internal control mechanisms,
(d) without prejudice to the generality of subparagraph (c), sound
administrative and accounting procedures; and
(e) remuneration policies and practices that are consistent with and promote
sound and effective risk management.
Valuations and assumptions used by a number of High Impact banks in loan loss
forecasting and valuation of collateral have been challenged by the CBI, and the banks
have had to make adjustments to reported data for impairments and provisions.
During on-site meetings with a Medium High Impact bank, a potential concern was
highlighted in relation to the appropriateness of the independent third party valuations
used in the Commercial Real Estate (CRE) portfolio, a portfolio the Central Bank considers
to be one of this bank’s higher-risk portfolios. As part of the 2011 RMP, the bank was
required to update the Central Bank on the actions taken/or planned actions to be taken in
order to ensure that appropriate CRE valuations were used. This bank took appropriate
action to ensure that valuations were performed independently of the areas managing the
assets, and valuations were reduced (considerably in some cases).
EC4
The supervisor collects and analyses information from banks at a frequency commensurate
with the nature of the information requested, and the risk profile and systemic importance
of the bank.
Description and
findings re EC4
Data are collected at frequencies ranging from weekly to annually, depending on the
nature of the data and the risk profile of the bank. (CBI Act 1971, Section 18, subsections 2
& 3; see EC1 for details).
EC5
In order to make meaningful comparisons between banks and banking groups, the
supervisor collects data from all banks and all relevant entities covered by consolidated
supervision on a comparable basis and related to the same dates (stock data) and periods
(flow data).
Description and
findings re EC5
Returns are collected from all banks and banking groups subject to consolidated
supervision, using the CRD scope of consolidation. All returns have common reporting
dates across all banks. Peer group analysis is available using default and custom peer
groups.
A detailed management information pack for all of the banks is compiled on a quarterly
basis, which provides granular bank by bank information in respect of own funds and
solvency levels, funding profile, asset quality, overall balance sheet date and profitability
metrics. This information is provided on a quarterly basis to the CBI’s Supervisory Risk
Committee where key issues and trends are highlighted to Committee members.
EC6 The supervisor has the power to request and receive any relevant information from banks,
IRELAND
96 INTERNATIONAL MONETARY FUND
as well as any entities in the wider group, irrespective of their activities, where the
supervisor believes that it is material to the condition of the bank or banking group, or to
the assessment of the risks of the bank or banking group or is needed to support
resolution planning. This includes internal management information.
Description and
findings re EC6
Section 18 of the Central Bank Act 1971 allows the Central Bank to request information
from any licensed bank for the purpose of supervision.
Central Bank Act 1971, Section 18, subsections 2 & 3:
(2) A person to whom this section applies shall provide the Bank, at such times, or
within such periods, as the Bank specifies from time to time, with such
information and returns concerning the relevant business carried on by the
person as the Bank specifies from time to time.
(3) A person to whom this section applies shall, at
such time or within such period as the Bank
specifies, provide the Bank with such information
or return (not being information or a return
specified under subsection (2)) as it requests in
writing concerning the relevant business carried
on by the person.
EC7 The supervisor has the power to access
22
all bank records for the furtherance of supervisory
work. The supervisor also has similar access to the bank’s Board, management and staff,
when required.
Description and
findings re EC7
The CBI has unrestricted access to all material available to a license holder which the CBI
requires for the supervision of any bank or banking group where it is the consolidated
supervisor. Material can be requested directly from the institution, or the CBI can appoint
an “authorized officer.”
Central Bank (Supervision and Enforcement) Act 2013:
26.-(1) Subject to subsection (2), an authorized officer may at all reasonable times
enter any premises-
(a) which the authorized officer has reasonable grounds to
believe are or have been used for, or in relation to, the
business of a person to whom this Part applies, or
(b) at, on or in which the authorized officer has reasonable
grounds to believe that records relating to the business of a
person to whom this Part applies are kept.
27.-(1) An authorized officer may do any one or more of the following:
(a) search and inspect premises entered under section 26 or
pursuant to a warrant under section 28;
(b) require any person to whom this Part applies who apparently
has control of, or access to, records, to produce the records;
(c) summons, at any reasonable time, a person to whom this
Part applies-
(i) to give to the authorized officer such information as the
22
Please refer to Principle 1, Essential Criterion 5.
IRELAND
INTERNATIONAL MONETARY FUND 97
authorized officer may reasonably require,
(ii) to provide to the authorized officer any records which the
person has control of, or access to, and which the authorized
officer may reasonably require, or
(d) (iii) to provide an explanation of a decision, course of action,
system or practice or the nature or content of any records
provided under this section inspect records so produced or
found in the course of searching and inspecting premises;
(e) take copies of or extracts from records so produced or found;
(f) subject to subsection (3), take and retain records so produced
or found for the period reasonably required for further
examination;
(g) secure, for later inspection, any records produced or found
and any data equipment, including any computer, in which
those records may be held;
(h) secure, for later inspection, premises entered under section
59 or pursuant to a warrant under section 61, or any part of
such premises, for such period as may reasonably be
necessary for the purposes of the exercise of his or her
powers under this Part, but only if the authorized officer
considers it necessary to do so in order to preserve for
inspection records that he or she reasonably believes may be
kept there;
(i) require any person to whom this Part applies to answer
questions and to make a declaration of the truth of the
answers to those questions;
(j) require any person to whom this Part applies to provide an
explanation of a decision, course of action, system or practice
or the nature or content of any records;
(k) require a person to whom this Part applies to provide a
report on any matter about which the authorized officer
reasonably believes the person has relevant information;
(l) require that any information given to an authorized officer
under this Part is to be certified as accurate and complete by
such person or persons and in such manner as the Bank or
the authorised officer may require.
Also, in particular section 29 of the Act which states –
29.-(1) An authorized officer may attend any meeting relating to the business of a
regulated financial service provider if the authorized officer considers that it is
necessary to attend in order to assist the Bank in the performance of any of its
functions under financial services legislation.
(2) The attendance of an authorized officer pursuant to subsection (1) at a
meeting referred to in that subsection does not in any circumstances limit
the powers of the authorized officer or of the Bank.
Under the above, the Central Bank has access to the Board, management and staff of a
bank.
EC8 The supervisor has a means of enforcing compliance with the requirement that the
IRELAND
98 INTERNATIONAL MONETARY FUND
information be submitted on a timely and accurate basis. The supervisor determines the
appropriate level of the bank’s senior management is responsible for the accuracy of
supervisory returns, imposes sanctions for misreporting and persistent errors, and requires
that inaccurate information be amended.
Description and
findings re EC8
Compliance with reporting requirements is a legal obligation, subject to sanction by the CBI
for any breaches. All regulatory returns must be signed off by a director of a bank. Any
material inaccuracy in a return, once discovered by either the reporting bank or the
supervisor, is required to be corrected.
Where an entity provides incorrect or misleading information to the Central Bank, this may
be a prescribed contravention for the purposes of section 33AQ of the Central Bank Act
1942.
A prescribed contravention is subject to the powers of sanction under Part IIIC of the
Central Bank Act 1942 (which outlines the administrative sanctions procedure –
settlements, inquiries, etc.). Persons involved in the management of the entity concerned
may be liable for administrative sanction from the Central Bank where they participated in
the commission of the contravention concerned. Whether or not a contravention has
occurred will be determined by members of the Inquiry appointed by the Central Bank
The Central Bank reprimanded a High Impact institution and required it to pay a monetary
penalty of €1,960,000 for errors in regulatory reporting. Five contraventions in total were
identified.
EC9 The supervisor utilizes policies and procedures to determine the validity and integrity of
supervisory information. This includes a programme for the periodic verification of
supervisory returns by means either of the supervisor’s own staff or of external experts.
23
Description and
findings re EC9
The CBI has a framework for the analysis of regulatory returns which specifies the type and
frequency of review of the main returns. This framework is supported by a suite of reports
for use by supervision teams. The CBI has also used external parties to verify data on its
behalf. The framework is currently being reviewed with a view to:
(a) its application across the various risk categories of banks (i.e. PRISM categories);
(b) generating supporting data for PRISM alerts; and
(c) maximizing use of latest technology.
In addition, the Financial Reporting Unit is undertaking a series of themed regulatory
reporting reviews across a sample of banks. There are two reviews, each covering five
different banks (i.e. 10 banks). The first review covers FINREP balance sheet compilation
and the second review covers COREP market risk calculation. Also, the calculation of risk
weighted assets generated using internal models based approaches is being reviewed. The
Central Bank is also engaging in a cross European analysis of RWAs through the EBA; this
work is ongoing.
In 2012 the CBI required a High Impact bank to engage a third party to review its
regulatory returns.
EC10 The supervisor clearly defines and documents the roles and responsibilities of external
23
May be external auditors or other qualified external parties, commissioned with an appropriate mandate, and
subject to appropriate confidentiality restrictions.
IRELAND
INTERNATIONAL MONETARY FUND 99
experts,
24
including the scope of the work, when they are appointed to conduct supervisory
tasks. The supervisor assesses the suitability of experts for the designated task(s) and the
quality of the work and takes into consideration conflicts of interest that could influence
the output/recommendations by external experts. External experts may be utilized for
routine validation or to examine specific aspects of banks’ operations.
Description and
findings re EC10
There is no specific policy for the engagement of external experts for the review of
regulatory returns. However, the CBI operates under public sector procurement rules
(tendering, etc.) and when external parties are engaged for any tasks such engagement is
subject to a service level agreement, which sets out, inter alia, the roles and responsibilities
of both the CBI and the service provider.
There is also provision in the Central Bank Act 1989 for the auditors of an institution to
report certain matters to the Central Bank, and for the Central Bank to require an auditor to
furnish certain information to it. Auditors’ duties are elaborated further in Chapter III of the
Central Bank Act 1994.
EC11 The supervisor requires that external experts bring to its attention promptly any material
shortcomings identified during the course of any work undertaken by them for supervisory
purposes.
Description and
findings re EC11
Central Bank Act 1989 – Part II, The Central Bank / Chapter III Licensing and Supervision of
License Holders
47. Duties of auditor
(1) If the auditor of a holder of a license-
(a) has reason to believe that there exist circumstances which are likely to
affect materially the holder's ability to fulfil his obligations to persons
maintaining deposits with him or meet any of his financial obligations
under the Central Bank Acts, 1942 to 1989, or
(b) has reason to believe that there are material defects in the financial
systems and controls or accounting records of the holder, or
(c) has reason to believe that there are material inaccuracies in or
omissions from any returns of a financial nature made by the holder to
the Bank, or
(d) proposes to qualify any certificate which he is to provide in relation to
financial statements or returns of the holder under the Companies
Acts, 1963 to 1986, or the Central Bank Acts, 1942 to 1989, or
(e) decides to resign or not seek re-election as auditor,
he shall report the matter to the Bank in writing without delay.
EC12 The supervisor has a process in place to periodically review the information collected to
determine that it satisfies a supervisory need.
Description and
findings re EC12
CBI follows EBA guidelines and templates for the bulk of its regulatory reporting
requirements. The CBI is an active participant in all of the EBA reporting groups and
networks. In a recent review of the EBA guidelines for solvency and regulatory reporting,
the CBI (in conjunction with its European counterparts) reviewed the existing reporting
24
May be external auditors or other qualified external parties, commissioned with an appropriate mandate, and
subject to appropriate confidentiality restrictions. External experts may conduct reviews used by the supervisor, yet it
is ultimately the supervisor that must be satisfied with the results of the reviews conducted by such external experts.
IRELAND
100 INTERNATIONAL MONETARY FUND
framework, assessing the usefulness of existing templates and the reporting requirements
under CRD IV. This process took a number of years, but this is acceptable as a change in
the reporting framework should only occur relatively infrequently (so as to facilitate trend
analysis). Data needs are subject to continuous review and, where new requirements are
identified, new returns are created or existing returns enhanced.
In addition, the CBI is engaging with the ECB in the development of a new reporting
framework for Irish banks covered by the single supervisory mechanism.
Assessment re
Principle 10
Compliant
Comments
Principle 11 Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage
to address unsafe and unsound practices or activities that could pose risks to banks or to
the banking system. The supervisor has at its disposal an adequate range of supervisory
tools to bring about timely corrective actions. This includes the ability to revoke the
banking license or to recommend its revocation.
Essential criteria
EC1
The supervisor raises supervisory concerns with the bank’s management or, where
appropriate, the bank’s Board, at an early stage, and requires that these concerns be
addressed in a timely manner. Where the supervisor requires the bank to take significant
corrective actions, these are addressed in a written document to the bank’s Board. The
supervisor requires the bank to submit regular written progress reports and checks that
corrective actions are completed satisfactorily. The supervisor follows through conclusively
and in a timely manner on matters that are identified.
Description and
findings re EC1
The CBI raises concerns with bank management or, where appropriate, the bank’s Board, at
an early stage, and requires that these concerns be addressed in a timely manner. Where
the CBI requires the bank to take significant corrective actions, these are addressed in a
written document to the bank’s Board (i.e. the RMP). The CBI requires the bank to submit
regular written progress reports and checks that corrective actions are completed
satisfactorily. The CBI follows through conclusively and in a timely manner on matters that
are identified through desk-top analysis and onsite engagement with the bank. The CBI’s
supervisory teams monitor implementation of RMP actions through its PRISM tool.
PRISM provides a structured framework for the supervision of banks (and other firms).
PRISM sets out and documents guidance to supervisors on how to assess the risk profile of
a bank. In addition, PRISM sets out and documents the basis and process for issuing an
RMP to a bank and the process for monitoring a bank’s compliance with it.
RMP actions may be imposed through a number of methods:
? Where there is a breach of the requirements set out in the European Communities
(Capital Adequacy of Credit Institutions) Regulations 2006 (S.I. No. 661/2006), an
RMP may be imposed under Regulation 70(2)(e) of S.I. 661/2006.
Regulation 70 (4) of S.I. 661/2006 has been used to impose additional capital
requirements on credit institutions where the Central Bank has assessed that a credit
institution already holds a level of internal capital adequate to cover the nature and
level of the risks to which it is or might be exposed.
? An RMP can be imposed via Section 10 of the Central Bank Act 1971, which gives
the Central Bank the power to impose conditions on licenses.
IRELAND
INTERNATIONAL MONETARY FUND 101
? Section 21 of the Central Bank Act 1971 confers broad powers of direction on the
Central Bank. If the situation warranted it, the Central Bank could consider directing
a credit institution to meet the requirements of an RMP.
? More general RMP actions which do not result from a direct breach of CRD
requirements are imposed by way of agreement.
? Where the CBI has imposed an RMP by way of agreement but it is not satisfied with
how a bank has delivered or where a bank has failed to deliver an RMP action, it can
escalate the matter by legally imposing the RMP (where a breach of CRD has
occurred) using its powers under Regulation 70 of S.I. 661/2006. To date the Central
Bank has had to use its powers once in this regard.
RMPs have been issued to all High Impact and certain Medium High Impact and Medium
Low Impact banks following risk assessment carried out by the Central Bank.
The Central Bank has used its powers under Regulation 70 of S.I. 661/2066 where deemed
appropriate. As part of its 2011 FMP and under Regulation 70 of S.I. 661 of 2006, the
Central Bank imposed additional capital requirements on credit institutions to cover
potential future loan losses to prevent potential breaches of minimum regulatory capital
requirements. See CP16 for link to FMP Report.
EC2
The supervisor has available
25
an appropriate range of supervisory tools for use when, in
the supervisor’s judgment, a bank is not complying with laws, regulations or supervisory
actions, is engaged in unsafe or unsound practices or in activities that could pose risks to
the bank or the banking system, or when the interests of depositors are otherwise
threatened.
Description and
findings re EC2
The CBI has a range of supervisory tools available to it when a bank is in breach of
legislative or regulatory requirements or is engaged in unsafe or unsound practices or in
activities that could pose risks to the bank or the banking system, or when the interests of
depositors are otherwise threatened. The supervisory tools available are the following:
Risk Mitigation Program
The CBI uses an RMP where it has identified issues which it requires a credit institution to
remediate. Such issues include:
? A breach of legislative or regulatory requirements
? Where an institution is engaged in unsafe or unsound practices or in activities that
could pose risks to the bank or the banking system
? When the interests of depositors are otherwise threatened
The RMP sets out the basis of the issue, the prescribed action for the credit institution to
take and the required outcome, and sets out a defined timeline for the action to be taken.
Legislative Tools
? Under Section 10 of the CBI Act 1971 the CBI has powers to impose conditions on
banking licences.
? Section 21 of the CBI Act 1971 allows the CBI to give a direction in writing to the
holder of a licence.
? Regulation 70 of S.I. 661 of 2006 requires the CBI to require any credit institution
that does not meet the requirements of any law of the State to take the necessary
25
Please refer to Principle 1.
IRELAND
102 INTERNATIONAL MONETARY FUND
actions or steps at an early stage to address the situation. Such steps could include
restricting or limiting the business of a bank; taking actions to reduce the risks in its
activities; applying specific provisioning policy; or imposing additional own funds
requirements in excess of the minimum required.
Supervisory Warning
CBI may issue Supervisory Warnings which are not underpinned by legislation. These are
non-public, and will set out the concerns which the CBI has in relation to certain activities.
Supervisory Warnings may be taken into account by the CBI in considering whether to
commence/take subsequent enforcement action against a particular entity, but may not be
taken into account in imposing sanctions following such action.
Supervisory Warnings may be imposed following a specific referral, or may be imposed in
the context of the ASP, where:
? The matter giving rise to concern is minor in nature;
? Immediate remedial action has been taken;
? Full cooperation has been received; and
? Other considerations supporting another enforcement approach do not apply.
Enforcement
Under its enforcement powers, the CBI has powers to investigate and take enforcement
actions against regulated entities that have failed to comply with relevant regulatory
requirements. The formal enforcement actions available to the CBI are:
(1) The administrative sanctions procedure under Part IIIC of the CBI Act 1942, which
permits the CBI to:
a) caution or reprimand,
b) direct the refund or withholding of money charged or paid for the
provision of a financial service,
c) direct payment to the CBI of an amount up to €5,000,000 for corporate
bodies and €500,000 for natural persons
26
,
d) disqualify natural persons from being concerned in the management of a
bank,
e) direct payment of all or part of the costs to the CBI of holding an inquiry
and investigating a matter,
f) direct persons to cease a contravention,
g) enter into a settlement with the relevant person;
(2) Fitness and Probity Investigations under Part 3 of the CBI Reform Act 2010, which
permit the CBI or Governor to suspend or prohibit a person from performing a
controlled function in a credit institution;
(3) Revocation of authorization of a bank (with Ministerial consent);
(4) Summary criminal prosecution.
Internal policies exist in relation to minimum thresholds that must be satisfied before an
Enforcement case is accepted and brought forward. However, there is no trigger for a
mandatory enforcement action, which is instead left to the judgment of supervisors. The
grounds for acceptance of a case into Enforcement are set out in the Enforcement Referral
26
As outlined further below, the Central Bank (Supervision and Enforcement) Act 2013 increased the maximum
amount of fines that may be imposed.
IRELAND
INTERNATIONAL MONETARY FUND 103
Process and are:
(a) Reliable grounds
The supervisors should have gathered sufficient evidence to demonstrate, on
reliable grounds, that a breach has (or a breach has more than likely) occurred. The
reliable grounds test is the legal test condition for a referral. ‘Reliable grounds’
means that sufficient evidence exists/has been gathered to show that it is likely that
a breach has occurred (i.e. the ‘evidential’ value of the referral).
(b) Policy grounds
Supervisors should have given sufficient consideration to the CBI’s statutory
objectives as articulated by its stated priorities. Supervisors will need to identify the
CBI’s objectives which are put at risk by the issues being referred, how the referral
supports the CBI’s strategic objectives and priorities, and a summary of the public
message which an administrative sanction would convey. This is the ‘policy grounds’
condition for a referral.
The CBI (Supervision and Enforcement) Act 2013 enhanced the range of sanctions available.
The level of fines was doubled for both firms and individuals, with an alternative calculation
of maximum fine for firms based upon 10% of annual turnover. This represents a significant
deterrent and thereby increases compliance generally.
The CBI’s approach to Enforcement proceedings is documented in its published Outline of
the Administration Sanctions Procedure and Inquiry Guidelines. The process of referring
cases from the banking supervisory divisions to Enforcement for consideration has been
formalized.
Resolution Powers
Under its Resolution powers and subject to certain conditions being met (including that the
CBI is satisfied that the bank concerned has failed or is likely to fail to meet a regulatory
requirement imposed by law, or a requirement or condition of its license, and that the CBI
is satisfied that there is a threat to the financial stability of the bank concerned or the
financial system in the State), the CBI also has the following powers:
(a) Appointment of a Special Manager
(b) Transfer of Engagements
(c) The ability to create a Bridge Bank
(d) Liquidation
(e) Powers to go to court to wind up a bank
The resolution powers conferred on the Governor of the CBI will only be used as a last
resort to bring about the orderly resolution of institutions that are about to fail or have
already failed.
European legislation applies in relation to bankruptcy of banks, e.g. 2011/48 – The
European Communities (Reorganization and Winding-up of Credit Institutions) Regulations
2011, together with the relevant parts of the Companies Acts for companies in liquidation.
The Resolution Act provisions might also apply if that Act is used to wind up the bank
concerned.
Appeals Process
The Irish Financial Services Appeals Tribunal was set up as outlined by the Central
Bank and Financial Services Authority of Ireland Act 2003. It acts like a court, but is outside
the normal court system. It is a forum that can hear appeals relating to some decisions
IRELAND
104 INTERNATIONAL MONETARY FUND
made by the CBI and has the authority to decide them.
The CBI has entered into settlement agreements and issued public notices for a number of
banks.
In its Financial Measures Project 2011, under regulation 70 of S.I. 661/2006, the Central
Bank required banks to hold capital in excess of the minimum set out in S.I. 661/2006, in
order for those banks to maintain adequate capital resources.
The Central Bank has issued Supervisory Warnings to a number of firms.
EC3
The supervisor has the power to act where a bank falls below established regulatory
threshold requirements, including prescribed regulatory ratios or measurements. The
supervisor also has the power to intervene at an early stage to require a bank to take action
to prevent it from reaching its regulatory threshold requirements. The supervisor has a
range of options to address such scenarios.
Description and
findings re EC3
The CBI has the power to intervene at an early stage to require a bank to take action to
prevent it from reaching its regulatory threshold requirements based primarily on the
following legal powers.
Regulation 70 of S.I. 661 of 2006, Section 21 of the Central Bank 1971 and Section 45 of the
Central Bank (Supervision and Enforcement) Act, 2013.
The CBI commences the corrective action process at an early stage through its RMP. The
RMP notices are sent promptly to the bank at the conclusion of supervisory activities that
disclose areas in need of attention by the bank. Supervisory Warnings are also being issued
at an early stage.
EC4
The supervisor has available a broad range of possible measures to address, at an early
stage, such scenarios as described in essential criterion 2 above. These measures include
the ability to require a bank to take timely corrective action or to impose sanctions
expeditiously. In practice, the range of measures is applied in accordance with the gravity
of a situation. The supervisor provides clear prudential objectives or sets out the actions to
be taken, which may include restricting the current activities of the bank, imposing more
stringent prudential limits and requirements, withholding approval of new activities or
acquisitions, restricting or suspending payments to shareholders or share repurchases,
restricting asset transfers, barring individuals from the banking sector, replacing or
restricting the powers of managers, Board members or controlling owners, facilitating a
takeover by or merger with a healthier institution, providing for the interim management of
the bank, and revoking or recommending the revocation of the banking license.
Description and
findings re EC4
In relation to the scenarios described in Essential Criteria 2 above, the Enforcement
measures available to the CBI include:
1. The ASP, which allows the CBI to:
a) caution or reprimand
b) direct the refund of monies charged or paid, or withholding of monies to
IRELAND
INTERNATIONAL MONETARY FUND 105
be charged or paid
c) direct payment to the CBI of an amount up to €5,000,000 for corporate
bodies and €500,000 for natural persons
27
d) disqualify natural persons from being concerned in the management of a
bank
e) direct payment of all or part of the costs to the Central Bank of holding an
inquiry and investigating a matter
f) direct persons to cease a contravention
g) enter into a settlement with the relevant person
2. Fitness and Probity Investigations under Part 3 of the Central Bank Reform Act 2010,
which permits the Central Bank or Governor to suspend or prohibit a person from
performing a controlled function in a credit institution
3. Revocation of authorization of a regulated financial service provider
4. Summary criminal prosecution
EC5
The supervisor applies sanctions not only to the bank but, when and if necessary, also to
management and/or the Board, or individuals therein.
Description and
findings re EC5
The CBI may initiate administrative sanctions proceedings against both the regulated entity
itself and against persons concerned in their management where they have “participated”
in a prescribed contravention (section 33AO of the 1942 Act). Such proceedings may be
progressed with regards to the regulated entity and person concerned in its management
individually and separately, or collectively, or against one but not the other. It is therefore
possible to impose sanctions following an ASP on a person concerned in the management
without having proceeded against the regulated entity. The sanctions which may be
imposed on individuals under Part IIIC of the 1942 Act have been outlined above, and
would include the ability to disqualify an individual from being concerned in the
management of a bank for such period as specified (section 33AQ(5)(c) of the 1942 Act).
The CBI has powers under the fitness and probity regime which allow the CBI to prohibit
persons who may exercise significant influence within regulated financial service providers
from performing all or part of a controlled function. Should a person be found not to be of
sufficient fitness and probity to perform a controlled function, the CBI or Governor may
issue a Prohibition Notice prohibiting a person from performing all or part of a controlled
function(s), having particular regard to the need to prevent potential serious damage to the
financial system in the State and ensure the continued stability of the system, and the need
to protect users of financial services (section 43 of the 2010 Act).
The CBI’s procedures relating to ASP and the fitness and probity regime have been
documented and published.
EC6
The supervisor has the power to take corrective actions, including ring-fencing of the bank
from the actions of parent companies, subsidiaries, parallel-owned banking structures and
other related entities in matters that could impair the safety and soundness of the bank or
the banking system.
Description and
findings re EC6
Regulation 70 of the S.I. 661 of 2006 states that the CBI shall require any bank that does
not comply with any law of the State giving effect to Directive 2006/48/EC to take
necessary action to address the issue. These steps can include taking an action restricting
27
The Central Bank (Supervision and Enforcement) Act 2013 increased the maximum amount of fines that may be
imposed.
IRELAND
106 INTERNATIONAL MONETARY FUND
or limiting the business of a bank.
Under Section 21 of the CBI Act 1971 the CBI can direct banks to take corrective and other
actions. The direction making powers are broad and specifically include: “On becoming
satisfied that it would be in the public interest to do so, or that a prescribed circumstance
exists in relation to the holder of a license, the Bank may, by direction given in writing,
require the holder to suspend, for a specified period not exceeding 6 months, any specified
banking activity except as authorized by the Bank.”
EC7
The supervisor cooperates and collaborates with relevant authorities in deciding when and
how to effect the orderly resolution of a problem bank situation (which could include
closure, or assisting in restructuring, or merger with a stronger institution).
Description and
findings re EC7
The CBI’s resolution powers require that before CBI intends to exercise its resolution power
in relation to an authorized credit institution that carries on business in a jurisdiction other
than that of the State, whether it carries on that business itself or through one or more
subsidiaries, the CBI should inform the corresponding authority in that other jurisdiction.
The revised CRD requires the establishment of colleges of supervisors, with a view to
reinforcing the efficiency and effectiveness of supervision of cross-border banking groups
and to facilitating the tasks of the consolidating supervisor and host supervisors. The
Central Bank participates in Supervisory Colleges, which promote stronger coordination
and cooperation whereby competent authorities reach agreement on key supervisory tasks.
These tasks include (but are not limited to):
? Exchanging information
? Views and assessments
? Voluntary work-sharing and delegation
? Developing a common understanding of the risk profile of the group at both the
group and solo levels
? Taking due account of macro-prudential risks
The Colleges also play a role in both the preparation for and handling of emergency
situations and crisis management.
For cooperation among domestic authorities there is also a MoU on Financial Stability
between the Central Bank and the Department of Finance entered into in 2007.
Additional
criteria
AC1
Laws or regulations guard against the supervisor unduly delaying appropriate corrective
actions.
Description and
findings re AC1
There are no legal provisions or regulations setting out timeframes for supervisors to take
action. Notwithstanding this, the CBI endeavors to act on a timely basis when dealing with
corrective action.
AC2
When taking formal corrective action in relation to a bank, the supervisor informs the
supervisor of nonbank related financial entities of its actions and, where appropriate,
coordinates its actions with them.
Description and
findings re AC2
The Central Bank informs the supervisors of nonbank related financial entities which are
supervised by the Central Bank of intended action and coordinates its actions with them.
In the case of one high impact bank, the bank supervisors coordinated its approach with
Insurance supervisors.
IRELAND
INTERNATIONAL MONETARY FUND 107
Assessment re
principle 11
Compliant
Comments
Principle 12 Consolidated supervision. An essential element of banking supervision is that the
supervisor supervises the banking group on a consolidated basis, adequately monitoring
and, as appropriate, applying prudential standards to all aspects of the business conducted
by the banking group worldwide.
28
Essential criteria
EC1
The supervisor understands the overall structure of the banking group and is familiar with
all the material activities (including nonbanking activities) conducted by entities in the
wider group, both domestic and cross-border. The supervisor understands and assesses
how group-wide risks are managed and takes action when risks arising from the banking
group and other entities in the wider group, in particular contagion and reputation risks,
may jeopardize the safety and soundness of the bank and the banking system.
Description and
findings re EC1
The Central Bank collects and analyses financial and other information which it considers
adequate to conduct consolidated supervision of banking groups. It collects this data both
on a consolidated basis for the banking group and on a solo basis, covering areas such as
capital adequacy, liquidity, large exposures, exposures to related parties, lending limits and
group structure. The legal platform is largely contained within S.I. 475 of 2009.
The Central Bank’s minimum frequency of supervision and level of intensity depend to a
large extent upon the PRISM Impact rating of the credit institution. The PRISM framework
that prescribes the supervisory activities to understand the overall group structure of High
impact banks is generally comprehensive. For High Impact banks, a range of activities
included in the supervisory plan (which is typically annual), will involve an assessment of
the activities across the wider banking group. An assessment of the organizational structure
by subsidiary with an explanation of activities and an analysis of financial statements forms
the basis of offsite supervision.
In terms of onsite activities, the following are part of the PRISM activities for a High impact
bank: (i) Financial Risk Reviews (minimum of six across a two year period) will consider
group structures and foreign operations; (ii) The Governance Category within PRISM
requires an assessment of group structure; and (iii) meetings with key personnel will
include a consideration of strategy, structure and activities across the banking group.
Supervisors have the ability to go beyond the minimum activities prescribed in PRISM. For
Medium-High and Medium-Low Impact banks, the key offsite supervision activities that
cover the structure and activities of the banking group are part of the Full Risk Assessment
(FRA) which is performed on at least a two to four year frequency. Recommendations or
conclusions are outlined in the FRA report are presented at the Risk Governance Panel
(RGP), after detailed desk-based analysis and onsite examinations have been completed.
The Central Bank applies a proportionate approach to supervision of an individual banking
group and relies on PRISM guidance and on the expert judgment of its supervisors to
decide the extent to which those risks require further examination. The Central Bank
reviews the main activities of parent companies, and affiliates (including nonbank), that
have a material impact on the safety and soundness of the banking group, and takes
28
Please refer to footnote 19 under Principle 1.
IRELAND
108 INTERNATIONAL MONETARY FUND
appropriate supervisory action. The extent of a review uses the same approach as outlined
above, i.e. a combination of the judgment of skilled supervisors with reference to the
guidance document for reviewing the wider activities including those of foreign offices
within the consolidated banking Group.
The Central Bank takes into account the effectiveness of supervision conducted in the host
countries in which its banks have material operations. Its policy on when or how it conducts
these reviews is to adopt a risk-based or proportionate approach, i.e. depending on the risk
impact score of the local institution and the materiality of the risks that arise from the
activities of foreign offices, and then decide the extent to which those risks require further
examination, with reference to the guidance material available to supervisors in PRISM. The
Central Bank visits the foreign offices periodically, the location and frequency being
determined by the risk profile and systemic importance of the foreign operation. The
Central Bank would generally meet the host supervisor during these visits.
The Central Bank reviews whether the oversight of a bank’s foreign operations by
management is adequate, having regard to their risk profile and systemic importance. It
also assesses whether any hindrance exists in host countries which could restrict either the
parent entity or the supervisors’ ability to access all the material information required of
foreign branches/subsidiaries. The College framework provides an effective mechanism for
information-sharing and meetings with relevant supervisors to understand the risks in cross
border operations.
The legal platform for consolidated supervision is largely S.I. 475 of 2009, in that it sets out
when consolidated supervision is applicable. Regulation 70 of S.I. 661 2006, which
transposes Article 136 of the CRD (2006/48) – provides the Central Bank with powers to
restrict or limit the business, operations or network of credit institutions, or oblige credit
institutions to hold own funds in excess of the minimum level set out in the Article 75 of
the CRD (2006/48 (transposed via Regulation 19 of S.I. 661 2006). There are also extra
direction-making powers in section 37 of the new Supervision and Enforcement Act 2013,
which allow the Central Bank to direct a bank to dispose of certain assets. This could be
used to direct a bank to take certain actions to alleviate the risk. Another avenue which is
clearly envisaged by S.I. 475 is to communicate and cooperate with the other relevant
competent authorities to alleviate any risks. Part 3 of the Act also provides powers, which
can be used outside the State and in relation to “related undertakings” of a regulated
financial service provider. Regulation 18 of S.I. 475 of 2009 relates to general information
gathering powers to request information relevant to its supervision of the banking group.
Part 3 of the Central Bank (Supervision and Enforcement) Act 2013 has extensive authorized
officer powers and general information gathering powers to “associated enterprises” when
the Central Bank is the consolidated supervisor. Regulation 20 of S.I. 475 of 2009 extends
the authorized officer powers. Section 21 of the Central Bank Act 1971 – direct to suspend,
for a period not lasting six months, the disposal or acquiring of assets
The extent and frequency of the offsite analysis will vary depending on the bank or group’s
PRISM impact rating and a minimum level of engagement and review is set out for each
impact rating. Supervisors of High Impact banks present analysis of the risks across the
overall group at least annually at RGPs and are attended by senior Central Bank personnel.
Medium High Impact RGPs are held on average every 3 years. The FRA details the material
risks of the credit institution and banking group (including nonbanking activities) and
assesses how effectively these are being managed within the group. Where actions are
IRELAND
INTERNATIONAL MONETARY FUND 109
identified as being required to mitigate any of these key risks which could jeopardise the
safety and soundness of the bank or the banking system (credit, liquidity,
capital/profitability etc.), they are agreed at these panel meetings before being clearly set
out in the SREP letter and attaching RMP.
EC2
The supervisor imposes prudential standards and collects and analyses financial and other
information on a consolidated basis for the banking group, covering areas such as capital
adequacy, liquidity, large exposures, exposures to related parties, lending limits and group
structure.
Description and
findings re EC2
The Central Bank imposes prudential standards on a consolidated basis and develops its
own specific Codes, which have the effect of imposing additional prudential standards on
institutions and banking groups by attaching these Codes to banking licenses as
appropriate. This framework is based on the prudential standards and requirements of all
credit institutions and banking groups as set out in the CRD (as transposed into Irish Law
via S.I. 661 of 2006). As regards to collecting financial information, the powers in regulation
20 of S.I. 475 of 2009 are relevant (together with the new enhanced powers in the 2013
Supervision and Enforcement Act). The direction making powers in the new Supervision
and Enforcement Act (Part 5) give a reach into this area – see section 37(3) of the Act. The
2013 Act provide a more comprehensive suite of powers.
The CBI has a defined “Framework for the Review and Monitoring of Prudential Data
Submitted by Credit Institutions” designed to provide the basis for the collection and
analyses of prudential data from credit institutions (both on a solo and consolidated basis
where a banking group exits) used to identify any prudential issues, inform and confirm its
understanding of the institution’s business model, etc.
The Central Bank collects and analyses financial and other information which it considers
adequate to ensure effective consolidated supervision of banking groups. The overall
framework of data consists of a number of returns (COREP, FINREP, Impairment, Liquidity,
Large Exposures, Sectoral Lending Limits, Funding, Related Party Lending and Deposit
Protection), all of which are reported on a quarterly basis by all banks and banking groups
supervised by the Central Bank. Depending on the nature of the data, the Central Bank can
require more frequent reporting, e.g. in the case of liquidity, banks are required to submit
this information monthly. Where the structure of the banking group warrants it, credit
institutions/banking groups are required to submit these both on a solo and consolidated
basis – see CP10 for more details.
The framework for each report consists of:
? A description of the report
? A description of supporting reports and query facilities for the report
? Details of any guidelines in place which support review of the report, together with
legal basis
? A description of the minimum review process required for each of the reports
In addition to the reporting framework used to assess the prudential standards imposed on
banks, the Central Bank interprets and sometimes enhances sections of the CRD or EBA
Guidelines and develops its own specific Codes, which have the effect of imposing
additional prudential standards on institutions and banking groups by attaching these
Codes to banking licences as appropriate.
Confirmation of the credit institution or banking group’s compliance with these Codes is
IRELAND
110 INTERNATIONAL MONETARY FUND
required on an annual basis, e.g. the 2010 Corporate Governance Code for Credit
Institutions and Insurance Undertakings.
EC3
The supervisor reviews whether the oversight of a bank’s foreign operations by
management (of the parent bank or head office and, where relevant, the holding company)
is adequate having regard to their risk profile and systemic importance and there is no
hindrance in host countries for the parent bank to have access to all the material
information from their foreign branches and subsidiaries. The supervisor also determines
that banks’ policies and processes require the local management of any cross-border
operations to have the necessary expertise to manage those operations in a safe and sound
manner, and in compliance with supervisory and regulatory requirements. The home
supervisor takes into account the effectiveness of supervision conducted in the host
countries in which its banks have material operations.
Description and
findings re EC3
The oversight of a bank’s foreign operations by parent/group management is reviewed by
the Central Bank on a proportionate basis, i.e. where the credit institution/banking group’s
risk profile and systemic importance warrants it. This oversight forms part of the
supervisory engagement by examiners with the credit institution. If a situation arises that
warrants an on-site inspection by the Central Bank of a foreign entity/branch, then this will
be carried out.
As part of the FRRs conducted in accordance with the PRISM engagement cycle (i.e.
annually for High Impact institutions) these risk assessments incorporate a review of the
activities of all subsidiaries and foreign operations as well as interaction with local host
supervisors.
For High Impact banks, the appropriateness of significant policies is assessed by the Central
Bank as part of the FRRs to ensure they are in line with group policies. In addition, the
expertise of those directing the business and managing cross border operations is
considered by the Central Bank, initially through the Fit and Proper checks performed when
key personnel are appointed in foreign operations. On an ongoing basis, an assessment of
management in foreign operations will be supplemented with discussions with other
supervisors. The College forms the basis of this engagement and for the High Impact banks
frequent engagement on a range of topics is performed. Examples of engagement with
overseas bank management through onsite visits evident.
For Medium High Impact banks and Medium Low Impact banks, the risks associated with
the activities of all foreign subsidiaries/branches, as well as those other foreign
activities/operations, may be reviewed on a more ad-hoc basis or as part of a themed
review of a specific risk. The requirement for any review of foreign operations is assessed
by supervisors having regard to both the risk profile and systemic importance of the
banking group to the banking system and the potential impact of the risks of foreign
operations to the banking group. The specific Central Bank examiner guidance material
prompts supervisors to at least consider the materiality of wider group or foreign office
activities on the banking group.
The Central Bank has a policy on how it assesses local jurisdiction hindrances to the
accessibility of information relevant to the branch or subsidiary operating in that
jurisdiction, either for the parent bank or home supervisor, and also how it assesses the
effectiveness of supervision in the host country.
Part 3 of the Central Bank (Supervision and Enforcement) Act has extensive authorised
officer powers.
IRELAND
INTERNATIONAL MONETARY FUND 111
EC4
The home supervisor visits the foreign offices periodically, the location and frequency
being determined by the risk profile and systemic importance of the foreign operation. The
supervisor meets the host supervisors during these visits. The supervisor has a policy for
assessing whether it needs to conduct on-site examinations of a bank’s foreign operations,
or require additional reporting, and has the power and resources to take those steps as and
when appropriate.
Description and
findings re EC4
The assessment of a bank’s foreign operations commences with a desk-based review of
material activities. Proportionality is then considered regarding the materiality of the
operations compared with the overall size. Information gathered from Supervisory Colleges
is a key input into this assessment. Formal documented guidance is available to supervisors
in PRISM which sets out high-level principles to be considered by supervisors when
assessing a bank’s foreign operations. For example:
a. To what extent a review of the activities of other entities (including
nonbanking) is required
b. How to assess those risks, the level of analysis and the approach to be
applied
c. Whether any action is needed to address unacceptable levels of risks or
activities in which affiliate operations, banking and nonbanking, are engaged
The guidance helps to ensure a consistent approach is applied to assess the level/extent of
supervision that the Central Bank expects supervisors to conduct in relation to the activities
of cross-border offices, including those of nonbanking entities within the group.
The Central Bank visits the foreign offices of institutions periodically, the location and
frequency being determined by the risk profile and systemic importance of the foreign
operation. The local supervisors are always informed of the intended on-site visit and given
the opportunity to attend the visit.
The legislative basis for the Central Bank’s oversight of branches operating in Ireland is set
out in the CRD, Articles 30–34 (transposed via S.I. 395 of 1992, Regulations 27, 29 and 34).
The legal basis of the CBIs capacity to visit foreign operations of regulated banks is derived
from Article 129 of the CRD (2006/48), as transposed via Regulation 67 of S.I. 661 2006,
stipulates that the consolidated supervisor has responsibility for coordinating the gathering
and dissemination of relevant or essential information, as well as the planning and
coordination of supervisory activities. Regulation 7 of S.I. 475 2009 transposes into Irish law
the provision outlined in Article 133 of the CRD (2006/48) and specifies that the
consolidated supervisor shall require full consolidation (on a proportionate basis) of all the
credit institutions and financial institutions which are subsidiaries of a parent undertaking.
EC5
The supervisor reviews the main activities of parent companies, and of companies affiliated
with the parent companies, that have a material impact on the safety and soundness of the
bank and the banking group, and takes appropriate supervisory action.
Description and
findings re EC5
A review of the activities of the parent is completed as part of assessing a bank license
application. This may result in a higher solvency ratio; a reduced large exposure limit to
affiliate or group companies; or other more onerous conditions attaching to the bank
license. Supervisors routinely reassess the ownership structure and the activities of the
parent as part of the FRR/FRA. The frequency of these FRAs is dependent on the PRISM
Impact rating of the bank. For High Impact banks the frequency for ongoing assessment of
the parent is included in the activities prescribed to be performed on an annual basis. For
Medium-High Impact this on average every three years in the FRA and less frequent for
IRELAND
112 INTERNATIONAL MONETARY FUND
lower impact rated banks.
Where it is considered that risks are increasing, examiners can take action up to and
including instructing the cessation of particular activities or the imposition of capital add-
ons, as well as other supervisory measures.
In respect of the activities of affiliated companies, these will be considered as part of the
ongoing assessment of the material risks to which an entity is exposed, e.g. where the
ancillary activity of an affiliated company could have a significant influence or may be
proving to be a strain on the consolidated groups liquidity position, and by extension the
liquidity of the entity, examiners can take action up to and including instructing the
cessation of particular activities or the imposition of capital add-ons, as well as other
supervisory measures.
Where the Central Bank identifies any potential concerns in relation to the activities of
parent companies or other affiliated companies at time of granting a licence to the banking
entity pursuant to Section 9 of the Central Bank Act 1971, it may attach conditions to that
licence in line with section 10 of the Central Bank Act 1971.
Article 140 of the CRD, as transposed by S.I. 475 of 2009, provides for consolidated
supervision of banking groups. Article 136 of the CRD, as transposed by Regulation 70 of
S.I. 661 2006, provides the power to undertake supervisory action. However, this power has
yet to be tested in respect of instructing any entity supervised by the Central Bank to cease
any activity at an affiliated company. There are currently no examples where a supervisor
has determined that an activity of an affiliated company has any materially adverse impact
on the safety and soundness of the bank or the banking group.
EC6
The supervisor limits the range of activities the consolidated group may conduct and the
locations in which activities can be conducted (including the closing of foreign offices) if it
determines that:
(a) the safety and soundness of the bank and banking group is compromised because
the activities expose the bank or banking group to excessive risk and/or are not
properly managed;
(b) the supervision by other supervisors is not adequate relative to the risks the activities
present; and/or
(c) the exercise of effective supervision on a consolidated basis is hindered
Description and
findings re EC6
The Central Bank has the power to limit the range and location of activities undertaken by
consolidating banking groups. This power is derived from Article 136 (a)-(e) of the CRD, as
transposed via Regulation 70.2 of S.I. 661 of 2006 which specifically addresses concerns in
relation to point (a), as Article 136 refers to these actions being used to address any
concerns the Central Bank, as consolidated supervisor, may have in relation to the group’s
compliance with Article 22 (transposed via Regulation 79 of S.I. 661 2006), which requires
robust governance arrangements at any credit institution for the managing and reporting
of all risks associated with the activities of that institution.
The examples provided by the CBI demonstrate how the activities which can be undertaken
by firms within Irish banking groups are restricted to those set out in the banking licence
application, and how all subsequent activities require the prior approval of the Central
Bank. Similarly, examples are provided:
IRELAND
INTERNATIONAL MONETARY FUND 113
? where a firm was instructed by examiners to cease any new lending activity, given
that it had breached Central Bank sectoral limits
? where the firm is required to seek the prior approval of the Central Bank for any new
activity as a condition of the licence
? where a firm was instructed to cease lending for apartment purchases and restricted
to providing property loans to a maximum Loan-to-Value of 80%.
EC7
In addition to supervising on a consolidated basis, the responsible supervisor supervises
individual banks in the group. The responsible supervisor supervises each bank on a stand-
alone basis and understands its relationship with other members of the group.
29
Description and
findings re EC7
As part of the Central Bank’s supervisory approach, individual licensed entities which are
part of Irish consolidated banking groups are supervised on both a solo and consolidated
basis in accordance with the requirements of the CRD. Regulatory reporting obligations are
imposed by the Central Bank on each individual bank within the group. As part of the
FRR/FRA, the group structure is always assessed and the relationship between all member
entities and their activities explained in the RGP Report.
Recital 13 of the CRD sets out how the capital requirements are to be applied both at solo
and consolidated level and refers to the specific CRD Articles 42, 131 and 141 in terms of
collaboration of supervisors and information-sharing. Article 130 of the CRD (2006/48/EC),
as transposed via Regulation 68 of S.I. 661 of 2006, provides for the immediate alerting by
the consolidated supervisor of the host competent authority where a situation arises within
the consolidated banking group which may jeopardise the stability of the financial system
in the host country.
Additional
criteria
AC1
For countries which allow corporate ownership of banks, the supervisor has the power to
establish and enforce fit and proper standards for owners and senior management of
parent companies.
Description and
findings re AC1
The Central Bank does not have the power to apply its Fitness and Probity regime to the
owners and senior management of parent companies with the exception of owners of the
parent company who are natural persons and are qualifying shareholders (greater than
10% shareholding) in the Irish licensed bank. However, the expertise of the parent company
senior management is reviewed during license applications and on an ongoing basis, as
part of the FRR/FRA. The extent of this assessment depends on the control that the parent
has over directing the activities of the banking business and the materiality of the impact of
the banking group on the Irish and global financial system. For example, where the banking
group could be considered to be Medium Low or Low Impact, assessment of the quality of
the management of a parent or owners of the banking group would not be considered a
priority. In the case of a High Impact bank, it is considered good practice to consider the
fitness and probity of the ownership and senior management of parent companies.
However, no official policy exists on this issue.
Article 135 of the CRD, as transposed via Regulation 69 of S.I. 661 of 2006, outlines that the
Member States shall require the persons directing the business of a financial holding
company be of sufficiently good repute and of sufficient experience to perform the duties.
This is reinforced in Regulation 17 of S.I. 475 2009, but only extends to the management of
29
Please refer to Principle 16, Additional Criterion 2.
IRELAND
114 INTERNATIONAL MONETARY FUND
a financial holding company – it does not extend to the “corporate” parent companies.
The Central Bank Supervisory & Enforcement Act 2013 includes a power to obtain
information from an unregulated parent and a right to require that a third-party skilled
person report be provided by an unregulated parent, including in respect of the senior
management. However, this appears to be the extent of these intended powers in relation
to non-regulated parent companies
There have been no such examples of the Central Bank attempting to enforce Fitness and
Probity standards at parent companies.
Assessment of
Principle 12
Compliant
Comments The CBI undertakes supervisory activities to understand the overall structure of the banking
group for which it is ultimately responsible and supervises and monitors material activities
(including nonbanking activities conducted by entities in the wider group, both domestic
and cross-border). Importantly, the CBI applies prudential standards on a group wide basis
where it is responsible for consolidated supervision.
The CBI takes action when risks arising from the banking group and other entities in the
wider group are identified as potentially jeopardizing the safety and soundness of the bank
and banking group. The Central Bank collects and analyses financial and other information
which it considers adequate to ensure effective consolidated supervision of banking
groups. Legislation provides the Central Bank with the scope to close branches or offices of
Irish Licensed banks in foreign jurisdictions. However, the legislation has not been tested to
the extent that it provides the power to the Bank to close foreign, affiliated, nonbanking
entities within banking groups.
Principle 13 Home-host relationships. Home and host supervisors of cross-border banking groups
share information and cooperate for effective supervision of the group and group entities,
and effective handling of crisis situations. Supervisors require the local operations of
foreign banks to be conducted to the same standards as those required of domestic banks.
Essential criteria
EC1
The home supervisor establishes bank-specific supervisory colleges for banking groups
with material cross-border operations to enhance its effective oversight, taking into
account the risk profile and systemic importance of the banking group and the
corresponding needs of its supervisors. In its broadest sense, the host supervisor who has a
relevant subsidiary or a significant branch in its jurisdiction and who, therefore, has a
shared interest in the effective supervisory oversight of the banking group, is included in
the college. The structure of the college reflects the nature of the banking group and the
needs of its supervisors.
Description and
findings re EC1
The Central Bank, through the transposition of relevant European legislation and its active
participation in Supervisory Colleges, shares information and cooperates with other
supervisors for the effective supervision of groups and group entities. The Supervisory
Colleges allow for the sharing of information and planning and coordination of supervisory
activities. In this regard, the Central Bank receives a significant amount of information on
banks for which it is a host supervisor.
The Central Bank holds Supervisory Colleges for all banking groups that have material
cross-border operations where it is the consolidating supervisor. The operation of these
Colleges is consistent with international standards. Membership of the College is
IRELAND
INTERNATIONAL MONETARY FUND 115
determined based on the nature (subsidiaries or branches) and significance of the cross-
border entities and is consistent with the criteria for the establishment of Colleges.
At present the Central Bank is the consolidated supervisor for AIB plc. and The Governor
and Company of the Bank of Ireland (BoI), and is the European consolidating supervisor for
Citibank Europe plc. In addition to the College setting, the Central Bank engages in bilateral
information sharing with other supervisors where deemed relevant; it has established MoUs
with a number of other supervisors. Where it is the consolidating supervisor (AIB and BoI),
the Central Bank evidenced frequent contact with foreign supervisors.
At present there are no formal processes for the exchange of information with other
regulators; however, the College setting and the Central Bank’s bilateral relationships
ensure that it receives the necessary information to carry out its role. In addition, the
Colleges allow for the establishment of an agreed communication strategy and the
development of a framework for cross-border crisis cooperation and coordination.
Subsidiaries of overseas banks operating in Ireland are subject to the same basic standards
as those applied to domestic institutions; however, the requirements imposed on domestic
institutions may be more onerous given their systemic importance and risk profile. The
Central Bank has on-site access to overseas subsidiaries and branches of institutions where
it is the consolidating supervisor, and would inform the host supervisor in advance of any
such visits. In relation to third country supervisors, information is shared with those
supervisors where there is a MoU in place. If the Central Bank was to take action based on
information provided by another supervisor, it would (to the extent possible) consult with
that supervisor beforehand.
At present, all banks (with the exception of two) for which the Central Bank is a host
supervisor are subject to consolidated supervision at the parent level.
EC2
Home and host supervisors share appropriate information on a timely basis in line with
their respective roles and responsibilities, both bilaterally and through colleges. This
includes information both on the material risks and risk management practices of the
banking group
30
and on the supervisors’ assessments of the safety and soundness of the
relevant entity under their jurisdiction. Informal or formal arrangements (such as
memoranda of understanding) are in place to enable the exchange of confidential
information.
Description and
findings re EC2
The Central Bank uses both the College setting and bilateral communications to ensure
that all relevant information is shared in a timely manner. The most significant element of
the College forum is that the members communicate their risk assessment of the entities
under their supervision. In this regard the Central Bank utilises the templates set out in the
CEBS Guidelines for the Joint Assessment of the Elements Covered by the SREP and the
Joint Decision Regarding the Capital Adequacy of Cross-Border Groups. These templates
require each supervisor to set out its assessment of the entity under headings such as
financial position; business and risk strategy; internal governance; and individual risk types.
These assessments are fully discussed as part of the college forum and are the main input
into the overall Joint Risk Assessment Decision (JRAD).
30
See Illustrative example of information exchange in colleges of the October 2010 BCBS Good practice principles on
supervisory colleges for further information on the extent of information sharing expected.
IRELAND
116 INTERNATIONAL MONETARY FUND
The Central Bank has signed agreements with the members of the Colleges. The
Agreements cover the exchange of information and confidentiality.
Outside of the College setting, the Central Bank has an MoU process in place for formal
‘exchange of information’ with other supervisors. Rather, the exchange of information
occurs on an ad-hoc basis based on requests from to the home supervisor. Given the
nature of the banking groups of which the Central Bank is the consolidating supervisor, i.e.
a limited number of foreign entities, this process is deemed sufficient at present.
Where the Central Bank is a host supervisor it is not party to any formal exchange of
information processes; however, membership of supervisory colleges provides the host
supervisor with significant levels of information. Additionally, the Central Bank has obtained
information through bilateral agreements with other regulators and thus, to date, the lack
of a formal exchange of information process has not hindered its ability to receive the
necessary information from the home supervisor.
Colleges have been established for both AIB and BOI and it is clear from both the Joint Risk
Assessment Documents and the minutes of the meetings that information is shared with all
members of the college. In addition, the records of the regular bilateral and multilateral
teleconference calls provide further evidence of the sharing of information on a timely
manner.
EC3
Home and host supervisors coordinate and plan supervisory activities or undertake
collaborative work if common areas of interest are identified in order to improve the
effectiveness and efficiency of supervision of cross-border banking groups.
Description and
findings re EC3
The Central Bank has established annual plans for Colleges which seek to align the work of
the individual members to facilitate the Joint Decision, identify areas of commonality where
joint work can be undertaken, and agree the meeting schedule and timelines for
submission of information. As part of its ongoing supervisory activities, the Central Bank
considers the risk emanating from foreign subsidiaries or branches of Irish institutions. In
line with its risk-based approach to supervision, the Central Bank will focus its resources on
those areas of risk that pose the greatest threat to the institution. In this regard, the Central
Bank has carried out inspection work in foreign offices of Irish banks. However, as very few
Irish banks have foreign subsidiaries or branches, the requirement for inspections of
foreign offices is very low.
Supervision plans are agreed during the annual RGP which precedes the Supervisory
College allowing host supervisors an understanding of the Central Bank’s plans for the
forthcoming year. The Central Bank obtains the supervisory plans from host supervisors
which allows for a degree of coordination and planning. There were recent examples where
the Central Bank had an awareness of Fit & Proper assessments by key Host Supervisors.
Article 129(1)(b) of the CRD, as transposed by Regulation 67(1) of S.I. 661 of 2006, provides
the legal basis for the establishment of supervisory colleges and the reaching of a joint
decision.
EC4
The home supervisor develops an agreed communication strategy with the relevant host
supervisors. The scope and nature of the strategy reflects the risk profile and systemic
importance of the cross-border operations of the bank or banking group. Home and host
supervisors also agree on the communication of views and outcomes of joint activities and
college meetings to banks, where appropriate, to ensure consistency of messages on
group-wide issues.
IRELAND
INTERNATIONAL MONETARY FUND 117
Description and
findings re EC4
The supervisory plan sets out clearly the ongoing communication between the college
members including both the regular teleconferences and the submission of information for
the Joint Risk Assessment. The communication strategy is based on the relative importance
and riskiness of the entities under supervision, with a higher intensity of communication
with regulatory authorities responsible for oversight of those entities that pose the highest
risk level or that are the most systemically important.
In relation to the communication of views and outcomes to the banks, this is discussed as
part of the underlying exercise, i.e. inspection, risk assessment, etc. In the situation where
the College members or a subgroup of the members undertakes a body of work, the
substance of communications to the bank will be agreed by all relevant supervisors in
advance of any communication.
Article 129 of the CRD, as transposed by Regulation 67 of S.I. 661 of 2006, provides the
legal basis for the establishment of Supervisory Colleges and the reaching of a joint
decision.
The college plans set out clearly the anticipated level of communication between College
members. In relation to the communication of information to the bank, the records show
the agreement of the members of Colleges on the information issued to the bank.
EC5
Where appropriate, due to the bank’s risk profile and systemic importance, the home
supervisor, working with its national resolution authorities, develops a framework for cross-
border crisis cooperation and coordination among the relevant home and host authorities.
The relevant authorities share information on crisis preparations from an early stage in a
way that does not materially compromise the prospect of a successful resolution and
subject to the application of rules on confidentiality.
Description and
findings re EC5
Within the Central Bank there is a dedicated Special Resolutions Unit (SRU) which liaises
with the Banking Supervision Divisions where issues are seen to be arising that may
threaten the ongoing viability of a bank.
The Central Bank is a member of a Cross Border Stability Group (CBSG) which comprises
the Irish Department of Finance; the UK’s Prudential Regulatory Authority; the Bank of
England; and Her Majesty’s Treasury. The purpose of the CBSG is to share information
relating to Irish banks that have significant operations in the UK. This group was
established during the crisis as a conduit to coordinate and cooperate their efforts and
share information.
Where the Central Bank is the home supervisor in a College setting, it has established
cross-border crisis management frameworks with the other members of the College. These
frameworks cover:
? the definition of “Emergency Situation”;
? communication between supervisors in an emergency situation;
? coordinated supervisory response;
? external communications;
? simulation exercises; and
? contingency planning.
These frameworks are reviewed on an annual basis (at minimum) to ensure they continue
to be up to date and relevant.
IRELAND
118 INTERNATIONAL MONETARY FUND
The Central Bank recently signed a Cooperation Agreement with Federal Deposit Insurance
Corporation FDIC and an agreement to share information.
EC6
Where appropriate, due to the bank’s risk profile and systemic importance, the home
supervisor, working with its national resolution authorities and relevant host authorities,
develops a group resolution plan. The relevant authorities share any information necessary
for the development and maintenance of a credible resolution plan. Supervisors also alert
and consult relevant authorities and supervisors (both home and host) promptly when
taking any recovery and resolution measures.
Description and
findings re EC6
While the Central Bank received the power to request recovery plans and to produce
resolution plans under the CBCIR Act 2011 in October 2012, a local recovery and resolution
plan regime has not yet been implemented. The CBCIR has not yet been used to resolve an
authorized credit institution in this jurisdiction. The recovery plan aspect of the legislation
has yet to be fully implemented. It should be noted that the Central Bank’s implementation
may be deferred pending a review of the proposed arrangements under an EU proposed
Directive on Crisis Management and Bank Resolution. Section 93(1) of the CBCIR Act 2011
allows the Central Bank to prepare a Resolution Report where it has previously requested a
Recovery Plan from a credit institution.
While there are some national authorities making progress in relation to the production of
recovery plans for G-SIFIs the Central Bank is awaiting EU/international developments in
the area, especially with respect to the CRD, Notwithstanding this and in line with EBA
recommendations, the Central Bank has requested recovery plans from two high impact
credit institutions.
EC7 The host supervisor’s national laws or regulations require that the cross-border operations
of foreign banks are subject to prudential, inspection and regulatory reporting
requirements similar to those for domestic banks.
Description and
findings re EC7
All banks licensed by the Central Bank are subject to the same laws and regulations;
therefore, the cross-border operations of foreign banks are subject to the same prudential,
inspection and regulatory requirements as domestic banks.
In relation to EU branches, the level of regulatory oversight is much less than that for a
bank licensed by the Central Bank. In the case of branches, the Central Bank’s oversight is
limited to AML, Liquidity and Conduct of Business supervision. In certain instances, the
branches are granted a Liquidity Concession Waiver whereby liquidity oversight is the
responsibility of the home regulator at the level of the parent rather than the Central Bank.
At present, there are no third-country branches in Ireland; however, if one was established,
the Central Bank would undertake a significantly higher level of oversight than for EU
branches.
Licensed Banks
In order to hold a banking license issued by the Central Bank the entity is required to
comply with all relevant legislation, including (but not limited) to the CRD (as transposed
into Irish law by various S.I.s) and the Central Bank Acts. In addition, the Central Bank may
issue regulatory notices with which the entity must comply, e.g. the Corporate Governance
Code for Credit Institutions and Insurance Undertakings; the Requirements for the
Management of Liquidity Risk; etc. The Central Bank has also informed all credit institutions
that, unless otherwise stated, any guidelines issued by CEBS/EBA are Central Bank
guidelines.
IRELAND
INTERNATIONAL MONETARY FUND 119
Branches
The legislative basis for the Central Bank’s oversight of branches is as set out in the CRD in
Articles 29–34 (S.I. 395 of 1992, Regulations 27, 29 and 34).
The majority of banks operating in Ireland are cross-border operations of foreign banks.
Supervision of these institutions is carried out in accordance with PRISM, which sets out the
minimum level of engagement with banks. There is no differentiation within PRISM based
on the location of the parent institution. The RGP Papers for cross-border banks provide
confirmation that they are not regulated any differently to domestic banks of the same
impact rating.
Branches
Where a Liquidity Concession Waiver has not been granted, branches must comply with
Central Bank liquidity requirements, including reporting requirements.
EC8 The home supervisor is given on-site access to local offices and subsidiaries of a banking
group in order to facilitate their assessment of the group’s safety and soundness and
compliance with customer due diligence requirements. The home supervisor informs host
supervisors of intended visits to local offices and subsidiaries of banking groups.
Description and
findings re EC8
The Central Bank has the power and right to on-site access to local (Irish) offices and
subsidiaries of a banking group. In this regard, the Central Bank liaises closely with
supervisors of foreign subsidiaries and branches, and has conducted overseas inspections
with the agreement of those foreign supervisors. Part 3 of the Central Bank (Supervision
and Enforcement) Act 2013 provides the legal basis for such powers.
A cross-border onsite inspection will be undertaken where the Central Bank has
determined that the foreign entity poses a risk to the Central Bank’s statutory role of
ensuring financial stability. In this regard, the Central Bank evidenced a number of such
assessments in recent years that had been conducted. In situations where the Central Bank
is the host supervisor it has facilitated onsite assessments by the home regulator, e.g. FSA,
BaFin, Bundesbank.
EC9 The host supervisor supervises booking offices in a manner consistent with internationally
agreed standards. The supervisor does not permit shell banks or the continued operation
of shell banks.
Description and
findings re EC9
There are currently no booking offices within the Irish jurisdiction; however, if one were to
be established, the Central Bank would adhere to internationally-agreed standards. In
relation to shell banks, the Central Bank would not approve or allow the continued
operation of such an entity. Section 8 of the Central Bank Act 1971 prohibits the carrying
on of banking business without a license.
EC10 A supervisor that takes consequential action on the basis of information received from
another supervisor consults with that supervisor, to the extent possible, before taking such
action.
Description and
findings re EC10
The Central Bank, as good practice, would inform another supervisor that it intends to take
action as a result of information provided by the other supervisor.
Assessment of
Principle 13
Compliant
Comments
B. Prudential regulations and requirements
IRELAND
120 INTERNATIONAL MONETARY FUND
Principle 14 Corporate governance. The supervisor determines that banks and banking groups have
robust corporate governance policies and processes covering, for example, strategic
direction, group and organizational structure, control environment, responsibilities of the
banks’ Boards and senior management,
31
and compensation. These policies and processes
are commensurate with the risk profile and systemic importance of the bank.
Essential criteria
EC1
Laws, regulations or the supervisor establish the responsibilities of a bank’s Board and
senior management with respect to corporate governance to ensure there is effective
control over the bank’s entire business. The supervisor provides guidance to banks and
banking groups on expectations for sound corporate governance.
Description and
findings re EC1
The Central Bank has, in its Corporate Governance Code for Credit Institutions and
Insurance Undertakings (the Code), set out clearly defined corporate governance
requirements which must be adhered to by all credit institutions. These requirements are
proportionate, with 'major institutions', as defined, having more stringent requirements
imposed on them. The responsibilities of Board (and the Chief Executive) are detailed in the
Code.
The Code provides that the Board shall be responsible for appointing a CEO and senior
management with appropriate integrity and adequate knowledge, experience, skill and
competence for their roles. In addition, the Board shall be responsible for endorsing the
appointment of people who may have a material impact on the risk profile of the
institution and monitoring on an ongoing basis their appropriateness for the role. The
Code also provides that the Board shall ensure that there is an appropriate succession plan
in place.
The Code requires that all institutions shall have robust governance arrangements which
include a clear organizational structure with well defined, transparent and consistent lines
of responsibility; effective processes to identify, manage, monitor and report the risks to
which it is or might be exposed; adequate internal control mechanisms, including sound
administrative and accounting procedures; adequate IT systems and controls; and
remuneration policies and practices that are consistent with and promote sound and
effective risk management both on a solo basis and at group level.
Through the Code, the Central Bank has the power to require changes in the composition
of the bank’s Board if it believes that any individuals are not fulfilling their duties related to
the satisfaction of these criteria.
The Code requires the Board to set the business strategy for the institution, understand the
risks to which the institution is exposed and establish a documented risk appetite for the
institution. The appetite shall be expressed in qualitative terms, and shall also include
quantitative metrics to allow the tracking of performance and compliance with agreed
strategy (e.g. Value at Risk (VaR), leverage ratio, range of tolerance for bad debts,
acceptable stress losses, economic capital measures, etc.). The risk appetite is subject to
annual review by the Board.
Compliance with the Corporate Governance requirements is assessed by supervisors on a
31
Please refer to footnote 27 under Principle 5.
IRELAND
INTERNATIONAL MONETARY FUND 121
routine basis and action is taken where issues of non-compliance are identified. A
contravention of the Code may result in the Central Bank using any of its regulatory
powers.
With respect to remuneration, the Central Bank has implemented the FSB standards for
compensation transposed into Irish law via S.I. 625 2010, effective from 1 January 2011.
Supervisors ensure that significant financial institutions’ compensation systems give
appropriate consideration to risk, capital, liquidity and the likelihood and timeliness of
earnings on an ongoing basis, through the utilization of supervisory methods. Examples of
remedial action required include overhauls of remuneration policies and implementation of
new remuneration processes to ensure the banks’ compensation systems give appropriate
consideration to risk, capital and liquidity.
The Pillar III disclosures are assessed to ensure the remuneration disclosures have been
made where appropriate (e.g., this may not be required for subsidiaries of a large EU parent
which includes the subsidiaries’ disclosures in the group disclosures).
The Corporate Governance Code was introduced as a condition to which institutions are
subject pursuant to:
? Section 10 of the Central Bank Act 1971
? Section 16 of the Asset Covered Securities Act 2001
? Section 17 of the Building Societies Act 1989
? Section 24 of the Insurance Act 1989
? Regulation 12 of the European Communities (Reinsurance) Regulations 2006 (S.I No.
380 of 2006).
The Central Bank is given extensive powers as regards the fitness and probity of the
directors by Part 3 of the Central Bank Reform Act 2010.
EC2
The supervisor regularly assesses a bank’s corporate governance policies and practices,
and their implementation, and determines that the bank has robust corporate governance
policies and processes commensurate with its risk profile and systemic importance. The
supervisor requires banks and banking groups to correct deficiencies in a timely manner.
Description and
findings re EC2
Minimum supervisory activities are prescribed in PRISM and are proportionate to the
impact rating assigned to a bank. For High Impact banks, a full governance review should
be conducted at least once every two years. In Medium High Impact institutions, it should
be reviewed at least once every two-to-four years as part of an FRA. PRISM includes
guidance for supervisors regarding suggested activities to perform when assessing
governance and include a mix of on-and offsite activities. Guidance material also includes
suggested agenda items for meetings with senior management.
For High Impact banks, the annual cycle of meetings with the Board and senior
management provide the basis for assessing the adequacy of corporate governance. The
annual engagement includes meetings with the Chair of the Board and the senior non-
executive (independent) director. Preparation for the meeting will typically involve
obtaining board minutes and board packs for the last year which will be reviewed to assess
the quality of management information submitted to the Board. Supervisors will also meet
with senior management such as the CEO, CFO and CRO where corporate governance
issues will be considered and discussed. Meetings with the Board and senior management
for Medium-High banks is closely aligned with an annual cycle, although for medium Low
Impact banks the frequency is 18 months and for Low Impact banks there is no prescribed
IRELAND
122 INTERNATIONAL MONETARY FUND
frequency for meetings with the Board or senior management. Nonetheless, the supervisor
may conduct engagements if a risk is identified.
For High Impact banks, policies and procedures will be reviewed as part of the preparation
for Financial Risk Reviews which are performed frequently across a two year cycle (six FRRs
are conducted every two years – see CP 8&9 for a fuller explanation of the FRR). For
Medium-High banks a full review of governance will be performed as part of the FRA which
is performed at a minimum 2-4 years. Material policies and procedures will be assessed as
part of the governance review. For banks with an impact rating of Medium-Low and Low,
there is no prescribed minimum frequency for receipt or assessment of policies and
procedures.
For High Impact banks, the supervisor will include an assessment of a bank’s annual report
which includes information relating to corporate governance such as number of meetings
and Board attendance.
For High Impact and Medium-High Impact banks, the ICAAP is assessed annually. Included
in the ICAAP assessment is a review of key policies and procedures. An ICAAP assessment is
not required to be conducted annually for Medium Low and Low impact banks, instead a
Self-Assessment Questionnaire (SAQ) is completed by the bank and submitted to the
Central Bank. The SAQ includes a high level overview of ICAAP information and details on
governance such as the institution’s definition of Governance Risk and how this is
managed. This is reviewed by the Supervision Team and discussed with the institution’s
management team as required. Meetings with senior management on an individual basis
are scheduled every 18 months at minimum. Meetings with the internal audit function take
place for High and Medium High Impact banks, to gain insight into some of a bank’s
internal controls.
On occasion, Banking Supervision conducts thematic reviews which provide a useful source
for benchmarking analyses to be performed across institutions
For banks with an Impact rating of Medium-Low and Low the approach to assessing
corporate governance is reactive and will not include an assessment of policies and
procedures unless a risk is identified. Under the requirements of the Code any institution
which becomes aware of a material deviation from the Code shall, within 5 business days,
report the deviation to the Central Bank, advising of the background and the proposed
remedial action. The Central Bank also requires each institution, irrespective of PRISM
rating, to submit an annual compliance statement as set out at Section 25, in accordance
with any guidelines issued by the Central Bank, specifying whether the institution has
complied with the Code. The statement is signed by the Board.
Information enabling an examiner to evaluate an institution’s corporate governance
structures is not as readily available as with quantitative-based risks, as regular regulatory
reporting is, by and large, redundant for the purpose of governance reviews. However,
there are many other sources which examination teams can use to properly evaluate the
effectiveness of an institution’s corporate governance. Information is obtained through
observation and ad-hoc bilateral engagements/meetings, from the production of Central
Bank MI reports on regulated firms, and during the SREP engagement/FRA. Oversight
committees, responsibilities, reporting lines and interactions between stakeholders are
usually examined as part of this engagement.
IRELAND
INTERNATIONAL MONETARY FUND 123
For High and Medium High Impact banks, the frequency and range of supervisory activities
provides the supervisor with a regular assessment of corporate governance. For those
banks assigned a rating of Medium-low and Low, the range and frequency of supervisory
activities to assess governance is not adequate to assess the robustness of governance.
EC3
The supervisor determines that governance structures and processes for nominating and
appointing Board members are appropriate for the bank and across the banking group.
Board membership includes experienced non-executive members, where appropriate.
Commensurate with the risk profile and systemic importance, Board structures include
audit, risk oversight and remuneration committees with experienced non-executive
members
Description and
findings re EC3
The Central Bank determines that governance structures and processes for nominating and
appointing Board members are appropriate for the bank and across the banking group
through:
? Governance reviews;
? Reviewing minutes of Board & sub-committees;
? Attendance in an observation capacity at meetings;
? Reviewing Management Information that goes to the Board and sub-committees;
? Other reviews, such as Operational Risk Framework reviews, Outsourcing reviews or
specific thematic reviews.
With respect to the appropriate nomination and appointing of board members, the Code
requires the following:
? The Board shall be responsible for endorsing the appointment of people who may
have a material impact on the risk profile of the institution, and monitoring on an
ongoing basis their appropriateness for the role.
? The Board shall be responsible for either the appointment of non-executive directors
or, where appropriate, identifying and proposing the appointment of non-executive
directors to shareholders. The Board shall ensure that non-executive directors are
given adequate training about the operations and performance of the institution.
The Board shall routinely update the training as necessary to ensure that they make
informed decisions.
? The majority of the board shall be independent non-executive directors (this may
include the Chairman). However, in the case of institutions that are subsidiaries of
groups, the majority of the Board may be group non-executive directors, provided
that in all cases the subsidiary institution shall have at least two independent non-
executive directors, or such greater number as is required by the Central Bank.
? The Board shall review Board membership at least once every three years.
Institutions shall formally review the membership of the Board of any person who is
a member for nine years or more. It shall document its rationale for any continuance,
and so advise the Central Bank in writing.
Adherence by institutions to the Code is monitored on an ongoing basis by supervisors,
and action is taken where institutions have been found to be in breach of the Code. In
addition to ongoing supervision and in conjunction with PRISM, specific governance
reviews will also be carried out to determine compliance. The Central Bank also requires
each institution to submit an annual compliance statement as set out at Section 25 of the
Code, in accordance with any guidelines issued by the Central Bank, specifying whether the
institution has complied with the Code.
IRELAND
124 INTERNATIONAL MONETARY FUND
With respect to board structures the code requires the following:
? The Board shall establish, at a minimum, both an audit committee and a risk
committee (except where it is part of a wider group, in which case it may rely on
those group committees). Where appropriate, the Board should consider the
appointment of a Remuneration Committee and/or Nomination Committee. Major
institutions are required to establish Audit, Risk, Remuneration and Nomination
Committees. The non-executive directors and, in particular, independent non-
executive directors shall play a leading role in these committees; where the functions
are carried out at group level, they shall play a leading role in satisfying the Board
that the institution’s audit and risk functions are adequately carried out.
? An Audit Committee shall be composed of non-executive directors, the majority of
directors being independent. The Risk Committee shall ensure that there is an
appropriate representation of non-executive and executive directors which is
appropriate to the nature, scale and complexity of the business of the institution.
Where possible, all members of the Remuneration Committee shall be independent
non-executive director; in any event, the majority of members of the Committee
shall be independent non-executive directors. The majority of members of the
Nomination Committee shall be independent non-executive directors.
In addition to the board’s requirements, the Code also requires major institutions to
establish Nomination Committees. Under the Code, Nomination Committees are required
to:
? make recommendations to the Board on all new appointments of both executive
and non-executive directors; and
? in considering appointments the Nomination Committee, prepare a comprehensive
job description, taking into account for board appointments, the existing skills and
expertise of the Board and the anticipated time commitment required.
The Supervisor will review the Nomination Committee’s terms of reference to determine its
suitability and fitness for purpose as part of the Governance review. This assessment will be
performed in line with the PRISM engagement model. Examples were evidenced where the
Central Bank had actively considered board composition as an ongoing part of their
assessment of governance. The frequency of these reviews are based on the PRISM model
and range from annual in the case of High Impact banks to 2-4 years for Medium-High and
only reactively for Medium –Low and Low Impact banks.
EC4
Board members are suitably qualified, effective and exercise their “duty of care” and “duty
of loyalty.”
32
32
The OECD (OECD glossary of corporate governance-related terms in “Experiences from the Regional Corporate
Governance Roundtables”, 2003, www.oecd.org/dataoecd/19/26/23742340.pdf.) defines “duty of care” as “The duty
of a board member to act on an informed and prudent basis in decisions with respect to the company. Often
interpreted as requiring the board member to approach the affairs of the company in the same way that a ’prudent
man’ would approach their own affairs. Liability under the duty of care is frequently mitigated by the business
judgment rule.” The OECD defines “duty of loyalty” as “The duty of the board member to act in the interest of the
(continued)
IRELAND
INTERNATIONAL MONETARY FUND 125
Description and
findings re EC 4
Part 3 of the Central Bank Reform Act 2010 gives extensive powers to the Central Bank in
relation to those persons who perform “controlled functions” (CFs) and “pre-approval
controlled functions” (PCFs). Under the Fitness and Probity Regime, a Director is a PCF.
Before an institution can appoint a person to a PCF, the Central Bank must have approved
the appointment in writing. The approval process requires the submission of an individual
questionnaire, which contains a section on ‘Professional Experience, Educational
Qualifications, Professional Memberships and Relevant Training’. The Central Bank also has
the power to call PCF applicants for interview.
In addition, PCFs are required to comply with the Standards of Fitness and Probity and the
institution must confirm, after carrying out the necessary due diligence, that it is satisfied
on reasonable grounds that those persons are compliant with the Fitness and Probity
Standards and that they have obtained those persons’ written agreement to abide by the
Fitness and Probity Standards. The Standards require individuals to be:
a) Competent and capable (this standard requires individuals to have the appropriate
qualifications);
b) Honest, ethical and to act with integrity; and
c) Financially sound.
The effectiveness of Board members is assessed on an ongoing basis through a review of
Board minutes and meetings with members of the Board for High and Medium High banks.
In addition, for High Impact banks, supervisors may attend Board meetings (in particular,
supervisors attended a number of Board meetings of all High Impact banks after the
financial crisis).
All Board appointments must be made in accordance with Fitness and Probity standards.
Interviews with directors allows for further assessment, but may not be explicitly focused on
"duty of care" and "duty of loyalty.”
EC5
The supervisor determines that the bank’s Board approves and oversees implementation of
the bank’s strategic direction, risk appetite
33
and strategy, and related policies, establishes
and communicates corporate culture and values (e.g. through a code of conduct), and
establishes conflicts of interest policies and a strong control environment.
Description and
findings re EC5
The Central Bank has set out in its Corporate Governance Code corporate governance
requirements in relation to strategy, risk appetite and related policies that are required to
be adhered to by all credit institutions. Adherence by institutions to the Code is monitored
on an ongoing basis by supervisors through various supervisory activities. Action is taken
where institutions have been found to be in breach of the Code. In addition to ongoing
supervision and in conjunction with PRISM, specific governance reviews will also be carried
out to determine compliance. The Central Bank also requires each institution to submit an
annual compliance statement as set out at Section 25 of the Code, in accordance with any
guidelines issued by the Central Bank, specifying whether the institution has complied with
company and shareholders. The duty of loyalty should prevent individual board members from acting in their own
interest, or the interest of another individual or group, at the expense of the company and all shareholders.”
33
“Risk appetite” reflects the level of aggregate risk that the bank’s Board is willing to assume and manage in the
pursuit of the bank’s business objectives. Risk appetite may include both quantitative and qualitative elements, as
appropriate, and encompass a range of measures. For the purposes of this document, the terms “risk appetite” and
“risk tolerance” are treated synonymously.
IRELAND
126 INTERNATIONAL MONETARY FUND
the Code.
However, the Code does not refer to corporate culture and values. Corporate culture and
values are reviewed as a PRISM governance risk sub-category, and guidance is providers to
the supervisors for the assessment of same.
Supervisors also assess the role of the board in approving strategy, risk appetite, policies,
etc., In addition, for all High Impact banks, the Deputy Governor (Financial Regulation) and
the Director of Credit Institutions Supervision meet with Board members on an ad-hoc
basis to discuss issues including strategy implementation, e.g. mortgage arrears resolutions
strategy and asset deleveraging.
For banks with an Impact rating of Medium-Low and Low, the process to determine that
Boards are discharging their responsibilities in relation to the requirements in the Code
(e.g. approves and oversees implementation of the bank’s strategic direction, risk appetite
34
and strategy, and related policies) is through receipt and review of an annual compliance
statement asserting a self assessment by management. While the supervisor will meet
periodically with the bank, testing through onsite examination or supporting evidence of
compliance is not conducted by the Central Bank. In the case of Low Impact banks, the
entire population of which are foreign bank branches, these credit institutions do not have
a Board.
EC6
The supervisor determines that the bank’s Board, except where required otherwise by laws
or regulations, has established fit and proper standards in selecting senior management,
maintains plans for succession, and actively and critically oversees senior management’s
execution of Board strategies, including monitoring senior management’s performance
against standards established for them.
Description and
findings re EC6
Part 3 of the Central Bank Reform Act 2010 introduced a statutory system for the
regulation by the Central Bank of Ireland of persons performing CFs or PCFs in regulated
financial service providers (including credit institutions).
There are 41 senior positions which are PCFs. They include functions such as CEO, Director
or Heads of Compliance, Risk, and Retail Sales. The Central Bank’s approval is required
before appointments may be made to these positions. CFs refer to functions undertaken by
staff who exercise a significant influence on conduct of the affairs of the financial service
provider, monitor compliance, or perform functions in a customer-facing role. The Central
Bank’s approval is not required for appointments to these positions.
The Central Bank issued Standards of Fitness and Probity (the Standards) that apply to all
persons performing CFs or PCFs in regulated financial service providers, including credit
institutions. A regulated financial service provider is not allowed appoint a person to
perform a CF/PCF unless firm is “satisfied on reasonable grounds” that the person complies
with the Standards and that the person has agreed to abide by the Standards. In order to
comply with the Standards, a person is required to be:
a) Competent and capable;
b) Honest, ethical and to act with integrity; and
c) Financially sound.
IRELAND
INTERNATIONAL MONETARY FUND 127
Failure by a person to comply with the Standards may, inter alia:
a) Where the approval of the Central Bank is being sought to permit a person to
perform a PCF, lead to approval being refused;
b) Where a person is performing a CF/PCF, lead to an investigation being conducted in
relation to the fitness and probity of that person to perform the relevant function;
c) Cause that person to be the subject of a prohibition notice under Central Bank
Reform Act 2010.
Board members are assessed in respect of their fitness and probity. Ongoing oversight of
approved PCF holders is managed by the respective supervisory divisions
The Corporate Governance Code states that the Board shall ensure that there is an
appropriate succession plan in place. The Nominations Committee shall be involved in
succession planning for the Board, bearing in mind the future demands on the business
and the existing level of skills and expertise.
The Code also states that the Board shall formally review its overall performance, and that
of individual directors, relative to the Board’s objectives, at least annually. The review shall
be documented.
In order to critically oversee senior management’s execution of Board strategies, including
monitoring senior management’s performance against standards established for them,
supervisors would carry out a number of activities: meet with the Independent Non-
Executive Directors; meet external auditors; and evaluate reviews conducted by Boards
against strategy.
EC7
The supervisor determines that the bank’s Board actively oversees the design and
operation of the bank’s and banking group’s compensation system, and that it has
appropriate incentives, which are aligned with prudent risk taking. The compensation
system, and related performance standards, are consistent with long-term objectives and
financial soundness of the bank and is rectified if there are deficiencies.
Description and
findings re EC7
Compensation requirements were introduced in 2011 that apply to credit institutions.
Leading up to the implementation of the new requirements, expectations were
communicated to banks. In 2011 a thematic review was performed obtaining compensation
policies from all banks.
The supervisor determines that the bank’s Board actively oversees the design and
operation of the bank’s and banking group’s compensation system, and that it has
appropriate incentives, through the following:
- Meetings with HR to discuss compensation systems.
- Internal Audit reviews. Internal Audit is required to review Remuneration Policies and
Practices. Examiners ensure that these reviews are carried out and follow up on any
issues identified.
- Thematic reviews (review on Remuneration was undertaken in 2011).
- Governance Inspection, where remuneration may form part of the review.
With respect to remuneration the Code requires the Board to complete the following:
? Ensure that the institution’s remuneration practices do not promote excessive risk-
IRELAND
128 INTERNATIONAL MONETARY FUND
taking.
? Design and implement a remuneration policy to meet that objective and evaluate
compliance with this policy.
In addition to the Board’s requirements, the Code also requires major institutions to
establish Remuneration Committees. Under the Code, Remuneration Committees are
required to establish remuneration policies and procedures within the institution based on
best practice and any requirements which the Central Bank may issue.
The supervisor reviews the Remuneration Committee’s terms of reference to determine its
suitability and fitness for purpose.
Irish credit institutions also have to comply with remuneration requirements under CRD III.
Article 22 of the CRD, as amended by CRD III, lays down the fundamental principle for
institutions to ensure that their remuneration policies and practices are consistent with and
promote sound and effective risk management. This article indicates that remuneration
policies and practices form part of an institution’s overarching obligation to have robust
governance arrangements in place; this is the basis for all other Pillar II requirements. The
further remuneration requirements of CRD III are included in Annex V, Section 11 and
Annex XII, Part 2, point 15 of the CRD. Considered together, the remuneration requirements
in the annexes are divisible into three blocks: governance (Annex V), risk alignment (Annex
V) and transparency (Annex XII). Proportionality, as explained further in these guidelines
(from paragraph 19), is relevant for all three blocks.
EC8
The supervisor determines that the bank’s Board and senior management know and
understand the bank’s and banking group’s operational structure and its risks, including
those arising from the use of structures that impede transparency (e.g. special-purpose or
related structures). The supervisor determines that risks are effectively managed and
mitigated, where appropriate.
Description and
findings re EC8
The supervisor determines that the bank’s Board and senior management know and
understand the bank’s and banking group’s operational structure and its risks, including
those arising from the use of structures through attendance at board meetings, review of
board packs, meetings held with both board members and senior management. The
management and mitigation of risks is determined through the ongoing risk assessment of
institutions. Over the last several years, the intensity and intrusiveness of these meetings
have increased with supervisors placing greater focus on the effectiveness of meetings with
the Board of Directors as a mechanism to assess the Board.
There is no prescribed supervisory cycle within PRISM for onsite meetings with Low Impact
banks unless warranted such as FRAs, FRRs to assess corporate governance. Equally, no
minimum prescribed supervisory cycle for analysis of organizational structure or use of
special purpose vehicles. For Low Impact banks (i.e. Foreign Bank Branches), the Corporate
Governance Code does not apply, instead the assessment is covered by the Home
supervisor (legislated for in the CRD).
EC9
The supervisor has the power to require changes in the composition of the bank’s Board if
it believes that any individuals are not fulfilling their duties related to the satisfaction of
these criteria.
Description and
findings re EC9
Part 3 of the Central Bank Reform Act 2010 has given the Central Bank powers to (inter
alia):
a) refuse to appoint a proposed director to any pre-approval controlled function
IRELAND
INTERNATIONAL MONETARY FUND 129
where prescribed by the Central Bank pursuant to Part 3 of the Central Bank
Reform Act 2010; and/or
b) suspend, remove or prohibit an individual from carrying out a controlled
function where prescribed by the Central Bank pursuant to Part 3 of the
Central Bank Reform Act 2010.
Failure by a person to comply with the Standards of Fitness and Probity may (inter alia):
a) Where the approval of the Central Bank is being sought to permit a person to
perform a pre-approval controlled function, lead to approval being refused;
b) Where a person is performing a controlled function (pre-approval controlled
functions are also “controlled functions”), lead to an investigation being
conducted in relation to the fitness and probity of that person to perform the
relevant function;
c) Cause that person to be the subject of a prohibition notice under Central
Bank Reform Act 2010.
Additional
criteria
AC1
Laws, regulations or the supervisor require banks to notify the supervisor as soon as they
become aware of any material and bona fide information that may negatively affect the
fitness and propriety of a bank’s Board member or a member of the senior management.
Description and
findings re AC1
In completing the online Individual Questionnaire, as part of the Fitness & Probity
assessment process, both the applicant and proposing entity give an undertaking to inform
the Central Bank of any material changes to the information supplied subsequent to the
submission of the declaration. The applicant gives the following undertaking: “I will
promptly notify the Central Bank of Ireland of any material changes in the information which
I have provided and confirm that I will inform the Central Bank of Ireland in writing of the
details of such changes and any other relevant/ material information of which I may become
aware at any time after the date of this declaration,” and the proposing entity agrees with
the statement “Please confirm the proposing entity will notify the Central Bank of Ireland
without delay of any material change in circumstances that would render the information
contained in this application out of date/inaccurate.” These notifications are forwarded to
the relevant supervisory divisions in respect of ongoing oversight.
In addition, any director who has any material concern about the overall corporate
governance of an institution, which may be in relation to a Board member or a member of
the senior management, shall report the concern without delay to the Board in the first
instance and, if the concern is not satisfactorily addressed by the Board within 5 business
days, the director shall promptly report the concern directly to the Central Bank, advising of
the background to the concern and any proposed remedial action. This is without prejudice
to the director’s ability to report directly to the Central Bank.
Assessment of
Principle 14
Largely Compliant
Comments In addition to the requirements outlined in the CRD, the Central Bank has set out in its
Corporate Governance Code requirements which must be adhered to by all credit
institutions. The requirements of the Code address elements of this CP. For High and
Medium High Impact banks, the frequency and range of supervisory activities provides the
supervisor with a regular assessment of corporate governance. Evidence showed that for
High Impact banks, action is taken where institutions have been found to be in breach of
the Code. The Central Bank also has extensive powers as regards the fitness and probity of
IRELAND
130 INTERNATIONAL MONETARY FUND
the directors and holders of certain senior management positions.
For banks that are assigned Medium-Low and Low Impact ratings, the supervisory process
is largely reactive, relying on the bank’s submission of a self assessment of compliance with
the Code. For certain banks that fall into the lower Impact ratings, unless a red flag is
triggered, an assessment by a supervisor of governance arrangements will not be
performed on a regular basis. For those banks assigned a rating of Medium-low and Low,
the range and frequency of supervisory activities to assess governance is not adequate to
assess the robustness of governance (EC2). Does not appear to be an adequate level of
attention to senior management’s stewardship and understanding of risk and corporate
governance for Low Impact banks (EC8).
Principle 15 Risk management process. The supervisor determines that banks
35
have a comprehensive
risk management process (including effective Board and senior management oversight) to
identify, measure, evaluate, monitor, report and control or mitigate
36
all material risks on a
timely basis and to assess the adequacy of their capital and liquidity in relation to their risk
profile and market and macroeconomic conditions. This extends to development and
review of contingency arrangements (including robust and credible recovery plans where
warranted) that take into account the specific circumstances of the bank. The risk
management process is commensurate with the risk profile and systemic importance of the
bank.
37
Essential criteria
EC1
The supervisor determines that banks have appropriate risk management strategies that
have been approved by the banks’ Boards and that the Boards set a suitable risk appetite
to define the level of risk the banks are willing to assume or tolerate. The supervisor also
determines that the Board ensures that:
(a) a sound risk management culture is established throughout the bank;
(b) policies and processes are developed for risk-taking, that are consistent with the risk
management strategy and the established risk appetite;
(c) uncertainties attached to risk measurement are recognized;
(d) appropriate limits are established that are consistent with the bank’s risk appetite,
risk profile and capital strength, and that are understood by, and regularly
communicated to, relevant staff; and
35
For the purposes of assessing risk management by banks in the context of Principles 15 to 25, a bank’s risk
management framework should take an integrated “bank-wide” perspective of the bank’s risk exposure,
encompassing the bank’s individual business lines and business units. Where a bank is a member of a group of
companies, the risk management framework should in addition cover the risk exposure across and within the
“banking group” (see footnote 19 under Principle 1) and should also take account of risks posed to the bank or
members of the banking group through other entities in the wider group.
36
To some extent the precise requirements may vary from risk type to risk type (Principles 15 to 25) as reflected by
the underlying reference documents.
37
It should be noted that while, in this and other Principles, the supervisor is required to determine that banks’ risk
management policies and processes are being adhered to, the responsibility for ensuring adherence remains with a
bank’s Board and senior management.
IRELAND
INTERNATIONAL MONETARY FUND 131
(e) senior management takes the steps necessary to monitor and control all material
risks consistent with the approved strategies and risk appetite.
Description and
findings re EC1
The Central Bank requires institutions to comply with both Irish and EU legislation and
guidelines in respect of risk management, and assesses their compliance against these
requirements. Regulation 16 of S.I. 395 of 1992 requires every credit institution authorized
by the Central Bank to manage its business in accordance with sound administrative and
accounting principles and shall put in place and maintain internal control and reporting
arrangements and procedures to ensure that the business is so managed.
The Central Bank determines compliance with this requirement through periodic risk
assessments of banks (including as part of the SREP), or specific thematic reviews. The
frequency and granularity of the periodic risk assessments depends on the individual
banks’ impact scores, in addition to an evaluation of the probability and materiality of the
risk (see response to CP8 and CP9). With respect to risk management, seven banks’ risk
management frameworks, including strategies, risk appetite statements and culture, were
examined in a thematic risk review in 2011. Where deficiencies are found in a bank’s risk
management, RMP items are raised by supervision teams.
In addition to ongoing supervision, the Central Bank also requires banks to self-certify
compliance with its Corporate Governance Code (under section 25(1)) annually. For
example, if banks’ risk appetite statements or risk reporting and monitoring by the board
are non-compliant with the Code, then this must be highlighted to the Central Bank.
Remedial actions are required to be taken by the banks to address non-compliance.
The Central Bank’s Code of Corporate Governance, EBA guidelines on Internal Governance
(September 2011) and relevant legislation form the basis of what the Central Bank expects
of the banks’ risk management strategies and frameworks. An assessment of the bank’s
compliance with the relevant legislation and guidelines is conducted as part of the ongoing
supervisory engagement (which is based on the Central Bank’s PRISM engagement model).
PRISM also provides supervisors with guidance for how to conduct the assessment of risk
management established by the bank.
For High Impact banks, key risk management policies are required to be submitted to
supervisors and assessed as part of the Full Risk Assessment and as part of relevant
Financial Risk Reviews. While PRISM prescribes a minimum level of engagement, the
Central Bank evidenced a significantly greater number of activities with the covered banks
(High Impact). The intensity and intrusiveness was commensurate with the complexity and
risk of the bank.
Where weaknesses are identified through ongoing supervisory engagement (as per the
PRISM engagement model) with the bank’s risk management processes, supervisors raise
RMP issues which include outlining the actions required to be taken to resolve the issue
identified and the deadline by which supervisors expect the remedial actions to be
completed by. In both challenging firms and mitigating risk, supervisors have a range of
powers to draw on which are set out in the Central Bank Acts 1942 to 2010 (for example,
issuance of directions to firms to make modifications to systems and controls).
With regards to recovery and resolution planning, under the Central Bank and Credit
Institutions (Resolution) Act 2011 (CBCIR Act 2011), the Central Bank has the power to
require a credit institution to produce a recovery plan. The Act states that the Central Bank
may direct an authorised credit institution to prepare a recovery plan setting out actions
IRELAND
132 INTERNATIONAL MONETARY FUND
that could be taken to facilitate the continuation or secure the business of that credit
institution where the institution is experiencing financial difficulty. The Central Bank is also
complying with the EBA’s recommendation on the development of recovery plans by
specified credit institutions by 31 December 2013.
A supervisory themed review took place in Q3 2011 which looked at the role and
effectiveness of the Board Risk Committee (the Review). The objectives of the Review were
to:
1. Assess whether the institution’s Risk Committee was adequately fulfilling its role in
line with regulatory expectations.
2. Assess whether in discharging this role, the Risk Committee demonstrably adds
value to the management of risk in the credit institution.
Other examples of supervisory activities for risk management were evidenced during the
mission.
The Corporate Governance Code requires the following:
? 14(1) The Board shall establish a documented risk appetite for the institution.
? 14(3) The Board shall ensure that the risk management framework and internal
controls reflect the risk appetite and that there are adequate arrangements in place
to ensure that there is regular reporting to the board on compliance with
the risk appetite.
? 22(3) The Risk Committee shall oversee the risk management function.
? 22(4) The Risk Committee shall ensure the development and ongoing
maintenance of an effective risk management system within the financial institution
that is effective and proportionate to the nature, scale and
complexity of the risks inherent in the business.
The EBA guidelines on Internal Governance (September 2011) also set out the following:
? 22(2) An institution's risk management framework should establish and
maintain internal limits consistent with its risk tolerance/appetite and commensurate
with its sound operation, financial strength and strategic goals. An
institution’s risk profile should be kept within these limits. The risk management
framework should ensure that breaches of the limits are escalated
and addressed with appropriate follow up.
? 20(3) Business units, under the oversight of the management body, should be
primarily responsible for managing risks on a day-to-day basis, taking into account
the institution’s risk tolerance/appetite and in line with its
policies, procedures and controls.
? 20(2) The risk culture should be established through policies, examples,
communication and training of staff regarding their responsibilities for risk.
? 20(6) The risk management framework should be subject to independent
internal or external review and reassessed regularly against the institution’s risk
tolerance/appetite, taking into account information from
the risk control function and, where relevant, the risk committee.
The Code sets out that the Board shall establish a documented risk appetite for the
institution. The appetite shall be expressed in qualitative terms and also include
quantitative metrics to allow tracking of performance and compliance with agreed strategy.
The Board shall ensure that the risk management framework and internal controls reflect
IRELAND
INTERNATIONAL MONETARY FUND 133
the risk appetite and that there are adequate arrangements in place to ensure that there is
regular reporting to the board on compliance with the risk appetite.
EC2
The supervisor requires banks to have comprehensive risk management policies and
processes to identify, measure, evaluate, monitor, report and control or mitigate all material
risks. The supervisor determines that these processes are adequate:
(a) to provide a comprehensive “bank-wide” view of risk across all material risk types;
(b) for the risk profile and systemic importance of the bank; and
(c) to assess risks arising from the macroeconomic environment affecting the markets in
which the bank operates and to incorporate such assessments into the bank’s risk
management process.
Description and
findings re EC2
The Corporate Governance Code requires that “All institutions shall have effective
processes to identify, manage, monitor and report the risks to which they are or might be
exposed.” (See Code 6(3). In addition to the Code, EBA Guidelines on Internal Governance
(September 2011) outlines the following which banks are expected to comply with:
? 22(1) An institution's risk management framework shall include policies, procedures,
limits and controls providing adequate, timely and continuous identification,
measurement or assessment, monitoring, mitigation and reporting of the risks
posed by its activities at the business line and institution-wide levels.
? 22(2) An institution’s risk management framework should establish and maintain
internal limits consistent with its risk tolerance/appetite and commensurate with its
sound operation, financial strength and strategic goals. An institution’s risk profile
should be kept within these limits. The risk management framework should ensure
that breaches of the limits are escalated and addressed with appropriate follow up.
? 22(3) When identifying and measuring risks, an institution should develop forward-
looking and backward-looking tools to complement work on current exposures.
? 22(6) Relevant macroeconomic environment trends and data should be explicitly
addressed to identify their potential impact on exposures and portfolios. Such
assessments should be formally integrated into material risk decisions.
Regulation 16 of S.I. 395 requires every credit institution authorized by the Central Bank to
manage its business in accordance with sound administrative and accounting principles,
and to put in place and maintain internal control and reporting arrangements and
procedures to ensure that the business is so managed.
The Central Bank has dedicated Credit, Treasury, Risk Analytics (Quantitative Models Unit)
and Business Model Analytics teams which monitor Business, Credit, Liquidity and Market
Risk and Interest Rate Risk in the Banking book. The level of monitoring performed by
these teams varies according to the size, scale and complexity of the institution, as well its
PRISM impact rating.
In addition to consideration of a bank’s risk management policies and processes as part the
PRISM risk assessment process (See CP8 for further details on PRISM engagement), the
Central Bank also performs detailed thematic reviews which evaluate a bank’s risk
management policies and processes. The focus of these risk assessments and thematic
reviews is primarily the policies and processes of material risks, or other risks where there
are signs of issues arising.
IRELAND
134 INTERNATIONAL MONETARY FUND
Examples of supervisory activities include:
As noted previously, a supervisory themed review took place in Q3 2011 which looked at
the role and effectiveness of Board Risk Committees. The review also looked at risk
management policies to confirm if:
? There is an overall risk policy or policies for individual risks
? The Board satisfies itself as to the appropriateness of these policies and
functions for the institution, and in particular that these policies and functions
take full account of Irish laws and regulations and the supervisory
requirements of the Central Bank.
It was noted that one bank did not have risk management processes and policies in place
for credit concentration risk and interest rate risk in the banking book. Two supervisory
measures were imposed in 2010 which were to remain until the Central Bank was satisfied
that these issues had been addressed. The supervision team conducted an on-site
inspection in 2011 to determine whether the RMP had been implemented and were not
satisfied that there was sufficient understanding of these risks at the subsidiary level.
EC3
The supervisor determines that risk management strategies, policies, processes and limits
are:
(a) properly documented;
(b) regularly reviewed and appropriately adjusted to reflect changing risk appetites, risk
profiles and market and macroeconomic conditions; and
(c) communicated within the bank
The supervisor determines that exceptions to established policies, processes and limits
receive the prompt attention of, and authorization by, the appropriate level of
management and the bank’s Board where necessary.
Description and
findings re EC3
The Central Bank performs both financial risk reviews and full risk assessments and
thematic reviews to evaluate a bank’s risk management policies and processes. The focus of
these assessments is primarily on the policies and processes of material risks, or other risks
where there are signals of issues arising. The reviews of these policies are conducted by
supervisors to ensure, inter alia, that management strategies, policies, processes and limits
are properly documented, regularly reviewed and updated to reflect changing risk
appetites, risk profiles and market and macroeconomic conditions, and that they are
communicated and applied throughout the bank.
Probability risk ratings for all institutions under the Central Bank’s supervision are updated
on an ongoing basis. In completing this update, supervisors must assess the ongoing
completeness, quality and appropriateness of risk management policies, strategies and risk
limits.
In addition, banks are required to submit an annual statement of compliance with the
Corporate Governance code which includes confirmation, inter alia, that appropriate risk
management strategies and processes are in place. The Central Bank reviews the
compliance statement and follows up with regulatory action where deviations from the
code are identified. Evidence was provided to support this.
In order to assess whether risk management strategies, policies, processes and limits are
communicated adequately in the bank, a number of actions are taken, including:
IRELAND
INTERNATIONAL MONETARY FUND 135
? Review of internal reporting, such as CRO reports, with a specific emphasis on
ensuring material exceptions to policies, processes and limits are advised to the
Board.
? Compliance reporting.
? Internal audit reports.
? Operational risk logs, to identify issues of non-compliance, and specifically any
issues which may be endemic.
? Onsite interviews with personnel in various levels in the bank, to assess their
knowledge and understanding of risk management strategies, policies, processes
and limits.
Policies are reviewed by supervision teams as part of onsite reviews. For example, the
operational risk policies (outsourcing, new product approval and business continuity) of
one bank were reviewed as part of an onsite inspection. Many were found to be inadequate
or out-dated.
The approach to ongoing supervision of risk management policies and practices is similar
for Medium Low impact banks, albeit with less intensity. However, it should be noted that
these are reviewed as part of the full risk assessment. Furthermore as part of the ICAAP
assessment of medium low banks, banks submit a self-assessment questionnaire (SAQ) and
a copy of the bank’s risk appetite and business strategy. The risk appetite statement and
strategy is reviewed on an annual basis. The minimum engagement model prescribed by
PRISM for Medium-Low and Low banks will rely upon a compliance statement as the tool
to assess compliance with this EC. The annual statement of compliance with the Code will
not necessarily involve testing, sampling or assessing supporting material by the
supervisor. Unless an exception is self reported, limited analysis and verification is
preformed to make an accurate determination that risk management policies, strategy and
risk limits are reviewed and appropriately adjusted to reflect changing risk appetites, risk
profiles and market and macroeconomic conditions.
EC4
The supervisor determines that the bank’s Board and senior management obtain sufficient
information on, and understand, the nature and level of risk being taken by the bank and
how this risk relates to adequate levels of capital and liquidity. The supervisor also
determines that the Board and senior management regularly review and understand the
implications and limitations (including the risk measurement uncertainties) of the risk
management information that they receive.
Description and
findings re EC4
The Corporate Governance Code requires that adequate arrangements are in place to
ensure regular reporting to the Board on compliance with the institution’s risk appetite
(section 14(3)). The Code also seeks to ensure that there are effective processes in place in
banks to identify, manage, monitor and report the risks to which they are or might be
exposed (section 6(3)).
The EBA Guidelines on Internal Governance (September 2011) set out that regular and
transparent reporting mechanisms should be established so that the management body
and all relevant units in an institution are provided with reports in a timely, accurate,
concise, understandable and meaningful manner, and can share relevant information about
the identification, measurement or assessment and monitoring of risks (22(7)).
The Guidelines also set out that the CRO (or equivalent position) is responsible for
providing comprehensive and understandable information on risks, enabling the
management body to understand the institution’s overall risk profile (section 27(2)). The
IRELAND
136 INTERNATIONAL MONETARY FUND
Central Bank’s requirements for the management of liquidity place an onus on senior
management to provide the Board and the Asset and Liability Committee (ALCO) with
relevant and timely information with regard to liquidity risk. Liquidity reporting to the
Board and the ALCO should be carried out more frequently in times of stress (section
3(2)(2)).
A bank’s ICAAP is the process by which the Central Bank expects the bank to obtain
sufficient information to assess its capital adequacy relative to its risk profile. The ICAAP
should form an integral part of the management process and decision-making culture of
the institution. These requirements are set out in EBA Guidelines on the Application of the
Supervisory Review Process Under Pillar 2 (GL03). In addition, the Central Bank’s Fitness and
Probity Regime, which came into effect on 1 December 2011, seeks to ensure that a person
performing a PCF or CF, as set out in Part 3 of the Central Bank Reform Act, has the
relevant qualifications, experience, competence and capacity appropriate to the relevant
function which they are carrying out.
In order to evaluate the quality and sufficiency of information received by the Board and
senior management, supervisors review Board/relevant committee packs. These are
requested and reviewed on a more frequent basis for the covered banks; however, they are
also received as needed from the international banks. The Central Bank has found
deficiencies in management information and board reporting in a number of banks and has
addressed this through RMP actions and supervisory measures. There was sufficient
evidence to show that supervisors undertook analysis of Board packs and relevant
information in preparing for scheduled meetings (such as with the Independent Non-
Executive Director and Chair of the Board which are two of the routine meetings with banks
prescribed in the PRISM engagement model). The assessment of risk was often shown to
be an integrated process linking back to liquidity and capital. This was most evident in the
covered banks and High Impact banks with heightened supervisory intensity and where the
ICAAP formed part of the overall assessment process. For those banks that submitted a
summary ICAAP (i.e. SAQ) a less detailed assessment was performed.
EC5
The supervisor determines that banks have an appropriate internal process for assessing
their overall capital and liquidity adequacy in relation to their risk appetite and risk profile.
The supervisor reviews and evaluates banks’ internal capital and liquidity adequacy
assessments and strategies.
Description and
findings re EC5
Capital
While the Central Bank expects all banks to assess their internal capital adequacy on an
ongoing basis, the frequency of submission of ICAAP data to the Central Bank is governed
under Regulation 66(4) of S.I. 661 of 2006 and is a function of the following:
? The nature, size and systemic importance of the credit institution.
? The outcome of the credit institution’s most recent SREP.
? Any changes to the credit institution’s governance arrangements or business.
? The consequence of any merger or acquisition activity to which the credit institution
might be exposed.
The Central Bank has also completed two PCARs (2010 and 2011) for the Irish covered
banks. The PCAR (see CP16) assessed the capital requirements arising for expected base
and potential stressed loan losses, and other financial developments, over a 3 year time
horizon. This exercise will be completed in 2013 in conjunction with the EBA stress tests.
Liquidity
IRELAND
INTERNATIONAL MONETARY FUND 137
The Central Bank has established requirements for the management of liquidity risk (June
2009
All banks are required to produce regular reporting returns to the Central Bank covering
capital adequacy and allocation, liquidity and solvency. These are reviewed and analysed by
supervision teams and anomalies/erroneous movements are queried. This allows the
Central Bank to monitor institutions’ capital, solvency and liquidity. For example the
Treasury Team receives daily liquidity reports from the covered and large wholesale banks.
The specialist liquidity team within Banking Supervision division reviews the liquidity
strategies of banks through thematic reviews. For example, a thematic review of the ALCO
and a review of behavioural assumptions applied by 7 banks was conducted in 2012, and a
transfer pricing and deposit behaviour review was completed Q1 2013. A market risk review
was also conducted in 2011.
EC6 Where banks use models to measure components of risk, the supervisor determines that:
(a) banks comply with supervisory standards on their use;
(b) the banks’ Boards and senior management understand the limitations and
uncertainties relating to the output of the models and the risk inherent in their use;
and
(c) banks perform regular and independent validation and testing of the models
The supervisor assesses whether the model outputs appear reasonable as a reflection of
the risks assumed.
Description and
findings re EC6
1. The Central Bank determines during model validation reviews that banks comply
with supervisory standards on their use
2. The Central Bank also determines that there is an appropriate level of
understanding at both senior management and Board level around the use and
limitation of internal models used for the determination of regulatory capital.
3. Banks are required to perform regular and independent validation and testing of
their internal models and the supervisor (in conjunction with the Central Bank’s
Quantitative Model review team) assesses whether the model outputs appear
reasonable as a reflection of the risks assumed.
A regulatory Notice was issued by the Central Bank in December 2006 which outlines its
policy and procedures for institutions that wish to apply for the use of the IRBA for the
calculation of their regulatory capital requirements for credit risk pursuant to Directive
2006/48/EC and Directive 2006/49/EC, the CRD.
The Central Bank challenges the banks’ model processes, as outlined by the banks
themselves, and determines whether they is adequate. Supporting evidence was provided
during the mission.
Pillar I Models
For Pillar I, the approval process is as outlined in the CRD, and model performance is
reviewed on a yearly basis for high impact banks. At present, this yearly review is limited to
the covered banks and two international subsidiary banks (with significant Irish retail
exposures). However, not all bank’s internal models are reviewed on this same frequency.
For all other banks (all international banks), once the model is approved, no further formal
IRELAND
138 INTERNATIONAL MONETARY FUND
reviews are carried out on an ongoing basis, including ongoing assessment of Board and
senior management understanding of models. Home regulators, however would perform
their own monitoring of the other centrally developed models.
The decision on whether to subject a bank’s Pillar 1 IRB models to periodical [ongoing]
reviews is dependent on whether:
(a) the Central Bank is a consolidating or host supervisor,
(b) the models are centrally or locally developed, and
(c) central or local data have been used.
Based on these criteria, ongoing reviews mainly focus on: (a) banks where the Central Bank
is the consolidating supervisor, and (b) host institutions where models are calibrated to
Irish experience (and the institution has material retail exposures in Ireland).
? In relation to host institutions operating under IRB, the Central Bank will only
exercise its obligation to feed into the “joint decision” process (provided under
Article 129(2) of the CRD) where the institution has material exposures in Ireland.
The Central Bank will rely on the home supervisor to ensure adequacy of models
that are used for regulatory capital purposes (Pillar 1) where the institution is lower-
impact.
? The review [as part of the model approval process] of centrally developed models
used by host institutions for their non-retail exposures shall only focus on: (a) model
governance, (b) the use test, (c) senior management understanding, and (d) impact
of such models from regulatory capital and solvency ratio perspective.
Approach
The reviews are done in accordance with the Central Bank’s overall supervisory framework,
which takes into account the proportionality principle. The reviews also take into
consideration the Credit RWA Supervisory Framework/procedures for IRB model
performance reviews developed by the Central Bank’s Risk Modeling Unit.
Frequency and Depth
The frequency and depth of the individual reviews take into account the proportionality
principle (PRISM impact rating of the relevant institution). All material approved models
used by banks where the Central Bank is a consolidating supervisor, and those used by host
institutions for their Irish retail exposures, are reviewed on an annual basis.
Coverage of IMA and AMA Models
Currently, there is only one institution using the IMA approach to market risk. No home
institution has so far been approved to use AMA for operational risk. At present, five host
institutions use the AMA for operational risk. Where a host institution applies to use a
group AMA on an allocation basis, the Central Bank is required to ensure that the local staff
of the host institution has good knowledge of the group model and the allocation process.
The approval of AMA models to be used by subsidiaries based in Ireland is done taking
into account the provisions of Article 129 (2) of the CRD, and hence the Central Bank has a
right to feed into the Joint decision process.
Pillar II Models
For Pillar II models, the Central Bank assesses the reasonableness of models by comparison
with the output, if available, of its own Central Bank models or by expert judgment if
unavailable. This process is generally carried out as part of SREP process, and thus at its
most frequent, is completed on a yearly basis. Similar to Pillar 1 models, the home
IRELAND
INTERNATIONAL MONETARY FUND 139
regulators of the international banks under the Central Bank’s supervision would perform
their own monitoring of centrally developed models.
The Central Bank does not grant regulatory approval for the use of Pillar 2
models/Economic Capital Models. However, where a bank uses the output of such models
to inform the allocation of capital to specific risk types, as part of the Pillar 2 process, then
the Central Bank would review the outputs from such models and the underlying
assumptions. The review of such models (ECAP), which is normally done as part of the
ICAAP review process, is aimed at determining the degree of reliance to be placed by the
Central Bank on the outputs from such models in determining Pillar 2 capital add-ons. The
output of Central Bank’s ‘capital toolbox’ together with its view on the bank’s general
model assumptions and model parameters would feed into the decision on whether to rely
on the bank’s own estimate from its ECAP models.
Credit Models
As part of the ongoing Banking Supervision engagement plan, the Credit Team conducts
regular on-site inspections in credit institutions to review samples of borrower loan files.
The Credit Team adopts a risk based approach and selects loans files of borrowers with
higher risk credit grades i.e. watch risk and impaired risk. While on-site, the Credit Team
reviews pertinent customer data such as the most recent credit reports, up to date financial
information and collateral valuation reports. The primary objective of an on-site loan file
inspection is to provide Banking Supervision with an informed view on a credit institutions
credit risk management process and controls. Two of the primary areas of focus include:
i. the reliability of a credit institution’s credit grading system – as part of this process,
the Credit Team review credit grade model outputs to check that credit institution
internal credit risk rating systems reflect the credit risk profile of borrower
exposures.
ii. the adequacy of impairment provisions – as part of this process the Credit Team
reviews DCF model inputs and outputs where a borrower exposure is classified as
impaired risk, to evaluate the provision calculation and to check that the provision is
sufficient to absorb likely loan losses based on point-in-time data.
The Credit Team completes an individual Credit Review template for all loan files examined.
On completion of the on-site loan file reviews work, the Credit Team completes a Summary
Report to outline review findings, with recommendations made where appropriate to
strengthen credit controls and to mitigate risks identified. In circumstances where
deficiencies are identified with regard to a credit institution’s credit grading (reliability) /
DCF model outputs (provision adequacy), this will be reflected in the findings. The
Summary Report is subsequently forwarded to the relevant Supervisory Team. On receipt
of the Summary Report, a RMP is agreed with Banking Supervision management.
Supervisors, having drawn conclusions, may meet with the CRO / CCO and CEO of the bank
to discuss the review findings and to obtain feedback which may allow them to refine the
conclusions. A post-review letter is then sent to the credit institution addressed to the CEO
to formally communicate significant findings and to highlight credit control weaknesses
identified during the review. The letter will also outline risk mitigation actions required and
a time line for the completion of the actions. The bank will be required to respond with an
appropriate action plan to address the review findings. The RMP is uploaded to PRISM to
ensure timely follow up and tracking.
IRELAND
140 INTERNATIONAL MONETARY FUND
Testing of Board and Senior Management Understanding at Application Stage
The banks are required to carry out a self-assessment of quality of senior management
understanding of models as part of application for approval of new IRB models. Following
on from this, the Central Bank carries out an onsite assessment of the level of senior
management understanding of rating systems – by interviewing specific senior
management within the relevant institutions.
The overall assessment of senior management understanding feeds into the assessment of
the use test and the decision on whether to approve the relevant models or on the
conditions to be placed on approval of such models. (See examples below which detail the
work performed in this regard.)
Ongoing Review of Senior Management Understanding of models including an evaluation
of their capability to understand the limitations and uncertainties relating to the output of
the models and the risk inherent in their use.
As part of the Central Bank’s Pillar II reviews, the Central Bank seeks to ensure that
Board/Senior management have an appropriate knowledge of models, which includes an
understanding of their limitations and uncertainties relating to the output of the models
and the risk inherent in their use. (See examples below which detail the work performed in
this regard.)
In Autumn 2011, a bank applied for permission to use an F-IRB model to calculate their
Pillar I charge for their branch banking Ireland portfolio. They submitted their
documentation as required under the CRD and the Central Bank had a period over which it
consulted with the bank to clarify issues via face-to-face meetings, conference calls and
emails. The conclusion of the process was that approval for use of the F-IRB method was
given on the condition that their process around calculating downturn Loss Given Defaults
(LGDs) was improved, and a review of the factor weights in their Probability of Default (PD)
models was carried out. To date, the bank is not yet using F-IRB for this portfolio.
Testing of Board and Senior Management Understanding at Application Stage
Specifically for, one institution which sought approval for IRB model, the senior
management interviewed included:
? Head of Business;
? Member of the designated approval committee; and
? Divisional head of credit.
The key elements of rating systems considered included: (a) IRB concepts, (b) use of ratings,
(c) key material drivers of PD, LGD and Cash Flow, (d) discriminatory power of the model,
(e) model life cycle, (f) IRB stress testing, and (g) challenge and model weaknesses
(amongst others)
The overall assessment of senior management understanding fed into the decision on
whether to approve the relevant models or on the conditions to be placed on approval of
such models. The Central Bank was not satisfied with the level of understanding and
recommended that a condition be placed on any permission requiring the senior
management understanding program to be improved in terms of its scope, frequency and
depth of training provided, with a specific timeframe, with the aim of demonstrating
compliance with the requirements for senior management understanding in Annex VII, Part
4 of the CRD.
IRELAND
INTERNATIONAL MONETARY FUND 141
EC7 The supervisor determines that banks have information systems that are adequate (both
under normal circumstances and in periods of stress) for measuring, assessing and
reporting on the size, composition and quality of exposures on a bank-wide basis across all
risk types, products and counterparties. The supervisor also determines that these reports
reflect the bank’s risk profile and capital and liquidity needs, and are provided on a timely
basis to the bank’s Board and senior management in a form suitable for their use.
Description and
findings re EC7
The EBA Guidelines on Internal Governance stipulate that institutions shall have effective
and reliable information and communication systems covering all its significant activities
(section 30(1)). Information systems, including those that hold and use data in electronic
form, should be secure, independently monitored and supported by adequate contingency
arrangements. An institution should comply with generally accepted IT Standards when
implementing IT systems (section 30(2)). The Corporate Governance Code requires that the
board shall ensure that it receives timely, accurate and sufficiently detailed information
from risk and control functions (section 14(6)). The Central Bank’s 2009 requirements for
the management of liquidity risk provides details of what is expected from the
Management Information System and Internal Controls employed in managing liquidity
(section 3(4)).
The Central Bank recently developed a new IT framework and assessment methodology
and this has been rolled out within the last two months. The methodology provides the
Central Bank with a structured approach for reviewing the IT capability of banks. The
Central Bank’s framework includes an in-depth online assessment tool which is used as the
basis for challenging senior bank management. In addition, the framework encompasses a
review of IT policies and procedures and IT internal audit reports etc.
On an ongoing basis, supervisors evaluate the capability of a bank to produce close to real-
time management information across their portfolios to aggregate total exposure
positions.
EC8 The supervisor determines that banks have adequate policies and processes to ensure that
the banks’ Boards and senior management understand the risks inherent in new products,
38
material modifications to existing products, and major management initiatives (such as
changes in systems, processes, business model and major acquisitions). The supervisor
determines that the Boards and senior management are able to monitor and manage these
risks on an ongoing basis. The supervisor also determines that the bank’s policies and
processes require the undertaking of any major activities of this nature to be approved by
their Board or a specific committee of the Board.
Description and
findings re EC8
EBA Guidelines on Internal Governance (GL44) section 23 states that:
? An institution shall have in place a well-documented New Product Approval Policy
(“NPAP”), approved by the management body, which addresses the development of
new markets, products and services and significant changes to existing ones.
? An institution’s NPAP should cover every consideration to be taken into account
before deciding to enter new markets, deal in new products, launch a new service or
make significant changes to existing products or services.
? The NPAP should set out the main issues to be addressed before a decision is made.
? The risk control function should be involved in approving new products or
38
New products include those developed by the bank or by a third party and purchased or distributed by the bank.
IRELAND
142 INTERNATIONAL MONETARY FUND
significant changes to existing products.
In line with EBA Guidelines on Internal Governance (section 23) the Central Bank requires
that institutions have in place a well-documented NPAP, approved by the management
body, which addresses the development of new markets, products and services and
significant changes to existing ones. The risks inherent in new products, changes to existing
products or processes are required to be set out and should be subject to a
multidisciplinary review.
It is not a prerequisite that the Board or a subcommittee approve all new products,
however in line with the EBA guidelines, the Central Bank does require that a new product
policy and process is in place which is approved by the management body. In the
aforementioned RMP, the Central Bank did request that significant new products be signed
off by the Board or a nominated subcommittee. For example in respect of the new
advanced forbearance mortgage products launched by banks, these were approved by the
boards of the relevant banks.
In terms of Board and Senior management understanding of risks inherent in in new
products, material modifications to existing products, and major management initiatives
the Central Bank expects members of the management body, both individually and
collectively, to have the necessary expertise, experience, competencies, understanding and
personal qualities to properly carry out their duties. In addition, it is expected that
members of the management body should acquire, maintain and deepen their knowledge
and skills to fulfill their responsibilities. Section 11(3) of the Corporate Governance Code
also requires that the non-executive and executive directors shall have a knowledge and
understanding of the business, risks and material activities of the institution to enable them
to contribute effectively.
Compliance with these provisions is monitored through corporate governance reviews in
conjunction with vetting of new directors and senior managers through the fitness and
probity regime. As part of the Central Bank’s fitness and probity regime, the Central Bank
seeks to ascertain that directors and senior management are competent for the role which
they are being proposed for. This includes ensuring that they have an understanding of all
risks of the banks. Banks certify compliance with the Corporate Governance Code by
submitting an annual compliance statement under section 25(1). In addition as part of the
PRISM engagement activities supervisors meet with banks senior management and
directors (frequency of meeting dependent upon the impact categorization of the bank).
These meetings would cover a number of topics including, inter alia, risks inherent in new
products, material modifications to existing products, and major management initiatives.
New product approval process in the institutions under supervision is assessed as part of
the assessment of the banks’ operational risk framework, utilising the guidance provided in
Banking Supervision’s Operational Risk Assessment Methodology. The frequency of this
review is dependent on whether a signal of risk exists.
EC9 The supervisor determines that banks have risk management functions covering all material
risks with sufficient resources, independence, authority and access to the banks’ Boards to
perform their duties effectively. The supervisor determines that their duties are clearly
segregated from risk-taking functions in the bank and that they report on risk exposures
directly to the Board and senior management. The supervisor also determines that the risk
management function is subject to regular review by the internal audit function.
IRELAND
INTERNATIONAL MONETARY FUND 143
Description and
findings re EC9
As part of its ongoing supervision, the Central Bank reviews the risk management functions
of Irish licensed banks to determine if, inter alia, (i) they are sufficiently and adequately
skilled (ii) there are clear delineations between the first and second lines of defense and (iii)
the functions have appropriate access to the banks’ Boards. This assessment is conducted
through meetings with relevant personnel (including with the CRO, which is a defined
PRISM engagement task), review of executive/board risk committee or other relevant
minutes (to identify any issues which may call into question the independence, authority or
adequacy of resourcing of the risk management function). In some cases (predominately
for the covered banks) supervisors attend Risk Committee meetings (both Board and
Executive risk committees) and credit review meetings to validate independence, authority
and ability of the Risk function.
Supervisors of all High Impact institutions meet with the Internal Auditor at least once a
year. A key focus of those meetings is the annual audit plan, and ensuring the plan is
sufficient in scope, targeting all areas across the bank. This includes the risk management
function. The Central Bank’s Corporate Governance Code also requires that the bank’s
system of governance shall be subject to regular internal review. (6(3))
Guidelines on the Application of the Supervisory Review Process under Pillar 2 identify the
need for a risk control function in large, complex and sophisticated institutions, and state
that a risk control function should be established to monitor each of the material risks to
which the institution is exposed. The Central Bank requires institutions to have a risk
control function which is proportionate to the nature, scale and complexity of the
institution.
The Corporate Governance Code requires Credit Institutions to meet the following criteria
in relation to risk management functions:
? 14(3) The Board shall ensure that the risk management framework and internal
controls reflect the risk appetite and that there are adequate arrangements in place
to ensure that there is regular reporting to the Board on compliance with the risk
appetite.
? 22(3) The role of the Risk Committee shall be to advise the Board on risk appetite
and tolerance for future strategy, taking account of the Board’s overall risk appetite;
the current financial position of the institution; and, drawing on the work of the
Audit Committee and the External Auditor, the capacity of the institution to manage
and control risks within the agreed strategy. The Risk Committee shall oversee the
risk management function.
? 22(4) The Risk Committee shall ensure the development and ongoing maintenance
of an effective risk management system within the financial institution that is
effective and proportionate to the nature, scale and complexity of the risks inherent
in the business.
The Central Bank also requires banks to adhere to Section D part IV of the EBA Guidelines
on Internal Governance (GL 44) in establishing their risk management function.
The regular engagement with bank’s key risk management personnel (predominantly the
CRO), provide an opportunity to assess the adequacy of risk management within a bank in
terms of quality of staff, issues being addressed and level of independence. Preparation for
these meetings involved obtaining and reviewing risk material. Outside of the engagement
with the CRO, supervisors will assess the adequacy of resources, authority and
independence through the onsite risk activities: FRR and FRA processes.
IRELAND
144 INTERNATIONAL MONETARY FUND
EC10 The supervisor requires larger and more complex banks to have a dedicated risk
management unit overseen by a Chief Risk Officer (CRO) or equivalent function. If the CRO
of a bank is removed from his/her position for any reason, this should be done with the
prior approval of the Board and generally should be disclosed publicly. The bank should
also discuss the reasons for such removal with its supervisor.
Description and
findings re EC10
The Corporate Governance Code requires that the governance structure put in place by
each institution shall be sufficiently sophisticated to ensure that there is effective oversight
of the activities of the institution taking into consideration the nature, scale and complexity
of the business being conducted (6(4)). All institutions shall have robust governance
arrangements which include a clear organisational structure with well defined, transparent
and consistent lines of responsibility, effective processes to identify, manage, monitor and
report the risks to which it is or might be exposed, adequate internal control mechanisms,
including sound administrative and accounting procedures, IT systems and controls,
remuneration policies and practices that are consistent with and promote sound and
effective risk management both on a solo basis and at group level. The system of
governance shall be subject to regular internal review. (6(3))
In addition to the above, the Central Bank requires banks to comply with guidelines on the
Application of the Supervisory Review Process under Pillar 2 (GL03) which state:
? The risk management function should be a central organisational feature of an
institution. It should be structured in a way that permits it to achieve its objectives of
implementing risk policies and managing risk within the institution. Large, complex
and sophisticated institutions could consider establishing risk management
functions to cover each material business line.
Section 13.7 of the Central Bank’s Corporate Governance Code requires that removal from
office of the head of a Controlled Function (including the CRO) shall be subject to prior
Board approval. The Central Bank does not, however, seek that this removal be disclosed
publicly.
CRO is deemed a PCF under the Central Bank’s fitness and probity regime, thus a
comprehensive assessment is conducted of the individual prior to a letter of non-objection
to the appointment issuing by the Central Bank. When a person who holds a PCF resigns
(even in the case of removal) from that position, the following information must be
provided to the Central Bank:
? Full name of person resigning
? Financial Service Provider name and number
? PCF held
? Date of resignation
? Reason given for resignation (including copy of resignation letter)
? Contact details for person resigning, including email address and postal address
(The Central Bank may contact PCF who have resigned in the course of regulation of
Financial Service Providers)
? Contact details for Financial Service Provider
While the Central Bank does not require that the removal of a CRO be disclosed publicly, a
record of such a removal would be maintained by the Central Bank and would be taken
into account should that person ever seek appointment for a pre-approval role in the
future.
EC11 The supervisor issues standards related to, in particular, credit risk, market risk, liquidity risk,
IRELAND
INTERNATIONAL MONETARY FUND 145
interest rate risk in the banking book and operational risk.
Description and
findings re EC11
The Central Bank has issued a significant number of standards and guidance to banks on a
range of prudential requirements covering: credit risk; market risk; operational risk;
Corporate Governance; liquidity risk; and capital, amongst others. It has also issued codes
on conduct of business rules. In addition, the Central Bank requires institutions to ensure
that their operations are consistent with all EBA guidelines unless otherwise instructed (as
outlined in the Central Bank’s notice entitled “Implementation of the CRD” (28 December
2006, as amended January 2011).
EC12 The supervisor requires banks to have appropriate contingency arrangements, as an
integral part of their risk management process, to address risks that may materialize and
actions to be taken in stress conditions (including those that will pose a serious risk to their
viability). If warranted by its risk profile and systemic importance, the contingency
arrangements include robust and credible recovery plans that take into account the specific
circumstances of the bank. The supervisor, working with resolution authorities as
appropriate, assesses the adequacy of banks’ contingency arrangements in the light of
their risk profile and systemic importance (including reviewing any recovery plans) and
their likely feasibility during periods of stress. The supervisor seeks improvements if
deficiencies are identified.
Description and
findings re EC12
The Central Bank’s notice entitled “Implementation of the CRD” (28 December 2006, as
amended January 2011) advised that institutions should be guided by the paper published
by BCBS entitled “Sound Practices for the Management of Operational Risk.” Principle 7 of
this paper specifically outlines that banks should have in place contingency and business
continuity plans to ensure their ability to operate on an ongoing basis and limit losses in
the event of severe business disruption.
Section E(31) of EBA’s Guidelines on Internal Governance outlines specific requirements for
banks in respect of business continuity including the following:
? An institution shall establish a sound business continuity management to ensure its
ability to operate on an ongoing basis and limit losses in the event of severe
business disruption.
? An institution should carefully analyse its exposure to severe business disruptions
and assess (quantitatively and qualitatively) their potential impact, using internal
and/or external data and scenario analysis.
? On the basis of the above analysis, an institution should put in place:
o Contingency and business continuity plans to ensure an institution reacts
appropriately to emergencies and is able to maintain its most important
business activities if there is disruption to its ordinary business procedures.
o Recovery plans for critical resources to enable it to return to ordinary business
procedures in an appropriate timeframe. Any residual risk from potential
business disruptions should be consistent with the institution’s risk
tolerance/appetite.
? Contingency, business continuity and recovery plans should be documented and
carefully implemented.
BCBS also produced a paper in August 2006 entitled High Level Principles for Business
Continuity. Banks are expected to be guided by these principles.
Supervisors assess the appropriateness of banks’ contingency arrangements generally, as
part of thematic operational risk reviews. The frequency of these reviews is increased if
IRELAND
146 INTERNATIONAL MONETARY FUND
there are signals of risk, where supervisors have determined that there are indicators of
this risk being material to the bank. Banking Supervision’s Methodology for the
Assessment of Operational Risk outlines typical signals of business continuity risk which
assist in the determination of whether a risk is material to a given bank, and also outlines
typical expected mitigants of these risks. As noted previously, where deficiencies are
identified in this area, RMP actions are raised accordingly.
The quality and depth of analysis of BCP as part of routine offsite supervision was
insufficient to detect deficiencies. There was a scarcity of regular routine reports regarding
the status of bank continuity arrangements for supervisors to monitor this risk adequately.
The regime was largely exception based after an event. In terms of onsite analysis, onsite
review of business continuity is assessed as part of operational risk within the FRR/FRA.
Given operational risk is assessed thematically, the process is not systematic to identify
higher inherent risk banks, especially for the higher impact banks.
In light of a recent systems issue at a major bank, the retail banks in Ireland were required
to review their business continuity plans and specifically examine the risks of a similar issue
arising in their own institutions. In addition, operational risk reviews have been completed
in many of the banks, including consideration of business continuity risk. Further, IT risk
assessment completed in one of the major banks, with consideration of disaster recovery
planning - this is being rolled out further.
EC13 The supervisor requires banks to have forward-looking stress testing programmes,
commensurate with their risk profile and systemic importance, as an integral part of their
risk management process. The supervisor regularly assesses a bank’s stress testing
programme and determines that it captures material sources of risk and adopts plausible
adverse scenarios. The supervisor also determines that the bank integrates the results into
its decision-making, risk management processes (including contingency arrangements) and
the assessment of its capital and liquidity levels. Where appropriate, the scope of the
supervisor’s assessment includes the extent to which the stress testing programme:
(a) promotes risk identification and control, on a bank-wide basis
(b) adopts suitably severe assumptions and seeks to address feedback effects and
system-wide interaction between risks;
(c) benefits from the active involvement of the Board and senior management; and
(d) is appropriately documented and regularly maintained and updated.
The supervisor requires corrective action if material deficiencies are identified in a bank’s
stress testing programme or if the results of stress tests are not adequately taken into
consideration in the bank’s decision-making process
Description and
findings re EC13
The Central Bank requires banks to comply with both European and international
legislation and guidelines in respect of stress testing. Annex VII, Part 4 of the CRD
(2006/48/EC - Points 40-42) requires a credit institution to have in place sound stress
testing processes for use in the assessment of its capital adequacy. Stress testing shall
involve identifying possible events or future changes in economic conditions that could
have unfavorable effects on a credit institution’s credit exposures and assessment of a
credit institution’s ability to withstand such changes. Annex V of the CRD (2006/49/EC - 2G)
advises that a bank’s stress testing process shall particularly address illiquidity of markets in
stressed market conditions; concentration risk; one way markets; event and jump-to-default
risks; non-linearity of products; deep out-of-the-money positions; positions subject to the
IRELAND
INTERNATIONAL MONETARY FUND 147
gapping of prices; and other risks that may not be captured appropriately in the internal
models. The shocks applied shall reflect the nature of the portfolios and the time it could
take to hedge out or manage risks under severe market conditions.
(a) promotes risk identification and control, on a bank-wide basis
The Central Bank Stress Testing and Capital Planning Supervisory Framework, which forms
a basis of evaluation of a bank’s stress testing practices and which is an in-house
implementation of EBA guidelines on stress testing (GL 32) and general best practice in this
area, requires regulated institutions to ensure that:
? Stress testing is conducted on a firm-wide basis covering a range of risks in order to
deliver a complete and holistic picture of the institution’s risks.
? Stress testing is performed for all material risks types including: market, credit,
operational and liquidity risk with scenarios addressing all the material risk types;
main risk factors; and institution-specific vulnerabilities.
? Stress testing explicitly covers complex and bespoke products such as securitised
exposures, and for scenarios to factor in (a) illiquidity/gapping of prices, (b)
concentrated positions, (c) one-way markets, (d) non-linear products, (e) jump-to-
default, and (f) significant shifts in correlations and volatility.
? Stress tests are performed on specific portfolios and specific types of risks that affect
them.
? Banks must fully articulate the role of stress tests in identification of concentration
and business risk.
(b) adopts suitably severe assumptions and seeks to address feedback effects and system-wide
interaction between risks
The Central Bank Stress Testing and Capital Planning Supervisory Framework require
regulated institutions to:
? Ensure that Stress Testing is based on exceptional but plausible effects.
? Incorporate system-wide interactions and feedback effects within scenario stress
tests and specifically to incorporate simultaneous occurrence of events across the
institution.
? Ensure that Stress Testing programme covers a range of scenarios with different
severities including scenarios which reflect a severe economic downturn.
? Be aware of the possible dynamic interactions among risk drivers.
? Take into account simultaneous pressures in funding and asset markets and the
impact of a reduction in market liquidity on exposure valuation.
? Develop reverse stress tests as one of their risk management tools to complement
the range of stress tests they can undertake.
Some of the specific considerations expected to be taken into account in scenario
formulation could include:
? expectations with regard to collateral valuations;
? trading strategies of the institution;
? market disturbance, breakdown in correlations;
? failure of hedging techniques;
? illiquid markets; and
? Major failure in systems/processes/people.
There should also be a good mix of historical and hypothetical scenarios. Supervisory
reviews, as part of the Pillar 2 process, involve the evaluation and challenge of severity of
and assumptions around firm-wide stress testing. This is achieved through benchmarking
IRELAND
148 INTERNATIONAL MONETARY FUND
and expert judgment. The reverse stress test also acts as a complement to the range of the
adopted stress scenarios.
(c) benefits from the active involvement of the Board and senior management
The Central Bank Stress Testing and Capital Planning Supervisory Framework requires
regulated institutions to:
? Provide evidence of senior management participation in review and identification of
potential stress scenarios.
? Demonstrate that there has been candid discussion on modeling assumptions
between the board and risk managers.
? Ensure that stress testing programme is actionable and informs decision-making at
all appropriate management levels of the institution, e.g. reviewing limits and
reviewing strategy. Specifically, stress testing should be sufficiently integrated into
the institution’s risk management frameworks and senior management decision-
making.
? Demonstrate that the outcome of a reverse stress test has appropriately feed into
contingency planning.
? Ensure that the Stress Testing Committee, where in place, is involved in the
discussion of: design; assumptions; results; limitations; and implication of stress
testing.
(d) is appropriately documented and regularly maintained and updated
The Central Bank Stress Testing and Capital Planning Supervisory Framework requires
regulated institutions to:
? Have written policies and procedures to facilitate the implementation of the stress
testing programme.
? Ensure that stress testing is reviewed regularly and assessed for fitness of purpose.
S.I. 661 of 2006, which transposes the requirements of the CRD, includes a number of
requirements in relation to stress testing:
? A credit institution shall conduct periodic stress tests of their credit risk
concentrations including in relation to the realisable value of any collateral taken.
? The stress tests shall address risks arising from potential changes in market
conditions that could adversely impact the credit institution’s adequacy of own
funds and risks arising from the realisation of collateral in stressed situations.
? The credit institution shall satisfy the Central Bank that the stress tests carried out
are adequate and appropriate for the assessment of such risks.
? Where a stress test indicates a lower realisable value of collateral taken than would
be permitted to be taken into account under paragraphs (1) and (2) or (3) to (6), as
appropriate, the value of collateral permitted to be recognised in calculating the
value of exposures for the purposes of Regulation 57(1) to (5) shall be reduced
accordingly.
? Such credit institutions shall include in their strategies to address concentration risk
policies and procedures in the event that a stress test indicates a lower realisable
value of collateral than taken into account under paragraphs (1) to (6).
In addition to European and Irish legislation in respect of stress testing, the EBA has also
published guidelines in respect of stress testing, which banks are required to comply with
GL32, CEBS revised guidelines on stress testing, published August 2010. EBA Guidelines on
Internal Governance outline that, to identify and measure risks, an institution should
develop forward-looking and backward-looking tools. Forward-looking tools (such as
IRELAND
INTERNATIONAL MONETARY FUND 149
scenario analysis and stress tests) should identify potential risk exposures under a range of
adverse circumstances. The Central Bank has developed a Stress Testing and Capital
Planning Supervisory Framework. This Framework takes into account the proportionality
principle.
The supervisor requires corrective action if material deficiencies are identified in a bank’s
stress testing programme or if the results of stress tests are not adequately taken into
consideration in the bank’s decision-making process. The Central Bank focuses primarily on
the results from the bank’s models. It specifically reviews macro-economic factors applied
by the banks in their models to perform a peer comparison, and a comparison with other
scenarios, such as those specified for PCAR 2011 (see CP16 for details on FMP 2011). The
Central Bank reviews the output of the models and assesses their plausibility (which again
may involve a peer comparison), and whether they adequately cover all material risks in the
portfolio. Banks are also required to demonstrate the firm-wide nature of the stress tests,
i.e. that the same tests are applied across all risk types. Their ICAAP is also reviewed to
verify that the results of the stress tests are appropriately disclosed (i.e. to the board and
senior management), the impact on capital and liquidity levels, and the subsequent actions
(where required) taken.
In addition, the monitoring of stress testing practice and processes in regulated institutions
(as part of the SREP exercise) normally involves a combination of desk-based review and
on-site exercises. The desk-based review involves a review of:
? stress testing framework and methodology documents;
? results of internal stress testing;
? outcome of gap analysis against EBA guidelines on stress testing (GL 32); and
? terms of reference for relevant committees (e.g., stress testing committee).
The on-site work, on the other hand, mainly involves review of governance and overall
implementation of stress testing. Specifically, the following areas are covered (subject to
the proportionality principle):
? scenario formulation and selection;
? scenario translation methodologies (including challenge);
? quantification of impact of selected scenarios on profitability, capital and liquidity;
and
? use of outputs.
To ensure consistency in the review of institutions, the Risk Modeling Unit has developed a
Stress Testing and Capital Planning Framework setting out general expectations.
In PRISM, the assessment of the level of capital risk inherent in a regulated institution
requires that an examiner takes into account:
? the quality of stress testing process;
? the role of stress testing and scenario analysis in the firm’s capital and business
planning process; and
? the feasibility of proposed contingency measures in a period of general market
stress.
EC14 The supervisor assesses whether banks appropriately account for risks (including liquidity
impacts) in their internal pricing, performance measurement and new product approval
process for all significant business activities.
Description and
findings re EC14
The supervisor assesses whether banks appropriately account for risks (including liquidity
impacts) in their internal pricing, performance measurement and new product approval
IRELAND
150 INTERNATIONAL MONETARY FUND
process for all significant business activities through a number of measures:
Business Model Review
As per PRISM supervisory tasks, for High Impact firms, a business model review assesses,
inter alia, if the banks are appropriately taking account of risk in their internal pricing.
(These reviews are completed every 2 years).
Remuneration Reviews
These reviews were carried out both in 2010 and 2011. The reviews considered whether risk
was incorporated into performance measurement (see practical example for further details).
Operational Risk Reviews
New product approval is assessed as part of supervisors’ operational risk assessments
under the following categories:
Completeness ? Operational risk is considered in approval process and
processes
? New systems/system upgrades fully assessed for potential
operational risk
Quality ? Comprehensive and regular review
? Testing of processes
? Functional and business areas involved (e.g. I.T., risk and
business lines)
Effectiveness ? Regular review for appropriateness
? Internal Audit review of new product approval process and
integration with operational risk
The Central Bank requires banks to take account of both legislation and guidelines to
ensure they appropriately account for risks (including liquidity impacts) in their internal
pricing, performance measurement and new product approval process for all significant
business activities.
New Product Approval Process and Internal Pricing
EBA guidelines on internal governance (September 2011) include a specific section relating
to new products (section 23). It outlines the following in respect of ensuring banks
appropriately account for risk in new products: formalized new product approval;
involvement of risk control functions in the new product approval process; and a
compliance function should verify new products comply with legal requirements.
BCBS Principles for the Management of Credit Risk, specifically principle 3, outlines that
Banks should identify and manage credit risk inherent in all products and activities. Banks
should ensure that the risks of products and activities new to them are subject to adequate
risk management procedures and controls before being introduced or undertaken, and
approved in advance by the Board of Directors or its appropriate committee.
BCBS Principles for Sound Liquidity Risk Management and Supervision (September 2008),
specifically principle 4, requires that banks should incorporate liquidity costs, benefits and
risks in the internal pricing, performance measurement and new product approval process
for all significant business activities (both on and off-balance sheet), thereby aligning the
risk-taking incentives of individual business lines with the liquidity risk exposures their
activities create for the bank as a whole.
IRELAND
INTERNATIONAL MONETARY FUND 151
Performance Measurement
New legal requirements on remuneration contained in the amended CRD came into effect
on 1 January 2011 and were supplemented by guidelines issued by the EBA (together “the
Requirements”). The Central Bank advised all banks, in December 2010, of the
Requirements and required banks to take whatever action was necessary to ensure
compliance with the Requirements. In 2011, the Central Bank carried out a Remuneration
Review. This Review assessed compliance with the CRD, followed up findings from the 2010
Central Bank review and assessed compliance against the EBA guidelines.
Additional
criteria
AC1
The supervisor requires banks to have appropriate policies and processes for assessing
other material risks not directly addressed in the subsequent Principles, such as
reputational and strategic risks.
Description and
findings re AC1
Article 123 of Directive 2006/48/EC (as amended) (CRD) requires credit institutions to have
in place sound, effective and complete strategies and processes to assess and maintain on
an ongoing basis the amounts, types and distribution of internal capital that they consider
adequate to cover the nature and level of the risks to which they are or might be exposed.
The Corporate Governance Code requires banks to have in place robust governance
arrangements and effective processes to identify, manage, monitor and report the risks to
which it is or might be exposed, adequate internal control mechanisms, including: sound
administrative and accounting procedures; IT systems and controls; and practices that are
consistent with and promote sound and effective risk management.
As part of the SREP process and ICAAP review, the Central Bank assesses the processes
around all material risks.
In relation to reputational and strategic risks, these are considered as part of the Business
Model Reviews which are completed by the Central Bank. These reviews look at inter alia,
the bank’s strategy and business plan, including an evaluation of the reasonableness of
underlying assumptions, determination of earnings at risk and other strategic impediments
to achievement of this plan. This would take account of the impact of any reputational
issues being faced by the bank.
Directive 2006/48 (the CRD) has been largely transposed into Irish law by the Central Bank
Act 1971, S.I. 661 of 2006, the amended S.I. 395 of 1992 and S.I. 475 of 2009. Particular
regard should be given to regulations 66 and 70 of S.I. 661 of 2006.
Assessment of
Principle 15
Largely Compliant
Comments The Central Bank determines that banks have a comprehensive risk management process in
place through a combination of on and off-site supervision in line with the PRISM
engagement model. Supervisors evaluate the adequacy of risk management strategies,
policies, processes and limits established by a bank through periodic risk assessments, FRAs
and FRRs. For onsite risk reviews, the Central Bank has dedicated Credit, Treasury, Risk
Analytics (Quantitative Models Unit & Portfolio Analytics and Stress testing unit) and
Business Model Analytics teams which analyze credit institution’s risk management
processes. These teams are also used in assessing offsite reporting by banks. A specialist
team for operational risk does not exist (however an operational risk methodology has
been developed and rolled for use by supervisors) and in relation to business continuity
(EC12) onsite reviews are largely reactive and is one gap in the supervisory framework. The
IRELAND
152 INTERNATIONAL MONETARY FUND
range of qualitative and quantitative information to assess the status of business continuity
was not sufficient to reliably monitor the robustness of arrangements on an ongoing basis.
While some thematic work has been performed, a systematic approach to test and evaluate
continuity arrangements has yet to be completed.
The level of monitoring and frequency of analysis performed by the specialist teams is
determined by its PRISM impact rating, which sets out the minimum engagement model
required. Supervisory engagement over and above the minimum is determined, inter alia,
by the probability risk ratings. For High Impact banks, coverage is adequate to make a
comprehensive assessment of risk management. For banks with an Impact rating less than
High, review and assessment of risk management will be performed through the FRA with a
minimum frequency of between 2-4 years. In the event issues arise from the Central Bank’s
assessment of risk management, actions are updated in the risk mitigation programs within
PRISM which is an effective system for tracking the status of issues and remediation.
In relation to internal models, the Central Bank conducts a risk-based annual model
performance review covering all retail and significant locally developed wholesale models.
Accordingly, only high impact firms are subject to an annual performance review (i.e. 5 of
the 14 institutions with regulatory approval to use internal models). For the remaining
lower impact institutions, the CBI relies on ongoing model performance conducted at the
parent level, which regulated by the home country supervisor. For these 9 institutions, a
higher level of ongoing assurance through liaisons with the Home country supervisor that
models are working effectively should be gained.
Principle 16 Capital adequacy.
39
The supervisor sets prudent and appropriate capital adequacy
requirements for banks that reflect the risks undertaken by, and presented by, a bank in the
context of the markets and macroeconomic conditions in which it operates. The supervisor
defines the components of capital, bearing in mind their ability to absorb losses. At least
for internationally active banks, capital requirements are not less than the applicable Basel
standards.
Essential criteria
EC 1
Laws, regulations or the supervisor require banks to calculate and consistently observe
prescribed capital requirements, including thresholds by reference to which a bank might
be subject to supervisory action. Laws, regulations or the supervisor define the qualifying
components of capital, ensuring that emphasis is given to those elements of capital
permanently available to absorb losses on a going concern basis.
Description and
findings re EC1
Capital is currently (legal basis) defined under the Capital Requirements Directive (CRD), as
transposed by Irish statutory instruments (primarily S.I 661 of 2006, Regulations 3-11, in
relation to Own Funds). As with the CRD, the statutory instruments do not explicitly use the
terms Core Tier 1, Non-Core Tier 1 and Tier 2, although the substance of the Basel rules on
Tier 1 and Tier 2 is reflected in those transposed articles.
The CBI defines CT1 in line with the EBA definition of April 2011 applied by EBA for stress
39
The Core Principles do not require a jurisdiction to comply with the capital adequacy regimes of Basel I, Basel II
and/or Basel III. The Committee does not consider implementation of the Basel-based framework a prerequisite for
compliance with the Core Principles, and compliance with one of the regimes is only required of those jurisdictions
that have declared that they have voluntarily implemented it.
IRELAND
INTERNATIONAL MONETARY FUND 153
testing purposes (which complies with the CRD). In addition, when the CBI set higher
capital requirements (i.e. 10.5% CT1) on the Irish covered banks in 2011, the CBI defined
CT1 using the definition of CT1 as defined in the regulatory policy on Alternative Capital
Instruments (ACIs – i.e. CT1 minus non-core Tier 1 and hybrid capital).
The new CRR capital rules will apply from 1 January 2014, however, any Irish licensed bank
intending to issue capital instruments now will have to ensure that such instruments are
“forward-proofed” and meet the requirements of the CRR.
Hybrid capital instruments which contain an incentive to redeem are treated as innovative
instruments and limited to a maximum of 15% of total Tier 1 capital under S.I. 661 of 2006.
The EBA guidelines on hybrid capital instruments are also applied. Non-Cumulative
preference shares are considered as hybrids; those considered non-innovative may account
for a maximum of 50% of total Tier 1 (depending on the specific terms and conditions).
They are not included in CT1; the only exception is in the case of emergency state aid
instruments, which in specific circumstances have been included in CT1 (this only applies to
Irish covered banks). These will cease to count as CT1 post-2017(end of the grandfathering
period).
Prudential Filters applied for Tier 1 calculation
Irish banks are required to filter out any fair value reserves related to gains or losses on
cash flow hedges of financial instruments measured at amortized cost, and any gains or
losses on their liabilities measured at fair value that are due to changes in their own credit
standing. In addition, they are required by the CBI to comply with the CEBS Guidelines for
Prudential Filters on Regulatory Capital.
Deductions from Tier 1
Deductions entirely from Tier 1:
? Intangible assets.
? Own shares at book value held by the institution, and losses (material or otherwise)
of the financial year.
?
50:50 Deductions
Other deductions which are currently applied 50 percent from Tier 1 and 50 percent from
Tier 2 include:
? Holdings in other credit and financial institutions amounting to more than 10% of
their capital, and any subordinated claims and instruments which the bank holds in
respect of these institutions.
? Excess over 10% of the bank’s adjusted own funds of holdings in other credit and
financial institutions of up to 10% of their capital and any subordinated claims, and
instruments which the bank holds in respect of these institutions.
? Participations held in insurance undertakings, reinsurance undertakings and
insurance holding companies, and any other capital instruments issued by these
entities in which a participation is held.
? IRB Provision shortfall and IRB equity expected loss amounts.
? Securitization exposures not included in risk-weighted assets or in the net positions
subject to capital charge, respectively.
IRELAND
154 INTERNATIONAL MONETARY FUND
Tier 2 capital incorporates lesser quality (in terms of loss absorption and permanence)
capital instruments and reserves. For the PCAR banks, Tier 2 capital include state aid in the
form of contingent convertible instruments (CoCos) issued in July 2011. The five-year host
instruments convert to common equity on a breach of a CT1/Common Equity Tier 1 ratio of
8.25%, or when deemed non-viable by the Central Bank.
Tier 3 capital is made up of short-term (minimum of 2 years) subordinated loan capital and
net trading book profits. The Central Bank may require any other reductions
(filters/deductions) from a tier of total capital, as it deems necessary.
Minimum Capital Requirements
As a minimum requirement, all Irish-licensed banks are required to meet a total capital
ratio of 8%, incorporating a minimum ratio of 4% Tier 1 or going-concern capital to RWA.
Of the 4% Tier 1, Irish law states that at most half of the capital required may comprise
hybrid capital instruments which convert into Article 57(a)-compliant instruments at the
initiative of the issuer or in emergency situations, and within that hybrid limit, no more than
35% may be made up of instruments without such convertibility but also without an
incentive to redeem, and no more than 15% by instruments with an incentive to redeem.
Up to 50% of Tier 2 may comprise dated subordinated debt and fixed term cumulative
preference shares. Basel I capital floors using an adjustment factor of 80% or higher,
continues to be applied to Irish banks using an IRB approach to credit risk requirement
calculations and/or the AMA approach to operational risk requirements.
All banks are required to meet these minimum requirements on a solo basis, unless this
requirement is waived by the CBI. Irish-licensed parent institutions and Irish-licensed parent
financial holding companies must meet the capital requirements on a consolidated basis.
The CBI may permit the exclusion of certain subsidiaries from regulatory consolidation.
Subsidiary banks must apply their capital requirements on a sub-consolidated basis if those
banks (or their holding company) have a bank/financial institution/asset management
company as a subsidiary in a third country, or hold a participation in such an undertaking.
The minimum “Initial Capital” required is €5m or higher, as specified by the CBI, comprising
fully paid-up shares or reserves (as defined by Article 57(a) and (b) of 2006/48/EC) only.
Any authorizations given to banks with Initial Capital less than €5m must be notified by the
CBI to the European Commission and EBA. Authorization, including verification of Initial
Capital (see CP5), is an iterative process of question and response between the Central
Bank and the applicant. Where the own funds of a bank fall below the minimum initial
amounts required, the CBI may exempt the institution from those requirements for a
specified period in order for the institution to rectify the situation or make arrangements,
with the consent of the CBI, for the orderly cessation of deposit-taking and, where
appropriate, the winding-up of its affairs
Additional Capital Requirements
IRELAND
INTERNATIONAL MONETARY FUND 155
The CBI may apply a higher minimum ratio requirement to a bank at the outset of its
operations as a condition of license, as described in Principle 5, or to a going concern, as a
Pillar 2 measure.
Three High Impact rated Irish banks are currently subject to the (FMP) minimum
consolidated CT1 ratio of 10.5% until at least the end-2013. While applied as Pillar 2
measures by the CBI, following extensive on-site and off-site examinations (including a
prudential capital assessment review (loan loss forecast), data integrity validation and asset
quality review), these are structured as minimum requirements (rather than capital add-
ons) and are in the public arena. The CT1 ratio used for the FMP is defined by the CBI as
Tier 1 minus hybrids and all Tier 1 deductions (including 50% Tier 1 deductions) as per CRD
Regulations. The same High Impact banks also fall under EBA’s December 2011
Recommendation, requiring a 9% CT1 amount (EBA stress test definition) to be maintained
by the banks once the CRR comes into effect. Due to various null sets for the Irish banks,
the PCAR and EBA stress test definitions of CT1 are largely equivalent. In practice, the
8.25% Core Equity Tier 1 trigger (calculated using applicable national Basel III phase-in
rules) in the Tier 2 CoCos (see “Tier 2” above) will constitute the minimum capital
requirement for the PCAR banks. The average CT1 ratio for the three banks was c.14.67% at
June 2013.
Early Warning and Corrective Action
Ireland’s resolution regime, provides the CBI with the power to direct an authorized credit
institution to prepare a recovery plan. The CBI uses a variety of tools to regularly review
and assess the safety and soundness of banks. In cases where the CBI has concerns about
the bank’s capital adequacy levels, it raises them at an early stage, and requires that these
concerns be addressed in a timely manner. Where significant corrective action is required,
the CBI may oblige the credit institution to hold own funds in excess of the minimum level,
restrict the bank’s activities (including products) and risks, and/or sanction the bank, as
appropriate.
EC2
At least for internationally active banks,
40
the definition of capital, the risk coverage, the
method of calculation and thresholds for the prescribed requirements are not lower than
those established in the applicable Basel standards.
Description and
findings re EC2
Basel II was implemented in the EU via the CRD comprising two Directives, 2006/48/EC and
2006/49/EC. The CRD is applicable to all banks in the EU, not just those which are
internationally active. The CRD was transposed into Irish law primarily by S.I. 661 of 2006
(as amended) and S.I. 660 of 2006 (as amended) and applies to all Irish-licensed banks,
domestically and internationally-focused. The capital rules, as described in EC1, apply
40
The Basel Capital Accord was designed to apply to internationally active banks, which must calculate and apply
capital adequacy ratios on a consolidated basis, including subsidiaries undertaking banking and financial business.
Jurisdictions adopting the Basel II and Basel III capital adequacy frameworks would apply such ratios on a fully
consolidated basis to all internationally active banks and their holding companies; in addition, supervisors must test
that banks are adequately capitalized on a stand-alone basis.
IRELAND
156 INTERNATIONAL MONETARY FUND
therefore to all Irish-licensed banks.
EC3
The supervisor has the power to impose a specific capital charge and/or limits on all
material risk exposures, if warranted, including in respect of risks that the supervisor
considers not to have been adequately transferred or mitigated through transactions (e.g.
securitization transactions)
41
entered into by the bank. Both on-balance sheet and off-
balance sheet risks are included in the calculation of prescribed capital requirements.
Description and
findings re EC3
The CBI has powers to impose a specific capital charge, for all material risk exposures, on a
bank, restrict or limit its business and operations and reduce the risks inherent in the bank.
Regulation 70 of S.I. No. 661 of 2006 provides the CBI with the necessary powers and
actions if a bank does not meet the requirements set out in the CRD.
Regulation 70 states:
(1) The Bank (Central Bank) shall require any credit institution that does not meet
the requirements of these regulations (i.e. CRD) to take the necessary actions or
steps at an early stage to address the situation.
(2) For the purposes of paragraph (1), the measures available to the Bank shall
include the following:
a) Obliging credit institutions to hold own funds in excess of the
minimum level set out in Regulation 19,
b) Requiring the reinforcement of the arrangements, processes,
mechanisms and strategies implemented to comply with Regulation
16(3), i.e. governance arrangements including a clear organisational
structure with well defined, transparent and consistent lines of
responsibility, effective processes to identify, manage, monitor and
report the risks it is or might be exposed to, adequate internal control
mechanisms, sound administrative and accounting procedures and
remuneration policies and practices that are consistent with and
promote sound and effective risk management; and 4 (as inserted by
Regulation 79) of the European Communities (Licensing and
Supervision of Credit Institutions) Regulations 1992 and Regulation 65,
c) Requiring credit institutions to apply a specific provisioning policy or
treatment of assets, in terms of own funds requirements,
d) Restricting or limiting the business, operations or network of credit
institutions,
e) Requiring the reduction of the risk inherent in the activities, products
and systems of credit institutions.
f) Requiring credit institutions to limit variable remuneration as a
percentage of total net revenues when it is inconsistent with the
maintenance of a sound capital base,
g) Requiring credit institutions to use net profits to strengthen the capital
base.
41
Reference documents: Enhancements to the Basel II framework, July 2009 and: International convergence of capital
measurement and capital standards: a revised framework, comprehensive version, June 2006.
IRELAND
INTERNATIONAL MONETARY FUND 157
EC4
The prescribed capital requirements reflect the risk profile and systemic importance of
banks
42
in the context of the markets and macroeconomic conditions in which they operate
and constrain the build-up of leverage in banks and the banking sector. Laws and
regulations in a particular jurisdiction may set higher overall capital adequacy standards
than the applicable Basel requirements.
Description and
findings re EC4
In specific circumstances, where the CBI considers additional capital requirements are
warranted to reflect the risk profile and systemic importance of a bank, it can and has
applied additional requirements. Adequate powers and laws are available to the CBI to
apply risk sensitive capital requirements, impose additional capital requirements and
reduce the level of leverage in the financial system.
The prescribed capital requirements applied by the CBI are the requirements of the CRD.
Regulation 19 of S.I. 661 of 2006 sets out the minimum level of own funds. Regulations 20
to 47 of the S.I. set out minimum own funds requirements for credit risk. Regulations 48 to
51 of the S.I. set out minimum own fund requirements for operational risk.
For trading book capital requirements: Annex I of CRD (2006/49/EC), as amended, sets out
the minimum capital requirements for position risk (relating to general and specific risk
capital requirements); Annex II sets out minimum capital requirements for settlement and
counterparty credit risk (settlement/delivery risk); Annex III sets out minimum capital
requirements for foreign exchange risk; Annex IV sets out minimum capital requirements
for commodities risk; and Annex VI sets out minimum capital requirements for large
exposures.
Regulation 70 of S.I. 661 of 2006 provides the Central Bank with the necessary powers to
set overall capital adequacy standards (see EC3 above).
As part of the CBI’s FMP 2011, it conducted a PCAR on four of Ireland’s main banks, AIB,
BOI, IL&P and EBS. The PCAR consisted of 3 elements to derive additional capital
requirements:
? The estimation of independent loan-life and three-year losses under the base and
adverse macro-economic scenarios;
? The modeling of the impact of these losses on balance sheets and profit and loss
accounts; and
? The combination of these two steps to produce a capital requirement for each of the
four banks.
42
In assessing the adequacy of a bank’s capital levels in light of its risk profile, the supervisor critically focuses,
among other things, on (a) the potential loss absorbency of the instruments included in the bank’s capital base, (b)
the appropriateness of risk weights as a proxy for the risk profile of its exposures, (c) the adequacy of provisions and
reserves to cover loss expected on its exposures and (d) the quality of its risk management and controls.
Consequently, capital requirements may vary from bank to bank to ensure that each bank is operating with the
appropriate level of capital to support the risks it is running and the risks it poses.
IRELAND
158 INTERNATIONAL MONETARY FUND
The consequence of applying conservative assumptions, and of setting demanding capital
targets, was to require Irish banks to raise a significant amount of additional capital.
The minimum amount of capital the banks were required to raise as a result of the PCAR
was, in total, €18.7bn, in order to meet the new ongoing target of 10.5% CT1 in the base
and 6% CT1 in the adverse scenario. This was on the basis of the combined results of the
three-year projected stress losses derived from BlackRock and the PCAR analysis, before
the addition of a conservative capital 'buffer'.
In addition to these capital requirements, the CBI added a further capital 'buffer' of €5.3bn
across the four banks. This introduced an extra layer of resilience, and recognized the
possible, albeit unlikely, emergence of large losses after 2013. The buffer represents a
further protective capital layer over and above already conservative provisions, which are
based on an even more stressed macroeconomic environment than currently prevails. The
CBI imposed these additional capital requirements on the four banks under Regulation 70
of S.I. 661 of 2006 (see details in EC3 above).
In addition, banks are eligible to use internal assessment and models to determine capital
requirements on a more risk sensitive basis. However, even in cases where the CBI has
granted model approval (see EC5 below), it has applied additional layers of conservatism by
applying minimum floors to capital requirements, ranging from 80% to 100% of Basel 1
capital requirements. In effect, the CBI, while encouraging banks to adopt more
sophisticated forms of risk measurement and management techniques, has not sanctioned
a reduction in the actual level of capital requirements. This is mainly due to concerns
around data quality and quantity, and banks’ experience and ability to model certain assets
classes typically deemed low default portfolios in the lead up to the current financial crisis.
The CBI also applies risk weights under the least risk-sensitive approach to credit risk, the
"Standardized Approach", in line with Basel II, of 35% risk weight for lending backed by
residential mortgages in Ireland. This is restricted to owner-occupiers and loans with an LTV
of less than 75%. In addition, speculative commercial real estate may be risk weighted at
150%.
The application of the FMP 2011 also imposed a program of deleveraging, or ‘right-sizing’
of the domestic banking system. New capital requirements imposed by PCAR were
accompanied by “hard” deleveraging targets in the form of defined loan-to-deposit ratios.
LDR targets were applied by the Central Bank under Regulation 70 of S.I. 661 of 2006.
EC5
The use of banks’ internal assessments of risk as inputs to the calculation of regulatory
capital is approved by the supervisor. If the supervisor approves such use:
(a) such assessments adhere to rigorous qualifying standards;
(b) any cessation of such use, or any material modification of the bank’s processes and
IRELAND
INTERNATIONAL MONETARY FUND 159
models for producing such internal assessments, are subject to the approval of the
supervisor;
(c) the supervisor has the capacity to evaluate a bank’s internal assessment process in
order to determine that the relevant qualifying standards are met and that the bank’s
internal assessments can be relied upon as a reasonable reflection of the risks
undertaken;
(d) the supervisor has the power to impose conditions on its approvals if the supervisor
considers it prudent to do so; and
(e) if a bank does not continue to meet the qualifying standards or the conditions
imposed by the supervisor on an ongoing basis, the supervisor has the power to
revoke its approval.
Description and
findings re EC5
The CBI has an internal model validation review process for assessing internal model
applications relating to market and credit risk regulatory requirements. However, the CBI’s
process for reviewing AMA (operational) risk models is much less tested due to the low
number of Irish licensed banks using the advanced approach. No consolidated Irish
licensed bank has applied for, or been approved for, the use of AMA.
The supervisory review is carried out simultaneously by the supervisors of the individual
regulated entities within the group in accordance with Article 129 of the CRD. At the end of
the review, the CBI will formulate its own view. Supervisors then agree together on the
decision to grant or refuse the permissions sought. Permission, if granted, will be provided
within a defined period of receipt of the complete application to each legal entity within
the applicant entity. Comprehensive regulations, standards and eligibility criteria must be
met by banks using internal models to determine regulatory capital requirements.
The annual model performance review (IRBA), which is carried out by the CBI’s Risk
Modeling Unit in conjunction with the relevant Examination Team, covers all the approved
internal models used by home institutions (where the CBI is the consolidating supervisor)
and those used by host institutions with significant retail presence in Ireland (i.e. models
developed using Irish relevant data and applicable to Irish portfolios).
The Risk Modeling Unit has developed internal policies and procedures on Internal Model
Approval and Performance Review to guide the model approval process and the annual
model performance review exercise. The policy document makes reference to various
internal guidance, relevant regulatory requirements and specific
methodologies/approaches.
Banks are required under Article 129(2) of CRD (Regulation 67(2) of S.I. 661 of 2006) to
make an application for internal model approval, on a Group basis, to the supervisor of the
parent institution in the European Union. Therefore, Irish licensed banks may apply to the
CBI, where it is the home supervisory authority, for regulatory approval to use internal
models for the calculation of regulatory capital requirements. Irish licensed entities, which
are subsidiaries of an EU parent bank, are also permitted to use internal models where
IRELAND
160 INTERNATIONAL MONETARY FUND
regulatory approval has been granted under a “Joint Decision” between the CBI and the EU
home supervisory authority of its parent institution.
Qualifying standards:
CRD Article 84(2) (Regulation 29(3) of S.I. 661 of 2006) sets out the conditions under which
supervisors may grant authorization for the use of the IRBA to set minimum capital
requirements. This article requires that the approach is “sound and implemented with
integrity” and that certain requirements set out in the remainder of the article and in CRD
Annex VII part 4 are met. These requirements apply to all institutions and may not be
abrogated in full or in part by supervisors, except where explicitly permitted by the CRD.
Approval to use the AMA can be given only if the competent authority is satisfied that the
institution’s systems for measuring operational risk meet the qualifying criteria in Article
310, Chapter 1, and Tittle III of CRD. Regulation 51 of S.I. No. 661 of 2006 sets out the CBI’s
powers to allow credit institutions to use the AMA for operational risk capital requirements.
Annex X, part 3 of the CRD (2006/48/EC) sets out the qualifying criteria for AMA, including
both qualitative and quantitative requirements.
Annex V of Directive 2006/49/EC as amended allows for the CBI to grant approval for banks
to calculate their capital requirements for position risk, foreign-exchange risk and/or
commodities risk using their own internal risk-management models. Annex V sets out
eligibility criteria relating to quantitative and qualitative criteria.
The CBI has developed internal model policies, implementation notices, and model
application packs setting out its requirements and processes for internal model use relating
to credit, market and operational risk.
Model Validation Review
In accordance with the CBI’s CRD/VR/1.2 policy document, the model validation review
process consists of 7 stages, which an institution applying for regulatory recognition must
comply with. The institution must have documented policies and procedures in place to
support its internal model framework. The CBI will assess and challenge the robustness of
each of these stages during its review. This framework is applicable to all 3 risk categories
(credit, market and operational risk) but is much less tested for operational risk given the
low level of use of AMA within Irish licensed institutions.
For IRBA, regulatory model approval is granted in accordance with Article 84 of the CRD
(2006/48/EC). Approval is granted in conjunction with a detailed set of conditions covering
the follow components:
? Scope of permission for internal model use – legal entities, exposure classes,
permanent and temporary exemptions, exclusions of use;
? Capital requirements – legal powers under which capital requirements should be,
supervisory minimum floors applied, consolidated capital reporting and permanent
IRELAND
INTERNATIONAL MONETARY FUND 161
exemptions for portfolios using the standardised capital rules.
? Prerequisites – conditions to be satisfied before permission to use the internal
models approach
? Ongoing requirements – model specific elements, including terms and conditions.
This includes a general requirement for institutions to report any significant model
changes to the Central Bank on an ongoing basis. Specifically, a joint decision (as per
Article 129 of the CRD) could contain group-specific or nation-specific terms and
conditions.
The ongoing review of credit risk models by the CBI covers three broad areas which
include:
(a) parameter appropriateness,
(b) deployment of regulatory capital calculation process, and
(c) RWA forecasting.
Review of parameter appropriateness includes an assessment of reasonableness of inputs
and outputs (PDs, Exposure at Defaults (EADs), LGDs, etc.) while assessment of the quality
of deployment covers governance, ownership and testing of the end-to-end capital
calculation process. The last IRB model performance review was presented to the RGP in
December 2012 and the remedial actions were communicated to the banks. The actions are
currently being tracked, and all are due for closure by the end of the year. The ongoing
review of IRB models focus on the three institutions where the CBI is the consolidating
supervisor and the two institutions with significant retail presence in Ireland.
For market risk, banks which have approval to use an internal value-at-risk model are
required to submit details of any back-testing exception within 5 working days of
occurrence. In practice, the CBI assesses 500 days of back-testing data during the model
validation review stage.
The Central Bank has powers under paragraph 8 of annex V of CRD II to revoke the market
risk model's recognition or impose appropriate measures to ensure that the model is
improved promptly if numerous over-shootings indicate that the model is not sufficiently
accurate.
In practice, the CBI applies add-on factors for both qualitative and quantitative weaknesses.
For IRBA, where the bank ceases to comply with the IRBA requirements, Regulation 29 of
S.I. 660 of 2006 requires the bank to either present to the CBI a plan for a timely return to
compliance or demonstrate that the effect of non-compliance is immaterial. A proposal to
revoke an Article 129(2) decision can be made by the consolidating supervisor, a host
supervisor, or the institution itself. The Article 129(2) decision can be revoked by joint
agreement of the consolidating supervisor and the host supervisors or, in the absence of an
agreement, by the consolidating supervisor alone. A host supervisor cannot revoke an
Article 129(2) decision acting on its own. The CBI can, however, direct a bank to cease using
an IRBA model for regulatory capital purposes if it has been found, through the CBI’s
IRELAND
162 INTERNATIONAL MONETARY FUND
annual model performance review or via an ad-hoc analysis, to not be fit for purpose.
EC6
The supervisor has the power to require banks to adopt a forward-looking approach to
capital management (including the conduct of appropriate stress testing).
43
The supervisor
has the power to require banks:
(a) to set capital levels and manage available capital in anticipation of possible events or
changes in market conditions that could have an adverse effect; and
(b) to have in place feasible contingency arrangements to maintain or strengthen capital
positions in times of stress, as appropriate in the light of the risk profile and systemic
importance of the bank.
Description and
findings re EC6
The CBI requires all banks to have an ICAAP process, as per Article 123 of the CRD. Within
the institution’s internal governance framework, the ICAAP is a process to ensure that the
management body (both supervisory and management functions):
? Adequately identify, measure, aggregate and monitor the institution’s risks.
? Hold adequate internal capital in relation to the institution’s risk profile.
? Use sound risk management systems and develop them further.
It is the responsibility of the institution to define and develop its ICAAP. Article 124 of the
CRD sets out the CBI’s requirements in respect of the SREP. Under the SREP, the CBI
assesses banks’ ICAAPs, including the adequacy of capital held for all material risks (both
pillar 1 and pillar 2 material risks, i.e. risk profile). As per EBA guidelines, institutions should
conduct appropriate stress tests which take into account, for example, the risks specific to
the jurisdiction(s) in which they operate and particular stages of the business cycle.
In July 2011, three banks subject to the FMP issued contingent convertible Tier 2
instruments which were subscribed by the State. These instruments convert to common
equity on a going-concern basis once a pre-defined trigger is breached and at the point of
non-viability, as identified by the CBI, and are intended to bolster the banks’ CT1 levels in
periods of stress. Under Basel III/CRD IV, a countercyclical buffer may be applied to banks’
domestic and external exposures as deemed appropriate by the CBI to counteract
overheating markets and/or sectors. This specific buffer is available to Member States of
the EU to be phased in at a minimum from 2016 onwards, The CRD, and in particular
supervisory review under Pillar 2, requires institutions to take a forward-looking view in
their risk management, strategic planning and capital planning. The CBI has also adopted
the EBA guidelines on stress testing. These guidelines outline the criteria and standards for
stress testing that the Central Bank expects banks to adopt and review on a regular basis.
AC1
For non-internationally active banks, capital requirements, including the definition of
capital, the risk coverage, the method of calculation, the scope of application and the
capital required, are broadly consistent with the principles of the applicable Basel
standards relevant to internationally active banks.
43
“Stress testing” comprises a range of activities from simple sensitivity analysis to more complex scenario analyses
and reverses stress testing.
IRELAND
INTERNATIONAL MONETARY FUND 163
Description and
findings re AC1
The minimum requirements and regulations relating to capital, including the definition of
capital, the risk coverage, the method of calculation, the scope of application and capital
required, are applied to all banks with no exceptions, including for non-internationally
active banks. As described in the ECs above, capital adequacy requirements applied to all
Irish licensed banks are broadly consistent with the principles of the applicable Basel
standards relevant to internationally active banks.
AC2
The supervisor requires adequate distribution of capital within different entities of a
banking group according to the allocation of risks.
44
Description and
findings re AC2
All banks are required to meet risk-based minimum capital requirements on a solo basis.
Irish-licensed parent institutions and Irish-licensed parent financial holding companies
must also meet the capital requirements on a consolidated basis. The Central Bank may
permit the exclusion of certain subsidiaries from regulatory consolidation and/or may
conditionally allow the subsidiaries to be incorporated in the parent’s calculations,
obviating the need for a solo return by the subsidiary (“solo consolidation”). Subsidiary
banks must apply their capital requirements on a sub-consolidated basis if those banks (or
their holding company) have a bank/financial institution/asset management company as a
subsidiary in a third country, or hold a participation in such an undertaking.
Assessment of
Principle 16
Compliant
Comments
Principle 17
Credit risk.
45
The supervisor determines that banks have an adequate credit risk
management process that takes into account their risk appetite, risk profile and market and
macroeconomic conditions. This includes prudent policies and processes to identify,
measure, evaluate, monitor, report and control or mitigate credit risk
46
(including
counterparty credit risk)
47
on a timely basis. The full credit lifecycle is covered including
credit underwriting, credit evaluation, and the ongoing management of the bank’s loan and
investment portfolios.
Essential criteria
EC1
Laws, regulations or the supervisor require banks to have appropriate credit risk
management processes that provide a comprehensive bank-wide view of credit risk
exposures. The supervisor determines that the processes are consistent with the risk
appetite, risk profile, systemic importance and capital strength of the bank, take into
account market and macroeconomic conditions and result in prudent standards of credit
underwriting, evaluation, administration and monitoring.
Description and At a minimum, all credit institutions are required to comply with the CRD. In relation to
44
Please refer to Principle 12, Essential Criterion 7.
45
Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem
assets.
46
Credit risk may result from the following: on-balance sheet and off-balance sheet exposures, including loans and
advances, investments, inter-bank lending, derivative transactions, securities financing transactions and trading
activities.
47
Counterparty credit risk includes credit risk exposures arising from OTC derivative and other financial instruments.
IRELAND
164 INTERNATIONAL MONETARY FUND
findings re EC1 credit risk management processes, the CRD requires that credit-granting be “based on
sound and well-defined criteria”, “the process for approving, amending, renewing, and re-
financing credits […] be clearly established”, “the ongoing administration and monitoring of
their various credit risk bearing portfolios and exposures, including for identifying and
managing problem credits and for making adequate value adjustments and provisions, […] be
operated through effective systems” and “diversification of credit portfolios be adequate given
the credit institution's target markets and overall credit strategy” (Annex V of the 2006/48/EC
(see Paragraphs 3-5).
The CRD is supplemented by the EBA Guidelines GL 44 which expand on the requirements
of Article 22 and Annex V and establish governance expectations generally. Any
deficiencies identified by the bank itself, in the absence of remedying measures, must be
backstopped under the requirements of Article 123 of 2006/48/EC (Regulation 65 of S.I.
661 of 2006), which mandates that appropriate levels of internal capital be held by a bank
“to cover the nature and level of the risks to which they are or might be exposed.”
The requirements contained in Annex V of the CRD (2006/48/EC)form part of the more
general governance provisions contained within Article 22 of 2006/48/EC (as transposed by
Regulation 16 of the European Communities (Licensing and Supervision of Credit
Institutions) Regulations, 1992, (S.I. 395 of 1992)) and Annex V, paragraph 2. These
provisions require that every bank manages its business in accordance with sound
administrative and accounting principles, including internal control and reporting
arrangements and procedures, and must be satisfied that comprehensive risk management
policies, strategies and systems are commensurate with the scope, size and complexity of
all the bank’s activities, given the macro-environment.
The Central Bank issued “Impairment Provisions for Credit Exposures” (Oct 2005) which
contains requirements for credit risk management policies and procedures and is the most
specific in terms of minimum expectations for credit risk (Part 1, 3.1).
Under the Banking Supervision engagement model, the Central Bank supervises the banks
in accordance with the PRISM framework through the assessment of a bank’s ‘Quality of
Credit Risk Controls’.
The CBI adopts a differentiated approach to its supervision of credit risk depending upon
the Impact risk rating. The following approaches are adopted based upon the Impact rating
of the bank:
High Impact banks
High Impact banks have a dedicated credit specialist resource that assist the Examination
Team with supervising the credit institution in relation to credit risk. These credit specialists
will, inter alia, assess: Governance and culture; Skills and resources; Concentration risk;
Credit approval process; Credit monitoring process; Credit control and collections;
Impairment and provisions; and Management information and modeling. The assessment
of a High Impact banks’ credit risk profile is based upon analysis of quarterly prudential
returns and is supplemented by more frequent management information given the
prevailing economic conditions.
The “Covered Credit Institutions” submit:
? Quarterly Summary Financial Return (QSFR) – loan losses, nonperforming loans, and
additional information on loans.
IRELAND
INTERNATIONAL MONETARY FUND 165
? Arrears return – extensions/rollovers, restructured loans.
? 3 years of QSFR data is available.
? 3 years of “Impairment Provisions” data is available.
Offsite analysis involves the assessment of the following information:
? Analysis of quarterly prudential returns
? Reviewing Credit Management Information on a monthly or quarterly basis
depending on the size of the institution.
? Reviewing strategy documentation and implementation plans for Distressed Loan
Portfolios (Mortgage, SME & Real Estate).
? Reviewing supporting documentation for Risk and Credit Committees.
The results of the analysis is fed into PRISM upon completion.
The Examination Teams undertake quarterly reviews of regulatory returns which cover
impairments, nonperforming loans, trends in the loans book, etc. The Examination Team
also engage with the credit institution on an ongoing basis to discuss credit risk issues.
Regular meetings with key bank personnel are conducted: for example quarterly with
divisional heads of credit and in the case of a number of High Impact banks monthly
meetings were held with the CEO in relation to Mortgage Arrears. Key credit risk policies
are assessed on an annual basis.
Onsite supervision is a combination of regular meetings with bank executives and onsite
examination. The regular meetings with the bank include meetings with Heads of Credit
and observing Credit Risk Committee meetings.
An onsite Credit Risk Review for High Impact banks is typically performed on at least a two
year cycle and will involve representatives from the Credit Risk Team and the supervision
team. The review will assess documentation and will meet with staff from all lines of
defense – challenging the process of credit risk assessment throughout the credit risk
lifecycle from loan origination to ongoing monitoring and hind-sighting and IA. When
performing a FRR on Credit Risk the CBI assesses a broad range of documentation
including the following: Risk Appetite Statement; Impairment Policy; Credit Policy;
Collateral Valuation Policy; Risk Framework; Credit Review Procedures & Controls; Collateral
Security Procedures and Credit Grading Management & Procedures. While the onsite
aspect of the review includes sample testing of loan files to ascertain compliance with
policy documentation, these reviews will typically assess whether the credit risk grading
system is being applied in an accurate manner. For example, whether a certain grade
applied to an obligor is accurate.
At least annually, a full assessment of credit risk will be conducted for High Impact banks
and will be presented to RGP. The process for High Impact banks in terms of offsite
supervision and onsite activities provide supervisors an opportunity to determine the credit
risk profile of a bank from a number of different perspectives and taking into account
various sources of information.
Medium High
Quarterly analysis of regulatory returns will be performed by supervisors which include a
IRELAND
166 INTERNATIONAL MONETARY FUND
variety of credit risk information. Quantitative data will be supplemented by Board
information when requested. A FRA will be conducted on a minimum frequency between
two to four years during which an assessment of credit risk will be performed. Medium
High banks receive support from credit specialists where deemed necessary and in
particular to lead an onsite file review. Key credit risk policies will be assessed as part of the
FRA.
Credit risk will be discussed during meetings with bank senior management. Meetings will
take place across various levels of senior management: CEO, CRO, Board and include
external auditors.
Medium Low/Low
As part of the planning cycle a proportion of Medium High and Medium Low firms are
included in the annual cycle of Financial Risk Assessments. In addition to this Medium High
and Medium Low and Low Impact banks will be subject to variance analysis whereby
certain specified deviations in quarterly regulatory return data will trigger supervisory
attention. In terms of onsite credit risk reviews, the PRISM engagement model requires an
FRA and RGP on a spot/random basis.
10 percent of banks assigned Medium Low Impact will be sampled per year. This equates
to an average of one FRA/RGP a year for Medium Low Impact credit institutions. The
engagement typically covers:
? Meeting with CRO/CCO/Head of Credit to discuss key credit risks/credit processes.
? Review of firm MI quality and circulation/frequency.
? Review of independence of Credit Risk Function organisation structure.
? Credit Policy – approved by Board annually.
? Desk top review of credit risk MI including asset quality/provision trends.
? Loan file review (small sample).
For Medium low impact banks there is a semi-annual meeting between the credit
specialists and the supervisory team to review credit risk in these institutions. For some of
the medium low institutions, banks are required to submit an abridged QSFR providing an
overview of credit exposures. A full review of credit risk will be conducted during an FRA. In
addition, for Medium Low Impact banks credit specialist support is provided to supervision
teams when required to attend on-site credit institution meetings with senior risk
management personnel and to conduct loan file inspections to assess credit grading
reliability and impairment provision adequacy.
While the requirements in the CRD cover the overall credit granting process, it does not
refer to a comprehensive bank-wide view of credit risk exposures. Routine supervisory
activities for High Impact banks provide the supervisor with a variety of inputs to assess
credit risk management processes against changes in market and macroeconomic
conditions. Analysis of regulatory data and enhanced reporting requirements enable the
supervisor to detect changes in risk profile.
For the banks assigned PRISM Impact ratings of Medium Low and Low, the variance
analysis might not necessarily provide insight into the application of credit risk
management processes until after risks have begun to crystallize resulting in breaching
Central Bank triggers for supervisory attention. The Central Bank does not rely on Variance
Analysis alone to determine what Medium High/Medium Low institutions will be subject to
IRELAND
INTERNATIONAL MONETARY FUND 167
Financial risk Assessments in any given year. Based on their review of Board Packs, Financial
Analysis, meetings with bank executives, the CBI determines its work plan each year.
EC2
The supervisor determines that a bank’s Board approves, and regularly reviews, the credit
risk management strategy and significant policies and processes for assuming,
48
identifying,
measuring, evaluating, monitoring, reporting and controlling or mitigating credit risk
(including counterparty credit risk and associated potential future exposure) and that these
are consistent with the risk appetite set by the Board. The supervisor also determines that
senior management implements the credit risk strategy approved by the Board and
develops the aforementioned policies and processes.
Description and
findings re EC2
For High Impact credit institutions, the Central Bank performs governance reviews at least
every two years. These reviews cover credit risk governance. In addition, as part of the SREP
process, every year the supervisor and the credit specialist will assess the role of the board
and of senior management in respect of credit risk. The Central Bank assessment of credit
governance includes an evaluation of the following:
? The credit competence of the Board
? Whether the Board is actively involved in challenging and approving credit strategy
on an annual basis
? Whether the Board approves and updates the credit risk appetite and credit risk
policies
? The impact of the credit risk function at executive management level
? Whether the Board is provided with comprehensive credit information on a timely
basis
? The bank’s credit model approval committee
The Central Bank reviews, inter alia, the following documentation as part of its offsite
supervision to determine that the Board has approved and regularly reviews the Risk
Appetite Statement (RAS) in accordance with requirements, and that they have adequate
policies and processes that reflect the RAS. Frequency of review will depend upon the
PRISM risk rating. The supervisor also determines that senior management implements the
credit risk strategy approved by the Board and develops the aforementioned policies and
processes. These include:
? RAS
? Impairment Policy
? Credit Policy
? Business Unit Credit Policy Documents
? Collateral Valuation Policy
? Risk Framework
? Credit Review Procedures & Controls
? Collateral Security Procedures
? Credit Grading Management & Procedures
The review of documentation is supported with on-site and off-site supervision by the
Central Bank to observe how policy is implemented on the ground. This may include
48
“Assuming” includes the assumption of all types of risk that give rise to credit risk, including credit risk or
counterparty risk associated with various financial instruments.
IRELAND
168 INTERNATIONAL MONETARY FUND
actions such as:
1. Reviewing credit management information on a monthly or quarterly basis.
2. Observing regularly at Risk and Credit Committees.
3. Reviewing supporting documentation for Risk and Credit Committees.
4. Sample testing loan files to ascertain compliance with policy documentation.
5. Requiring Banks to undertake a third-party review of their policy documentation and
processes.
6. Regular meetings with Group and Divisional Heads of Credit.
7. Reviewing strategy documentation and implementation plans for Distressed Loan
Portfolios (Mortgage, SME & Real Estate).
8. Peer analysis of asset quality trends across the banks where the Central Bank’s risk-
based supervision is focused.
For Medium High Impact and Medium Low Impact Credit Institutions:
The Central Bank's evaluation of the role of the board and senior management’s
implementation of the credit risk strategy is largely completed on a desk-top basis with MI
being received by supervisors in the form of Board Packs and both Credit and Risk
Committee Minutes. An RGP (a full review of capital and risk) is completed every two to
four years for Medium High Impact banks and for Medium Low Impact banks on a sample
basis which will cover the role of the board and senior management in respect of credit
risk.
Credit Risk Committee packs are used to:
a) evaluate the granularity of the MI received by the Board/committees;
b) review the minutes for evidence of challenge and/or understanding of the credit risk
facing the institution.
For High Impact credit institutions, the RAS, the Credit Policy and the Credit Approval
policy would be evaluated against best practice and to also ensure that the policies are in
line with the stated risk appetite. For Medium High and Medium Low credit institutions, the
credit institutions are required to have an up-to-date Risk Appetite Statement. Credit
management structures are evaluated to ensure there is an appropriate division between
the business line and the credit risk divisions. At minimum, biennial meetings are scheduled
to meet the Head of Credit and/or CRO to discuss the developments within the
management of credit risk.
For High Impact banks, the routine supervisory activities are adequate to make an
assessment of the Board’s involvement in developing and regularly approving the credit
risk management strategy and significant policies and processes. Onsite reviews enable the
supervisor the opportunity to assess whether senior management has implemented the
credit risk strategy approved by the Board. The supervisor reviews credit risk policies at
least annually and engages with Board to discuss credit risk.
For Medium High Impact banks, the annual meeting with the Chair of the Board and
executive management (CEO & CFO) provide an opportunity to frequently assess the
implementation of the Board’s credit risk management strategy. For Medium Low Impact
banks the engagement with the Chair and senior management is on an 18 month cycle. For
Low Impact banks, engagement with Senior management is not prescribed in PRISM and
unless in exception will a supervisory activity enable the supervisor to make an accurate
assessment of whether senior management has implemented the Board’s credit risk
IRELAND
INTERNATIONAL MONETARY FUND 169
management strategy.
EC3
The supervisor requires, and regularly determines, that such policies and processes
establish an appropriate and properly controlled credit risk environment, including:
(a) a well documented and effectively implemented strategy and sound policies and
processes for assuming credit risk, without undue reliance on external credit
assessments;
(b) well defined criteria and policies and processes for approving new exposures
(including prudent underwriting standards) as well as for renewing and refinancing
existing exposures, and identifying the appropriate approval authority for the size
and complexity of the exposures;
(c) effective credit administration policies and processes, including continued analysis of
a borrower’s ability and willingness to repay under the terms of the debt (including
review of the performance of underlying assets in the case of securitization
exposures); monitoring of documentation, legal covenants, contractual requirements,
collateral and other forms of credit risk mitigation; and an appropriate asset grading
or classification system;
(d) effective information systems for accurate and timely identification, aggregation and
reporting of credit risk exposures to the bank’s Board and senior management on an
ongoing basis;
(e) prudent and appropriate credit limits, consistent with the bank’s risk appetite, risk
profile and capital strength, which are understood by, and regularly communicated
to, relevant staff;
(f) exception tracking and reporting processes that ensure prompt action at the
appropriate level of the bank’s senior management or Board where necessary; and
(g) effective controls (including in respect of the quality, reliability and relevancy of data
and in respect of validation procedures) around the use of models to identify and
measure credit risk and set limits.
Description and
findings re EC3
The Central Bank performs an annual review of a broad range of documentation and
management information to determine that credit risk policies have been effectively
implemented, including (but not limited to),
1. RAS [(a) and (e)]
2. Impairment Policy [(a) and (b)]
3. Credit Policy [(a) and (b)]
4. Business Unit Credit Policy Documents [(a) and (b)]
5. Collateral Valuation Policy [(a) and (b)]
6. Risk Framework [(a) and (e)]
7. Credit Review Procedures & Controls [(g) and (e)]
8. Collateral Security Procedures [(a)]
9. Credit Grading Management & Procedures [(a)]
The Central Bank also challenges the banks in relation to the frequency of the internal
review of each of their policy documents. The challenge process frequency depends upon
the engagement model in PRISM based on Impact classification.
IRELAND
170 INTERNATIONAL MONETARY FUND
The review of documentation is supported with on-site and off-site supervision by the
Central Bank to observe how policy is implemented on the ground. This includes actions
such as:
1. Reviewing credit management information on a monthly or quarterly basis. [(d)]
2. Observing regularly at Risk and Credit Committees. [(f)]
3. Reviewing supporting documentation for Risk and Credit Committees. [(f)]
4. Sample testing loan files to ascertain compliance with policy documentation;
analysis of the borrower’s ability and willingness to repay under the terms of the
debt monitoring of documentation; legal covenants, contractual requirements,
collateral and other forms of credit risk mitigation; and an appropriate asset grading
or classification system. [(c)]
The Central Bank evaluates lower risk institutions on a similar basis, generally without the
benefit of on-site file reviews. Areas of focus can include:
? Review of credit policies to ensure adherence with the RAS. Adherence to these
policies is tested through the Exceptions Report. This report highlights any
exceptions to policy and would be the subject of discussion with senior credit risk
management. [(a)]
? Review of credit approval policies for appropriateness, including assessment of
individual discretions, domestic discretions and in the case of a subsidiary, the level
of Parent/Group approval required under the policy. [(e)]
? Copies of Credit Approval documents can be requested to monitor the depth of
assessment provided to Credit Committee and therefore the basis for approval in
relation to the credit policies in place. [(e)]
? Review of credit grading policy to assess the appropriateness and granularity of the
approach. [(g)]
? Quality assurance of credit risk to ensure an appropriate level of “4-eyes principle”
review. [(g)]
? Assessment of the valuation policy against the CRD; and best practice in a stressed
environment. [(g)]
? Review frequency and quality is monitored against requirements and internal
policies. [(g)]
? Regulatory returns are monitored, including Connected Clients, Large Exposures and
Sector Reports, as well as a review of the Exceptions Report to credit appetite. [(a)]
The Central Bank demonstrated examples where they had implemented their framework to
assess credit risk management. For High Impact banks, the framework provided several
opportunities to assess that banks had implemented a properly controlled credit risk
environment. Several examples were evidenced in this regard, especially for the covered
banks but also for certain other high impact banks. In several examples, supervisors were
going over and beyond minimum activities prescribed by the PRISM framework.
Supervisors employed a variety of tools to assess the control environment for credit risk
exposures, which seemed appropriate for the market and macroeconomic conditions.
This approach had not been extended to all banks but was heavily skewed to the High
Impact banks which accounted for the bulk of banking assets.
EC4 The supervisor determines that banks have policies and processes to monitor the total
IRELAND
INTERNATIONAL MONETARY FUND 171
indebtedness of entities to which they extend credit and any risk factors that may result in
default including significant un-hedged foreign exchange risk.
Description and
findings re EC4
Banking Supervision Examination Teams, supported by credit specialists, assess High
Impact credit institution policies and processes that monitor the total indebtedness of
borrowers and risk factors that may result in default. This work is conducted by reviewing
credit monitoring policy and procedures to check that they are aligned to strategy, are up
to date, are sufficiently detailed and are approved by the Board on an annual basis.
Credit specialists evaluate credit risk information to ensure it is sufficient to manage loans.
Credit reports are assessed to ensure they enable executives to monitor obligors overdue
for reviews and identify loan arrears in a timely manner. The quality of management
information reported to the Board and Risk Committee is also assessed to ensure pertinent
credit risk information regarding asset quality is reported at both portfolio level and large
exposure level.
To support this work, Banking Supervision credit specialists undertake credit inspections of
sample loan files to evaluate and challenge the bank’s approach to monitoring the total
indebtedness of borrowers. As mentioned in the above EC’s, the depth and frequency of
onsite credit risk reviews are typically performed in line with a bank’s PRISM Impact rating
and will not be performed for Medium Low and Low Impact banks.
Establishment of a Central Credit Register
Banks are required to monitor the total indebtedness of their borrowers, with a particular
focus on multi-banked customers. Their capacity to do this will be further enhanced by the
introduction of a statutory credit register (which is a requirement of Ireland’s financial
support programme with the IMF, EC and ECB). Legislation is due to be enacted by end-
2013, and the indicative implementation date of the Central Credit Register is 2015-2016.
EC5
The supervisor requires that banks make credit decisions free of conflicts of interest and on
an arm’s length basis.
Description and
findings re EC5
Under Paragraph 12(1) of the EBA GL44, which are applied by the Central Bank, it is made
explicit that “members of the management body shall engage actively in the business of an
institution and shall be able to make their own sound, objective and independent decisions
and judgments.”
Paragraph 12(3) of the same document requires that members of the management body
should have a “limited number of mandates or other professional high time-consuming
activities”, and that these other mandates should be disclosed to the bank. Paragraph 12(6)
states that the “management body should have a written policy on managing conflicts of
interests for its members.”
In order to determine that credit decisions are free of conflicts of interest and made on an
arm’s length basis, the Central Bank reviews the following information:
? Credit Framework Document
? KPIs set for credit functionaries as part of their performance appraisals
? Internal Audit and Quality Assurance Reports
? Quarterly Related Party Lending returns submitted to the Central Bank
This enables the Central Bank to determine whether:
? the credit function is independent of the sales function;
? the credit function remuneration is independent of sales volumes; and
IRELAND
172 INTERNATIONAL MONETARY FUND
? there is an appropriate credit quality assurance/internal function.
The Central Bank’s Code of Practice on Lending to Related Parties (2010) provides direction
for credit decision-making where the credit is specifically being extended to related parties.
Under Paragraph 6(a) of this Code, the Central Bank requires that such lending be on an
arm’s length basis (unless it forms part of the general remuneration package of staff), and
under Paragraphs 6(b) to (i), requires that such lending be subject to appropriate
management oversight and limits. Credit institutions are required by the Central Bank to
submit quarterly reports and seek prior approval for certain loans greater than €1 million,
as per the Code. This Code is imposed pursuant to Section 117 of the Central Bank Act
1989.
EC6 The supervisor requires that the credit policy prescribes that major credit risk exposures
exceeding a certain amount or percentage of the bank’s capital are to be decided by the
bank’s Board or senior management. The same applies to credit risk exposures that are
especially risky or otherwise not in line with the mainstream of the bank’s activities.
Description and
findings re EC6
Historically, the Central Bank did not require that a credit institution’s credit policy
prescribes that major credit risk exposures exceeding a certain amount or percentage of
the bank’s capital (and including especially risky or exposure which are not in line with the
mainstream of the bank’s activities) to be decided by the bank’s Board or senior
management. However, this requirement was imposed on credit institutions under section
10 of the Central Bank Act 1971 in August 2013.
EC7 The supervisor has full access to information in the credit and investment portfolios and to
the bank officers involved in assuming, managing, controlling and reporting on credit risk.
Description and
findings re EC7
Licensed banks operating in Ireland are required to comply with the minimum calculation
and reporting requirements contained in Article 74 of 2006/48/EC (as transposed by
Regulation 18 of S.I. No.661 of 2006. In addition, Section 18 of the Central Bank Act 1971
allows the Central Bank and the ECB with the power to require additional information or
returns from banks where they consider it “necessary to have that information or return for
the proper performance of the functions imposed, or the proper exercise of the powers
conferred, on it by law.”
Part 3 of the Central Bank (Supervision and Enforcement) Act 2013 provides for extensive
authorised officer powers.
Through these powers, the Central Bank has full access to information in the credit and
investment portfolios, and to the staff responsible for managing, monitoring and reporting
on the credit risk.
Under the PRISM framework, Central Bank monitors significant information on loan
portfolios (Drawn/Undrawn, Geography, Sectoral, Grades, Arrears, Impairment, Provisions,
etc.) across all credit institutions. In addition, credit analysts are copied with internal credit
institution management information packs (e.g. Board, Executive, Credit, Risk and Policy
Committees). Copies of all information circulated to these committees (and all regular
Credit Risk reporting packs) are available to supervisors and are regularly reviewed to
assess portfolio trends, management priorities and key messages.
Supervisors have access to, and engage with, bank officers in a manner which reflects the
risk impact rating of each institution. Supervisors meet regularly with Heads of Function in
Credit, Risk, Credit Review, Asset Restructuring and Internal Audit.
EC8 The supervisor requires banks to include their credit risk exposures into their stress testing
IRELAND
INTERNATIONAL MONETARY FUND 173
programmes for risk management purposes.
Description and
findings re EC8
The Central Bank requires credit institutions to have a stress testing process and
framework. Under EBA Guidelines on Stress Testing, GL32, all credit institutions exposed to
credit risk as a material risk are subject to credit risk stress testing. As part of the SREP
process, the Risk Modeling Team assesses bank’s stress testing processes at a high level.
Where shortcomings are identified, required actions to address the issues are outlined
within the RMP.
In the majority of banks, credit risk is considered the main driver of loss and therefore
receives the most focus when assessing stress test programmes.
The Central Bank has adopted the EBA Guidelines on stress testing. These Guidelines
outline the criteria and standards for stress testing that the Central Bank expects banks to
adopt and review on a regular basis. Of particular relevance to this EC are:
o Guideline 6 (sensitivity analyses for specific portfolios or risks);
o Guideline 7 (scenario analyses);
o Guideline 14 (use of stress testing outputs); and
o Guideline 19 (relating to supervisory use of stress testing outputs), which
supplements Article 124 and Annex V of 2006/48/EC (as transposed by
Regulation 66 of S.I. 661 of 2006), which lay down the supervisory review and
evaluation process.
? Regulation 65 of S.I. 661 of 2006, transposing Article 123 of 2006/48/EC, requires
banks to have forward-looking strategies and processes in place relating to internal
capital:
o Regulation 65(1) requires banks to have in place “sound, effective and
complete strategies and processes to assess and maintain on an ongoing
basis the amounts, types and distribution of internal capital that they
consider adequate to cover the nature and level of the risks to which they
are or might be exposed”, including credit risks.
o Regulation 65(2) requires that the strategies and processes referred to in
paragraph 65(1) shall be subject to regular internal review to ensure that
they remain comprehensive and proportionate to the nature, scale and
complexity of the activities of the credit institution concerned.
A significant focus of the Central Bank has been placed on improving banks’ ability to
forecast ‘expected’ credit losses and ‘adverse’ credit losses. Banks’ outputs have been sense
checked against one another, as well as against independent estimates produced by the
Central Bank as part of the PCAR. Where banks’ outputs did not appear credible, they were
required to focus on improving their forecasting methodology. In 2011, as part of the
PCAR, the Central Bank conducted rigorous stress test of banks’ credit portfolios and
compared its results against the results of the banks’ own credit risk stress tests. This
resulted in the covered banks being required to raise €24bn in additional capital to cover 3
year stressed losses. The Central Bank also participated in the EBA stress tests.
In addition, for Medium High Impact and Medium Low Impact banks, Central Bank analysis
aims to ensure:
1. That the scenarios (which are often set at Group level) are relevant to the local entity
and that adequate governance is in place to ensure that risks specific to the
subsidiary are appropriately evaluated.
2. That the scenario translation methodology is adequately robust.
IRELAND
174 INTERNATIONAL MONETARY FUND
Assessment of
Principle 17
Largely Compliant
Comment Resources are heavily weighted towards the High Impact banks where the overwhelming
level of credit risk in the Irish banking system resides. Routine supervisory activities for
High Impact banks provide the supervisor with a variety of inputs to assess credit risk
management processes against changes in market and macroeconomic conditions.
Analysis of regulatory data and enhanced reporting requirements enable the supervisor to
detect changes in risk profile. Equally, for High Impact banks, the routine supervisory
activities are adequate to make an assessment of the Board’s involvement in developing
and regularly approving the credit risk management strategy and significant policies and
processes. It was evidenced that supervisors are going beyond routine tasks and minimum
activities prescribed by PRISM.
Where an onsite review is conducted which includes loan file reviews, this process provides
the supervisor with the opportunity to assess whether senior management has
implemented the credit risk strategy approved by the Board and whether underwriting
practices are consistent with policy and prudent for market conditions and the economic
environment. The frequency and depth of credit risk assessment for Medium High and
Medium Low institutions is performed in accordance with the PRISM engagement model
and is informed by the amount of credit risk an institution is exposed to. In this regard in
performing its annual planning process the Central Bank is informed by a range of sources
of information in reaching a view with regard to what Medium High and Medium Low
institutions should be subject to a detailed credit risk review as part of the Financial Risk
Assessment. The frequency and depth of onsite credit risk reviews for lower risk institutions
and the allocation of credit risk specialists to perform file reviews is not sufficient to
maintain an accurate assessment of credit risk for these credit institutions (EC3).
For the banks assigned PRISM Impact ratings of below High (especially Medium Low and
Low), the variance analysis might not necessarily provide insight into the application of
credit risk management processes until after risks have begun to crystallize resulting in
breaching Central Bank triggers for supervisory attention (EC1).
For Medium High Impact banks, the annual meeting with the Chair of the Board and
executive management (CEO & CFO) provide an opportunity to frequently assess the
implementation of the Board’s credit risk management strategy. For Medium Low Impact
banks the engagement with the Chair and senior management is on an 18 month cycle.
For Low Impact banks, engagement with Board and Senior management is not prescribed
in PRISM and unless in exception will a supervisory activity enable the supervisor to make
an accurate assessment of whether senior management has implemented the Board’s
credit risk management strategy (EC2).
Principle 18 Problem assets, provisions and reserves.
49
The supervisor determines that banks have
adequate policies and processes for the early identification and management of problem
assets, and the maintenance of adequate provisions and reserves.
50
Essential criteria
49
Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem
assets.
50
Reserves for the purposes of this Principle are “below the line” non-distributable appropriations of profit required by a supervisor in addition to provisions
(“above the line” charges to profit).
IRELAND
INTERNATIONAL MONETARY FUND 175
EC1
Laws, regulations or the supervisor require banks to formulate policies and processes for
identifying and managing problem assets. In addition, laws, regulations or the supervisor
require regular review by banks of their problem assets (at an individual level or at a
portfolio level for assets with homogenous characteristics) and asset classification,
provisioning and write-offs.
Description and
findings re EC1
As per the CRD (Article 22 of 2006/48/EC), banks are required to have robust governance
arrangements to manage risk. Specifically in relation to problem assets, provisions and
reserves, all banks need to comply with the requirements contained within ‘Impairment
Provisions for Credit Exposures’ published in October 2005. More recently the Central Bank
issued updated guidance: firstly in December 2011 “Impairment Provisioning and
Disclosure Guidelines” and a further update in May 2013. While all credit institutions need
to comply with the 2005 requirements, only Covered banks are required to comply with the
2011 and 2013 requirements (although supervisors do advise institutions that the 2013
Guidelines are examples of better practice).
The obligation for banks to formulate policies and processes for identifying and managing
problem assets is contained within Part 1 of the Qualitative Requirements of “Impairment
Provisions for Credit Exposures 2005 (hereafter ‘Impairment Provisions Guidelines 2005’).
The Impairment Provisions Guidelines 2005 oblige the board and senior management to
exercise effective oversight over all aspects of credit risk management including problem
assets and provisioning. The Impairment Provisions require the board of directors to be
responsible for “reviewing the adequacy of provisions for impairment losses and amounts
written off.”
Section 3.4 of the Impairment Provisions Guidelines 2005 oblige banks to review the
impairment policy at least annually to ensure that it is still appropriate for the business the
credit institution undertakes and the economic environment. Furthermore, that this review
will include a “review and sign off on the processes and systems for credit risk, and the
methodology used in determining the level of impairment provisions.”
In performing its supervision, the Central Bank requires banks to have fit-for-purpose
policies and processes for identifying and managing problem assets. The Central Bank’s
primary focus in this area has been on the High Impact banks as identified under the
PRISM model. This has been an area of significant focus for the Central Bank in the past
number of years as it is concerned that High Impact banks’ policies and processes are very
weak in this area. The focus has been primarily on the domestic mortgage and SME/Real
Estate portfolios, as these are the most distressed loan assets.
The Central Bank evaluates problem assets and provisions for Medium High Impact and
Medium Low Impact banks primarily on a desk-top basis. For these banks, desk-based
supervision is supplemented by thematic reviews of problem assets and provisions. While
Medium High Impact and Medium Low Impact banks don’t have a dedicated credit
specialist, such resources are made available to those supervisory teams whose banks are
holding challenged assets.
EC2
The supervisor determines the adequacy of a bank’s policies and processes for grading and
classifying its assets and establishing appropriate and robust provisioning levels. The
reviews supporting the supervisor’s opinion may be conducted by external experts, with the
supervisor reviewing the work of the external experts to determine the adequacy of the
bank’s policies and processes
IRELAND
176 INTERNATIONAL MONETARY FUND
Description and
findings re EC2
The Central Bank adopts a proportional approach to its supervision of regulated banks,
with resources heavily weighted towards the High Impact banks with the greatest risk-
weighted assets (as determined by PRISM).
High Impact Banks
The Central Bank reviews the following documentation to determine the adequacy of
bank’s policies and processes for grading and classifying its assets and establishing
appropriate and robust provisioning levels:
1. RAS
2. Impairment Policy
3. Credit Policy
4. Business Unit Credit Policy Documents
5. Collateral Valuation Policy
6. Risk Framework
7. Credit Review Procedures & Controls
8. Collateral Security Procedures
9. Credit Grading Management & Procedures
The review of documentation is supported with on-site and off-site supervision by the
Central Bank to observe how policy is implemented on the ground. This includes actions
such as:
1. Reviewing Credit Management Information on a monthly or quarterly basis.
2. Observing regularly at Risk and Credit Committees.
3. Reviewing supporting documentation for Risk and Credit Committees.
4. Sample testing loan files to ascertain compliance with policy documentation.
5. Requiring Banks to undertake a third party review of their policy documentation and
processes.
6. Regular meetings with Group and Divisional Heads of Credit.
7. Reviewing strategy documentation and implementation plans for Distressed Loan
Portfolios (Mortgage, SME & Real Estate).
8. Peer analysis of asset quality trends across the banks where risk-based supervision is
focused.
Medium High and Medium Low Impact Banks
The Central Bank evaluates the appropriateness of provisioning levels for banks through
the desk-top analysis of relevant policies; including: credit policy, impairment policy,
valuation policy, risk management framework, credit grading policy, credit approval policy,
and credit review policy. Supervisors discuss provisions for impaired loans with bank
management to assess adequacy. Credit grading against collateral valuations is also
discussed. Should an on-site file review be required, the Central Bank’s credit team or an
independent third party may complete the review.
The engagement model is that Medium Low Impact credit institutions have a FRA and RGP
on a spot/random basis with a 10% sample of all ML Impact banks per year. This equates to
an average of one FRA/RGP a year for Medium Low Impact credit institutions. The
engagement typically covers:
? Meeting with CRO/CCO/Head of Credit to discuss key credit risks / credit processes
? Review of firm MI quality and who receives it/frequency
? Review of independence of credit risk function organisation structure
? Credit Policy – approved by Board annually
IRELAND
INTERNATIONAL MONETARY FUND 177
? Desk-top review of credit risk MI including asset quality/provision trends
? Loan file review (small sample)
In respect of all institutions, in order to challenge the robustness/appropriateness of banks’
provisioning levels, the credit specialists keep informed of market conditions, particularly in
distressed sectors (e.g. Hotels, Real Estate, Hospitality). They review external publications
(e.g. real estate market reports, sectoral papers on the hotel & pharmacy industries) and
engage with market experts (e.g. insolvency practitioners, property valuers, risk
management experts, NAMA).
The Central Bank has engaged 3
rd
parties in 2011, 2012 ad 2013 to conduct targeted
reviews of bank’s credit grading systems through Asset Quality Reviews (AQR). These
reviews focus on the quality of the credit process, the accuracy of internal credit grading
and the robustness of the provision levels, classification of asset performance and
identification of forbearance. In addition, specific file reviews which have been completed
in the past eighteen months by the Central Bank in a significant number of institutions. In
several cases, banks increased their provisions as a direct result of these reviews.
AQRs were completed by Blackrock Solutions in the covered banks across Real Estate, SME,
Mortgage and Corporate loan portfolios.
The Central Bank engaged 3
rd
party accountancy firm to assess provisioning policies of
retail banks in preparation for the development of the Impairment Provisioning and
Disclosure Guidelines (December 2011).
The data included below highlights the level of intensive engagement between the Central
Bank and the banks as part of its mortgage arrears engagement. Banks included in this
process include 8 high impact banks.
Oct
2011
? Central Bank requested mortgage lenders to submit distressed asset
resolution strategies by end November
Dec
2011
? Central Bank reviewed submissions
Feb
2012
? Deputy Governor met 7 main lenders to discuss common themes
? Central Bank issued specific feedback to each lender on strategies
submitted
Apr
2012
? Central Bank undertook review of DCOR in the three main retail banks
May
2012
? Central Bank completed DCOR review & provided feedback to boards of
the three main retail banks
? Lenders were asked to submit board approved projected segmentation of
book across treatment options
Jun 12 ? Central Bank reviewed board approved submissions & reverted with
feedback
A similar level of supervisory oversight is currently underway in relation to the SME/Real
Estate portfolios. The Central Bank commissioned Blackrock Solutions (BRS) in 2012 to
complete a SME DCOR exercise in two high impact banks. This was an all-encompassing
assessment of how these institutions manage problem SME assets. Following the SME
DCOR, the Central Bank has requested strategy documents and implementation plans to
address weaknesses identified from all banks active in the Irish SME market. It is currently
IRELAND
178 INTERNATIONAL MONETARY FUND
challenging institutions on their SME submissions.
In response to slow progress in addressing the high quantum of mortgage arrears (both
PDH & BTL), the Central Bank has established targets for the resolution of cases >90 days
past due for 6 specified licensed banks (by reference to Regulation 16 of the European
Communities (Licensing and Supervision of Credit Institutions) Regulations 1992 through
the Mortgage Arrears Resolution Targets paper. Within this paper, institutions are
reminded of the regulatory powers contained in Regulation 65 of the European
Communities (Capital Adequacy of Credit Institutions) Regulations 2006, and how these
may be applied if the targets are not met.
For the High Impact banks, the Central Bank demonstrated examples of enhanced attention
paid to the adequacy of bank’s provisioning policies and practices to establish appropriate
levels of provisions. The Central Bank has increased its engagement with High Impact
banks over the course of the last three years to monitor application of its new provisioning
and impairment guidance. While the Central Bank does not prescribe a methodology for
calculating provisions, (accounting policies are prescribed by Companies Law), the Central
Bank has been actively encouraging banks to adopt a more conservative approach to
provisioning when applying its accounting for loan loss provisions under IFRS (the
mandatory effective date of IFRS 9 is anticipated to be 1 January 2015).
In addition to the various stress testing and balance sheet analytical exercises, the Central
Bank has performed onsite reviews in High Impact banks (and in particular the Covered
Banks) to evaluate bank’s provisioning models.
EC3
The supervisor determines that the bank’s system for classification and provisioning takes
into account off-balance sheet exposures.
51
Description and
findings re EC3
Section 3 of the Impairment Provisions for Credit Exposures (26 October 2005) applies to all
credit exposures, but does not explicitly mandate responsibility for, or require
documentation of, impairment provisioning of off-balance sheet exposures. Part II of the
guidance, which applies to IFRS/FRS 26 reporting banks, requires that impairment of off-
balance sheet transactions should be made after the initial recognition of the asset.
Credit institutions currently report loan commitments, financial guarantees and other
commitments to the Central Bank on a quarterly basis through their FINREP submissions.
Supervisors undertake a review of off-balance sheet exposures in the FINREP submissions
periodically.
Supervisors of Medium Low Impact credit institutions monitor and investigate material
movements in loan commitments, financial guarantees and other commitments via the BI
Cube format.
Additionally, credit institutions currently include contingent liabilities in their annual report,
which is reviewed by supervisory teams. Credit Institutions currently report “Impairment
Provisions” to the Central Bank on a quarterly basis through their online submissions. This
return includes provisions for both on and off balance sheet exposures (e.g. provisions on
committed but unfunded loans, or provisions on letters of credit).
51
It is recognized that there are two different types of off-balance sheet exposures: those that can be unilaterally cancelled by the bank (based on contractual
arrangements and therefore may not be subject to provisioning), and those that cannot be unilaterally cancelled.
IRELAND
INTERNATIONAL MONETARY FUND 179
Current Banking Supervision procedure is that supervisory teams undertake a periodic
review of “Impairment Provisions” submissions. This includes monitoring, understanding,
and challenging (if required) the aggregate movement in impairment provisions on both
on- and off-balance sheet exposures.
EC4
The supervisor determines that banks have appropriate policies and processes to ensure
that provisions and write-offs are timely and reflect realistic repayment and recovery
expectations, taking into account market and macroeconomic conditions.
Description and
findings re EC4
High Impact Banks
The Central Bank’s primary focus in this area has been on the High Impact banks as
identified under the PRISM model. In terms of policies and processes, the Central Bank
reviews a comprehensive suite of banks’ documents and challenges their appropriateness
through ongoing engagement with banks and onsite reviews. The Central Bank conducts
loan-level file reviews to assess both the provisioning process and the realism of recovery
expectations (such as “cure rates”) together with a peer analysis of asset quality trends. A
significant number of specific file reviews have been completed in the past eighteen
months by the Credit Team.
The 2011 Provisioning Guidelines for the covered banks encouraged banks to broaden
their impairment policies and procedures under the following guiding principles:
1. Recognise their incurred loan losses as early as possible within the context of IFRS;
2. Adopt a more conservative approach to the measurement of impairment provisions
across all loan portfolios; and
3. Significantly improve the number and granularity of their asset quality and credit risk
management disclosures which will enhance users understanding of their asset
quality profiles and credit risk management practices.
For retail banks, since 2012 the Central Bank has conducted regular on-site reviews of
mortgage banks’ collections capability and operations. This entails assessments of credit
institutions’ mortgage Arrears Support Units, including collection processes and procedures
The Central Bank has focused its attentions on the operational effectiveness of retail credit
institutions’ arrears collections units, and has typically not focused on their arrears units
policies.
Medium High and Medium Low Impact Banks
The Central Bank evaluates the timeliness and conservatism of provisions for these banks
through desk-top analysis of relevant policies, including impairment policy, credit grading
policy, valuation policy, and credit review policy. The timeliness and conservatism of
provisions are areas of considerable subjectivity. However, discussions with senior credit
management and senior risk management are undertaken to form a view of the current
provisioning practices. The Central Bank Impairment guidelines, while only explicitly
applying to covered institutions, should be considered best practice here. These require
early recognition of loss and a general conservatism regarding the estimation of provisions.
Under IFRS banks apply an incurred loss approach to loan loss provisioning. For retail
residential mortgage portfolios that are collectively managed which account for
approximately 50 percent bank total assets, nonperforming loans are collectively managed
and utilize internal models for the calculation of provisions. The assumptions that feed the
models are based on historical loss data and include factors such as: emergence period,
cure rates, and assumptions regarding valuation of collateral (peak to trough). In the
IRELAND
180 INTERNATIONAL MONETARY FUND
absence of prescription in the Central Bank powers, the assumptions vary widely across the
banks. The Central Bank has placed considerable emphasis on influencing banks policies
and assumptions. One example included a High Impact bank which imposed a provision
overlay in their annual accounts following a Central Bank review.
While the Central Bank has had success influencing banks to increase the level of
conservatism in their provisioning practices, particularly ensuring greater conservatism in
the assumptions that input into provisioning models, there is a significant build-up of
mortgage arrears in the system.
EC5
The supervisor determines that banks have appropriate policies and processes, and
organizational resources for the early identification of deteriorating assets, for ongoing
oversight of problem assets, and for collecting on past due obligations. For portfolios of
credit exposures with homogeneous characteristics, the exposures are classified when
payments are contractually in arrears for a minimum number of days (e.g. 30, 60, 90 days).
The supervisor tests banks’ treatment of assets with a view to identifying any material
circumvention of the classification and provisioning standards (e.g. rescheduling,
refinancing or reclassification of loans).
Description and
findings re EC5
High Impact banks
In recent years the higher risk banks have revised their policies in the context of
deteriorating market conditions. The Central Bank has reviewed these documents to
establish their appropriateness for early identification of deteriorating assets and ongoing
oversight of problem loans. Furthermore, banks have enhanced their MIS systems to
classify asset quality into various cohorts, to ensure transparency of asset quality. In
addition, most banks have separated their loan portfolios between distressed/non-
distressed and core/non-core.
The review of documentation is supported with intensive on-site and off-site supervision by
the Central Bank to observe how policy is implemented on the ground. This includes
actions such as:
1. Reviewing Credit Management Information on a monthly or quarterly basis.
2. Observing regularly at Risk and Credit Committees.
3. Reviewing supporting documentation for Risk and Credit Committees.
4. Sample testing loan files to ascertain compliance with policy documentation.
5. Requiring Banks to undertake a third party review of their policy documentation and
processes.
6. Regular meetings with Group and Divisional Heads of Credit.
7. Reviewing strategy documentation and implementation plans for Distressed Loan
Portfolios (Mortgage, SME & Real Estate).
8. Peer analysis of asset quality trends across the banks where risk-based supervision is
focused.
In ongoing Central Bank prudential supervision activities, there is significant focus around
the adequacy of Distressed Credit Operations (homogenous retail books and non-retail
books) in credit institutions. This includes an assessment of the bank’s resources and
operational capabilities within the distressed credit operations and portfolio resolutions
area.
In terms of testing High Impact banks’ treatment of assets to determine the
appropriateness of provisioning standards, the Central Bank has conducted several
IRELAND
INTERNATIONAL MONETARY FUND 181
thematic and bank specific onsite reviews to assess the banks’ capabilities and readiness in
relation to early identification of deteriorating assets and ongoing management of problem
assets. The Central Bank commissioned BlackRock Solutions in 2012 to complete separate
DCOR exercises in Mortgage and SME portfolios. For example, the SME DCOR assessed two
High Impact banks in terms of:
A. Organisational Structure and Resource Capacity
B. Skill and Experience of Staff as well as Quality of Training
C. Workout Strategy and Execution Ability
D. Relevant Documentation and Management Information Systems, including KPIs
E. Data and Reporting Related to Outsourced and/or Delegated Functions
F. Quality Assurance and Monitoring
Following the SME DCOR Review, the Central Bank requested strategy documents and
implementation plans to address weaknesses identified from all banks active in the Irish
SME market. The third phase of this work commenced in 2013. The purpose of these
reviews is to see evidence of the strategies being implemented on the ground. Loan file
reviews were conducted throughout 2013 as banks’ implementation plans are rolled out.
Medium High Impact and Medium Low Impact Banks
The Central Bank evaluates the appropriateness of policies and procedures for the early
recognition of arrears in these banks using a desk-top approach. The frequency of the
review will be determined by the risk profile and PRISM prescribes a minimum frequency
FRA of between 2-4 years. A desk-top review of a bank’s arrears collections capabilities will
be undertaken.
In quarter 4, 2012, the Central Bank employed an arrears collections expert to lead credit
institutions to move from short-term forbearance on mortgage arrears to more sustainable
options, with adequate operational capacity to implement. The expert has been assisting
the Central Bank in the on-site reviews of MARS implementation and arrears management
and collection capability and implementation. These reviews cover all retail credit
institutions.
The Central Bank has performed and continues to perform on-site reviews of Arrears
Support Units. A key output is an evaluation of the banks’ capacity to deal with the volume
of arrears in-flow through inbound and outbound call activities and the capacity to handle
the back-book (old) arrears. The Central Bank is performing continuous assessment of ASUs
throughout 2013.
Following the SME DCOR Review, the Central Bank requested strategy documents and
implementation plans to address weaknesses identified from all banks active in the Irish
SME market.
EC6 The supervisor obtains information on a regular basis, and in relevant detail, or has full
access to information concerning the classification of assets and provisioning. The
supervisor requires banks to have adequate documentation to support their classification
and provisioning levels.
Description and
findings re EC6
The Central Bank’s primary focus in this area has been on the higher risk banks as identified
under the PRISM model. The Central Bank reviews related policy documents for higher risk
banks on an annual basis, as well as monthly/quarterly management information on a
regular basis. It examines the quality and appropriateness of the information. A list of
documentation obtained and reviewed includes:
IRELAND
182 INTERNATIONAL MONETARY FUND
Annually
? Impairment Policy
? Credit Policy
? Business Unit Credit Policy Documents
? Collateral Valuation Policy
? Credit Grading Management & Procedures
? Year-end Impairment papers presented to Risk Committee
? Loan loss projection reports
Monthly/Quarterly
? Interim impairment papers presented to Risk Committee
? Credit information packs (classification of assets, provisioning & asset quality
trends supported by management commentary)
? Review quality of information furnished to risk committees and boards
? Management information specific to distressed loans
? Internal audit reports – quality assurance & controls
? Quarterly Summary Financial Return – a quarterly return from High and Medium
High impact institutions which details information on loan portfolios
(Drawn/Undrawn; Geography; Sectoral; Grades; Arrears; Impairment; Provisions;
etc.)
? Market information sourced on each of SME, Residential Mortgages, Real Estate
and Corporate
? Regular meetings with Heads of Function in Credit, Risk, Credit Review, Asset
Restructuring and Internal Audit
? The Regulatory Document on Impairment Provisions for Credit Exposures (2005)
requires quarterly reporting on provisioning levels as per the CRD asset classes
Having reviewed documentation and management information, the Central Bank analyses
asset quality trends across banks and highlights areas of concern with follow-up action
required. In addition it has, on occasion, highlighted its concerns to the banks’ external
auditors.
The Central Bank obtains information on a regular basis regarding asset classification and
provisioning. This information is submitted as required regulatory returns (see CP10 for
details) on a quarterly basis and further information can be requested by the supervision
team as part of either a thematic review or a FRR/FRA. Impairment policy, credit grading
policy, valuation policy, and credit review policy documents can also be included.
For High Impact covered banks, the Central Bank identified weaknesses in the adequacy of
covered banks’ policy documentation in relation to provisioning. The Central Bank required
covered banks to improve their policies/documentation through the publication of
Impairment Provisioning and Disclosure Guidelines in December 2011. These guidelines
have resulted in banks updating their provisioning documentation/policies and processes
to include, inter alia, the treatment of forborne loans, the widening of impairment triggers
and increased disclosure in their annual accounts.
For Medium High Impact and Medium Low Impact credit institutions – on a quarterly basis,
credit institutions submit impairment provisions, nonperforming loans and write-off
information to the Central Bank which is reviewed by the examination teams for any
material movements and trends. Any material movements are queried with the relevant
credit institution and inform the Central Bank’s supervisory engagement.
IRELAND
INTERNATIONAL MONETARY FUND 183
The frequency and depth of analysis for the larger High Impact banks is sound and
provides the supervisor with an opportunity to assess bank’s documentation. Equally, the
desk based review for Medium-High banks is adequate.
EC7 The supervisor assesses whether the classification of the assets and the provisioning is
adequate for prudential purposes. If asset classifications are inaccurate or provisions are
deemed to be inadequate for prudential purposes (e.g. if the supervisor considers existing
or anticipated deterioration in asset quality to be of concern or if the provisions do not fully
reflect losses expected to be incurred), the supervisor has the power to require the bank to
adjust its classifications of individual assets, increase its levels of provisioning, reserves or
capital and, if necessary, impose other remedial measures.
Description and
findings re EC7
As part of the Central Bank’s assessment of asset classification and the adequacy of
provisioning in High Impact banks, it reviews related policy documents on an annual basis
as well as monthly/quarterly management information on a regular basis. It reviews the
quality and appropriateness of the information. A list of documentation obtained and
reviewed includes:
Annually
1. Impairment Policy
2. Credit Policy
3. Collateral Valuation Policy
4. Credit Grading Management & Procedures
5. Year-end Impairment papers presented to Risk Committee
6. Loan loss projection reports
Monthly/Quarterly
1. Interim impairment papers presented to Risk Committee
2. Credit information packs (classification of assets, provisioning & asset quality trends
supported by management commentary)
3. Review quality of information furnished to risk committees and boards
4. Management information specific to distressed loans
5. Internal audit reports – quality assurance & controls
6. Quarterly Summary Financial Return – a quarterly return details information on loan
portfolios (Drawn/Undrawn; Geography; Sectoral; Grades; Arrears; Impairment;
Provisions; etc.)
7. External market information relating to SME, Residential Mortgages, Real Estate and
Corporate
Supervisors meet regularly with Heads of Function in Credit, Risk, Credit Review, Asset
Restructuring and Internal Audit.
Having reviewed documentation and management information, the Central Bank analyses
asset quality trends across banks and highlights areas of concern where provisions are
deemed inadequate to cover potential losses. On a number of occasions, this has
prompted asset quality file reviews. In addition supervisors have, on occasion, highlighted
their concerns to the banks’ external auditors.
A full risk assessment is presented to the Central Bank RGPs. In this regard, the Central
Bank has the power to require banks to increase their capital where it is concluded that
loan loss provisioning does not fully reflect losses expected to be incurred.
IRELAND
184 INTERNATIONAL MONETARY FUND
Medium High Impact / Medium Low Impact Credit Institutions:
On a quarterly basis, credit institutions submit information on impairment provisions,
nonperforming loans and write-offs to the Central Bank, which is reviewed by the
examination teams for any material movements and trends. Any material movements are
queried with the relevant credit institution and inform the Central Bank’s supervisory
engagement.
Deficiencies identified by the Central Bank in a bank’s management of credit risk (including
provisioning) may be addressed through the measures included in Article 136 of
2006/48/EC (as transposed by Regulation 70 of S.I. 661 of 2006), among others, as detailed
in CP11.
Prudential Capital Assessment Review (PCAR) - 2011
The PCAR assessed the capital requirements of the covered banks arising for expected base
and potential stressed loan losses over a three year time horizon (2011-2013). As a result of
the exercise Covered banks’ provision projections were deemed inadequate and all were
required to raise additional capital to cover projected loan losses under a stress case
scenario.
EC8 The supervisor requires banks to have appropriate mechanisms in place for regularly
assessing the value of risk mitigants, including guarantees, credit derivatives and collateral.
The valuation of collateral reflects the net realizable value, taking into account prevailing
market conditions.
Description and
findings re EC8
The Central Bank’s primary focus in this area is in relation to the valuation of real estate,
noting that this is the most common form of collateral on which the banks place reliance
for value. Little reliance is placed on un-collateralised guarantees due to the significant
destruction of wealth in the economic downturn.
In the 2011 guidance paper ‘Valuation Processes in the Banking Crisis – Lessons Learned –
Guiding the Future’ the Central Bank provided industry enhanced guidance for provisioning
which applies to all credit institutions. While the paper has the status of guidance, the
Central Bank considers that the guidelines and recommendations contained therein
represent appropriate process and procedures for credit institutions in considering
property security valuation. The Central Bank does, as a matter of course, scrutinise the
application of these guidelines as part of its ongoing supervision.
As part of the Central Bank’s on-site file reviews, supervisors observed that there was
inconsistent assessment of collateral value both across and within institutions. They made
recommendations that banks review, in the context of the guidance document, their
collateral valuation approach. Policies were sought to be developed and implemented
where they were absent. These file reviews covered all impact categories of banks, with a
greater focus on the higher impact banks.
The Central Bank evaluates the appropriateness of mechanisms to assess the value of risk
mitigants in Lower Impact banks using a combination of a desk-top approach and, where
appropriate, onsite interview of the CRO (on a biennial basis at a minimum, as per the
PRISM requirements). The effectiveness of credit risk mitigants is subject to extensive
discussion with the bank, including an understanding of credit derivatives in place and
assessment of the effectiveness of guarantees and collateral as credit risk mitigants.
The Central Bank’s loan file reviews focus heavily on the realism of recovery expectations.
IRELAND
INTERNATIONAL MONETARY FUND 185
Inherent in this is the quality of the collateral assessment. Examples of loan files reviews
where supervisors subsequently challenged the banks’ mechanisms for regularly assessing
collateral include a number of High Impact banks.
EC9 Laws, regulations or the supervisor establish criteria for assets to be:
(a) identified as a problem asset (e.g. a loan is identified as a problem asset when there
is reason to believe that all amounts due, including principal and interest, will not be
collected in accordance with the contractual terms of the loan agreement); and
(b) reclassified as performing (e.g. a loan is reclassified as performing when all arrears
have been cleared and the loan has been brought fully current, repayments have
been made in a timely manner over a continuous repayment period and continued
collection, in accordance with the contractual terms, is expected).
Description and
findings re EC9
High Impact Banks
The Central Bank monitors problem asset identification in the following ways:
? Quality of the grading model inputs.
? Frequency of loan reviews – e.g. are loans reviewed at least annually.
? Level of overdue credit reviews.
? Challenge the quality of credit assessment through loan file reviews (this would
include the assessment of credit grade, collateral valuation, repayment capacity &
debt analysis).
? Assess the loan review process and relevant controls.
? Bank policies to identify emerging credit risk.
Medium High Impact and Medium Low Impact Banks
Assessment of a particular exposure as a “problem asset” and any subsequent re-
classification of such an exposure as “performing” does not, in effect, take place at a
granular or individual loan level in Medium High Impact and Medium Low Impact firms. A
high-level general assessment does, however, take place with regard to overall exposures
on a sovereign or sectoral or specific credit exposure basis, with reference to ongoing
trends in nonperforming loans, loan loss provisions, and credit write-downs. These
discussions are held within the context of a firm’s overall capital sufficiency levels. A desk-
top review by Banking Supervision would incorporate Credit Grade Policy, Credit Review
Policy, Credit Policy, etc. Furthermore, Business Model Analysis (including an assessment of
local knowledge of group models) can be carried out by Banking Supervision support
functions such as the Risk Analytics Unit.
Reclassified as Performing
With regard to mortgage, SME and CRE lenders, the Central Bank has brought increasing
focus during 2011/12 on the movement of problem assets from short term forbearance to
medium/long term resolution options. Its work has focused on the Mortgage Arrears
Resolution Strategy and, more recently, the SME Resolution Strategy. There has been
minimal reclassification of problem loans as performing in the current economic
environment. As the banks begin to reclassify their problem assets to performing, the
Central Bank will monitor and challenge in line with the powers outlined above.
In relation to the reclassification of IRB exposures previously designated as defaulted, the
prudential requirements of Paragraph 47 of Part 4 of Annex VIII of 2006/48/EC requires
that, where no trigger of default continues to apply, the bank should rate the obligor or
facility as they would for a non-defaulted exposure.
IRELAND
186 INTERNATIONAL MONETARY FUND
The Central Bank guidance on restoration of exposure to unimpaired status for IFRS/FRS
26-reporting banks is contained in Section 7 of Part II of the Impairment Provisions for
Credit Exposures (October 2005), and replicated for the covered banks in Section 5.9.6 of
the Impairment Provisioning and Disclosure Guidelines 2011.
Problem Assets (Covered Banks): Ongoing supervision, including a number of specific
initiatives (e.g. AQR; DCOR; Income Recognition and Re-Aging; Data Integrity and
Validation; Loan File Review Deep Dives (across all institutions); On-Site Reviews) have
helped to identify problems and devise mitigation plans where appropriate.
Reclassified as Performing (Covered Banks): Assessments were completed by the Central
Bank in 2012, with the assistance of Ernst and Young, in respect of interest recognition on
impaired loans and arrears re-aging practices within the FMP banks.
EC10 The supervisor determines that the bank’s Board obtains timely and appropriate
information on the condition of the bank’s asset portfolio, including classification of assets,
the level of provisions and reserves and major problem assets. The information includes, at
a minimum, summary results of the latest asset review process, comparative trends in the
overall quality of problem assets, and measurements of existing or anticipated
deterioration in asset quality and losses expected to be incurred.
Description and
findings re EC10
The Central Bank assesses the Credit MIs which go to the Boards of High Impact banks
under a broad range of headings, including, inter alia:
o Asset quality of banks loans across each asset type.
o More detailed analysis on problem sectors.
o Loan loss performance versus projections – variances explained.
o Trend analysis across portfolios.
o Frequency of presentation of MIS to Board and delegated committees.
The Central Bank completes peer analysis across high-risk institutions to identify where
gaps exist. This may prompt a risk mitigation action. In terms of compliance, some banks
provide excellent information to their Boards. In other instances, Central Bank has pointed
to gaps in information being provided to the Board (two High Impact banks) and has
captured appropriate risk mitigation actions for inclusion in the RMP.
The assessment by the supervisor that the bank’s Board obtains timely and appropriate
information on the condition of the bank’s asset portfolio also takes place for Medium
High Impact and Medium Low Impact firms. Elements such as the classification of assets,
the level of provisions and reserves, and major problem assets would be incorporated to
some degree within the assessment of the appropriateness of information included within
the Board Pack.
In addition, note that under Section 3.1 of the Impairment Provisions for Credit Exposures
(October 2005) senior management are specifically responsible for:
? “evaluating the sensitivity and reasonableness of key assumptions used in the
impairment provision assessment and measurement system, this may include the
performance of stress tests to incorporate economic conditions that may affect credit
exposures”
? “providing the board with regular reports on the adequacy of impairment provisions
and amounts written off”
The internal audit/independent credit review functions are required, under 3.3 of the same
document, to conduct biennial reviews of the credit risk assessment process, including the
IRELAND
INTERNATIONAL MONETARY FUND 187
adequacy of provisioning and stress testing, and report back to senior management and
the board on their findings. Any weaknesses identified are required to be addressed “on a
timely basis.”
Central Bank Risk Governance Panel 2011 – for a High Impact institution
Findings: Central Bank reported that the bank’s Board is not presented with bank specific
key credit quality metrics such as book quality, provisions, grade migration and growth etc.
for corporate markets division. The bank does not have a system of tracking SME
forbearance.
Conclusions: Central Bank directed, as an intended outcome, that the bank’s Board should
have sufficient data to perform its oversight role of credit risks and that the Board should
be able to assess the quantum and type of forbearance on the SME book.
Action: In order to achieve that intended outcome, the following RMP actions were out in
place:
The bank is required to ensure that specific data of sufficient granularity is provided to the
Board, including key credit metrics for the Global Restructuring Group portfolio. The bank
is required to devise a system to facilitate tracking, monitoring and reporting of SME
forbearance.
EC11 The supervisor requires that valuation, classification and provisioning, at least for significant
exposures, are conducted on an individual item basis. For this purpose, supervisors require
banks to set an appropriate threshold for the purpose of identifying significant exposures
and to regularly review the level of the threshold.
Description and
findings re EC11
Individual assessment of Significant Exposures is mandated for all IFRS/FRS 26 reporting
banks. These accounting standards apply to all credit institutions. The Central Bank’s
Impairment Provisions for Credit Exposures (October 2005) state that “Exposures should be
assessed for objective evidence, measurement, and recognition of impairment on an
individual basis for individually significant exposures.” The Central Bank does not require
banks to set specific thresholds for the purpose of identifying significant exposures or to
regularly review the level of this threshold. As part of the process to review the provision
policy of High Impact firms, the Central Bank examines the threshold used by credit
institutions for the assessment of individual impairment provisions. As a general rule the
thresholds used by firms have been deemed reasonable. If a situation occurred whereby
the Central Bank believed that the threshold limit was too high, then the credit institution
would be instructed to reduce the threshold.
Supervisors are required to review impairment provision data and credit policies for lower
impact banks in accordance with the Central Bank PRISM supervision engagement model.
For High Impact banks, the Central Bank reviews the following:
Annually
1. Impairment Policy
2. Business Unit impairment Policy Documents
3. Year-end Impairment papers presented to Risk Committee
4. Loan loss projection reports
Monthly/Quarterly
1. Interim impairment papers presented to Risk Committee
2. Credit information packs (classification of assets, provisioning & asset quality trends
IRELAND
188 INTERNATIONAL MONETARY FUND
supported by management commentary)
3. Management information specific to distressed loans
4. Internal audit reports – quality assurance & controls
5. Quarterly Summary Financial Return – a quarterly return from which details
information on loan portfolios (Drawn/Undrawn; Geography; Sectoral; Grades;
Arrears; Impairment; Provisions; etc.)
Individual assessment of Significant Exposures is mandated for all IFRS/FRS 26 reporting
banks in Section 5.1 of the Impairment Provisions for Credit Exposures (October 2005) and
again in Section 5.8 of the Impairment Provisioning and Disclosure Guidelines (2011)
specifically for the covered banks.
Central Bank identified that, for one High Impact institution, individual/specific provisions
were calculated on facilities greater than $10m under group policy. Central Bank advised
the bank of its view that the cut-off of $10m was too high. The bank subsequently
amended its specific provision threshold to $0.
EC12 The supervisor regularly assesses any trends and concentrations in risk and risk build-up
across the banking sector in relation to banks’ problem assets and takes into account any
observed concentration in the risk mitigation strategies adopted by banks and the
potential effect on the efficacy of the mitigant in reducing loss. The supervisor considers
the adequacy of provisions and reserves at the bank and banking system level in the light
of this assessment.
Description and
findings re EC12
The Central Bank assesses concentration risk trends in the covered institutions through
analysis of their management information. Concentration risk has increased for the covered
institutions as a result of the deleveraging process with increasing geographic
concentration to the Irish market. The Central Bank’s focus in assessing trends in
concentration risk is on the banks’ back books, as there is little/no new business being
written by these institutions. The Central Bank regularly assesses trends and concentrations
in risk and risk build-up across the High Impact credit institutions in relation to problem
assets through the quarterly Credit Panel meetings, which are attended by senior Banking
Supervision executives. At these meetings, the Credit Panel evaluates detailed credit risk
data and considers the adequacy of impairment provisions by individual bank and also on a
peer group basis.
CEBS Guidelines on the management of concentration risk under the supervisory review
process (GL31) set out that as “concentration risk is not fully addressed in the context of
Pillar 1”, banks must address “any resultant underestimation of risk…by allocating capital,
where necessary, through the framework of Pillar 2.” Hence, as part of the ICAAP process,
banks are expected to make an assessment of the level of capital that is required to
address any shortfall in the Pillar 1 process.
Legal/Regulatory Basis
The CRD has been largely transposed into Irish law by the Central Bank Act 1971, S.I. 661 of
2006, the amended S.I. 395 of 1992 and S.I. 475 of 2009. The Central Bank (Supervision and
Enforcement) Act 2013 enhances the powers of the Central Bank generally in relation to
credit institutions. Particular regard should be had to regulation 66 and 70 of S.I. 661 of
2006. There are also extra powers in this area in the direction making powers in the Central
Bank (Supervision and Enforcement) Act 2013 – see section 37(3) in relation to the disposal
of assets and liabilities. See also section 40(2)(a) of the Act which will give the Central Bank
powers in the area of making regulations on the management of risks to which banks may
IRELAND
INTERNATIONAL MONETARY FUND 189
be exposed to.
Section 5 of Annex V of Directive 2006/48/EC (as amended) requires banks to have written
policies and procedures in relation to concentration risk. It states “The concentration risk
arising from exposures to counterparties, groups of connected counterparties, and
counterparties in the same economic sector, geographic region or from the same activity or
commodity, the application of credit risk mitigation techniques, and including in particular
risks associated with large indirect credit exposures (e.g. to a single collateral issuer), shall be
addressed and controlled by means of written policies and procedures.” These requirements
are further elaborated in Sections 3(5) and 10(18) of Annex V in relation to diversification of
credit portfolios and funding and the various Guidelines issued by CEBS/EBA.
In relation specifically to Large Exposures, Article 106 of 2006/48/EC (as amended),
transposed by Regulation 52 of S.I. 661 of 2006, defines “exposures” as “any asset or off-
balance sheet item referred to in Section 3, Subsection 1 [standardised approach to credit risk
which refers to “claims or contingent claims” on particular exposure classes], without
application of the risk weights or degrees of risk there provided for.” Derivative exposures
may be calculated according to the Original Exposure Method, Market-to-Market Method
or Internal Model Method. All elements entirely covered by Own Funds may, with the
agreement of the Central Bank, be excluded from the determination of “exposures”,
provided that such Own Funds are not included in the bank’s Own Funds for the purposes
of its capital adequacy ratio or in the calculation of other monitoring ratios.
To facilitate this analysis as part of the SREP process, the Central Bank collects data on the
top 100 credit exposures as well as a sector breakdown across the portfolio. This is run
through an internal model, with generic correlations linked to probability of default, to
estimate potential Pillar II requirements/add-ons for ‘name concentration’ (on large
exposures) and ‘sector concentration’. This is compared with the output of the
methods/models banks use within their ICAAP. Where the model used by a bank is
considered inadequate, a Pillar II add-on may be imposed in line with the output of the
Central Bank model until such time as the bank has addressed issues related to their
approach to the measurement of credit concentration risk.
Medium to long term forbearance measures are typically agreed at a later date subsequent
to borrower compliance with short term forbearance measures and receipt of detailed
borrower information.
(1) The Code of Conduct on Mortgage Arrears (CCMA), which came into force in
January 2011, lays out a set of rules governing how credit institutions treat
mortgage borrowers in arrears. This includes the Mortgage Arrears Resolution
Process (MARP), which is used when dealing with arrears and pre-arrears
customers. The 5 steps for the MARP are: communication; financial information;
assessment; resolution and appeals.
(2) As per IAS 39, interest accrued (not collected) enters the income statement while
the loan is still performing and nonperforming. Interest accrued (not collected)
does not enter the income statement if a loan is deemed to be impaired.
(3) This is not covered by a specific regulation. Mortgage interest capitalization is
generally associated with arrears/missed payments being rescheduled. The
impairment and provisioning guidelines apply restrictions to the release of
provisions based on 6 months subsequent performance. Policies vary by bank with
regard to criteria which may apply.
IRELAND
190 INTERNATIONAL MONETARY FUND
The Central Bank of Ireland’s Impairment Provisioning and Disclosure Guidelines
(December 2011) states that the following guidelines are required to be followed by
covered institutions when considering the impact of forbearance measures on the
methodology for assessing impairment:
? Loan pools which are subject to forbearance measures should be separated from the
remaining non-forborne loan pools.
? Non-forborne loan pools may need to be further stratified based on similar risk
characteristics.
? When calculating the collective impairment provisions, particularly for mortgage
portfolios, certain model inputs which are based on historic data may require
management judgment to be applied to adjust historic data to reflect current
economic circumstances and the granting of forbearance measures.
? For example, where a borrower is up to date with their revised terms, having
previously received forbearance measures, the historic roll rates to default may
appear lower than the underlying risk profile of the loan pool.
? The LGD could be higher on forborne loan pools than those applied to the non-
forborne loan pools.
? The PD applied to forborne loan pools will be higher than the non-forborne pools.
The Central Bank also requires the history of PDs relating to such forborne loan
pools to be recorded and disclosed in the annual report over time.
Section 5.9.6 – Restoration of Exposure to Unimpaired Status – states that an impaired
exposure should only be restored to unimpaired status when the contractual amount of
principal and interest is deemed to be fully collectible in accordance with the terms of the
agreement. Objective evidence must exist subsequent to the initial recognition of the
impairment to justify restoration to unimpaired status. Typically, this should take place
when:
? The covered institution has received repayment of the loan’s past due principal and
interest, none of the principal and interest is due and unpaid, and the covered
institution expects repayment of the remaining contractual principal and interest as
scheduled in the agreement;
? The counterparty has resumed paying the full amount of the scheduled contractual
principal and interest payments for a reasonable period and all remaining
contractual payments (including full compensation for overdue payments) are
deemed to be collectible in a timely manner; or
? The exposure becomes well secured and is in the process of collection.
A covered institution’s determination of the ultimate collectability of an exposure should be
supported by a current, well-documented credit evaluation of the counterparty’s financial
condition and other factors affecting the prospects for repayment, including consideration
of the counterparty’s repayment performance and other relevant factors.
The Central Bank leverages off the review and sampling work undertaken by credit
institutions’ external auditors annually when they sign-off on financial statements. Sections
26 and 27 of the Central Bank Act 1997 require that copies of the banks’ audited financial
statements are provided to the Central Bank. Supervisors typically receive and review
annual post-audit reports and management letter reports prepared by external auditors
annually, which contain auditor comments on provisioning and loan quality. External
auditors do not review loan classification and processes for the Central Bank; however, they
will audit loan classification and processes as part of their annual audit.
IRELAND
INTERNATIONAL MONETARY FUND 191
The Central Bank’s Auditor Protocol 2011 provides a framework for annual bilateral and
trilateral meetings between the Central Bank, the credit institution’s external auditor, and
the credit institution to enable both the Central Bank and the auditors of firms to achieve
fulfillment of both parties’ statutory powers. Typically, for High Impact institutions,
supervisors will meet with external auditors before and after the annual financial statement
audit to discuss, inter alia, loan classification and provisioning.
The Banking Supervision Credit Team performs thematic reviews on loan portfolios which
will assess impaired and non-impaired loans. The Central Bank can take supervisory
measures if dissatisfied with loan classifications.
Assessment of
Principle 18
Largely Compliant
Comments Over the course of the last several years, the CBI has allocated considerable resources in an
effort to encourage prudent provisioning practices with a significant focus on the covered
banks. The Central Bank has updated and expanded its guidance regarding provisioning
and valuation practices and performed more frequent and in-depth onsite assessments.
The update guidance by the Central Bank goes beyond that of other authorities in the
region where IFRS is applied. Problem assets, provisions and reserves have been an integral
part of the Central Banks’ engagement with credit institutions through on-site testing of
compliance with the revised Guidelines. The banking sector has also been subject to
various externally led balance sheet exercises. There are a number of examples
demonstrating the impact of the new Guidelines in increasing the conservatism of banks’
loan loss provisioning practices.
The banking sector has gone through a severe crisis and there continues to be significant
stress on banks’ balance sheets. While the Central Bank has expanded its guidance
regarding provisioning practices, it does not have direct legislative power to reclassify
assets and/or increase provisions which impacts its direct influence on provisioning
practices. Also, the Central Bank does not have the legal power to overrule a decision (e.g.
on provisioning) by a bank’s own external auditor. Instead, the Central Bank will rely upon
their powers to increase capital in the event provisions are assessed as inadequate as per
Regulation 70 of SI 661. Furthermore, through the framework set up in the Auditor Protocol
2011, the Central Bank discusses and challenges loan loss provisioning.
In terms of supervisory activities, supervisors monitor and track changes in provisioning
and asset quality through periodic analysis of regulatory returns and ad hoc data requests,
supplemented by annual review of policies. An assessment of asset quality and
provisioning will be performed as part of an FRR or FRA. Supervisory activities should place
greater reliance on onsite verification of bank processes, particularly in terms of: assessing
processes for the early identification of problem assets; application of prudent valuations
for collateral; and, testing assumptions that feed into provisioning models. There was
evidence to suggest this process had commenced with the High Impact banks but was yet
to be extended across the sector (with due regard to proportionality). Below High Impact
banks, an assessment of provisioning is performed via a desk based review. Greater
frequency of onsite supervision will allow an ability to verify bank provisioning practices by
loan sampling and testing of assumptions to ensure they remain consistent with actual
experience and are adjusted in a timely fashion to reflect changes in market conditions and
the economy. Through this process, the supervisor will be better able to deem whether
provisions are adequate for prudential purposes (EC7). Given the updated guidance by the
Central Bank only applies to High Impact banks, a greater onsite presence will allow
IRELAND
192 INTERNATIONAL MONETARY FUND
supervisors the ability to identify approaches which depart materially from the Central
Bank’s guidance but remain compliant with accounting standards.
Principle 19 Concentration risk and large exposure limits. The supervisor determines that banks have
adequate policies and processes to identify, measure, evaluate, monitor, report and control
or mitigate concentrations of risk on a timely basis. Supervisors set prudential limits to
restrict bank exposures to single counterparties or groups of connected counterparties.
52
Essential criteria
EC1
Laws, regulations or the supervisor require banks to have policies and processes that
provide a comprehensive bank-wide view of significant sources of concentration risk.
53
Exposures arising from off-balance sheet as well as on-balance sheet items and from
contingent liabilities are captured.
Description and
findings re EC1
Various European and Irish regulations require credit institutions to have policies and
procedures relating to concentration risk, including off-balance sheet exposures.
Concentration risk regulation includes: Section 5 of Annex V of Directive 2006/48/EC,
Article 106 of Directive 2006/48/EC, and EBA Guidelines on the implementation of the
revised large exposures regime 2009.
Section 5 of Annex V of Directive 2006/48/EC as amended requires banks to have written
policies and procedures in relation to concentration risk. These requirements are further
elaborated in Sections 3(5) and 10(18) of Annex V, in relation to diversification of credit
portfolios and funding, and in the various Guidelines issued by CEBS/EBA.
Paragraph 34 of Guideline 3 of the CEBS Guidelines on the management of concentration
risk under the supervisory review process) which has been endorsed by the CBI, clarifies
that “risk drivers which could be a source of concentration risk should be identified” by banks,
covering “all risk concentrations which are significant to the institution […], including on–
and off- balance sheet positions and committed and uncommitted exposures, and extending
across risk types, business lines and entities.”
In relation specifically to Large Exposures, Article 106 of 2006/48/EC as amended
(transposed by Regulation 52 of SI 661) defines “exposures” as “any asset or off-balance
sheet item referred to in Section 3, Subsection 1 [standardized approach to credit risk which
refers to “claims or contingent claims” on particular exposure classes], without application of
the risk weights or degrees of risk there provided for.”
CEBS Guidelines on the management of concentration risk under the supervisory review
process set out that as “concentration risk is not fully addressed in the context of Pillar 1”,
banks must, address “any resultant underestimation of risk…by allocating capital, where
necessary, through the framework of Pillar 2.” Through the SREP process, the Central Bank’s
52
Connected counterparties may include natural persons as well as a group of companies related financially or by
common ownership, management or any combination thereof.
53
This includes credit concentrations through exposure to: single counterparties and groups of connected
counterparties both direct and indirect (such as through exposure to collateral or to credit protection provided by a
single counterparty), counterparties in the same industry, economic sector or geographic region and counterparties
whose financial performance is dependent on the same activity or commodity as well as off-balance sheet exposures
(including guarantees and other commitments) and also market and other risk concentrations where a bank is overly
exposed to particular asset classes, products, collateral, or currencies.
IRELAND
INTERNATIONAL MONETARY FUND 193
Risk Modeling Unit:
? will examine the approach used by a bank to estimate the capital required in relation
to credit concentration risk
? can also perform an analysis of the level of capital required in relation to credit
concentration risk
To facilitate this analysis as part of the SREP process, the CBI collects data on the top 100
credit exposures as well as a sector breakdown across the portfolio. This is run through an
internal model, with generic correlations linked to PD, to estimate potential Pillar II
requirements/add-ons for ‘name concentration’ (on large exposures) and ‘sector
concentration’. This is compared with the output of the methods/models banks use within
their ICAAP. Where the model used by a bank is considered inadequate, Pillar II add-ons
may be imposed in line with the output of the CBI model until such time as the bank has
addressed issues related to their approach to the measurement of credit concentration risk.
EC2
The supervisor determines that a bank’s information systems identify and aggregate on a
timely basis, and facilitate active management of, exposures creating risk concentrations
and large exposure
54
to single counterparties or groups of connected counterparties.
Description and
findings re EC2
CBI staff reviews bank internal reports and Board minutes to determine the involvement of
the Board and the level of information provided.
The EBA has developed common reporting templates and guidelines in relation to large
exposures reporting pursuant to EU directive 2009/111/EC (CRD II).
The revised large exposures regime has been applied since 31 December 2010. The CBI
achieves compliance with Essential Criteria 2 primarily through the periodic submission of
the Large Exposure and concentration regulatory reports by licensed credit institutions, and
the subsequent review undertaken by CBI supervision teams of the returns. During the
ICAAP process concentrations are reviewed as are management controls and when
necessary and appropriate additional capital add-ons imposed.
The CBI receives quarterly reports on concentrations risk by sector, geography and
industry. The reports are input for analysis conducted by CBI.
EC3
The supervisor determines that a bank’s risk management policies and processes establish
thresholds for acceptable concentrations of risk, reflecting the bank’s risk appetite, risk
profile and capital strength, which are understood by, and regularly communicated to,
relevant staff. The supervisor also determines that the bank’s policies and processes require
all material concentrations to be regularly reviewed and reported to the bank’s Board.
Description and
findings re EC3
The CBI performs Large Exposure return reviews, reviews of risk appetite statements (for
selected credit institutions), reviews of Board Management Information, and selected
reviews of credit institutions’ risk policies and procedures.
The Credit Team and the Examination Teams, through regular reviews of High Impact credit
54
The measure of credit exposure, in the context of large exposures to single counterparties and groups of
connected counterparties, should reflect the maximum possible loss from their failure (i.e. it should encompass actual
claims and potential claims as well as contingent liabilities). The risk weighting concept adopted in the Basel capital
standards should not be used in measuring credit exposure for this purpose as the relevant risk weights were devised
as a measure of credit risk on a basket basis and their use for measuring credit concentrations could significantly
underestimate potential losses (see “Measuring and controlling large credit exposures, January 1991).
IRELAND
194 INTERNATIONAL MONETARY FUND
institutions’ Management Information and credit risk policies (including Risk Appetite
Statements), assess risk concentrations against risk appetite.
For Medium High Impact and Medium Low Impact credit institutions, concentration risk is
assessed by Examination Teams through the large exposure regulatory returns, and (on a
less frequent basis) via FRAs, through review of RAS and ICAAP portal submissions through
which credit institutions identify their risk appetite and management of concentration risk.
Guideline 5 of the CEBS Guidelines on the management of concentration risk under the
supervisory review process requires banks to “set top-down and group-wide concentration
risk limit structures (including appropriate sub-limits across business units or entities and
across risk types) for exposures to counterparties or groups of related counterparties, sectors
or industries, as well as exposures to specific products or markets. The limit structures and
levels should reflect the institution’s risk tolerance and consider all relevant interdependencies
within and between risk factors. The limit structures should cover both on- and off- balance
sheet positions and the structure of assets and liabilities at consolidated and solo levels. The
limit structures should be appropriately documented and communicated to all relevant levels
of the organization.”
Article 124 of 2006/48/EC as amended (as transposed by Regulation 66(1)-(3) of S.I. 661)
provides the legal basis for supervisory review and assessment, supplemented by CEBS
Guidelines on Supervisory Review and Assessment contained in Section 5 of CEBS
Guidelines on the management of concentration risk under the supervisory review process
(GL31).
The CBI’s Impairment Provisions for Credit Exposures paper of 2005 is a requirement for all
licensed credit institutions. The paper places various requirements on credit institutions vis-
à-vis credit concentration risk, namely:
o As part of the measurement of portfolio provisions, credit institutions should
be cognizant of credit concentration risk. Credit risk concentrations are based
on similar or positively correlated risk factors, which, in times of stress, have
an adverse effect on the creditworthiness of each of the individual
counterparties making up the concentration. Such concentrations include, but
are not limited to: significant exposures to an individual counterparty or
group of related counterparties; credit exposures to counterparties in the
same economic sector or geographic region; credit exposures to
counterparties whose financial performance is dependent on the same
activity or commodity; and indirect credit exposures arising from a credit
institution’s credit risk mitigation techniques (e.g. exposure to a single
collateral type or to credit protection provided by a single entity).
o A credit institution should have in place effective internal policies, systems
and controls to identify, measure, monitor, and control their credit risk
concentrations. The internal policies, systems and controls should be clearly
documented and should include a definition of the credit risk concentrations
relevant to the credit institution and how they and their corresponding limits
are calculated. A credit institution’s management should conduct periodic
stress tests of its major credit risk concentrations and review against
expectations.
EC4
The supervisor regularly obtains information that enables concentrations within a bank’s
portfolio, including sectoral, geographical and currency exposures, to be reviewed.
IRELAND
INTERNATIONAL MONETARY FUND 195
Description and
findings re EC4
All licensed credit institutions are required to identify, aggregate and report single name
credit concentrations and concentrations to connected counterparties to the CBI on a
quarterly basis through the large exposures return for an example. These requirements are
on a statutory basis and are set out in Section 5 of CRD, Articles 106-119) and in the CBI
paper of December 2010 Large Exposures Return Notes on Compilation. Credit institutions
are required to:
1. Submit details of Group (G) and Unconnected (U) exposures. All large exposures (i.e.
those exposures greater than 10% of own funds) should be reported up to a
maximum of 70. This will be divided into a maximum of 30 to non-credit institutions,
20 to credit institutions and 20 to sovereigns. If there are less than 70 large
exposures, sufficient exposures should be reported to bring the total number of
exposures up to 30 to non-credit institutions, 20 to credit institutions and 20 to
sovereigns. Where there are not sufficient exposures to bring the number reported
up to 70 this must be indicated in the Notes section of the return. For institutions
that report on a Group Consolidated basis, the number of exposures reported
should be 50 for non-credit institutions, 30 for credit institutions and 30 for
sovereigns.
2. Submit details of connected clients
3. Submit quarterly reports on credit exposures broken down by sectors, industry,
geography.
Reporting formats for Large Exposures, Related Party Lending and the Report on sectoral
limits have been prescribed by the Central Bank under Section 117(3)(a) of the Central Bank
Act 1989 in the case of Large Exposures pursuant to Article 110 of 2006/48/EC as amended
(transposed by Regulation 56 of S.I. 661 of 2006). These reports are submitted quarterly.
Funding concentration risk reporting is required monthly from the higher risk banks, as
identified by PRISM. These reports are without prejudice to the rights and powers of the
Central Bank to otherwise request specific information at any point in time.
The CEBS Guidelines on the management of concentration risk under the supervisory
review process highlight the currency risks that may emerge from a concentration on
foreign currency funding and on lending to foreign borrowers whose sources of income are
in a mismatched currency.
CBI does regularly receive details on credit exposure by sector and geography for retail
credit institutions via the QSFR. Outputs are analyzed by Credit Team and presented
quarterly at the Credit Panel, a meeting of senior Central Bank staff and management from
various divisions.
EC5
In respect of credit exposure to single counterparties or groups of connected
counterparties, laws or regulations explicitly define, or the supervisor has the power to
define, a “group of connected counterparties” to reflect actual risk exposure. The supervisor
may exercise discretion in applying this definition on a case by case basis.
Description and
findings re EC5
The CBI has the discretion under the “EBA Guidelines on the Implementation of the Large
Exposures Regime” to define an exposure as connected.
Article 4(45) of Directive 2006/48/EC as amended defines a “Group of Connected Clients”,
and this definition is referenced in S.I. 661 of 2006 – “Group of Connected Clients” means:
(a) two or more natural or legal persons, who, unless it is shown otherwise, constitute a
single risk because one of them, directly or indirectly, has control over the other or
others; or
IRELAND
196 INTERNATIONAL MONETARY FUND
(b) two or more natural or legal persons between whom there is no relationship of control
as set out in point (a) but who are to be regarded as constituting a single risk because
they are so interconnected that, if one of them were to experience financial problems,
in particular funding or repayment difficulties, the other or all of the others would be
likely to encounter funding or repayment difficulties.”
The CBI requires banks to apply the CEBS Guidelines on the implementation of the revised
large exposures regime (2009), Part I of which elaborates on the concepts and identification
of relationships of “control” and “economic interconnectedness.” Paragraph 24 of the
Guidelines clarifies that “in cases of divergence between the opinion of the institution and
that of the competent authority, it is the competent authority which decides whether a client
must be regarded as part of a group of connected clients.”
EC6 Laws, regulations or the supervisor set prudent and appropriate
55
requirements to control
and constrain large credit exposures to a single counterparty or a group of connected
counterparties. “Exposures” for this purpose include all claims and transactions (including
those giving rise to counterparty credit risk exposure), on-balance sheet as well as off-
balance sheet. The supervisor determines that senior management monitors these limits
and that they are not exceeded on a solo or consolidated basis.
Description and
findings re EC6
The CBI has fully implemented the large exposures regime as set out in the CRD, and
transposed it into Irish law. This regime defines any exposure in excess of 10% to be a large
exposure and limits the exposure to any individual client or group of connected clients to a
maximum of 25% of own funds. The regime includes both on- and off-balance sheet, and
where there is an exposure to underlying assets, a credit institution shall assess the scheme,
its underlying exposures, or both. For that purpose, a credit institution shall evaluate the
economic substance of the transaction and the risks inherent in its structure. All large
exposures are reported to the Central Bank on a quarterly basis and are assessed for any
significant changes in exposures and for new exposures that have been added since the
previous reporting period.
The Large Exposures and Related Party Lending Reports must be signed by a director
before submission to the Central Bank, thus ensuring that they are cognizant of and
monitoring the exposures. In addition, any related party lending must be approved by the
Board or a subcommittee established for the purposes of related party lending that reports
directly to the Board, and loans to a related party exceeding €1m require the prior approval
of the Central Bank.
The Large Exposure regime allows the CBI to determine a group of connected
counterparties where there is a divergence of opinion between the credit institutions and
the CBI. This is set out in paragraph 24 of the CEBS Guidelines on the implementation of
the revised large exposures regime, published 11 December 2009. This determination is
done on a case-by-case basis.
The CBI checks credit institutions’ compliance on a quarterly basis with large exposure
limits. This review is done to ensure that these limits are not exceeded.
The general principle is that all banks on an individual basis must comply with the Large
55
Such requirements should, at least for internationally active banks, reflect the applicable Basel standards. As of
September 2012, a new Basel standard on large exposures is still under consideration.
IRELAND
INTERNATIONAL MONETARY FUND 197
Exposures requirements of the CRD, unless this requirement for solo compliance is waived
under Article 69 of 2006/48/EC as amended (as transposed by Regulation 14 of S.I. No.661
of 2006). Where the waiver has been applied, measures must be taken by the group to
ensure the “satisfactory allocation of risks within then group.”
Regulation 57(1) of S.I. 661 of 2006 (transposing Article 111 of 2006/48/EC as amended)
states that “A credit institution shall not incur an exposure to a client or group of connected
clients the value of which, after taking into account the effect of any credit risk mitigation in
accordance with Regulations 52, 58, 59, 60 and 60A, exceeds 25 per cent of its own funds.”
In addition Regulation 57(2) states “If a client is an institution or a group of connected clients
that includes one or more institutions, that value shall not exceed the higher of 25 per cent of
the credit institution’s own funds or €150,000,000. However, the sum of the value of
exposures, after taking into account the effect of any credit risk mitigation in accordance with
Regulations 52, 58, 59, 60 and 60A, to all groups of connected clients that are not institutions
shall not exceed 25 per cent of the credit institution’s own funds.” The Regulation goes on to
state that if the binding limit is €150,000,000, this should not exceed a reasonable limit in
terms of the credit institution’s own funds and should not be higher than 100 per cent,
except if allowed by the Central Bank (Central Bank) on a case-by-case basis. In line with
the CRD, the Central Bank has partially or fully exempted some exposures (e.g. high credit
quality exposures) from the limits above.
Article 106 of 2006/48/EC as amended (transposed by Regulation 52 of S.I. No.661 of 2006)
defines “exposures” as “any asset or off-balance sheet item referred to in Section 3,
Subsection 1 [standardized approach to credit risk which refers to “claims or contingent
claims” on particular exposure classes], without application of the risk weights or degrees of
risk there provided for.” Derivative exposures may be calculated according to the Original
Exposure Method, Market-to-Market Method or Internal Model Method. All elements
entirely covered by Own Funds may, with the agreement of the Central Bank, be excluded
from the determination of “exposures”, provided that such Own Funds are not included in
the bank’s Own Funds for the purposes of its capital adequacy ratio or in the calculation of
other monitoring ratios. Specific exclusions from exposures are outlined in Article 106(2) of
2006/48/EC as amended (Regulation 52(b) of S.I. 661 of 2006). Guidance on how to
measure exposure to clients or groups of connected clients in the case of schemes with
underlying assets is provided in Part II of the CEBS Guidelines on the implementation of the
revised large exposures regime, 2009.
Guideline 1 of the CEBS Guidelines on the management of concentration risk under the
supervisory review process requires that the “management body should understand and
review how concentration risk derives from the overall business model of the institution. This
should result from the existence of appropriate business strategies and risk management
policies.”
Article 109 of 2006/48/EC as amended transposed by Regulation 52 of S.I. No.661 of 2006
mandates that supervisors “shall require that every credit institution have sound
administrative and accounting procedures and adequate internal control mechanisms for the
purposes of identifying and recording all large exposures and subsequent changes to them.”
Article 124 of 2006/48/EC as amended (as transposed by Regulation 66(1)-(3) of S.I. 661
provides the legal basis for supervisory review and assessment, supplemented by CEBS
IRELAND
198 INTERNATIONAL MONETARY FUND
Guidelines on Supervisory Review and Assessment contained in Section 5 of the CEBS
Guidelines on the management of concentration risk under the supervisory review process.
EC7
The supervisor requires banks to include the impact of significant risk concentrations into
their stress testing programmes for risk management purposes.
Description and
findings re EC7
The CBI has imposed EBA Guidelines on concentration risk and stress testing, and assesses
compliance with these guidelines through periodic reviews of High Impact credit
institutions’ stress testing programs during SREPs. These reviews are undertaken by the
Risk Analytics Unit of Banking Supervision. These typically feed into RGPs, and where
necessary RMPs. For Medium High Impact credit institutions, the Risk Analytics Unit also
undertakes a review of the stress testing programs (including the impact of risk
concentrations) as part of the FRA.
The CBI has adopted the CEBS Guidelines on the management of concentration risk under
the supervisory review process which specifically addresses concentration risk within stress
testing in Guidelines 2, 4, 7, 12, 16 and 19 and the CEBS Guidelines on Stress Testing which
also covers concentration risk.
As part of the assessment of stress testing and reverse stress testing, supervisors consider
whether banks consider scenarios which test the ability to withstand impacts on entities to
which the bank has high concentration. Depending on the business model, this might focus
on scenarios and mitigation around withdrawal of funding from the parent, default of top
exposures, operational events around key systems, etc.
As part of the 2011 SREP, a number of weaknesses were identified in a High Impact credit
institution’s stress testing framework, one area being their ability to pick up risk
concentrations. As part of the RMP, in developing their framework, the credit institution
was required to “introduce scenarios that will assist in the identification of interdependencies
between exposures which may only become apparent during stressed conditions. This is to
assist in identification of 'hidden' concentrations. This should include impact of breakdowns in
correlations and significant shocks to specific sectors.”
Additional
criteria
AC1
In respect of credit exposure to single counterparties or groups of connected
counterparties, banks are required to adhere to the following:
(a) ten per cent or more of a bank’s capital is defined as a large exposure; and
(b) twenty-five per cent of a bank’s capital is the limit for an individual large exposure to
a private sector nonbank counterparty or a group of connected counterparties.
Minor deviations from these limits may be acceptable, especially if explicitly temporary or
related to very small or specialized banks.
Description and
findings re AC1
Regulation 54 of S.I. No 661 of 2006 (transposing Article 108 of 2006/48/EC as amended)
states that a bank’s “exposure to a client or group of connected clients shall be considered a
large exposure where its value is equal to or exceeds 10% of its Own Funds.”
Regulation 57(1) of S.I. No 661 of 2006 transposing Article 111 of 2006/48/EC as amended
states that “A credit institution shall not incur an exposure to a client or group of connected
clients the value of which, after taking into account the effect of any credit risk mitigation in
accordance with Regulations 52, 58, 59, 60 and 60A, exceeds 25 per cent of its own funds.”
IRELAND
INTERNATIONAL MONETARY FUND 199
In addition Regulation 57(2) states “If a client is an institution or a group of connected clients
that includes one or more institutions, that value shall not exceed the higher of 25 per cent of
the credit institution’s own funds or €150,000,000. However, the sum of the value of
exposures, after taking into account the effect of any credit risk mitigation in accordance with
Regulations 52, 58, 59, 60 and 60A, to all groups of connected clients that are not institutions
shall not exceed 25 per cent of the credit institution’s own funds.” The Regulation goes on to
state that if the binding limit is €150,000,000, this should not exceed a reasonable limit in
terms of the credit institution’s own funds and should not be higher than 100 per cent,
except if allowed by the Central Bank on a case-by-case basis. In line with the CRD, the
Central Bank has partially or fully exempted some high credit quality exposures from the
limits above.
The CBI allows deviations from these limits for a limited period of time under Regulation
57(5) of S.I. No.661 of 2006 (transposing Article 111(4) of 2006/48/EC as amended) on an
exceptional basis, provided the exposure is reported without delay to the Central Bank.
Assessment of
Principle 19
Compliant
Comments
Principle 20 Transactions with related parties. In order to prevent abuses arising in transactions with
related parties
56
and to address the risk of conflict of interest, the supervisor requires banks
to enter into any transactions with related parties
57
on an arm’s length basis; to monitor
these transactions; to take appropriate steps to control or mitigate the risks; and to write
off exposures to related parties in accordance with standard policies and processes.
Essential criteria
EC1
Laws or regulations provide, or the supervisor has the power to prescribe, a comprehensive
definition of “related parties.” This considers the parties identified in the footnote to the
Principle. The supervisor may exercise discretion in applying this definition on a case by
case basis.
Description and
findings re EC1
In 2010 the CBI introduced a Code of Practice on Lending to Related Parties which was
imposed on all credit institutions on a legislative basis. The code sets out an extensive list
of connected persons and clients for the purpose of limiting related party lending including
spouse, partners, children, people between whom there is such a level of
interconnectedness they must be regarded as a single risk etc. Additionally, the code
defines a related party as a director, senior manager, a significant shareholder of the credit
institution or an entity in which the credit institution has a significant shareholding as well
as a connected person of any of these persons.
56
Related parties can include, among other things, the bank’s subsidiaries, affiliates, and any party (including their
subsidiaries, affiliates and special purpose entities) that the bank exerts control over or that exerts control over the
bank, the bank’s major shareholders, Board members, senior management and key staff, their direct and related
interests, and their close family members as well as corresponding persons in affiliated companies.
57
Related party transactions include on-balance sheet and off-balance sheet credit exposures and claims, as well as,
dealings such as service contracts, asset purchases and sales, construction contracts, lease agreements, derivative
transactions, borrowings, and write-offs. The term transaction should be interpreted broadly to incorporate not only
transactions that are entered into with related parties but also situations in which an unrelated party (with whom a
bank has an existing exposure) subsequently becomes a related party.
IRELAND
200 INTERNATIONAL MONETARY FUND
The CBI has prescribed a comprehensive definition of ‘related party’ in its RPL Code which
applies to prudential requirements and regulatory reporting to the CBI.
The RPL Code applies only to lending (which includes loans, quasi loans or credit
transactions which results in an exposure or potential exposure, including guarantees) to
related parties, but there are other laws and regulations (e.g. Companies Acts, accounting
standards) in Ireland which address requirements and public disclosures regarding
transactions other than lending. However, these other laws are not enforceable by the CBI
because the legislators in Ireland have allocated responsibility to the Central Bank for the
enforcement of financial services legislation and Central Bank regulatory requirements. The
legislators have assigned responsibility for the enforcement of other laws/requirements
referred to above to other agencies e.g. ODCE for company law, the RABs and IAASA for
oversight of auditors, IAASA is the competent authority under the Transparency Directive
Regulations for checking certain Issuers’ compliance with reporting under the relevant
reporting framework.
The RPL Code came into force on 1 January 2011. It was imposed pursuant to Section 117
of the Central Bank Act 1989 on banks incorporated in the State licensed under Section 9
of the Central Bank Act 1971 and on building societies authorized under the Building
Societies Act 1989. It also applies to designated credit institutions registered under the
Asset Covered Securities Act 2001. Separately from the RPL Code, the reporting
requirements described in Section 7 of the RPL Code were imposed pursuant to Section
117(3) (a) of the Central Bank Act 1989.
The RPL Code contains the following definitions that are of relevance to understanding the
‘related parties’ captured by the RPL Code:
Related Party: A related party is defined as:
(i) a director,
(ii) a senior manager, or
(iii) a significant shareholder of the credit institution, or
(iv) an entity in which the credit institution has a significant shareholding, as well as
(v) a connected person of any of the aforementioned persons.
Senior Management: Members of management of the institution or persons who report
directly to the Board of Directors or the chief executive (howsoever described) of the credit
institution.
Significant Shareholder: A person who holds, either themselves or in aggregate with their
connected persons, a significant shareholding. Governments are excluded from this
definition.
Significant Shareholding: 10% or more of the shares or voting rights in the credit institution
or business.
Connected Persons and Clients:
(a) a spouse, domestic partner or child (whether natural or adopted) of a person;
(b) two or more natural or legal persons who, unless it is shown otherwise, constitute a
single risk because one of them, directly or indirectly, has control over the other or
others; or
(c) two or more natural or legal persons between whom there is no relationship of
IRELAND
INTERNATIONAL MONETARY FUND 201
control as set out in point (b) but who are to be regarded as constituting a single
risk because they are so interconnected that, if one of them were to experience
financial problems, the other or all of the others would be likely to encounter
repayment difficulties.
Notes relating to differences between Basel definition and RPL Code definitions of
‘transactions’ captured:
The RPL Code applies only to lending, and thus aims to capture credit risk. It includes lease
agreements, derivatives and write-offs.
The RPL Code does not cover service contracts.
The RPL Code does not specifically cover asset purchases and sales (although it captures
Repos) or construction contracts.
The RPL Code only deals with lending; it does not address claims or borrowings.
In terms of exposures captured by the code it covers all loans, defined as loans, quasi-loans
or credit transactions which result in an exposure or potential exposure, including
guarantees. Therefore in terms of related parties definition and coverage of credit exposure
the code is very extensive.
There is no evidence to suggest that service contracts, asset purchases or sales, or claims or
borrowings are prevalent in the Irish Banking sector and therefore the CBI is of the view
that its RPL Code captures the vast majority of the Related Party transactions. However, as
stated previously, there are other laws and regulations (e.g. Companies Acts, accounting
standards) in Ireland which address requirements and public disclosures regarding
transactions other than lending. For example, The Companies Acts include the following
rules in respect of Substantial Property Transactions:
? The Companies Act prevents directors or persons connected to directors from
purchasing certain non-cash assets from the company at a price which is other
than arm’s length and without express permission from the members of the
company in general meeting
? Non-cash assets are defined as being property or an interest in property other
than cash.
? The thresholds are as follows:
o €63,487 (IR£50,000); or
o 10% of the value of the net assets per the latest set of financial statements
or if there are no financial statements prepared the called-up share capital
of the company
However, if the asset is valued at less than €1,270 (IR£1,000) then it is exempt from the
terms of this section altogether.
Although the accounting standards cover some of these issues, they are not enforceable by
the CBI and they do not address other requirements of the RPL concerning arms-length
requirements, etc.
The code also applies significant qualitative and quantitative requirements on credit
institutions such as:
Qualitative
1. A credit institution cannot grant a loan to a related party on more favourable
IRELAND
202 INTERNATIONAL MONETARY FUND
terms than a loan to a non-related party;
2. A loan to a related party, or a variation in the terms of such a loan requires the
prior approval of the Board or a sub-committee of the Board established
specifically to deal with related party lending;
3. Any loan in excess of €1m requires the prior approval of the Central Bank. the
assessment of such requests includes an assessment of the terms and conditions
of the loan;
4. Policies and processes must be established by the credit institution to prevent (i)
members of staff of the credit institution benefitting from lending to a related
party and (ii) persons related to the borrower from being part of the process of
granting and managing a loan to such a borrower.
5. An obligation on senior management to report at least quarterly to the Board of
any deviations from a policy, process or limit requirement of the code. Any such
deviations must also be reported to the Central Bank within five business days of
the deviation being identified
6. The credit institution shall not (i) engage in a practice, (ii) enter into an
arrangement, (iii) execute a document, or (iv) structure or restructure a loan in
order to avoid its obligations under the code.
Quantitative
The code imposes severe restrictions on a credit institution’s exposures to related parties:
1. Exposures to any one of the credit institution’s directors or senior management,
and persons connected to them, including exposures to any business in which the
director or senior manager has a significant shareholding 0.5% of Own Funds. The
aggregate of such exposures shall not exceed 5.0% of Own Funds
2. Exposure to one of its significant shareholders including exposures to businesses
in which the significant shareholder has a significant shareholding. 5.0% of Own
funds, aggregate not to exceed 15% of Own Funds.
3. Exposures to a client or group of connected clients in which the credit institution
has a significant shareholding. 5.0% of Own funds, aggregate not to exceed 15%
of Own Funds.
Oversight of the Code
The Central Bank oversees compliance with the code as follows:
1. Assesses all loans in excess of €1m prior to a credit institution being in a position
to grant the loan;
2. All credit institutions must report all related party exposures to the Central Bank
on a quarterly basis; and
As part of its ongoing supervision the Central Bank carries out desk top analysis to ensure
that the policies and processes in place are in compliance with the code and additionally
supplements this with on-site testing to ensure that loans to related parties have followed
the policies and processes.
EC2
Laws, regulations or the supervisor require that transactions with related parties are not
undertaken on more favorable terms (e.g. in credit assessment, tenor, interest rates, fees,
amortization schedules, requirement for collateral) than corresponding transactions with
non-related counterparties.
58
58
An exception may be appropriate for beneficial terms that are part of overall remuneration packages (e.g. staff
receiving credit at favorable rates).
IRELAND
INTERNATIONAL MONETARY FUND 203
Description and
findings re EC2
See EC1.
EC3
The supervisor requires that transactions with related parties and the write-off of related-
party exposures exceeding specified amounts or otherwise posing special risks are subject
to prior approval by the bank’s Board. The supervisor requires that Board members with
conflicts of interest are excluded from the approval process of granting and managing
related party transactions.
Description and
findings re EC3
The RPL Code requires, inter alia:
? Loans to related parties or any variation of the terms require prior Board approval,
or approval by a Subcommittee of the Board established specifically to deal with
related party lending. That Subcommittee is required to report directly to the Board.
Board members with conflicts of interest shall be excluded from the approval
process (Requirement 6(b)).
? Actions in respect of the management of such loans (for example, grace periods,
interest roll-ups, loan write-offs) require prior Board approval or approval by a
Subcommittee of the Board established specifically to deal with related party
lending where that Subcommittee reports directly to the Board (Requirement 6(c)).
? Approval is required from the Central Bank prior to extending loans to a related
party that exceeds €1million (Requirement 6(d)).
? The Board of the credit institution is obliged to put policies and procedures in place
over related party lending, ensure adherence thereto, monitor and report on such
loans. (Requirements 6(e), (f), (g), and (h)).
? Limits are imposed on a credit institution’s lending to related parties, both on an
individual level and on an aggregated basis (Requirement 6(i))
? Detailed quarterly reporting requirements to the Central Bank (requirement 7(a)) are
imposed, including the reporting of deviations from the RPL Code to the Central
Bank (Requirements in section 7 of the RPL Code) within 5 business days of the
discovery of the deviation and furthermore management of the institution is
required to report to its Board on at least a quarterly basis, for timely action by the
Board, any deviation from a policy, process or limits.
? Requirement 6(j) contains an anti-avoidance provision which aims to prevent firms
from engaging in practices, entering arrangements, structuring or restructuring
loans or executing documents in such a manner as to avoid the requirements of the
RPL Code.
EC4
The supervisor determines that banks have policies and processes to prevent persons
benefiting from the transaction and/or persons related to such a person from being part of
the process of granting and managing the transaction.
Description and
findings re EC4
The purpose of the RPL code is to prevent persons benefiting from related party
transactions and/or persons related to such a person from being part of the process of
granting and managing the transaction.
The CBI’s monitoring of compliance with the RPL Code is conducted primarily through RPL
IRELAND
204 INTERNATIONAL MONETARY FUND
reports that are received quarterly and are reviewed by Supervision teams. Additionally,
themed reviews of Loans to Directors in covered banks were conducted. A report was
published in March 2009 and supervisors followed up on the findings of these reviews.
Supervisors compare/check reconciliations between disclosure of Related Party
Transactions in the annual audited financial statements and the quarter-end RPL report
coinciding with year-end for High Impact banks; as per PRISM guidelines those banks rated
lower than High Impact do not routinely conduct a year-end reconciliation. Supervisors
check the public disclosure of Loans to Directors and to Connected Persons
(conditions/directions imposed in August 2009).
Requirements relating to Lending to Related Parties are set out in Sections 6 & 7 of the RPL
Code and are summarized in Criteria 2 & 3 above.
EC5
Laws or regulations set, or the supervisor has the power to set on a general or case by case
basis, limits for exposures to related parties, to deduct such exposures from capital when
assessing capital adequacy, or to require collateralization of such exposures. When limits
are set on aggregate exposures to related parties, those are at least as strict as those for
single counterparties or groups of connected counterparties.
Description and
findings re EC5
See EC1
EC6
The supervisor determines that banks have policies and processes to identify individual
exposures to and transactions with related parties as well as the total amount of exposures,
and to monitor and report on them through an independent credit review or audit process.
The supervisor determines that exceptions to policies, processes and limits are reported to
the appropriate level of the bank’s senior management and, if necessary, to the Board, for
timely action. The supervisor also determines that senior management monitors related
party transactions on an ongoing basis, and that the Board also provides oversight of these
transactions.
Description and
findings re EC6
As set out in Criteria 4 above, the Central Bank’s monitoring of compliance with the RPL
Code is conducted primarily through RPL reports that are received quarterly, which are
reviewed by supervision teams. Additionally, themed reviews of loans to directors in
covered banks were conducted. A report was published in March 2009 and supervisors
followed up on the findings of these reviews. Supervisors compare/check reconciliations
between disclosure of Related Party Transactions in the annual audited financial statements
and the quarter-end RPL report coinciding with year-end. Supervisors also check the public
disclosure of loans to directors and to connected persons (conditions/directions imposed
in August 2009) and the maintenance of Registers (conditions imposed in May 2010). The
Central Bank ensures these ‘Mail Merge’ letters imposing conditions/directions are included
on its website.
EC7
The supervisor obtains and reviews information on aggregate exposures to related parties.
Description and
findings re EC7
There are requirements in section 7 of the RPL Code, imposed pursuant to Section 117(3)
(a) of the Central Bank Act 1989, relating to private, prudential reporting to the Central
Bank on a quarterly basis by credit institutions of lending to related parties. The CBI issued
a template for RPL reporting within its ‘Related Party Lending Return Notes on
Compilation’, which is very detailed and is required on a quarterly basis. The main risk
metrics that are tracked by supervisors are compliance with the limits in Requirement 6(i) of
the RPL Code as set out inEC1. Supervisors also monitor movements in RPL by category of
related party from quarter to quarter. Breaches (if any) of the limits in requirement 6(i) are
IRELAND
INTERNATIONAL MONETARY FUND 205
reported to the Deputy Heads and Heads of Banking Supervision Divisions, including a NIL
Return if there are no breaches. Other metrics, such as quarterly movements, are monitored
by supervision teams. At their discretion supervisors would escalate issues to Deputy
Heads/Head of Division. A reporting matrix is currently being developed which will include
related party lending. This will result in a standardized management reporting format and
will be tailored to the impact ratings under PRISM, i.e. greater detail for High Impact credit
institutions.
Supervisors also review the annual financial statements of banks, which contain public
disclosures on Related Party Transactions.
Assessment of
Principle 20
Materially Noncompliant
Comments
A primary risk in related party lending is the abuse by related parties in borrowing with
preferential rates or terms or receiving higher interest on deposits with the bank. The
reports collected by the CBI do not contain information to monitor this risk. Onsite reviews
are infrequent and do not offset the lack of offsite information which is the primary focus
of CBI supervision to monitor compliance with the RPL requirements
The CBI’s RPL code became effective on January 1, 2011 and was revised in 2013. The RPL
Code focuses on lending, and thus aims to capture credit risk, which represents the most
significant element of related party transactions in the banking system. It includes lease
agreements, derivatives and write-offs. The CBI is therefore satisfied that the RPL Code
captures the vast majority of Related Party Lending transactions. In addition, there are
other laws and regulations (e.g. Companies Acts, accounting standards) in Ireland which
address requirements and public disclosures regarding transactions other than lending.
However, these are not enforceable by the CBI but by other relevant Irish authorities.
The RPL Code does not:
? Cover service contracts.
? Specifically cover asset purchases and sales (although it captures Repos) or
construction contracts.
? Address claims or borrowings (i.e. deposits)
Compliance with the Code is primarily monitored through the reports filed by the banks
supplemented with onsite testing. However, the reports do not contain sufficient
information to monitor terms and conditions of the loans, to determine compliance that
transactions are at arms’ length or received Board approval. Requirement 6(d) of the RPL
code requires prior Central Bank approval for loans over €1million, the Questionnaire for
applications for approval contain details of the terms and conditions of the exposure, the
application must be accompanied by relevant minutes of the credit Committee approval of
the loaned and there must be a confirmation that the loan will be transacted on an arm’s
length basis. The limited extent of onsite testing does not sufficiently offset the reporting
deficiency.
IRELAND
206 INTERNATIONAL MONETARY FUND
Principle 21 Country and transfer risks. The supervisor determines that banks have adequate policies
and processes to identify, measure, evaluate, monitor, report and control or mitigate
country risk
59
and transfer risk
60
in their international lending and investment activities on a
timely basis.
Essential criteria
EC1 The supervisor determines that a bank’s policies and processes give due regard to the
identification, measurement, evaluation, monitoring, reporting and control or mitigation of
country risk and transfer risk. The supervisor also determines that the processes are
consistent with the risk profile, systemic importance and risk appetite of the bank, take into
account market and macroeconomic conditions and provide a comprehensive bank-wide
view of country and transfer risk exposure. Exposures (including, where relevant, intra-
group exposures) are identified, monitored and managed on a regional and an individual
country basis (in addition to the end-borrower/end-counterparty basis). Banks are required
to monitor and evaluate developments in country risk and in transfer risk and apply
appropriate countermeasures.
Description and
findings re EC1
The Country Risk Policy was imposed on all credit institutions as a license condition on 23
August 2013 in accordance with Section 10(3) of the Central Bank Act, 1971 and Section 17
of the Building Societies, Act 1989. A breach of a license condition is enforceable through
the Administrative Sanctions Process (see CP 11 for specific details on the sanctions
process).
The Policy (section 2, “Supervisory Approach”) provides that the CBI, in reviewing the
effectiveness of a credit institution’s management of country risk and the adequacy of
provisions made, will determine compliance with all elements of this essential criterion.
Section 2 provides for the following:
? In determining its supervisory approach, the CBI will have regard to the Basel
Committee’s Core Principles for Effective Banking Supervision. In addition, the CBI
will have regard to the size and complexity of a credit institution’s international
lending and investment activities and other factors set out in the policy in
considering whether the credit institution has appropriate systems to control
Country Risk and maintains adequate provisions for such risk.
? In reviewing the effectiveness of a credit institution’s Country Risk management and
the adequacy of provisions made, the CBI will:
o Determine whether a credit institution’s policies and processes give due
regard to the identification, measurement, evaluation, monitoring, reporting
and control or mitigation of Country Risk. The CBI will also determine if the
policies and processes are consistent with the risk profile, systemic
importance and risk appetite of the credit institution (taking into account
market and macroeconomic conditions), and provide a comprehensive bank-
59
Country risk is the risk of exposure to loss caused by events in a foreign country. The concept is broader than
sovereign risk as all forms of lending or investment activity whether to/with individuals, corporates, banks or
governments are covered.
60
Transfer risk is the risk that a borrower will not be able to convert local currency into foreign exchange and so will
be unable to make debt service payments in foreign currency. The risk normally arises from exchange restrictions
imposed by the government in the borrower’s country. (Reference document: IMF paper on External Debt Statistics –
Guide for compilers and users, 2003.)
IRELAND
INTERNATIONAL MONETARY FUND 207
wide view of Country Risk exposure. Exposures (including, where relevant,
intra-group exposures) should be identified, monitored and managed on a
regional and an individual country basis (in addition to the end-
borrower/end-counterparty basis). Credit institutions are required to monitor
and evaluate developments in Country Risk and take appropriate mitigating
action when necessary.
o Determine whether a credit institution’s strategies, policies and processes for
the management of Country Risks have been approved by the credit
institution’s Board on an annual basis, and determine that the Board oversees
management in a way that ensures that these policies and processes are
implemented effectively and fully integrated into the credit institution’s
overall risk management process.
o Determine whether credit institutions have information systems, risk
management systems and internal control systems that accurately aggregate,
monitor and report country exposures on a timely basis, and that these
systems ensure adherence to established country exposure limits.
o Review the adequacy of provisioning by credit institutions against Country
Risk.
o Require credit institutions to conduct stress test scenarios and to include
appropriate scenarios into their stress testing programs for risk management
purposes to reflect Country Risk analysis.
o Regularly obtain and review management information on a timely basis on
the Country Risk of credit institutions. The CBI will obtain additional
information, as needed (e.g. in crisis situations).
? Determination by the CBI of compliance by credit institutions is underway.
EC2
The supervisor determines that banks’ strategies, policies and processes for the
management of country and transfer risks have been approved by the banks’ Boards and
that the Boards oversee management in a way that ensures that these policies and
processes are implemented effectively and fully integrated into the banks’ overall risk
management process.
Description and
findings re EC2
The Policy (section 2, “Supervisory Approach”) provides that the CBI, in reviewing the
effectiveness of a credit institution’s management of country risk and the adequacy of
provisions made, will determine that banks’ strategies, policies and processes for the
management of country and transfer risks have been approved by the banks’ Boards and
that the Boards oversee management in a way that ensures that these policies and
processes are implemented effectively and fully integrated into the banks’ overall risk
management process. The role of the Board and senior management is set out at section
3.1 of the Policy.
The Central Bank is conducting reviews to determine compliance.
EC3
The supervisor determines that banks have information systems, risk management systems
and internal control systems that accurately aggregate, monitor and report country
exposures on a timely basis; and ensure adherence to established country exposure limits.
Description and
findings re EC3
The Policy (section 2, “Supervisory Approach”) provides that the CBI, in reviewing the
effectiveness of a credit institution’s management of country risk and the adequacy of
provisions made, will determine that banks have information systems, risk management
systems and internal control systems that accurately aggregate, monitor and report country
exposures on a timely basis; and ensure adherence to established country exposure limits.
IRELAND
208 INTERNATIONAL MONETARY FUND
The Central Bank currently requires reporting on credit exposures by geographical region
in the Quarterly Summary Financial Return covering ROI, UK, USA & ‘Other’ which provides
aggregate data on sector exposure by region.
EC4
There is supervisory oversight of the setting of appropriate provisions against country risk
and transfer risk. There are different international practices that are all acceptable as long
as they lead to risk-based results. These include:
(a) The supervisor (or some other official authority) decides on appropriate minimum
provisioning by regularly setting fixed percentages for exposures to each country
taking into account prevailing conditions. The supervisor reviews minimum
provisioning levels where appropriate.
(b) The supervisor (or some other official authority) regularly sets percentage ranges for
each country, taking into account prevailing conditions and the banks may decide,
within these ranges, which provisioning to apply for the individual exposures. The
supervisor reviews percentage ranges for provisioning purposes where appropriate.
(c) The bank itself (or some other body such as the national bankers association) sets
percentages or guidelines or even decides for each individual loan on the appropriate
provisioning. The adequacy of the provisioning will then be judged by the external
auditor and/or by the supervisor.
Description and
findings re EC4
The Policy (section 3.11) provides for each institution to determine the appropriate level of
provisions in relation to Country Risk (option (c) of the essential criterion). The Policy sets
out general guidelines in relation to the setting of provisions which must be adhered to by
credit institutions. The adequacy of provisioning is subject to review by the CBI.
Determination by the CBI of compliance by credit institutions with these requirements has
commenced following the imposition of the Policy on credit institutions.
EC5
The supervisor requires banks to include appropriate scenarios into their stress testing
programmes to reflect country and transfer risk analysis for risk management purposes.
Description and
findings re EC5
The Policy (section 3.9) provides that credit institutions should conduct stress testing
analysis of their Country Risk exposures in order to monitor actual and potential risks.
EC6
The supervisor regularly obtains and reviews sufficient information on a timely basis on the
country risk and transfer risk of banks. The supervisor also has the power to obtain
additional information, as needed (e.g. in crisis situations).
Description and
findings re EC6
The Policy (section 5) provides for regular reporting to the CBI by credit institutions of their
Country Risk exposures and provisions.
The Central Bank currently receives quarterly data on lending stock by sector and by
country.
Assessment of
Principle 21
Largely Compliant
Comments
The country risk policy, which has the enforceability of a regulation, was imposed on banks
at the end of August, 2013. The policy imposes requirements on the banks that comply
with the requirements of the Core Principle. Testing of compliance with the Country Risk
Policy commenced in Q3 2013 (one inspection to test adherence to the policy has been
completed with a further inspection ongoing) and further reviews will form part of the
IRELAND
INTERNATIONAL MONETARY FUND 209
Credit Team’s Engagement Plan for 2014.
Notwithstanding that the Country Risk Policy is new; the CBI has been conducting reviews for
some time in relation to Sovereign Risk (a subset of Country risk) as part of its concentration
risk assessments. In two cases issues were identified which resulted in Pillar II capital add-
ons amounting to more than €1.5bn.
Principle 22 Market risk. The supervisor determines that banks have an adequate market risk
management process that takes into account their risk appetite, risk profile, and market
and macroeconomic conditions and the risk of a significant deterioration in market
liquidity. This includes prudent policies and processes to identify, measure, evaluate,
monitor, report and control or mitigate market risks on a timely basis.
Essential criteria
EC1
Laws, regulations or the supervisor require banks to have appropriate market risk
management processes that provide a comprehensive bank-wide view of market risk
exposure. The supervisor determines that these processes are consistent with the risk
appetite, risk profile, systemic importance and capital strength of the bank; take into
account market and macroeconomic conditions and the risk of a significant deterioration in
market liquidity; and clearly articulate the roles and responsibilities for identification,
measuring, monitoring and control of market risk.
Description and
findings re EC1
Supervisory and specialist engagement with respect to market risk is dependent on the
impact rating of an institution (as described in CPs 8 &9) however should a M/H or M/L
impact bank have a high level of market risk or a complex nature to its market risk the
treasury team will be asked to provide additional support beyond the usual support for
such banks. The top seven institutions by impact score are supervised by a market risk
specialist supporting the supervision team with the remaining banks conducting
supervision and assessment of market risk by the individually assigned supervision team
(the risk specialist for market risk sits within the Treasury Team). The risk specialist deploys
an individual bank and peer analysis of inherent, control and concentration of market risk
by a bottom up methodology. The same materials are available for the examination teams
with the lower impact ratings. To promote the use of these materials and to facilitate the
wider use across the remaining examination teams, twice-yearly meetings are held between
the Treasury Team and those examination teams. These meetings are also set up so that
the Treasury Team can guide the examination teams on specific market risk matters and to
promote best practices among these lower impact assessment banks.
For High Impact banks the treasury team will allocate a treasury analyst (one analyst to 1 or
2 banks). This analyst will conduct all aspects of market risk monitoring and analysis
throughout the year. For M/H and M/L impact banks, a treasury analyst will provide
support at the time of the FRA and for other ad hoc reviews. The supervision team will
monitor risks otherwise, with the support of the treasury team’s risk dashboard, risk
assessment framework and twice yearly meetings with the head of the treasury team.
The Quantitative Risk teams provide additional specialist support in the form of validation
and evaluation of risk models.
At the upper end of the scale (High Impact banks), there is ongoing onsite and offsite
regulatory supervision. Contact with High Impact institutions involves: regular ALCO
attendance; monthly meetings with Head of Treasury/Asset Liability Management (ALM);
and weekly Treasury calls. For institutions rated Medium High Impact and Medium Low
IRELAND
210 INTERNATIONAL MONETARY FUND
Impact, an institution will receive a periodic onsite and offsite work and analysis of
information in accordance with PRISM guidelines. For lower risk impact firms, the Treasury
Team provides a resource to assess the market risk aspects of the FRA. This involves both
onsite and offsite work. In addition, the findings of the risk reviews conducted for the high
impact firms are shared with the examination teams of the lower impact teams firms to
help identify common issues. Quarterly risk dashboards are also submitted by the lower
impact banks which aid risk monitoring. Evidence of this was provided during the mission.
Market risk is also assessed by way of periodic thematic/risk reviews. For example, during a
recent review in 2012 of 7 High Impact banks’ ALCO role and effectiveness, banks were
assessed on governance across both market and liquidity risk. This review addressed
governance by the Board and senior management; experience and skills; the understanding
of risk and challenges to risk management; identification of responsibility, resourcing and
reporting of risk management; the appropriateness and effectiveness of behavioural
assumptions, IRRBB and stress testing; and the quality and discussion of management
information circulated to the committee and an assessment of market risk that is conveyed
to the Board members of the bank. A risk review on structural market risk was concluded in
May 2013.
Directive 2006/49/EC provides the basis for the regulation of market risk and banks are
required to apply all EBA (formerly CEBS) market risk guideline documents and bulletins.
Directive 2006/48 and Directive 2006/49 have been largely transposed into Irish law by the
Central Bank Act 1971, S.I. 661 of 2006, the amended S.I. 395 of 1992 and S.I. 475 of 2009 in
relation to banks. Particular regard should be given to Regulations 66 and 70 of S.I. 661 of
2006. Regulation 66 allows the Central Bank to review the arrangements, strategies,
processes and mechanisms implemented by credit institutions to comply with the Directive
2006/49/EC (S.I. 661/2006) and evaluate the risks to which credit institutions are or might
be exposed. Regulation 70 enables the Central Bank to require any credit institution “that
does not meet the requirements of [any law of the State giving effect to the [Recast Credit
Institutions Directive]] to take the necessary actions or steps at an early stage to address the
situation”
Among the guidance documents used to focus the work of supervisors are:
• EBA “High level principles for Risk Management” – February 2010
• EBA “Guidelines on stress testing” – August 2010
• BCBS “Principles for sound stress testing and supervision” – May 2009
• BCBS “Principles for the Management and Supervision of Interest Rate Risk” – July
2004
• BCBS “Revisions to the Basle II Market Risk Framework” – February 2011
Market risk is analysed using the above listed documents as a foundation. These principles
give guidance to best market practice by the application of a system of identification,
measurement and assessment of market risk of the firm. The sources of material market
risk (IRBBB, basis, currency, credit spreads and derivatives), once identified, are subject to
the control structure of the firm within its own limit and control framework.
Market risk is analysed under three broad headings:
? Inherent Market Risk
? Quality of Control and Market Risk Processes
? Concentration of Market Risk
IRELAND
INTERNATIONAL MONETARY FUND 211
Inherent Market Risk
? Risk Tolerance
? Product type
? Market Risk Strategy
? Balance Sheet Structure
? Identification of all Market Risk
Quality of Control and Market Risk Processes
? Governance
? Risk/ Capital Model Validation
? Skill and Knowledge
? Limits – Risk Tolerance
? Limits – Monitoring
? Policy and Procedure
? MIS Reporting
? Stress Testing
? New Product Process
? Internal Audit Process
Concentration of Market Risk
? Diversification
? Illiquid Financial Products
? Illiquid and Volatile Financial Products
The Treasury Team has developed a risk dashboard which captures risk metrics for market
risk (traded and non-traded) and liquidity for the High Impact banks. The dashboard is
populated by banks on a monthly or quarterly basis depending on impact and forms the
basis of enhanced supervisory attention for this cohort of banks. The dashboard allows
peer group comparison.
Of the banks supervised, only 24 had a pillar 1 market risk capital requirement at 30 June
2013. Of these only 11 exceeded €1m and only 2 exceeded €100m. In terms of onsite
examinations of market risk, the Treasury Team has conducted two full risk reviews in 2012
for High Impact banks and has either performed or advised on the market risk assessment
of three lower impact banks. The treasury team, under its market risk assessment
framework, also assesses, on a quarterly basis, all high impact banks’ market risk against a
number of sub-component criteria. This involves both onsite and offsite work. Given
current market and macroeconomic conditions, the High Impact banks have received an
elevated amount of attention by the risk specialists in the Treasury Team, supporting offsite
analysis and attending meetings with bank senior management. Analysis of market risk
through onsite reviews will generally be performed by the supervision team supported by
the treasury team. In addition to the work of the Central Bank, external consultants had
been engaged previously to conduct balance sheet analysis of the major banks in the past
which included an evaluation of market risk.
In terms of inherent market risk across the sector, banks have managed down their risk
profile with a scaling back in exposure. Profile of trading books was relatively benign with
few exotic instruments traded and typical trading strategy adopted by banks is to support
customer flow and for hedging purposes.
EC2 The supervisor determines that banks’ strategies, policies and processes for the
IRELAND
212 INTERNATIONAL MONETARY FUND
management of market risk have been approved by the banks’ Boards and that the Boards
oversee management in a way that ensures that these policies and processes are
implemented effectively and fully integrated into the banks’ overall risk management
process.
Description and
findings re EC2
Supervisors determine that banks have an adequate market risk management process in a
number of ways. In the case of the 7 credit institutions covered by the treasury team this is
assessed:
? by reference to preparatory work for the completion of the quarterly Treasury
Probability Risk rating review exercise.
? from the Central Banks internal reviews of returns received from the credit
institutions.
? during the course of supervisors’ engagement with the Treasurer at regular
scheduled meetings.
? during thematic reviews, e.g. the ALCO Thematic Review, the Market Risk Thematic
Review and the Risk Review conducted on an individual credit institution.
? via ad hoc requests for information on topics that may have come to light in other
institutions.
The assessment of market risk in the remaining institutions forms part of the relevant
supervision team’s work. Each team will determine whether or not there is a Trading Book
within these institutions. When a Full Risk Assessment is carried out, the examination teams
will call upon the support of the Treasury Team to assist in its assessment of market risk.
Meetings will be organized with the relevant credit institution with either the direct or
indirect involvement of the Treasury Team, items arising will be followed up. For Medium
High Impact banks these risk assessments are conducted every 2 to 4 years. In the case of
the Medium Low Impact banks, the risk assessments are performed on a sample basis with
c.10% being reviewed annually. Examination teams will use guidance material from PRISM,
and in some cases use the Market Risk Treasury RAG status to guide them through the risk
assessment. The examination teams revert to the Treasury Team with queries where advice
and support is provided.
In 2011, two High Impact banks were subject to a thematic Market Risk Review to establish
the consistency of processes with the Risk Appetite Statement, risk strategy, risk profile and
capital supporting the risk. These reviews also examined the roles and responsibilities of
committees and officers of each bank for the identification, measuring, monitoring and
control of market risk. Thematic reviews are regularly conducted by the Treasury team in
consultation with the bank examination team. These reviews are focused mainly on the
High Impact banks. A Medium High Impact bank may be added for peer review analysis
when required based upon the market risk scope. Currently there is a Structural Market Risk
Review underway on the 7 banks where Treasury Analysts are assigned; this is currently
being finalized.
Directive 2006/49/EC provides the basis for reviewing market risk and S.I. 661 of 2006, the
amended S.I. 395 of 1992 and S.I. 475 of 2009 in relation to banks set out the requirements.
For the High Impact banks subject to enhanced supervision, the level of engagement with
the bank allows the supervisor to review and assess the implementation of market risk
policies and procedures. The level of traded market risk being run is very low for most
banks (as established from risk dashboards and review of banks’ own MI). Of the banks
IRELAND
INTERNATIONAL MONETARY FUND 213
supervised, only 24 had a pillar 1 market risk capital requirement at 30 June 2013. Of these
only 11 exceeded €1m and only 2 exceeded €100m. This has impacted on the focus of
onsite engagement by both the treasury and examination teams. The treasury team has
been directly involved in assessing the market risk of 8 of the 11 banks mentioned above
including all of the top 7.
The depth of onsite testing and verification by supervisors and, in particular with support
from risk specialists, was not at a level and frequency to accurately confirm that policies
and procedures approved by the Board had been effectively implemented.
EC3
The supervisor determines that the bank’s policies and processes establish an appropriate
and properly controlled market risk environment including:
(a) effective information systems for accurate and timely identification, aggregation,
monitoring and reporting of market risk exposure to the bank’s Board and senior
management;
(b) appropriate market risk limits consistent with the bank’s risk appetite, risk profile and
capital strength, and with the management’s ability to manage market risk and which
are understood by, and regularly communicated to, relevant staff;
(c) exception tracking and reporting processes that ensure prompt action at the
appropriate level of the bank’s senior management or Board, where necessary;
(d) effective controls around the use of models to identify and measure market risk, and
set limits; and
(e) sound policies and processes for allocation of exposures to the trading book.
Description and
findings re EC3
In the case of the 7 credit institutions covered by the treasury team:
? Over time and with experience, the supervisor familiarises themselves with the
market risk management environment/structure of the bank by going on-site to
better examine the relevant internal governance structure and to get a fuller
understanding of the information systems capabilities for Market Risk reporting. This
is conducted on a more granular level via Risk Reviews, etc. Risk Reviews are
conducted on the 7 credit institutions where Treasury Analysts are assigned.
? Refer to CP15 EC7 for details on the Central Bank’s IT assessment framework [(a)]
? The supervisor considers the limit size set out in the RAS of the institution. This
might occur during normal scheduled engagement between the supervisor and the
Treasurer, during a themed review, or during the annual RGP exercise. RGPs and
Market Risk Themed Reviews have made specific reference to this aspect. [(b)]
? The supervisor will monitor “exception tracking and reporting” in a number of ways,
e.g. from details in the ALCO pack, attendance at ALCO, attending meetings and
reviews with both Market Risk team and the Internal Audit team, etc. [(c)]
? The risk modeling team will assess the appropriateness and robustness of the risk
measurement model for the quantification of market risk, e.g. has the risk-
measurement model captured a sufficient number of risk factors of their portfolio?
IRELAND
214 INTERNATIONAL MONETARY FUND
Has the risk-measurement model captured nonlinearities risk, correlation risk and
basis risk? In addition, effective controls around the use of models and set limits
have also been assessed, e.g. product type, market risk strategy, risk tolerance (or
risk limits setting), model validation. [(d)]
? Supervisors determine that policies exist for allocation of exposures to the trading
book through ad-hoc review of an institution’s trading book policy statement and an
assessment of the RAS. From the RAS, the supervisor can assess the allocation of
appropriate limits. Market risk policies must adhere to the EBA guidance documents,
and the operation of the processes that measure and monitor market risk in the
trading book. [(e)]
The Financial Risk Review is the principal activity to assess whether policies and procedures
establish an appropriately controlled market risk environment. The FRR/FRA provides the
supervisor an opportunity to engage a bank’s Chair and representatives from senior
management regarding the control environment for market risk. Preparation for these
meetings and conducting the FRR/FRA will include analysis of a range of information
sources, including market risk policies.
EC4
The supervisor determines that there are systems and controls to ensure that banks’
marked-to-market positions are revalued frequently. The supervisor also determines that all
transactions are captured on a timely basis and that the valuation process uses consistent
and prudent practices, and reliable market data verified by a function independent of the
relevant risk-taking business units (or, in the absence of market prices, internal or industry-
accepted models). To the extent that the bank relies on modeling for the purposes of
valuation, the bank is required to ensure that the model is validated by a function
independent of the relevant risk-taking businesses units. The supervisor requires banks to
establish and maintain policies and processes for considering valuation adjustments for
positions that otherwise cannot be prudently valued, including concentrated, less liquid,
and stale positions.
Description and
findings re EC4
It is a minimum requirement of the CRD that the systems and controls ensure MTMs on
trading portfolios are carried out daily. Confirmation of this is received at bilateral meetings
between the CRO or Head of Market Risk in preparation for the annual RGP for High
Impact banks. In addition this aspect is covered in the Treasury Market Risk RAG status
which is reviewed by the Treasury Team quarterly and which contributes to the Market Risk
Probability Risk of that institution.
Each supervisor builds up an understanding of the internal governance of the institution by
reviewing its policies and strategies. The Market Risk RAG status – which is refreshed
quarterly – asks about the availability of daily limit monitoring systems for Market Risk
Management purposes. The BIS principles for Market Risk Management are the
cornerstone and set the expected standards for engagement with the credit institutions.
Therefore both in ongoing engagement and in the more detailed format, i.e. Thematic
Reviews when conducted on selected institutions – daily Mark to Market (MtM) reporting is
the preferred standard. RAG status reviews, Themed Reviews, ALCO attendance, Policy
reviews all combine to ensure that best practice is measured.
The treasury team has been directly involved in assessing the market risk of 8 of the 11
banks with Pillar I market risk capital requirements greater than €1 million, including all of
the top 7. The main activity to assess systems and controls for traded portfolios is largely
through the FRA for lower impact banks, which is a less intensive activity and for market
IRELAND
INTERNATIONAL MONETARY FUND 215
risk typically attended by the risk specialists. However, this is largely a function of the fact
that most banks are running little or no traded market risk. Of the banks supervised, only
24 had a pillar 1 market risk capital requirement at 30 June 2013. Of these only 11
exceeded €1m and only 2 exceeded €100m. Where previous reviews, prior knowledge of
the bank and/or the risk dashboards we receive confirm the lack of traded market risk less
resources are directed to this area. This is monitored to ensure any changes to this are
identified in a timely manner.
The CRD establishes minimum expectations for validation of internal models by an
independent unit within the bank.
EC5
The supervisor determines that banks hold appropriate levels of capital against unexpected
losses and make appropriate valuation adjustments for uncertainties in determining the fair
value of assets and liabilities.
Description and
findings re EC5
Credit institutions are obliged to hold a precise minimum level of capital and to report
compliance with this capital position to the Central Bank monthly as prescribed by the
Central Bank Act 1971, S.I. 661 of 2006, the amended S.I. 395 of 1992 and S.I. 475 of 2009 in
relation to banks.
The Central Bank places primary reliance on the work conducted by the internal and
external auditor to ensure that valuation adjustments are applied as required. As a
secondary measure, supervisors review the findings of the internal/external auditor, make
enquiries if significant adjustments are made, and consequently make judgment on further
action.
EC6
The supervisor requires banks to include market risk exposure into their stress testing
programmes for risk management purposes.
Description and
findings re EC6
Market risk exposures are required to be included within a bank’s stress testing programme
under the requirements of the CRD Annex V point 10 which requires that policies and
processes for the measurement and management of all material sources and effects of
market risks shall be implemented by banks.
In addition, the EBA Guidelines on Stress Testing (GL32), covers trading book risk as well as
the other main risk types.
Assessment of
Principle 22
Largely Compliant
Comments High Impact banks have been subject to enhanced supervisory attention over the course of
the last several years due to heightened risk profile of banks and current market conditions.
For example, supervisors meet with Treasurers on a monthly basis, often perform
monitoring calls weekly, and attend ALCO meetings periodically. Preparation for these
engagements will include receipt and analysis of ALCO packs and MI that is submitted to
the Board. High Impact banks are subject to enhanced monitoring through a risk
dashboard that is populated monthly and reviewed by risk specialists and supervisors.
These activities provide the supervisor opportunity to assess the inherent risk profile in
traded portfolios and risk mitigants.
The treasury team has been directly involved in assessing the market risk of 8 of the 11
banks with Pillar I market risk capital requirements greater than €1 million, including all of
the top 7. In all but one case this has involved an element of onsite examination.
Assessment of the control environment for the majority of banks has been performed
IRELAND
216 INTERNATIONAL MONETARY FUND
within the Full Risk Assessment process, which is less frequent than a Financial Risk Review.
In the context of a very limited level of market risk in Irish licensed banks, there is a reliance
on exception reporting to identify risk, and insufficient testing of implementation of
policies and procedures onsite to be able to accurately assess the effective implementation
of controls, especially in regard to verify that marked-to-market positions are prudently
valued and revalued frequently.
CBIs oversight of internal models on an ongoing basis is inadequate to ensure models are
fit for purpose and calculating capital accurately (EC4). While models are approved at the
time of implementation, ongoing oversight of models in terms of validation and stability of
model outcomes not performed on an ongoing basis, unless triggered by an event.
Principle 23 Interest rate risk in the banking book. The supervisor determines that banks have
adequate systems to identify, measure, evaluate, monitor, report and control or mitigate
interest rate risk
61
in the banking book on a timely basis. These systems take into account
the bank’s risk appetite, risk profile and market and macroeconomic conditions.
Essential criteria
EC1
Laws, regulations or the supervisor require banks to have an appropriate interest rate risk
strategy and interest rate risk management framework that provides a comprehensive
bank-wide view of interest rate risk. This includes policies and processes to identify,
measure, evaluate, monitor, report and control or mitigate material sources of interest rate
risk. The supervisor determines that the bank’s strategy, policies and processes are
consistent with the risk appetite, risk profile and systemic importance of the bank, take into
account market and macroeconomic conditions, and are regularly reviewed and
appropriately adjusted, where necessary, with the bank’s changing risk profile and market
developments.
Description and
findings re EC1
The Central Bank imposes regulations and guidelines on Irish licensed banks in respect to
the management of IRRBB. Banks are required to apply all EBA (formerly CEBS) IRRBB
guideline documents and bulletins. Particular regard should be given to Regulations 66 and
70 of S.I. 661 of 2006. As per Directive 2006/48/EC, interest rate risk in the non-trading
book is treated under the ICAAP/SREP framework.
The SREP takes the form of qualitative reviews of the documented processes and resulting
management reports together with on-site assessments of both technical and senior
management. The review of Pillar II ICAAPs conducted by supervisors have a particular
focus on the identification of sources of IRRBB and the adequacy of processes to manage
this risk. Furthermore, Pillar II ICAAP reviews include quantitative assessments of IRRBB
such as structural basis risk, pre-payment risk, yield curve risk, re-pricing risk, etc. The
quantitative reviews conducted as part of SREPs are documented in the RGP reports. The
ICAAP reviews have a particular focus on the identification of interest rate risks and the
adequacy of processes to manage this risk, for example, how banks are to monitor, control,
mitigate and report its IRRBB.
As part of the ICAAP, a high level, independent quantitative assessment by the Central
Bank is conducted to assess the adequacy of banks’ estimated IRRBB capital.
61
Wherever “interest rate risk” is used in this Principle the term refers to interest rate risk in the banking book.
Interest rate risk in the trading book is covered under Principle 22.
IRELAND
INTERNATIONAL MONETARY FUND 217
Volatility of earnings is an important focal point for IR analysis because of the reduced
earnings that pose a threat to a bank's capital adequacy. The type of the IR risks to which
banks are exposed include re-pricing-maturity risk, yield curve risk, basis risk, option risk,
prepayment risk and pipeline risk. Pressure on bank net interest margins is currently a topic
for domestic banks as well as the impact from mortgage tracker products which limit
banks’ ability to re-price the portfolio.
Two types of IRRBB limits have been adopted by banks:
1. Risk perspective ((i.e. limits the total quantum of risk that may be taken):
a. Group treasury limit (i.e., overall portfolio VaR limit, Probable Maximum Loss
limit, etc.);
b. Instrument type limit (i.e., Interest rate limit, FX limit, derivative limits, such as
delta and/or vega limits, etc.);
c. Nominal (Cash) based Limits.
2. Financial perspective (i.e. limits the potential for earnings volatility):
a. Earnings Constraint;
b. Embedded Value Limits;
c. Stop Loss Limits.
The IR risk measures and limits are reported through a bank’s ICAAP portal/report
submission. For those banks that do not submit an ICAAP (Medium Low), a Self-
Assessment Questionnaire is submitted. In these submissions, a bank’s risk appetite, risk
profile, macroeconomic conditions & the risk of a significant deterioration in market access,
management of risk and quantification of risk are reported to the supervisors.
The Central Bank’s supervisory risk framework (PRISM) prescribes the engagement with
banks and is used as guidance to assess IR and the effectiveness of IR management and
control systems in operation. PRISM is graduated according to the impact assessment of
each individual bank and arising from this the prescribed level of engagement is applied.
Supervisors assess the adequacy of risk management which is based on a review of
whether the bank’s framework is in accordance with BCBS principles.
Onsite supervision includes thematic reviews (e.g. in the course of the ALCO Thematic
Review or the Risk Review conducted on an individual credit institution) and regular
scheduled meetings with the Treasurer and Risk Management.
For Medium High Impact and Medium Low Impact institutions when a Full Risk Assessment
is carried out the examination teams call in the support of Treasury in respect of IRRBB.
Meetings will be organised with the relevant credit institution, items arising will be followed
up. These FRAs are carried out in accordance with the PRISM engagement cycle. During the
course of normal engagement by the examination teams they will use guidance material
from PRISM and, in some cases, use the Market Risk Treasury RAG status. The examination
teams revert to the Treasury Team with queries, or seeking advice if deemed necessary.
In addition to the guidance material in PRISM to assess IRRBB, the following material is
used by supervisors:
? BCBS108: Principles for Measuring Interest Rate Risk
? CEBS guidelines on Technical aspects of the management of interest rate risk arising
from non-trading activities under the supervisory review process
? CEBS CP32: CEBS guidelines on stress testing
There has been progress in improving the Interest Rate Risk in Banking Book (IRRBB)
IRELAND
218 INTERNATIONAL MONETARY FUND
frameworks within the Irish banking system. The SREP reviews have had a particular focus
on improving banks' policies, infrastructure and implementation of policy. A less intensive
process is used for lower Impact banks with a less frequent risk assessment and reliance on
self assessment. The ongoing engagement with the High Impact banks has allowed the
supervisor to assess banks’ approach and strategy for mitigating IRR as market conditions
change. A less frequent engagement model for lower Impact banks (as prescribed by
PRISM) is nonetheless supported by quarterly risk dashboards which facilitates monitoring
of risk changes and a twice yearly meeting between the examination team and the head of
the Treasury Team which facilitates exchange of information, including findings of the risk
reviews conducted for the High Impact banks that may be relevant to the M/H and M/L
impact banks. A less frequent engagement model for lower Impact banks (as prescribed by
PRISM) will not typically allow supervisors an opportunity to assess whether banks are
regularly reviewing their strategies and risk profile to make adjustments where necessary in
the context of market developments.
EC2
The supervisor determines that a bank’s strategy, policies and processes for the
management of interest rate risk have been approved, and are regularly reviewed, by the
bank’s Board. The supervisor also determines that senior management ensures that the
strategy, policies and processes are developed and implemented effectively.
Description and
findings re EC2
For High Impact credit institutions covered by the Treasury team, as a bank conducts its
review of policies and processes, supervisors follow developments either through
attendance at ALCO’s or through analysis of ALCO packs. During this review, the supervisor
will assess that policies and processes are appropriate and complete.
The supervisory plan includes attendance at the ALCO meetings of 7 High Impact banks. A
monthly conference/onsite meeting is held to discuss the month-to-month change in risk
profile in line with business flow. ALCO agenda items include the important policies which
will be reviewed by that supervisor.
The supervisor will also conduct either face-to-face meetings or a scheduled conference
call with the Treasurer. On the agenda of these meetings, topics/issues included in these
discussions are sometimes requests for policy documents, and questions on whether they
are implemented effectively. In preparation for these ongoing engagements and for the
FRR, supervisors will obtain and review Board-approved policies and ALCO packs. In
instances where specific Thematic Reviews are being conducted by the Supervisor on the
credit institution, these Board approvals would be specifically requested.
For Medium High Impact and Medium Low Impact Institutions the assessment of IRRBB in
these institutions forms part of the relevant supervision team’s work. When a FRA is carried
out, the supervision team can call in the support of Treasury resources in respect of the
IRRBB exposures if material and applicable. Guidance materials prepared by Treasury are
applied by the supervision team.
Ongoing engagement with High Impact banks subject to enhanced supervision will entail
analysis of changes in policies and processes which can be discussed with senior
management and the Board. For banks assigned an Impact rating lower than High, the
supervisor, with support from the treasury team, will assess whether policies and processes
are effectively implemented as part of the FRA, albeit not to the same extent as for High
Impact banks. Themed risk reviews were conducted for the high impact banks, in 2012 on
ALCO/ALM and in 2013 on Structural Market Risk. This amounted to 12 reviews in total.
These covered all the main aspects of strategy, policies and processes for the management
IRELAND
INTERNATIONAL MONETARY FUND 219
of interest rate risk.
EC3
The supervisor determines that banks’ policies and processes establish an appropriate and
properly controlled interest rate risk environment including:
(a) comprehensive and appropriate interest rate risk measurement systems;
(b) regular review, and independent (internal or external) validation, of any models used
by the functions tasked with managing interest rate risk (including review of key
model assumptions);
(c) appropriate limits, approved by the banks’ Boards and senior management, that
reflect the banks’ risk appetite, risk profile and capital strength, and are understood
by, and regularly communicated to, relevant staff;
(d) effective exception tracking and reporting processes which ensure prompt action at
the appropriate level of the banks’ senior management or Boards where necessary;
and
(e) effective information systems for accurate and timely identification, aggregation,
monitoring and reporting of interest rate risk exposure to the banks’ Boards and
senior management.
Description and
findings re EC3
For High Impact credit institutions the interest rate systems are reviewed for
appropriateness and detail for each individual bank. The supervisor becomes familiar with
the interest rate risk management environment/structure of the bank by going on site to
better understand the relevant internal governance structure and the information systems
capabilities for IRRBB reporting. This is also conducted at a more granular level via Risk
Reviews, etc. Risk Reviews are agreed by the Treasury Team and inserted in the year
planning exercise with time allocated. As an example of the greater level of detail taking
place in a Risk Review: during the last Market Risk/IRRBB Thematic Review, a supervisor
followed a trade(s) from origination to settlement.
Supervisors review model assumptions and periodic reviews both by internal and external
audit.
The Risk Appetite Statement and the attached IRRBB policy document are assessed for
appropriateness for the bank’s business and the formation and utilisation of Board-
approved limits. Supervisors consider the limit size permissioned by the risk appetite
statement of the institution. This might occur during normal scheduled engagement
between supervisors and the Treasurer, during a themed review, or during the annual RGP
exercise. RGPs and Market Risk Themed Reviews have made specific reference to this
aspect.
Supervisors will monitor “exception tracking and reporting” in a number of ways, e.g. from
details in the ALCO pack, attendance at ALCO, attending meetings and reviews with both
Market Risk team or Internal Audit team, etc.
Supervisors review operational risk logs and will examine the effectiveness of risk controls
under the EBA guidelines of operational risk in a market related environment. Supervisors
conduct an analysis of the effectiveness of the particular systems used by the bank.
Supervisors review breaches, triggers and changes in limits in relation to underlying
business flow with the independent risk management function of the bank. The minutes
IRELAND
220 INTERNATIONAL MONETARY FUND
and submissions contained in the ALCO pack are under constant review for effective
information systems for accurate and timely identification, aggregation, monitoring and
reporting of interest rate risk exposure. The Central Bank’s IT assessment framework is set
out at CP15 EC7.
For Medium High Impact and Medium low Impact institutions:
The assessment of IRRBB in these institutions forms part of the relevant examination team
work. When a Full Risk Assessment is carried out, the examination teams call in the support
of the Treasury Team in respect of IRRBB. Meetings will be organised with the relevant
credit institution, and items arising will be followed up. These FRAs follow the PRISM
engagement model. During the course of normal engagement by the examination teams
they will use guidance material from PRISM and in some cases use the Market Risk Treasury
RAG status. The examination teams revert to the Treasury Team with queries, or seeking
advice if deemed necessary.
EC4
The supervisor requires banks to include appropriate scenarios into their stress testing
programmes to measure their vulnerability to loss under adverse interest rate movements.
Description and
findings re EC4
The Central Bank requires banks to test the effect of a 200bps shift (this is compared with
the Central Bank estimate to ensure accuracy) in the yield curve. Banks with more complex
exposures are expected to test the effects of more varied tilts and twists in the yield curve
so that vulnerabilities are appropriately understood.
The stress testing of market risk as it applies to the banking book is assessed by the
supervisor. This assessment determines that this criterion is adhered to for those banks that
are categorised to be of High Impact. For the remaining banks, an assessment is performed
as part of the ICAAP review process. The Quantitative Models team within Banking
Supervision division assess IRRBB stress tests through collection of data on the banking
book profile. This assessment is performed for banks that have a Treasury Analyst assigned.
The requirement for more sophisticated scenarios for more complex banks is not mandated
under the existing requirements. However, where deemed necessary, banks are required to
perform a set of sensitivity tests to examine, for example, various yield curve movements
(parallel, tilt and twist), basis risk and behavior assumptions under various scenarios.
Additional
criteria
AC1
The supervisor obtains from banks the results of their internal interest rate risk
measurement systems, expressed in terms of the threat to economic value, including using
a standardized interest rate shock on the banking book.
Description and
findings re AC1
At a minimum, as part of the ICAAP process, banks are expected to assess the impact of the
standardised interest rate shock, i.e. impact on NPV of assets and liabilities from 200bps
parallel shift. While the standardised shock is a minimum requirement, larger banks would
be expected to run more sophisticated models to measure exposure to IRRBB. This includes
VaR models which consider the various interest rate curves to which the bank is exposed as
well as the effect of issues such as optionality. Similarly, taking account of the principle of
proportionality, larger banks would be expected to monitor their exposure to various
shifts/twists in the yield curve on an ongoing basis.
The Central Bank runs an independent test of the standardised calculation, and also
assesses the effect of observed extreme 1-year movements at each re-pricing bucket.
Where it is assessed as a material risk, banks would be expected to hold Pillar 2 capital to
cover IRRBB.
IRELAND
INTERNATIONAL MONETARY FUND 221
? Directive 2006/48 and Directive 2006/49 have been largely transposed into Irish law
by the Central Bank Act 1971, S.I. 661 of 2006, the amended S.I. 395 of 1992 and S.I.
475 of 2009 in relation to banks.
? Particular regard should be given to Regulations 66 and 70 of S.I. 661 of 2006.
o Regulation 66 allows the Central Bank to review the arrangements, strategies,
processes and mechanisms implemented by the credit institutions to comply
with that Directive and evaluate the risks to which the credit institutions are
or might be exposed.
o Regulation 70 enables the Central Bank to require any credit institution “that
does not meet the requirements of [any law of the State giving effect to the
[Recast Credit Institutions Directive]] to take the necessary actions or steps at
an early stage to address the situation.”
Risk Analytics sent to each bank a detailed questionnaire seeking responses to a series of
questions which examine the inherent interest rate risk in the banking book, the control
and management process, and the concentration of risk under the following headings:
a) Risk Appetite and Tolerance
b) Risk Management Framework
c) Interest Risk Exposure Profile
d) Data Sources
e) Quantification of IRRBB
f) Mitigation of IRRBB
g) Controlling Exposure to IRRBB
h) Stress Testing
i) Monitoring and Reporting of IRRBB
j) Capital Allocation to IRRBB
AC2
The supervisor assesses whether the internal capital measurement systems of banks
adequately capture interest rate risk in the banking book.
Description and
findings re AC2
The Central Bank periodically issues an IRRBB questionnaire where an update on the
internal capital measurement systems is required. This is intended to provide a high level
background on the management of interest rate risk from both a qualitative and
quantitative perspective. Following on from this, the Central Bank gathers information on a
bank’s internal approach to measuring interest rate risk, assesses it for reasonableness, and
compares with an internal Central Bank estimate. Where it is considered material/relevant,
the Central Bank may also engage in onsite discussion with those responsible for the
management of IRRBB in the institution to assess internal understanding, as well as
processes and controls around the risk.
Assessment of
Principle 23
Largely Compliant
Comments The Central Bank determines the adequacy of the management of IRRBB under the Pillar II
SREP process. The SREP reviews have had a particular focus on improving banks' policies,
infrastructure and implementation of policy in relation to IRRBB. The Central Bank’s
methodology for assessing IRRBB involves the use of benchmarks (200 bps parallel shift
and a 99% historical shift) when performing an ICAAP review. For example, in the past 12
months, as part of the SREP process, the Central Bank has assessed IRRBB in a number of
banks across all impact categories (including medium low impact). The assessment
consisted of a combination of both on-site and off-site reviews. Evidence was provided
demonstrating that capital add-ons have been imposed on banks arising from these
reviews where deficiencies were identified.
IRELAND
222 INTERNATIONAL MONETARY FUND
The ongoing engagement with the High Impact banks has allowed the supervisor to assess
banks’ approach and strategy for mitigating IRR as market conditions change.
Ongoing monitoring of changes in a bank’s IRR profile not well developed in offsite
analysis. KRIs within PRISM did not contain metrics related to IRRBB and data is only
submitted once per year. A less frequent engagement model for lower Impact banks (as
prescribed by PRISM) will not typically allow supervisors an opportunity to assess whether
banks are regularly reviewing their strategies and risk profile to make adjustments where
necessary in the context of market developments. A less frequent engagement model for
lower Impact banks (as prescribed by PRISM) is somewhat mitigated by these risk
dashboards and dialogue with the treasury team on matters arising from risk assessments
of the High Impact banks.
The treasury team has operated a market risk assessment framework over the last two
years that assesses the banks’ market risk (including IRRBB) through a combination of risk
monitoring, risk reviews and compliance assessment. Lack of IRRBB metrics on PRISM have
been addressed by inclusion in the risk dashboard that is submitted by banks either
monthly or quarterly depending on impact rating.
Principle 24
Liquidity risk. The supervisor sets prudent and appropriate liquidity requirements (which
can include either quantitative or qualitative requirements or both) for banks that reflect
the liquidity needs of the bank. The supervisor determines that banks have a strategy that
enables prudent management of liquidity risk and compliance with liquidity requirements.
The strategy takes into account the bank’s risk profile as well as market and
macroeconomic conditions and includes prudent policies and processes, consistent with
the bank’s risk appetite, to identify, measure, evaluate, monitor, report and control or
mitigate liquidity risk over an appropriate set of time horizons. At least for internationally
active banks, liquidity requirements are not lower than the applicable Basel standards.
Essential criteria
EC1
Laws, regulations or the supervisor require banks to consistently observe prescribed
liquidity requirements including thresholds by reference to which a bank is subject to
supervisory action. At least for internationally active banks, the prescribed requirements are
not lower than, and the supervisor uses a range of liquidity monitoring tools no less
extensive than, those prescribed in the applicable Basel standards.
Description and
findings re EC1
The Central Bank has prescribed liquidity requirements on authorised credit institutions
under its Regulatory Document “Requirements for the Management of Liquidity Risk”
(“Liquidity Requirements”). The prudential liquidity requirements apply to every credit
institution licenced by the Central Bank on a consolidated basis, irrespective of their activity
being local or international, except where in a very limited number of cases the CBI grants
exemptions according to pre-defined criteria.
These Liquidity Requirements impose quantitative and qualitative prudential requirements
on credit institutions authorised in Ireland that are to be met on an ongoing basis. The
Quantitative Ratios are required to be submitted to the Central Bank as part of the maturity
mismatch calculation report. The mismatch is broken up into seven time buckets:
a. Sight to 8 days;
b. Over 8 days to 1 month;
c. Over 1 month to 3 months;
IRELAND
INTERNATIONAL MONETARY FUND 223
d. Over 3 months to 6 months;
e. Over 6 months to one year;
f. 1 to 2 years; and
g. 2 + years.
The quantitative limits only apply to the first two ratios (sight to 8 days & over 8 days to 1
month). The first ratio (sight to 8 days) needs to be 100% and the second ratio (8 days to 1
month) needs to be 90%. All other ratios are monitored (see 6.3 Limits of the Liquidity
Requirements).
For the High Impact and Medium High Impact institutions, the liquidity risk matrix which
determines the liquidity RAG status has been compiled using the Basel standards as stated
below).
The impact rating of a credit institution prescribes the level of supervision, ranging from
ongoing supervision (High Impact) to less intensive (Medium Low Impact). Medium Low
Impact firms are looked at when there is a significant movement in the metrics uploaded to
PRISM or when information comes to the supervisor’s attention that requires supervisory
action. For the Medium Low Impact firms, two meetings per annum are scheduled between
the Treasury Team and the examination team leads to discuss the findings of the
examination teams’ liquidity assessments. These examination team leads use the same RAG
status as used by the Treasury Team for their High Impact firms.
In terms of offsite supervision, only High & Medium-High Impact firms are the regulatory
returns analysis performed. Medium-Low & Low Impact firms are not actively subject to
offsite supervision unless the returns trigger a red flag built into the system. Offsite
supervision is calibrated in a similar way in terms of Impact and for High & Medium Impact
firms the engagement is routine and frequent.
Responsibility for the supervision of liquidity risk is in line with the PRISM engagement
model. Certain High Impact Institutions are assigned a dedicated analyst from the Treasury
Team. Other High Impact institutions receive part of the time of an assigned treasury
analyst. Medium High Impact institutions receive part of the time of an assigned analyst if
deemed necessary. Responsibility for the analysis of liquidity risk in other institutions is
performed by the supervision teams. The Treasury Team is available to provide support and
guidance to the supervision teams in these cases.
Both quantitative and qualitative liquidity requirements must be adhered to by all
authorised credit institutions (both local and international) in Ireland. These are set out in
the following laws, regulations and prudential requirements.
1) Annex XI of CRD, implemented via Reg. 66 of S.I. 661 of 2006
2) Annex V of CRD, implemented via Reg. 66 of S.I. 661 of 2006
3) Central Bank Regulatory Document for Credit Institutions, “Requirements for the
Management of Liquidity Risk”, 29 June 2009
4) Central Bank Corporate Governance Code for Credit Institutions and Insurance
Undertakings. Section 12.3: “A full understanding of the nature of the institution’s
business, activities and related risks.”
The treasury team analyses Liquidity Risk under eight broad headings. These were
formulated using the principles from the paper ‘Basel III: International framework for
liquidity risk measurement, standards and monitoring, (Dec 2010)’.
IRELAND
224 INTERNATIONAL MONETARY FUND
Among the guidance documents used to focus the work of supervisors are:
? EBA ‘Guidelines on Liquidity Cost Benefit Allocation, (Oct 2010)’;
? EBA ‘Guidelines on Liquidity Buffers and Survival Periods, (Dec 2009)’;
? BCBS ‘Principles for Sound Liquidity Risk Management and Supervision, Sept 2008’.
The frequency of reports submitted to the Central Bank is also dependent on the impact of
the credit institution:
1) All licenced credit institutions are required to submit the following liquidity returns
on line via the Central Bank’s Viewpoint IT system:
- Liquidity Return/Maturity Mismatch (weekly/monthly)
- Deposit Protection Return (monthly)
- FINREP (monthly/quarterly)
- Funding Composition Report (monthly for Medium High Impact or
higher/Quarterly for Medium Low Impact or lower)
2) All covered credit institutions are required to submit the following liquidity reports
in addition to the above:
- Guaranteed Liabilities Return (monthly)
- Liquidity Forecasting Analysis (quarterly)
3) All High Impact or Medium High Impact credit institutions are required to submit
the ICAAP portal yearly. This includes the identification, measurement, monitoring,
control and reporting of Pillar 2 risks, i.e. liquidity
4) All Medium Low Impact credit institutions are required to submit a Self-Assessment
Questionnaire yearly. An ICAAP will only be submitted by the credit institution if
requested by the supervisor.
5) All firms involved in Asset Covered Securities are required to submit
- Asset Covered Securities Return (quarterly)
Section 1.4.3 of the liquidity Requirements sets out the instances where branches of EEA
and non-EEA credit institutions may be exempted from the liquidity requirements subject
to certain undertakings by the branch’s head-office and confirmations from the Home
Supervisor. Section 1.4.1 permits, on ‘an exceptional bilateral basis’ an exemption from the
quantitative requirements only to be given to a credit institution. To date, only one Irish
licensed bank has been granted such an exemption.
The legal requirements on the credit institutions to submit the above information to the
Central Bank is stipulated by the following:
1) Central Bank Act, 1971 – Section 23, “Regulation of ratios between assets and
liabilities of holders of licences”
2) ‘Requirements for the Management of Liquidity Risk (June 2009)’, Central Bank.
“Qualitative and Quantitative Requirements”
3) European Communities (Deposit Guarantee Scheme) Regulations 1995 (S.I. 168 of
1995)
4) Credit Institutions (Eligible Liabilities Guarantee) Scheme 2009
5) Memorandum Of Understanding – European Commission, International Monetary
Fund and European Central Bank
6) Basel III/CRD IV – introduction for the first time of international liquidity standards of
minimum liquidity requirements LCR & NSFR ratios, with additional liquidity
monitoring metrics focused on maturity mismatch, concentration of funding and
available unencumbered assets. Currently not a legal requirement; will be in the
future
IRELAND
INTERNATIONAL MONETARY FUND 225
7) Directive 2006/48/EC, implemented via Regulation 66 of S.I. 661 of 2006, Annex XI of
CRD and Annex V of CRD
EC2
The prescribed liquidity requirements reflect the liquidity risk profile of banks (including
on- and off-balance sheet risks) in the context of the markets and macroeconomic
conditions in which they operate.
Description and
findings re EC2
The impact rating of a credit institution on the Irish economy prescribes the level of
supervision as iterated above in criteria 1. The Treasury Team’s approach to analysing
liquidity is shared with the supervision teams of the lower impact banks to ensure a
consistent approach. However, in general these banks have lower levels of liquidity risk and
are less exposed to markets and macroeconomic conditions. For the banks analysed by the
treasury team under the liquidity matrix (8 credit institutions in total), the banks are
analysed in the context of the markets – both on and off balance sheet – and
macroeconomic conditions in which they operate.
The Treasury Team has developed a risk rating framework (risk dashboard) to evaluate the
liquidity risk profile of an authorised credit institution. Under the risk rating framework,
Liquidity Risk is analysed under 8 broad headings as stated above, which takes into account
market and macroeconomic conditions.
Section 3 of the Liquidity requirements requires each credit institution to establish a
liquidity policy, to be reviewed on an ongoing basis. The liquidity policy must include a
“strategy for the ongoing management of liquidity risk that is consistent with the risk
tolerance of the credit institution” (3.1); Scenario analysis is to include institution specific
and market factors and assumptions about the behaviour of a credit institution’s assets,
liabilities and off-balance sheet activities under stress should be reviewed regularly to
ensure their continued appropriateness (3.6). in addition the policy must give regard to
access to funding: market access must ensure sufficient access to funding from a range of
sources in the financial market (3.8).
EC3
The supervisor determines that banks have a robust liquidity management framework that
requires the banks to maintain sufficient liquidity to withstand a range of stress events, and
includes appropriate policies and processes for managing liquidity risk that have been
approved by the banks’ Boards. The supervisor also determines that these policies and
processes provide a comprehensive bank-wide view of liquidity risk and are consistent with
the banks’ risk profile and systemic importance
Description and
findings re EC3
The impact rating of a failure of a credit institution on the Irish economy prescribes the
level of supervision, as iterated above in EC1. Section 3.1 of the Liquidity Requirements
explicitly sets out the expectations for Boards to be responsible for liquidity risk
management in developing a strategy for ongoing management and establishing an ALCO
structure to manage liquidity on a practical level. In this section, the liquidity policy is
required to be reviewed and approved at least annually by the Board. Section 3.4 sets out
the minimum expectations for management information to be provided to the Board with
appropriate and timely information.
Section 3.3 entitled Internal Controls sets out the expectations that reporting of limit
breaches is immediately brought to the attention of ALCO and the Board.
Section 3.6 of the Liquidity Requirements deals with scenario analysis and stress testing
including treatment of assumptions. The procedures regarding scenario analysis, stress
tests and assumptions must include:
? Procedures for the performance and analysis of a range of stress and
IRELAND
226 INTERNATIONAL MONETARY FUND
“what-if” scenarios, considering institution-specific and market factors,
including the frequency of performance;
? Procedures for the action to be taken by management in the event of
certain stress results;
? A timetable for the performance of stress testing and scenario analysis
is to be prepared at the commencement of each financial year and the
outcome of these examinations are to be reported to the Board on an
annual basis; and
? Assumptions about the behaviour of a credit institution’s assets,
liabilities and off-balance sheet activities under stress should be
reviewed regularly to ensure their continued appropriateness in the
context of the credit institutions activities.
The following requirements with regard to stress testing of liquidity must be adopted by
credit institutions:
? Stress testing must be completed on a quarterly basis by all
institutions for both a bank-specific and industry-wide liquidity stress
situation.
? Each institution should consider further whether it is appropriate to
perform both a moderate and severe entity-specific stress test, in
addition to the minimum criteria prescribed above.
? Institutions are to document: (i) an acceptable mismatch between
inflows and outflows under each scenario and (ii) the strategic
responses which would be required and available to the credit
institution in cases where these acceptable mismatches are breached.
For example, if the stress testing identifies an unacceptable gap, an
entity should consider the types of action it would take depending on
the magnitude of the gap, the severity and likelihood of the stress
scenario. These may include:
o Sell appropriate assets or repo assets;
o Requisition the marginal lending facility; or
o Draw down committed lines.
These stress testing requirements are quantitative and are in addition to the qualitative
requirements outlined in section 3.6 of the Requirements. Central Bank teams will examine
the reporting of stress testing results to the Board, as required in section 3.6, as part of
their ongoing work. In addition to this work, the Treasury Team will ensure that the
responsibilities of the Board are carried out – these include developing a strategy for the
ongoing management of liquidity risk that is consistent with the risk tolerance of the credit
institution; assigning a management structure to identify, measure, monitor and control
liquidity risk; approving the liquidity policy; etc.
Certain institutions rated High Impact receive a dedicated analyst from the Treasury Team.
Other High Impact institutions receive part of the time of an assigned treasury analyst.
Medium High Impact institutions receive part of the time of an assigned analyst if deemed
necessary. Responsibility for the analysis of liquidity risk in other institutions is performed
by the supervision teams. The Treasury Team is available to provide support and guidance
to the supervision teams in this case.
Under the Treasury Team risk rating framework a bank’s liquidity risk framework is analysed
under the following categories
IRELAND
INTERNATIONAL MONETARY FUND 227
1) Governance and Culture
2) Measurement and Forecasting
3) Liquidity Management
4) Liquidity Contingency Planning
Credit institutions are required to submit to the Central Bank the results of three types of
stress scenarios: 1) idiosyncratic, 2) market wide and 3) combination of both. These are
submitted monthly for High Impact and Medium High Impact institutions, and Quarterly
for Medium Low or Low Impact credit institutions. The legal/regulatory basis for the
supervision of liquidity risk is based on the following:
? Regulation 66 and 70 of S.I. 661 of 2006.
? The liquidity risk framework was formulated using the “Requirements for the
Management of Liquidity Risk (29 June 2009).” The framework also incorporates the
principles of the Basel Committee “Principles for Sound Liquidity Risk Management
and Supervision” – September 2008
? Basel Committee “Principles for sound stress testing and supervision” – May 2009
? BCBS ‘Basel III: International framework for liquidity risk measurement, standards
and monitoring, (December 2010)’.
Among the guidance documents used to focus the work of supervisors are:
? EBA ‘Guidelines on Liquidity Cost Benefit Allocation, (October 2010)’;
? EBA ‘Guidelines on Liquidity Buffers and Survival Periods, (December 2009)’.
? CEBS/EBA guidelines on stress testing (GL32) annex 5, (August 2010).
As part of the SREP (ICAAP) process, reviews of liquidity policy and contingency plans are
carried out yearly.
A recent thematic review was conducted to assess liquidity contingency planning. This
review included a sample of 7 credit institution (local and international). In another recent
review of banks’ ALCOs’ role and effectiveness, banks were assessed on governance across
liquidity risk. This ALCO review addressed a number of areas, including stress testing and
the quality and discussion of management information that is circulated to the ALCO
committee and the Board members of the bank.
EC4
The supervisor determines that banks’ liquidity strategy, policies and processes establish an
appropriate and properly controlled liquidity risk environment including:
(a) clear articulation of an overall liquidity risk appetite that is appropriate for the banks’
business and their role in the financial system and that is approved by the banks’
Boards;
(b) sound day-to-day, and where appropriate intraday, liquidity risk management
practices;
(c) effective information systems to enable active identification, aggregation, monitoring
and control of liquidity risk exposures and funding needs (including active
management of collateral positions) bank-wide;
(d) adequate oversight by the banks’ Boards in ensuring that management effectively
implements policies and processes for the management of liquidity risk in a manner
IRELAND
228 INTERNATIONAL MONETARY FUND
consistent with the banks’ liquidity risk appetite; and
(e) regular review by the banks’ Boards (at least annually) and appropriate adjustment of
the banks’ strategy, policies and processes for the management of liquidity risk in the
light of the banks’ changing risk profile and external developments in the markets
and macroeconomic conditions in which they operate.
Description and
findings re EC4
Assessment for 7 High Impact and one Medium High Impact is an ongoing process, and
involves examination of:
(a) A bank’s risk appetite by monitoring ALCO packs and Board Papers.
(b) Liquidity risk management practises – by attending Alco meetings, meeting
with the Treasurer to discuss ALCO agenda and papers, and by performing
Risk Reviews on aspects of Liquidity Management.
(c) Information systems by analysing MI capability to ensure high standard of
output which displays liquidity risk exposures.
(d)/(e) Board’s policy approval of liquidity policies to ensure that it matches the RAS,
and that these policies are kept under review.
For High Impact banks, both onsite and offsite regulatory supervision is constant. Contact
with High Impact institutions involves: monthly meeting with Head of Treasury /ALM;
weekly liquidity risk calls; and scheduled Risk Reviews. The Treasury Team provides support
to the examination teams of these banks by way of semi-annual meetings, access to the
Treasury Team’s risk reviews and risk assessment framework as well as support for risk
assessments.
The Treasury Team’s onsite work includes a monthly meeting with the Head of ALM to
discuss recent ALCO agenda items and ALCO MI. As previously mentioned, 4 Risk Reviews
will take place during the course of 2013 to deal with the following topics:
? Funds Transfer Pricing;
? Structural Market Risk;
? Contingency Funding Plan; and
? Funding strategy and Liquidity Stress Testing.
Regular meetings are scheduled with heads of functions (ALM, Treasury, Risk, and Internal
Audit) as appropriate to the bank’s risk rating. Regular assessment and testing is conducted
on the quality of liquidity governance, measurement, management, reporting and
performance against liquidity targets. The offsite work involves constant review of funding
and maturity profile in order to gather a strong understanding of the bank’s funding
structure and strategy.
Inherent in this assessment methodology is consistency. Banks can be compared with peers
across the sector. This allows for more efficient identification of best practices or of
emerging trends in banks in a peer group.
For Medium High Impact and lower impact banks, the assessment of liquidity strategy,
processes and policies is done as part of the FRA, the frequency and duration of which is as
per PRISM guidance.
EC5
The supervisor requires banks to establish, and regularly review, funding strategies and
policies and processes for the ongoing measurement and monitoring of funding
requirements and the effective management of funding risk. The policies and processes
include consideration of how other risks (e.g. credit, market, operational and reputation
IRELAND
INTERNATIONAL MONETARY FUND 229
risk) may impact the bank’s overall liquidity strategy, and include:
(a) an analysis of funding requirements under alternative scenarios;
(b) the maintenance of a cushion of high quality, unencumbered, liquid assets that can
be used, without impediment, to obtain funding in times of stress;
(c) diversification in the sources (including counterparties, instruments, currencies and
markets) and tenor of funding, and regular review of concentration limits;
(d) regular efforts to establish and maintain relationships with liability holders; and
(e) regular assessment of the capacity to sell assets.
Description and
findings re EC5
The requirements are set out in Sections 3 and 8 of the Liquidity Requirements where the
CBI requires each credit institution to establish a liquidity policy, which will be reviewed as
part of the ongoing regulation of the institution.
While HQLA can be used in the calculation of the liquidity mismatch ratio, there is no
stipulation in the rules for a minimum HQLA as long as there are sufficient net inflows to
meet the minimum ratio requirements.
As well as the qualitative requirements included in the liquidity policy, Section 5.2 sets out
overriding criteria for determining the characteristics of marketable assets including
concentration and depth of market. Section 3.8 sets out requirements for market access.
Requirements are also set out in the instructions for ICAAP submission, Section 4, Section
5.4 and Section 9.
The Legal/Regulatory Basis is as follows:
? Regulation 66 and 70 of S.I. 661 of 2006.
? Central Bank Requirements for the Management of Liquidity Risk (June 2009).
Imposed via :
Quantitative Requirements:
o Central Bank Act 1971, Section 23
o Building Societies Act 1989, Section 39
o Trustee Savings Bank 1989, Section 31
Qualitative Requirements:
o EC (Licensing and Supervision of Credit Institutions) Regulation
1992 (Regulation 16 S.I. 395 of 1992)
? Quantitative Requirements & Qualitative Requirements are also imposed as
conditions to which all credit institutions are subject to:
o Central Bank act 1971 Section 10,
o Building Societies Act 1989 Section 17
o Trustee Savings Bank 1989 Section 12
o Asset cover securities Act 2001 Section 16
? Directive 2006/48/EC, implemented via Regulation 66 of S.I. 661 of 2006, Annex XI of
CRD and Annex V of CRD:
o Annex XI, Section 1(e)
o Annex V, Section 10
EC6 The supervisor determines that banks have robust liquidity contingency funding plans to
handle liquidity problems. The supervisor determines that the bank’s contingency funding
plan is formally articulated, adequately documented and sets out the bank’s strategy for
IRELAND
230 INTERNATIONAL MONETARY FUND
addressing liquidity shortfalls in a range of stress environments without placing reliance on
lender of last resort support. The supervisor also determines that the bank’s contingency
funding plan establishes clear lines of responsibility, includes clear communication plans
(including communication with the supervisor) and is regularly tested and updated to
ensure it is operationally robust. The supervisor assesses whether, in the light of the bank’s
risk profile and systemic importance, the bank’s contingency funding plan is feasible and
requires the bank to address any deficiencies.
Description and
findings re EC6
The Central Bank requires each credit institution to establish a Contingency Funding Plan
(section 3.9 of the Liquidity Requirements), developed by management and approved by
the Board of Directors as part of the liquidity policy which will be reviewed as part of the
ongoing regulation of the institution. At a minimum, the CFP is to:
? Identify the triggers that are used as signs of an approaching crisis and who has
responsibility for monitoring and reporting on these triggers, e.g. a predetermined
drop in deposits, a predetermined decline in the value of shares, or a higher cost of
funding vis-à-vis other credit institutions;
? Outline individual responsibilities in the event of the credit institution experiencing
liquidity problems, in particular the person with responsibility for liaison with the
media, shareholders and the Central Bank should be outlined;
? Outline procedures for timely and relevant information flows to senior management
in the event of a crisis;
? Outline procedures for making up cash flow shortfalls will be outlined e.g. selling
assets, establishing new lines of funding etc., in both normal and stressed
conditions;
? Outline identify and quantify all sources of funding by preference of use in various
scenarios extending from normal circumstances to a severe industry stress;
? Address strategy with respect to altering the behaviour of assets and liabilities;
? Address circumstances when the plan should be utilised; and
? Outline names, contact details and geographical location of personnel responsible
for contingency planning.
The extent of review of a credit institutions contingency funding plan is dependent on the
impact of the credit institution. The Treasury Team has developed a risk rating framework
to evaluate the liquidity risk profile of an authorised credit institution for Medium High
Impact or higher (eight broad headings).
For the 8 banks assessed by the Treasury Team, a Risk Review of CFPs is one of the four
scheduled reviews to be conducted in 2013. Prior to this, as part of the team’s liquidity risk
assessment framework, CFPs were reviewed as part of the probability risk scoring process.
The more detailed 2013 reviews will add more depth and peer comparisons.
As with all such reviews, the review document will be made available to the examination
teams of Medium High Impact and Medium Low impact banks, and discussed with them at
the semi-annual meetings with the Treasury Team.
Contingency planning is covered by the PRISM guidance material on liquidity risk and
forms part of the material reviewed by examination teams when conducting FRA, the
frequency of which are determined by the impact rating of the bank, as per PRISM. The
Treasury Team’s Liquidity Risk Assessment Framework is also used for some of these banks
IRELAND
INTERNATIONAL MONETARY FUND 231
and has specific metrics on CFP.
EC7 The supervisor requires banks to include a variety of short-term and protracted bank-
specific and market-wide liquidity stress scenarios (individually and in combination), using
conservative and regularly reviewed assumptions, into their stress testing programmes for
risk management purposes. The supervisor determines that the results of the stress tests
are used by the bank to adjust its liquidity risk management strategies, policies and
positions and to develop effective contingency funding plans.
Description and
findings re EC7
The Central Bank both requires banks to conduct a variety of stress tests and also assesses
whether the results of these are used by the banks to inform CFP and setting of Risk
Appetite.
Section 8 of the Liquidity Requirements stipulates the frequency and nature of stress tests
to be performed by credit institutions including: stress tests must be completed on a
quarterly basis for both bank specific and industry-wide stress situations; and moderate
and severe scenario is considered where appropriate. The assumptions need to be
documented. Section 3.8 details the various parameters a bank needs to consider.
A series of Risk Reviews is scheduled by the Treasury Team for 2013 onwards and includes
CFP, Liquidity Stress Testing and Funding Strategy. These will add to the quality of the
assessment. These will also be used to inform the assessment of the Medium High Impact
and lower impact banks.
Also, each institution is required to submit a monthly liquidity return and a Treasury
Funding Report. This information is analysed in terms of funding composition, behavioural
assumptions on cash flow of both assets and liabilities, monitoring of liquidity ratios and
EBA stress test results (idiosyncratic, systematic and combined).
EC8 The supervisor identifies those banks carrying out significant foreign currency liquidity
transformation. Where a bank’s foreign currency business is significant, or the bank has
significant exposure in a given currency, the supervisor requires the bank to undertake
separate analysis of its strategy and monitor its liquidity needs separately for each such
significant currency. This includes the use of stress testing to determine the
appropriateness of mismatches in that currency and, where appropriate, the setting and
regular review of limits on the size of its cash flow mismatches for foreign currencies in
aggregate and for each significant currency individually. In such cases, the supervisor also
monitors the bank’s liquidity needs in each significant currency, and evaluates the bank’s
ability to transfer liquidity from one currency to another across jurisdictions and legal
entities.
Description and
findings re EC8
FMP banks (3 High Impact institutions) with any sizable foreign currency transformation
requirements are either deleveraging that part of the portfolio or have matched that part of
the balance sheet. The FMP banks are monitoring and reporting foreign currency exposure
quarterly to the Troika and Central Bank. None of the non-FMP banks have significant
foreign currency transformation requirements.
The COREP return requires banks to submit their Foreign Exchange Risk Total Positions in
Non-Reporting Currencies to the Central Bank. This return also shows the net position per
currency. Foreign currency is not regarded as significant (“significant” being >5%). The
banks’ ability to transfer liquidity from one currency to another across legal entities is only
analysed for covered institutions.
IRELAND
232 INTERNATIONAL MONETARY FUND
The qualitative requirements are set out in Section 3 of the Central Bank, regulatory
document for credit institutions “Requirements for the Management of Liquidity Risk (29
June 2009).” The Central Bank requires each credit institution to establish a liquidity policy,
which will be reviewed as part of the ongoing regulation of the institution. At a minimum
the policy is to include:
3.7 Foreign exchange
- Document limits placed on foreign currency mismatches
individually and/or in aggregate
- Document Limits placed in cases where the currency is not freely
available
- Analysis of foreign currency liquidity under various scenarios
The quantitative requirements are set out in Section 7 (“Foreign exchange business”) of the
Central Bank regulatory document for credit institutions, “Requirements for the
Management of Liquidity Risk (29 June 2009).” The Central Bank requires the credit
institution to report the liquidity position in all currencies combined. Balances and flows
denominated in the foreign currencies should be converted into the operational currency,
for the purpose of completing the quarterly prudential liquidity return.
As part of the CRDIV/CRR, from Q1 2014, credit institutions will be required to submit
separate liquidity returns on a significant currency basis, i.e. where the institution has
aggregate liabilities in a foreign currency amounting to or exceeding 5% of the institutions
total liabilities, or has a significant branch as defined in CRDIV in a host Member State
using a foreign currency. The credit institutions shall monitor their liquidity needs
separately for each currency. This analysis and reporting requirement will be completed
under a stressed scenario. Maturity mismatches for significant foreign currencies will be
analysed as part of the Central Bank’s analysis of the CRR Maturity Ladder reporting
template, due to be submitted by institutions in 2014.
Each quarter, the Irish covered banks (3 High Impact banks) submit comprehensive liquidity
forecasting analysis as part of the EU-IMF Financial Support programme for Ireland. This
includes balance sheet and FX funding gap (USD/GBP) forecasting out to end of 2014.
Additional
criteria
AC1
The supervisor determines that banks’ levels of encumbered balance-sheet assets are
managed within acceptable limits to mitigate the risks posed by excessive levels of
encumbrance in terms of the impact on the banks’ cost of funding and the implications for
the sustainability of their long-term liquidity position. The supervisor requires banks to
commit to adequate disclosure and to set appropriate limits to mitigate identified risks.
Description and
findings re AC1
The Central Bank does not impose specific limits on asset encumbrance. Levels of
encumbrance are monitored via the risk dashboards and discussed with the banks. What
may be an acceptable level of asset encumbrance will vary from case to case. In some cases
it may be a function of a bank’s funding model e.g. covered bond bank. In some cases it
may be a function of temporary reliance on secured central bank funding while a
deleverage programme is executed. The banks report the level of asset encumbrance
monthly – this information is contained in the “Dashboard” received from the High Impact
banks. The topic of “Asset Encumbrance” has also been raised in recent papers circulated
by the ESRB. These papers involve proposals to increase the level of reporting and
regulation on “Asset Encumbrance”, but falls short of requiring limits to be applied and
positions of these banks against limits to be reported. The paper provides implementation
IRELAND
INTERNATIONAL MONETARY FUND 233
dates for commencement of this new regulation by the relevant National Supervisory
Authorities at a time in the future. The Central Bank will be working to comply with these
new standards and implementation dates. Separately, one High Impact bank was given an
RMP for delivery by end March 2013 to improve their management and internal reporting
of asset encumbrance. They have completed this RMP to the satisfaction of Banking
Supervision.
Banking Supervision applies a maturity mismatch approach to the monitoring of liquidity
risk of each credit institution as outlined in Central Bank – ‘Requirements for the
Management of Liquidity Risk (June 2009)’. The approach set out in the ‘Requirements’
requires credit institutions to analyse their cash flows under various categories and place
them in predetermined time bands depending on the time cash is received and paid out.
The prudential liquidity ratios focus on the first two time bands, 0-8 days and over 8 days
to 1 month, and the composition of available liquid assets to create sufficient liquidity to
cover expected outflows including behavioral assumptions. These statutory Liquidity Ratios
are set at 100% and 90% respectively. The Central Bank has the discretion on a case-by-
case basis to impose liquidity requirements on an institution, which may require it to
maintain maturity mismatch ratios different from the standard limits imposed.
Section 5.4 “Encumbered Assets” of the Central Bank regulatory document for credit
institutions, “Requirements for the Management of Liquidity Risk (29 June 2009)”, details
the treatment of Encumbered Assets for liquidity reporting purposes. Encumbered assets
consist of:
? securities pledged as collateral and not available to the institution for the period that
they constitute collateral;
? securities transferred by the reporting credit institution as part of a sale and
repurchase agreement for the duration of the agreement;
? receivables that are currently nonperforming/impaired and on which impairment has
been identified on individual loans;
? low grade securities; and
? shares in affiliated companies.
The Central Bank requires credit institutions to report liquidity ratios across various time
bands each week/month/quarter depending on the impact, e.g. High Impact credit
institutions are required to submit weekly and monthly liquidity returns online.
Each institution is also required to submit a Treasury Funding Report. This is submitted
monthly for institutions with dedicated Treasury analyst. For all other institutions, it is
submitted quarterly/monthly depending on the supervision team requirement. This
information is analysed in terms of funding composition.
In addition, Annex V, Section 10, of Directive 2006/48/2006: “Credit institutions shall
distinguish between pledged and unencumbered assets that are available at all times, in
particular during emergency situations. They shall also take into account the legal entity in
which assets reside, the country where assets are legally recorded either in a register or in an
account as well as their eligibility and shall monitor how assets can be mobilised in a timely
manner.”
As well as the above, supervisors closely monitor liquidity mismatches and forecasting in
the covered institutions, and the possible necessity for Emergency Liquidity Assistance.
Each quarter, the Irish covered banks (i.e. 3 High Impact banks) which have existing
IRELAND
234 INTERNATIONAL MONETARY FUND
drawings from the Central Bank, or have had such drawings in the past six months, are
deemed High Liquidity Risk probability. Banking Supervision, working with the Financial
Markets Division, monitors the availability of each credit institution’s collateral for ECB
monetary operations such as the MRO and LTRO.
The Treasury Team risk rating framework (as detailed above) evaluates the unencumbered
assets under the heading “8. Funding Composition and Stability” for High Impact and
Medium High Impact banks. This is not performed for Medium Low Impact banks as
supervision is carried out on a reactive basis.
Legal/Regulatory Basis
? Requirements for the Management of Liquidity Risk (June 2009), Central Bank
document – Section 4.2 “Limits and Monitoring Ratios”
? Basel III/CRD IV – introduction for the first time of international liquidity standards of
minimum liquidity requirements LCR & NSFR ratios, with additional liquidity
monitoring metrics focused on maturity mismatch, concentration of funding and
available unencumbered assets
? Directive 2006/48/EC, Annex V and Annex XI, implemented via Regulation 66 of S.I.
661 of 2006
Practical Example
1) Thematic Review on Funds Transfer Pricing was completed in early 2013.
2) Unencumbered liquid assets are submitted weekly/monthly via the liquidity return
online.
3) “Use of Collateral” report is received from the Central Bank Organisational Risk
division weekly. This report details the collateral used in the ECB.
As stated above, there is no system-wide process initiated by Banking Supervision which
requires that levels of encumbrance on balance sheets are maintained within acceptable
limits. However, the banks report to the Central Bank the level of asset encumbrance
monthly – this information is contained in the “Dashboard” received from the High Impact
banks.
Assessment of
Principle 24
Compliant
Comments The Central Bank has prescribed liquidity requirements for authorized credit institutions
which are not lower than Basel standards. Supervision of liquidity risk is in line with the
PRISM engagement model. The Bank requires each credit institution to establish and
maintain a liquidity strategy and liquidity policy. Central Bank requires each credit
institution to establish a contingency funding plan, developed by management and
approved by the Board. Frequency of reports submitted to the Central Bank is dependent
on the impact of the credit institution. The Central Bank requires banks to conduct a variety
of stress tests and also assesses whether the results of these are used by the banks to
inform Contingency Funding Planning and setting of Risk Appetite.
Principle 25 Operational risk. The supervisor determines that banks have an adequate operational risk
management framework that takes into account their risk appetite, risk profile and market
IRELAND
INTERNATIONAL MONETARY FUND 235
and macroeconomic conditions. This includes prudent policies and processes to identify,
assess, evaluate, monitor, report and control or mitigate operational risk
62
on a timely basis.
Essential criteria
EC1
Law, regulations or the supervisor require banks to have appropriate operational risk
management strategies, policies and processes to identify, assess, evaluate, monitor, report
and control or mitigate operational risk. The supervisor determines that the bank’s strategy,
policies and processes are consistent with the bank’s risk profile, systemic importance, risk
appetite and capital strength, take into account market and macroeconomic conditions,
and address all major aspects of operational risk prevalent in the businesses of the bank on
a bank-wide basis (including periods when operational risk could increase).
Description and
findings re EC1
The CBI requires that banks manage operational risk in line with the CRD, which states that:
? “Credit institutions shall have a well-documented assessment and management
system for operational risk with clear responsibilities assigned for this system. They
shall identify their exposures to operational risk and track relevant operational risk
data, including material loss data. This system shall be subject to regular
independent review.
? The operational risk assessment system must be closely integrated into the risk
management processes of the credit institution. Its output must be an integral Part
of the process of monitoring and controlling the credit institution's operational risk
profile.
? Credit institutions shall implement a system of management reporting that
provides operational risk reports to relevant functions within the credit institution.
Credit institutions shall have procedures for taking appropriate action according to
the information within the management reports. Policies and processes to evaluate
and manage the exposure to operational risk, including to low-frequency high-
severity events, shall be implemented. Without prejudice to the definition laid down
in Article 4(22), credit institutions shall articulate what constitutes operational risk
for the purposes of those policies and procedures.
? Contingency and business continuity plans shall be in place to ensure a credit
institution's ability to operate on an ongoing basis and limit losses in the event of
severe business disruption.”
Recognizing that supervisors must be satisfied that banks have robust and effective
operational risk policies and procedures in place that are suitable for their business, the CBI
has designed an Operational Risk Assessment Methodology that provides supervisors with
a practical means for the assessment of operational risk in a banking environment. It
provides a step-by-step process to help scope, plan and manage an operational risk
examination and specific guidance to assess operational risk across four dimensions:
1. Operational Risk Management Framework: Recognizing the criticality of assessing
the robustness of bank’s [own] Operational Risk Framework, the CBI’s Methodology
focuses on:
- The completeness of a bank’s Framework
62
The Committee has defined operational risk as the risk of loss resulting from inadequate or failed internal
processes, people and systems or from external events. The definition includes legal risk but excludes strategic and
reputational risk.
IRELAND
236 INTERNATIONAL MONETARY FUND
- The quality of each component of the bank’s Framework
- The effectiveness of the bank’s Framework in practice
2. Operational Risk Exposure: Recognizing that a bank’s Operational Risk Management
Framework should ensure that all material risks are identified and managed, the
CBI’s framework provides supervisors with the tools and guidance to:
? Identify the major risks that a bank faces and to assess exposure to
different risk types
? Form an objective view of aggregate risk exposure as a challenge to a
bank’s own assessment
? Identify risks that are unacceptably high, poorly managed or absent from
the bank’s Framework
3. Regulatory Compliance: As compliance with Operational Risk Regulation is a
minimum, the CBI’s framework enables supervisors to:
? Determine which regulatory requirements apply to the bank they are
supervising
? Assess compliance with those requirements
4. Capital Adequacy: The methodology includes guidance and tools to enable
supervisors to:
? Assess and challenge the adequacy of Operational Risk capital levels
? Determine when a Pillar 2 capital add-on may be appropriate (training has
been provided to Supervisors in relation to same)
The assessment framework, has been rolled-out and is embedded in the PRISM framework.
The methodology recognizes differences in the scale and structure of institutions and
provides guidance on priority areas of assessment where particular types of operational risk
are deemed prevalent across the industry. This guidance is refreshed annually. While the
exact scope of an assessment is decided by individual supervisors and management, any
full assessment is expected to address those priority areas.
In terms of the frequency with which operational risk is assessed on-site, reviews are
undertaken as part of a FRR/FRA. These are completed on an ongoing basis for High
Impact institutions and every two to four years for Medium High Impact institutions.
Reviews are carried out on a spot basis for Medium Low Impact institutions.
The Assessment Methodology was implemented in mid-2012. A revision was released in Q1
2013 and the document will be reviewed and revised annually.
CRD (2006/48/EC) - Title V, Chapter 2, Section 4: ” Minimum Own Funds Requirements for
Operational Risk” and the related Annex V and Annex X states:
“The scope of the review and evaluation referred to in paragraph (1) shall be that
of the requirements of the [Recast Credit Institutions Directive].
[…]
Regulation 70 allows for the Central Bank to require a bank to take necessary
actions and steps “requiring the reduction of the risk inherent in the activities,
products and systems of credit institutions.”
The CBI, under these provisions, has applied an Operational Risk Assessment Methodology
IRELAND
INTERNATIONAL MONETARY FUND 237
to ensure that Banks have adequate and sound Operational Risk management practices.
The assessment methodology has, in turn, been derived from a series of regulatory
guidance and best practice sources including:
o CRD (2006/48/EC) – Title V, Chapter 2, Section 4: “Minimum Own Funds
Requirements for Operational Risk” and the related Annex V and Annex X.
o GL10 Guidelines on the implementation, validation and assessment of
Advanced Measurement &Internal Ratings Based Approaches.
o GL21 Compendium of Supplementary Guidelines on implementation issues of
operational risk.
o GL25 Guidelines on operational risk mitigation techniques.
o GL32 Guidelines on Stress Testing.
o GL35 Guidelines on the management of operational risks in market-related
activities.
o GL45 EBA Guidelines on AMA extensions and changes.
o BCBS Principles for the Sound Management of Operational Risk.
o BCBS Operational Risk - Supervisory Guidelines for the Advanced
Measurement Approaches.
EC2
The supervisor requires banks’ strategies, policies and processes for the management of
operational risk (including the banks’ risk appetite for operational risk) to be approved and
regularly reviewed by the banks’ Boards. The supervisor also requires that the Board
oversees management in ensuring that these policies and processes are implemented
effectively.
Description and
findings re EC2
The CBI requires banks to manage operational risk in line with CRD requirements as set out
above, which require that “The management body shall approve and periodically review the
strategies and policies for taking up, managing, monitoring and mitigating the risks the credit
institution is or might be exposed to, including those posed by the macroeconomic
environment in which it operates in relation to the status of the business cycle.” The
Corporate Governance Code requires:
? The Board shall establish a documented risk appetite for the institution. The appetite
shall be expressed in qualitative terms and also include quantitative metrics to allow
tracking of performance and compliance with agreed strategy. The risk appetite
should be subject to annual review by the Board.
? The Board shall ensure that the risk management framework and internal controls
reflect the risk appetite, and that there are adequate arrangements in place to
ensure that there is regular reporting to the Board on compliance with the risk
appetite.
? The (Board) Risk Committee shall oversee the risk management function.
? The (Board) Risk Committee shall ensure the development and ongoing
maintenance of an effective risk management system within the financial institution
that is effective and proportionate to the nature, scale and complexity of the risks
inherent in the business.
As set out in CP14, supervisors are responsible for assessing bank compliance with the
Corporate Governance Code. In addition, the Operational Risk Assessment Methodology
which, as set out in EC1, is the principal assessment tool applied by the Central Bank,
directs supervisors to specifically assess the role of the Board of Directors and management
in defining, regularly reviewing and monitoring adherence to operational risk policies,
procedures and risk appetite. Guidance for assessing the core risk processes that should be
in place is also set out. In each case supervisors are provided with guidance to assess the
completeness of the firm’s framework, policies and process as well as guidance to assess
IRELAND
238 INTERNATIONAL MONETARY FUND
the quality of those components and their practical effectiveness. Criteria for specific
assessment of the role of the Board and management are also defined
EC3
The supervisor determines that the approved strategy and significant policies and
processes for the management of operational risk are implemented effectively by
management and fully integrated into the bank’s overall risk management process.
Description and
findings re EC3
The Operational Risk Assessment Methodology is premised on the need to assess the
practical substance of a firm’s Operational Risk Framework as well as the quality of its
design. Supervisors are provided with guidance on assessing the consistency and
robustness of the implementation of the framework and guided to take a clear view on its
effectiveness. This point of assessment is built into all components of the Methodology and
supervisors do assess and determine the effectiveness of strategy, policies and processes.
EC4
The supervisor reviews the quality and comprehensiveness of the bank’s disaster recovery
and business continuity plans to assess their feasibility in scenarios of severe business
disruption which might plausibly affect the bank. In so doing, the supervisor determines
that the bank is able to operate as a going concern and minimize losses, including those
that may arise from disturbances to payment and settlement systems, in the event of
severe business disruption.
Description and
findings re EC4
The Operational Risk Assessment Methodology defines taxonomy of different operational
risk types in line with Basel II categories. For each risk type, supervisors are provided with
guidance to assess the inherent risk exposure, the quality and effectiveness of controls and
mitigants and residual exposure. Specific guidance is provided to help supervisors
understand where risks are liable to manifest in the firm, the functions within the firm that
should be addressing those risks and the types of controls and mitigants that should be in
place. Supervisors are required to set out their judgment of each risk in the scope of their
assessment and, for consistency and comparability, a common mechanism for rating each
risk type from inherent to residual risk is set out.
A range of different Business Continuity Management and Disaster Recovery type risks are
identified (IT/Communications failure; damage to physical assets; industrial relations
disputes; etc.) in the taxonomy. Clear guidance is provided (as described above) to enable
supervisors develop a view of the robustness of Firm’s provisions and mechanisms to
prevent and recover from disruption. That guidance has been developed in line with known
best practice and standards in the financial services industry and includes provisions
concerning Business Continuity Management and Disaster Recovery organization,
contingency planning and testing.
Specific provisions for the assessment of payment and settlements systems are included in
the revised (Q1 2013) version of the assessment methodology.
EC5
The supervisor determines that banks have established appropriate information technology
policies and processes to identify, assess, monitor and manage technology risks. The
supervisor also determines that banks have appropriate and sound information technology
infrastructure to meet their current and projected business requirements (under normal
circumstances and in periods of stress), which ensures data and system integrity, security
and availability and supports integrated and comprehensive risk management.
Description and The CBI has engaged a third party provider, to assist in the development of an assessment
methodology and framework for reviewing the IT capability of Irish licensed credit
IRELAND
INTERNATIONAL MONETARY FUND 239
findings re EC5 institutions.
The Risk Taxonomy and risk assessment guidance within the Operational Risk Assessment
Methodology identifies a range of risk types related to Information Technology. Specific
risk types concerning the robustness of IT systems, data integrity, disaster recovery, and
information security have been identified along with the guidance to enable supervisors to
effectively assess those risks and related controls and mitigants. Further, assessment of the
robustness of the firm's IT infrastructure is identified as a ‘priority risk’ within the
Methodology meaning that it should form part of any full assessment undertaken.
Particular emphasis is placed on analyzing the complexity of systems and related business
operations and any potential fragilities that exist.
EC6
The supervisor determines that banks have appropriate and effective information systems
to:
(a) monitor operational risk;
(b) compile and analyze operational risk data; and
(c) facilitate appropriate reporting mechanisms at the banks’ Boards, senior
management and business line levels that support proactive management of
operational risk.
Description and
findings re EC6
The Assessment Methodology aims to enable a supervisor assess the robustness of a firm’s
Operational Risk MI and supporting systems across a number of dimensions:
- The adequacy and robustness of a technology supporting a firm’s bottom-up risk
processes;
- A firm’s ability to monitor operational risk levels across key areas of exposure;
- A firm’s ability to capture loss events and near miss events; and
- The quality of a firm’s internal MI for management, Operational Risk/ Risk
Committees and the Board itself.
Key areas of assessment focus include:
- Risk and Control Self-Assessment toolset (or equivalent). Specific assessment criteria
are set for such tools and surrounding processes.
- Loss Capture Database. Again Supervisors are provided with guidance to assess the
robustness of loss data capture and the processes and procedures underpinning
same.
- Operational risk MI and metrics – Specific guidance is provided in terms of assessing
both completeness and quality and, importantly, in terms of assessing the
appropriate use of information generated (effectiveness).
In addition to assessing the robustness of these tools, supervisors utilize the information
they hold to support assessment of a banks operational risk profile and the quality and
effectiveness of its operational risk management.
As set out in EC1, supervisors carry out assessments as part of the annual FRR, as part of
the cycle of Financial Risk Assessments and as bank and external factors dictate (i.e. when
operational risks levels are elevated due to significant events or near misses and/or when
external factors increase operational risk exposure).
EC7 The supervisor requires that banks have appropriate reporting mechanisms to keep the
IRELAND
240 INTERNATIONAL MONETARY FUND
supervisor apprised of developments affecting operational risk at banks in their
jurisdictions.
Description and
findings re EC7
Firms are required to report Operational Risk Capital levels (and as required the underlying
analyses including operational risk events and developments driving those capital
assessments) to the Central Bank. A new operational risk reporting framework which
requires both quarterly and semi-annual reporting to the CBI has been implemented.
Reporting requirements will provide supervisors with structured information and data
concerning banks operational risk exposure and management and will enable supervisors
to cross-compare and benchmark banks.
EC8
The supervisor determines that banks have established appropriate policies and processes
to assess, manage and monitor outsourced activities. The outsourcing risk management
programme covers:
(a) conducting appropriate due diligence for selecting potential service providers;
(b) structuring the outsourcing arrangement;
(c) managing and monitoring the risks associated with the outsourcing arrangement;
(d) ensuring an effective control environment; and
(e) establishing viable contingency planning.
Outsourcing policies and processes require the bank to have comprehensive contracts
and/or service level agreements with a clear allocation of responsibilities between the
outsourcing provider and the bank.
Description and
findings re EC8
The CBI has in place specific standalone guidelines to assess new outsourcing
arrangements put in place by banks (and the contracts underlying same) and the processes
involved in third-party selection (in line with EBA guidelines). The Operational Risk
Assessment Methodology includes specific assessment provisions (also in line with EBA
guidelines and other best practice) to enable supervisors to determine that banks are
effectively considering, and putting in place procedures to manage and monitor, the risks
associated with outsourcing deals and that adequate (bank and provider) contingency
arrangements exist to assure business continuity in the event that the third party provider
encounters operational difficulties in delivering against their commitments to the bank. The
Methodology also provides guidance on the types of measures (Service Level Agreements,
etc.) that supervisors should expect to see in place in banks for the ongoing management
and monitoring of service and operational quality.
Additional
criteria
AC1 The supervisor regularly identifies any common points of exposure to operational risk or
potential vulnerability (e.g. outsourcing of key operations by many banks to a common
service provider or disruption to outsourcing providers of payment and settlement
activities).
Description and
findings re AC1
The Assessment Methodology specifically identifies a range of priority risk types that
supervisors should consider in full assessments. This group of items reflects the Central
Bank’s view of risks that are currently prevalent across the industry and so merit specific
attention. It is intended that the list of priority risks will be reviewed and revised at least
annually (including the Q1 2013 revision of the Methodology).
IRELAND
INTERNATIONAL MONETARY FUND 241
As set out in EC1, supervisors carry out assessments as part of the annual FRR, as part of
the cycle of Financial Risk Assessments and as bank and external factors dictate (i.e. when
operational risks levels are elevated due to significant events or near misses and/or when
external factors increase operational risk exposure).
Assessment of
Principle 25
Largely Compliant
Comments A detailed operational risk policy has been implemented and a number of onsite reviews
conducted. A report to be filed by banks has been implemented and the first reports are to
be filed as of September 30, 2013. Effectiveness and adequacy of monitoring cannot be
fully assessed at this review due to the recent implementation of the report that will play an
important role in monitoring compliance.
Principle 26 Internal control and audit. The supervisor determines that banks have adequate internal
control frameworks to establish and maintain a properly controlled operating environment
for the conduct of their business taking into account their risk profile. These include clear
arrangements for delegating authority and responsibility; separation of the functions that
involve committing the bank, paying away its funds, and accounting for its assets and
liabilities; reconciliation of these processes; safeguarding the bank’s assets; and appropriate
independent
63
internal audit and compliance functions to test adherence to these controls
as well as applicable laws and regulations.
Essential criteria
EC1
Laws, regulations or the supervisor require banks to have internal control frameworks that
are adequate to establish a properly controlled operating environment for the conduct of
their business, taking into account their risk profile. These controls are the responsibility of
the bank’s Board and/or senior management and deal with organizational structure,
accounting policies and processes, checks and balances, and the safeguarding of assets
and investments (including measures for the prevention and early detection and reporting
of misuse such as fraud, embezzlement, unauthorized trading and computer intrusion).
More specifically, these controls address:
(a) organizational structure: definitions of duties and responsibilities, including clear
delegation of authority (e.g. clear loan approval limits), decision-making policies and
processes, separation of critical functions (e.g. business origination, payments,
reconciliation, risk management, accounting, audit and compliance);
(b) accounting policies and processes: reconciliation of accounts, control lists,
information for management;
(c) checks and balances (or “four eyes principle”): segregation of duties, cross-checking,
dual control of assets, double signatures; and
(d) safeguarding assets and investments: including physical control and computer access.
63
In assessing independence, supervisors give due regard to the control systems designed to avoid conflicts of
interest in the performance measurement of staff in the compliance, control and internal audit functions. For
example, the remuneration of such staff should be determined independently of the business lines that they oversee.
IRELAND
242 INTERNATIONAL MONETARY FUND
Description and
findings re EC1
The CRD sets out broad requirements that set the platform for a bank’s internal control
framework. Under Article 22 of EU Directive 2006/4/EC banks are required to have
“transparent and consistent lines of responsibility, effective processes to identify, manage,
monitor and report the risk it is exposed to, and adequate internal control mechanisms,
including sound administrative and accounting procedures.”
Section 16 of S.I.395 of 1992 transposes the EC (Licensing and Supervision of Credit
Institutions) Regulations 1992. It requires that “every credit institution authorised by the
Central Bank shall manage its business in accordance with sound administrative and
accounting principles and shall put in place and maintain internal control and reporting
arrangements and procedures to ensure that the business is so managed.” Section 16 of
S.I.395 of 1992 also requires that “every credit institution shall have robust governance
arrangements including:
(a) a clear organisational structure with well defined, transparent and consistent lines of
responsibility;
(b) effective processes to identify, manage, monitor and report the risks it is or might be
exposed to;
(c) adequate internal control mechanisms;
(d) sound administrative and accounting procedures; and
(e) remuneration policies and practices that are consistent with and promote sound and
effective risk management.
Every credit institution shall ensure that the arrangements, processes and mechanisms
referred to (above) are comprehensive and proportionate to the nature, scale and complexity
of the activities of the institution.”
The Central Bank’s Corporate Governance Code requires banks to have “adequate internal
control mechanisms, including sound administrative and accounting procedure, IT systems
and controls, remuneration policies and practices that are consistent with and promote sound
and effective risk management” (Section 6.3).
Through the interaction of the Code and regulations, the Central Bank requires banks to
have internal control frameworks that are adequate for the operating environment.
Section 12.1 of the Code is the most specific requirement in relation to the role of the
Board which states that the board of each institution is responsible for:
- the effective, prudent and ethical oversight of the entity;
- setting the business strategy for the institutions; and
- ensuring that risk and compliance are properly managed in the
institution.
The Code and Regulations do not necessarily specify the full responsibilities of the Board in
relation to all aspects of this EC (a) – (c), nonetheless, the Regulations do require the
controls to be in place and in conjunction with the Code requires the Board to be generally
responsible for the prudential oversight of the institution.
Where the Central Bank considers that a credit institution does not have an appropriate
balance of skills and resources of back office, control and operational management, it has
the power to require credit institutions to comply with deficiencies in its compliance with
the CRD via Regulation 70 of S.I.661 of 2006. Also, through the Central Bank’s power to
place conditions on specific banking licenses (Section 10 of the Central Bank Act 1971), it
IRELAND
INTERNATIONAL MONETARY FUND 243
can require a credit institution to provide a greater balance in the skills and resources of
the back office, control functions and operational management relative to the business
origination units.
EC2
The supervisor determines that there is an appropriate balance in the skills and resources
of the back office, control functions and operational management relative to the business
origination units. The supervisor also determines that the staff of the back office and
control functions have sufficient expertise and authority within the organization (and,
where appropriate, in the case of control functions, sufficient access to the bank’s Board) to
be an effective check and balance to the business origination units.
Description and
findings re EC2
The Corporate Governance Code (section 14.5) requires the Boards of credit institutions to
ensure that key control functions such as risk management are independent of business
units and have adequate resources and authority to operate effectively. Credit Institutions
submit a compliance statement to the Central Bank annually identifying any deviation from
the Code. Supervisors assess compliance with Section 14.5 through day-to-day supervision,
receipt and review of the ICAAP portals followed by a SREP full risk assessment, and via the
review of credit institutions’ annual compliance statements.
The Central Bank has recently developed guidance for supervisors to assist in assessing the
balance between back office/control and front office/business functions. The guidance has
assisted supervisors making their assessments of staff in control functions.
Supervisors typically receive and review Post-Audit Reports and Management Letter
Reports written up by external auditors annually. These reports highlight internal control
and management reporting observations which are used by supervisors to identify
weaknesses, with potential follow up with the credit institution. These external audits also
review and sample, inter alia, accounting policies, processes, checks and balances,
reconciliation of accounts, control lists, segregation of duties, cross-checking, and sign-offs.
As per PRISM requirements, supervisors meet with credit institutions’ CFO (at a minimum
annually for High Impact firms, and every 18 months for Medium High Impact firms). This
engagement will discuss, inter alia, the finance function, its access to the board, and its
expertise and authority within the organisation. PRISM also requires supervisors to
periodically meet with the Head of Internal Audit, external auditors and a senior non-
executive director, all of which would discuss bank controls and operational management.
Supervisors for High Impact and Medium High Impact credit institutions review Board and
governance forum packs and minutes on a monthly or quarterly basis to monitor internal
controls. The review of Medium Low Impact credit institutions depends on the frequency of
Board meetings and the business activity of the bank and review of packs ranges from
monthly to bi-annually.
In addition to reporting of breaches that banks are required to submit to the Central Bank,
supervisors will perform onsite reviews, with a minimum frequency determined by PRISM.
Supervisors will go beyond the minimum engagement model when required as evidenced
through the attention dedicated to the major banks (i.e. High Impact). The onsite review -
such as a Full Risk Assessment (FRA) or a Financial Risk Review (FRR) - will provide the
supervisor the opportunity to make an accurate and comprehensive assessment of the
skills, resourcing and authority of the back office in relation to the front office.
The Central Bank has demonstrated sound practices to evaluate the effectiveness of a
IRELAND
244 INTERNATIONAL MONETARY FUND
bank’s internal control functions through an appropriate mix of offsite and onsite activities.
For Medium Low impact banks supervisors make judgments on the internal control
functions based on interactions with the firms including meetings with the Senior
Management Team – CRO and CFO at a minimum every 18 months and ongoing
interaction with finance and compliance functions. Supervisors also review internal audit
reports on liquidity and ICAAP on an annual basis. Supervisors may request internal audit
to complete work on specific risk areas and depending on the quality of response we will
make a judgment on effectiveness.
For those banks where the impact rating is below Medium High, supervisor will typically
rely upon self identification mechanisms, exception reporting and adverse triggers of non-
compliance with the Code or Regulations as the most likely sources of identifying
weaknesses in the effectiveness in control functions. Engagement with bank senior
management such as the CRO, CFO, Head of Internal Audit will not typically be undertaken
(unless where risks have been identified) to test and challenge the skills and resources of
back office functions as an effective means of performing a check and balance to the
business units. For the lower impact rated institutions, the Central Bank deploys a
significantly reduced range of supervisory activities to assess a bank’s control functions i.e.
desk top review of self annual compliance statement. The Central Bank does not require a
bank to have an Internal Audit function and in the case of lower Impact banks, there is the
option to utilise the services of a Group IA function. While the Central Bank does not
specifically require banks to have an Internal Audit function, all Irish licensed banks either
have a local internal audit function or are explicitly covered by the group internal audit
function.
EC3
The supervisor determines that banks have an adequately staffed, permanent and
independent compliance function
64
that assists senior management in managing effectively
the compliance risks faced by the bank. The supervisor determines that staff within the
compliance function are suitably trained, have relevant experience and have sufficient
authority within the bank to perform their role effectively. The supervisor determines that
the bank’s Board exercises oversight of the management of the compliance function.
Description and
findings re EC3
There is no specific requirement within the Corporate Governance Code or Regulations for
banks to maintain a permanent compliance function, however, the Central Bank applies the
EBA Guidelines on Internal Governance (GL44) in which Section 28 requires credit
institutions to establish a compliance function, and to implement a compliance policy
which should be communicated to all staff. It states that “in smaller and less complex
institutions this function may be combined with or assisted by the risk control or support
functions.” It requires that the “compliance function should ensure that the compliance
policy is observed and reported to the management body.” It also states that “the
compliance function should verify that new products and new procedures comply with the
current legal environment and any forthcoming changes.” GL44 is not binding in Irish law
but the Central Bank has communicated to credit institutions that it requires full
compliance. The Central Bank is currently codifying GL44, with a due date of 2013
(dependent on binding technical standards).
64
The term “compliance function” does not necessarily denote an organizational unit. Compliance staff may reside in
operating business units or local subsidiaries and report up to operating business line management or local
management, provided such staff also have a reporting line through to the head of compliance who should be
independent from business lines.
IRELAND
INTERNATIONAL MONETARY FUND 245
Through ongoing engagement with credit institutions, the Central Bank determines
whether banks have an adequately staffed, permanent and independent compliance
function that assists senior management in managing effectively the compliance risks faced
by the bank.
Irish licensed, High Impact and Medium High Impact banks have compliance functions in
place; Medium Low Impact banks typically have a compliance officer in place.
The Corporate Governance Code (section 14.5) requires the Board to ensure that key
control functions such as compliance are independent of business units and have adequate
resources and authority to operate effectively. At a minimum, Credit Institutions are
required to submit a compliance statement to the Central Bank annually identifying any
deviation from the Code which is reviewed by supervisors.
The Central Bank assesses the fitness and probity of incoming Heads of Compliance
through the Fitness and Probity Standards 2011 and the Central Bank Reform Act 2010.
Under the Code, the Head of Compliance is deemed to be “Pre-approval Control Function”
(PCF12), which requires the pre-approval by the Central Bank prior to appointment. The
process of approval/non-approval entails a desk-top review of the applicant’s CV,
education and experience, previous regulatory/criminal history. Applicants for such
positions will be interviewed by the Central Bank as deemed necessary. This is carried out
by the Central Bank’s Regulatory Transactions Division in conjunction with Banking
Supervision.
The assessment of the suitability of a compliance function is typically performed through
the course of a FRR/FRA, where supervisors would meet with the Head of Compliance,
review any relevant documents, including the compliance policy, terms of reference,
compliance plan, organisational charts, resourcing analyses, in addition to compliance
updates provided to senior management and the bank’s board. Routine monitoring of a
bank’s compliance function is also performed through review of board packs and the firm’s
Annual Compliance Statement in accordance with Section 25 of the Corporate Governance
Code for Credit Institutions and Insurance Undertakings, which is signed off by members of
the bank’s board.
Supervisory teams for High Impact banks have regular engagement, typically quarterly,
with the Head of Compliance to review, inter alia, regulatory issues, the progress of RMP
and any other compliance issues. This ongoing engagement would also inform the
supervisory assessment of the effectiveness, independence and adequacy of resourcing of
the compliance function. These engagements with the higher impact banks was evidenced
to be not only frequent but intrusive and challenging.
The lower Impact banks will also not typically receive ongoing engagement but will be
subject to periodic assessment, desk review and exception reporting.
EC4
The supervisor determines that banks have an independent, permanent and effective
internal audit function
65
charged with:
65
The term “internal audit function” does not necessarily denote an organizational unit. Some countries allow small
banks to implement a system of independent reviews, e.g. conducted by external experts, of key internal controls as
an alternative.
IRELAND
246 INTERNATIONAL MONETARY FUND
(a) assessing whether existing policies, processes and internal controls (including risk
management, compliance and corporate governance processes) are effective,
appropriate and remain sufficient for the bank’s business; and
(b) ensuring that policies and processes are complied with.
Description and
findings re EC4
Through ongoing engagement and themed inspections with credit institutions, the Central
Bank determines if banks have an adequately staffed, permanent and independent internal
audit function.
Supervisors assess compliance with the audit requirements of the Corporate Governance
Code through day-to-day supervision, receipt and review of the ICAAP portal followed by a
FRR/FRA, and via the review of credit institutions’ annual compliance statements.
There is not an explicit legal requirement stating that banks must have an internal audit
function or to appoint a Head of Internal Audit. The Central Bank does however have the
power to require credit institutions to comply with deficiencies in its compliance with the
CRD via Regulation 70 of S.I. 661 of 2006. Also, through the Central Bank’s power to place
conditions on specific banking licences (Section 10 of the Central Bank Act 1971), it can
require a credit institution to have an independent, permanent and effective internal audit
function.
Notwithstanding the above, all High Impact licenced banks in Ireland have a local internal
audit function in place. Medium High Impact and Medium Low Impact banks are permitted
to rely on the internal audit function of their parent. In High Impact banks, the Head of
Internal Audit is permanent and independent position.
High Impact credit institutions are required to establish an audit committee (Section 18.1 of
the Corporate Governance Code). Medium High Impact and Medium Low Impact credit
institutions may in certain circumstances rely on the board to act as an audit committee, or
if it is part of a wider group, it may rely on a group audit committee. Some Medium High
Impact banks and some Medium Low Impact banks rely on their parent’s internal audit
function.
The Corporate Governance Code (Section 19) stipulates general requirements of the audit
committee such as :
o the circulation of meeting agendas;
o detailed minutes of meetings;
o the appointment of audit committee members;
o the attendance at audit committee meetings;
o the review of audit committee membership; and
o the reporting of the audit committee to the board.
The Central Bank applies the EBA Guidelines on Internal Governance (GL44).
? Section 29 requires that the internal audit function “shall assess whether the quality
of an institution’s control framework is both effective and efficient.” It states that “the
internal audit function should have unfettered access to relevant document and
information in all operational and control units.” It adds that “the internal audit
function should evaluate the compliance of all activities and units of an institution
with its policies and procedures.”
IRELAND
INTERNATIONAL MONETARY FUND 247
? Section 29 requires that internal audit is not combined with any other function, and
that it “should assess whether existing policies and procedures remain adequate and
comply with legal and regulatory requirements.” It states that “internal audit work
should be performed with an audit plan and detailed audit programs following a risk
based approach. It states that “the audit plan should be approved by the audit
committee or the management body.” It adds that “internal audit should report
directly to the management body and or its audit committee its findings and
suggestions for material improvements to internal controls.”
? Finally, “all audit recommendations should be subject to a formal follow-up procedure
by the respective levels of management to ensure and report their resolution.” GL44 is
not binding in Irish law but the Central Bank has communicated to credit institutions
that it requires full compliance.
For High Impact and Medium High Impact banks, supervisors are required to meet with
internal audit at least annually. Additionally, PRISM requires supervisors of High Impact and
Medium High Impact firms to meet with a senior non-executive director every year.
Medium Low Impact firm supervisors are required to meet with a senior non-executive
director every 18 months. If a risk is identified, or a supervisor determines the need, internal
audit will be more actively assessed.
The Central Bank has also carried out a review of the Effectiveness of Internal Audit
Functions in 2011. The objective of the review was as follows:
1. To assess whether the internal audit function was fulfilling its pivotal role as
the so-called “third line of defence” within a credit institution in carrying out
independent evaluation and validation of the system of internal controls
through risk-based audit procedures; and whether, in turn, the Central Bank is
able to place reliance on this function;
2. To provide feedback/observations in the form of a letter to the industry on
findings from the review based on conclusions drawn from the examination
of the institutions selected for inclusion in the review and to issue a press
release;
3. To inform the development of the Central Bank’s supervisory framework in
relation to internal governance.
The review covered 11 credit institutions and 11 insurance undertakings. Overall the review
findings demonstrated that, at that time, institutions were broadly in line with Good
Practice Standards. In 9 of the 11 credit institutions covered within the scope of the review,
it was concluded that the Central Bank can place reliance on the Internal Audit Function to
fulfil adequately its pivotal role as a “third line of defence” within the institution to
independently evaluate and validate the system of internal controls through risk-based
audit procedures.
EC5
The supervisor determines that the internal audit function:
(a) has sufficient resources, and staff that are suitably trained and have relevant
experience to understand and evaluate the business they are auditing;
(b) has appropriate independence with reporting lines to the bank’s Board or to an audit
committee of the Board, and has status within the bank to ensure that senior
management reacts to and acts upon its recommendations;
(c) is kept informed in a timely manner of any material changes made to the bank’s risk
IRELAND
248 INTERNATIONAL MONETARY FUND
management strategy, policies or processes;
(d) has full access to and communication with any member of staff as well as full access
to records, files or data of the bank and its affiliates, whenever relevant to the
performance of its duties;
(e) employs a methodology that identifies the material risks run by the bank;
(f) prepares an audit plan, which is reviewed regularly, based on its own risk assessment
and allocates its resources accordingly; and
(g) has the authority to assess any outsourced functions.
Description and
findings re EC5
As part of the Central Bank’s Financial Risk Reviews, carried out annually for High Impact
banks and Full Review Assessments once every two years for Medium High Impact Banks,
banks’ compliance with the EC5 (a) requirement (for internal audit to have sufficient
resources that are suitably experienced and trained) is assessed through desk-top reviews
of staffing levels at internal audit functions, reviews of internal audit reports, and interviews
with the head of internal audit. Supervisors High and Medium High banks meet with the
head of internal audit annually (for High Impact) and biennially (for Medium High Impact)
and internal audit staffing is discussed.
Supervisors review the banks’ annual audit plans and completion (or not) of the plan.
As part of Full Review Assessments, supervisors assess banks’ compliance with EC5(b) and
the general governance and reporting lines of internal audit to the Board - Supervisors
require internal audit functions to report directly to the board and not to line of business
heads.
Banks’ compliance with EC5(c) is assessed by the Central Bank through periodic meeting
with the Head of Internal Audit (for High Impact and Medium High Impact banks).
Supervisors typically require internal audit to periodically review the bank’s risk
management strategy, policies and processes, and report on these to the internal Audit
Committee and/or Board.
Banks’ compliance with EC5(d) is assessed by the Central Bank through a desktop review
(for High Impact and Medium High Impact banks) of internal audit terms of reference to
ensure that internal audit has full access to and communication with any member of staff
as well as full access to records.
Banks’ compliance with EC5(e) is assessed by the Central Bank through periodic meeting
with the Head of Internal Audit (for High Impact and Medium High Impact banks).
Supervisors typically require that internal audit completes an annual audit plan which is
typically based on its assessment of the material risks and controls.
For High Impact and Medium High Impact banks, banks’ compliance with EC5(f) is assessed
through desktop reviews of annual audit plans, sufficiency of internal audit resources to
complete the audit plan, and assessments of how much of audit plans are actually
completed. Additionally, for High Impact banks, supervisors periodically meet with the
Head of Internal Audit to discuss amongst other things the audit plan.
The supervisory teams covering High Impact and Medium High Impact credit institutions
IRELAND
INTERNATIONAL MONETARY FUND 249
(except in the case of one High Impact bank which only receives audits which receive a
“non-satisfactory” rating) require banks to provide them with all internal audit reports and
will follow up, particularly where weaknesses are identified.
For Medium Low Impact credit institutions, there is no requirement to meet with the Head
of Internal Audit; however, this can be arranged as and when SREP/FRAs are completed.
The quality of internal audit arrangements for these firms is considered within the firm’s
Governance Risk rating, and in so doing supervisors must consider the quality of a bank’s
group Internal Audit structures where these are relied upon.
Additionally, supervisors also review Audit Committee packs periodically.
The Central Bank demonstrated several examples of onsite and offsite activities to assess
the effectiveness of the internal audit function, some routine and others more ad hoc used
to good effect. The examples demonstrated the ability of the supervisor to ensure banks
had adequate control functions commensurate with the risk profile of the operations and
where necessary to take action.
Assessment of
Principle 26
Largely compliant
Comments The Central Bank determines whether banks have adequate internal control mechanisms
and robust governance arrangements in place through a range of activities, both routine
and ad hoc. For the High Impact banks (which represent the bulk of retail assets),
supervisors maintain an awareness of the activities in each of the key business units and are
able to assess the inherent risk profile and undertake assessments of the control
environment. The Central Bank evidenced several examples of onsite and offsite activities
to assess the effectiveness of the internal audit function. The examples demonstrated the
ability of the supervisor to ensure banks had adequate control functions commensurate
with the risk profile of the operations and where necessary to take action.
For banks with an Impact rating below Medium High, the supervisory activities to assess
the effectiveness of the internal control function will rely upon periodic assessment (i.e. Full
Risk Assessment), desk based review of exception reporting.
While there is also no explicit legal/regulatory requirement for banks to establish an
internal audit function or appoint a head of internal audit, the Central Bank can require that
a function or head of Internal Audit be put in place by means of a license condition.
However, in practice, all Irish licensed banks either have a local Internal Audit function or
are covered by a group Internal Audit function.
Principle 27 Financial reporting and external audit. The supervisor determines that banks and
banking groups maintain adequate and reliable records, prepare financial statements in
accordance with accounting policies and practices that are widely accepted internationally
and annually publish information that fairly reflects their financial condition and
performance and bears an independent external auditor’s opinion. The supervisor also
determines that banks and parent companies of banking groups have adequate
governance and oversight of the external audit function.
Essential criteria
IRELAND
250 INTERNATIONAL MONETARY FUND
EC1
The supervisor
66
holds the bank’s Board and management responsible for ensuring that
financial statements are prepared in accordance with accounting policies and practices that
are widely accepted internationally and that these are supported by recordkeeping systems
in order to produce adequate and reliable data.
Description and
findings re EC1
Credit institutions in Ireland are subject to the requirements of the Companies Acts 1963 to
2012 in respect of financial reporting. Banks are required to prepare financial statements in
accordance with accounting policies and practices as per the Companies Act (Section 202).
It is within the Companies Act that responsibilities for the preparation of financial
statements reside and there is no specific provision in this regard in the Central Bank’s
powers.
In addition to the Companies Acts requirements the Central Bank through Section 21.6(d)
of the Corporate Governance Code holds the bank’s Board responsible for preparation of
financial statements. The Code sets out that it is the responsibility of the Audit Committee
to review any financial announcements and reports and recommend to the board whether
to approve the institution’s annual accounts (including, if relevant the group accounts).
All publicly quoted EU incorporated companies must prepare their consolidated financial
statements in accordance with IFRS as endorsed by the European Commission. The relevant
legislation regarding IFRS is S.I. 116 of 2005 (the requirements regarding preparation of
financial statements are generally found within the Companies Acts). In other instances
there is a choice whether to prepare accounts based on IFRS or Irish generally accepted
accounting principles (GAAP). The relevant legislation is Part V of the Companies Act 1963,
(particularly sections 148 to 150C inclusive, which deal with requirements regarding both
Individual (parent company) and Group accounts under either IFRS or local GAAP).
In accordance with Section 202 of the Companies Act 1990 management of the company is
responsible for the preparation of the Books of Account. The Books of Account must:
? Correctly record and explain the transactions of the company;
? Enable the financial position of the company to be determined with reasonable
accuracy at any time;
? Enable the directors to ensure that the annual financial statements comply with the
requirements of the Companies Acts 1963 to 2012, and relevant accounting
standards;
? Enable the annual financial statements of the company to be readily and properly
audited;
? Be kept on a continuous and consistent basis and entries should be made in a timely
manner and should be consistent from one year to the next;
? Give a true and fair view of the state of affairs of the company and explain its
transactions; and
? Be kept in written form or in other form that may be readily accessible and
convertible into written form.
The Books of Account must contain:
? Entries of all monies received and expended by the company and the matters in
66
In this Essential Criterion, the supervisor is not necessarily limited to the banking supervisor. The responsibility for
ensuring that financial statements are prepared in accordance with accounting policies and practices may also be
vested with securities and market supervisors.
IRELAND
INTERNATIONAL MONETARY FUND 251
respect of which the receipts and expenditure takes place;
? A record of all assets and liabilities of the company; and
? Further specific information depending on whether the company’s business involves
dealing with goods or the provision of services.
Companies within Ireland have the option of preparing “Companies Act Individual
Accounts” (section 149 of the Companies Act, 1963) or financial accounts under the
requirements of the IFRS (section 149A of the Companies Act, 1963).
Companies Act Individual Accounts may be prepared using Generally Accepted Accounting
Standards in UK and Ireland, as issued by theFinancial Reporting Council (FRC), which have
largely converged with IFRS.
Section 5(1) of S.I. 294 of 1992 European Communities (Credit Institutions: Accounts)
Regulations (CI Accounts Regulations) similarly requires that credit institutions prepare
financial statements under section 149 of the Companies Act 1963 as modified by the CI
Accounts Regulations or IFRS.
Under Section 205A of the Companies Act 1990 Irish companies are required to include a
statement as to whether the financial statements have been prepared in accordance with
applicable accounting standards, and that where there is any material departure from
applicable accounting standards, the effect of the departure and the reasons for it are
noted in the individual accounts and, where relevant, in the group accounts. Where a
company fails to comply with these requirements, each company or other entity that forms
all or part of that undertaking is guilty of an offence.
Banking Supervision correspond with all credit institutions (generally during Q2) seeking
certain information, including copies of audited financial statements. Financial statements
are not reviewed to determine compliance with IFRS/local GAAP, as this is assumed from
sign-off by external auditors, and IAASA is the competent authority for enforcing
accounting standards in Ireland in accordance with the Transparency Directive regulations.
Nevertheless, issues of concern with the accounts can be raised with the auditors as
required.
While the Central Bank has no stipulations in relation to the preparation of financial
statements and the application of accounting practices, through its supervision it will hold
banks to the standards established in the Companies Act.
EC2
The supervisor holds the bank’s Board and management responsible for ensuring that the
financial statements issued annually to the public bear an independent external auditor’s
opinion as a result of an audit conducted in accordance with internationally accepted
auditing practices and standards.
Description and
findings re EC2
The requirement that the Board and management be responsible for ensuring that financial
statements are issued annually to the public and bear an independent auditor’s opinion in
accordance with internationally accepted auditing standards is set out in the Companies
Act 1963 rather than a requirement set out by the Central Bank.
Under Section 148(1) of the Companies Act 1963 the directors of every company shall on a
date not later than 18 months after the incorporation of the company and subsequently
once at least in every calendar year prepare accounts for the company for each financial
year (to be known and in this Act referred to as ‘individual accounts’). These accounts are
IRELAND
252 INTERNATIONAL MONETARY FUND
required to be laid before the members of the company in the AGM for inspection under
Section 159(1).
Under sections 193(1) and (2) of the Companies Act 1990 the auditor of a company shall
make a report to the members of the company on the individual accounts examined by
them and all group accounts, and shall be read at the annual general meeting of the
company and shall be open to inspection by any member.
Section 13 of S.I. 294 of 1992 European Communities (Credit Institutions: Accounts)
Regulations (CI Accounts Regulations) requires that the auditor shall make a report in
accordance with section 193 of the Companies Act 1990 and that a bank shall not be
subject to an exemption from obtaining an audit.
Regulation 54(1) of The European Communities (Statutory Audits) (Directive 2006/43/EC)
Regulations 2010 (S.I. 220 of 2010) requires that all statutory audits are carried out in
accordance with international auditing standards.
The Financial Reporting Council (FRC) issues auditing standards, based on those standards
issued by the International Auditing and Assurance Standards Board, modified to take into
account legislative requirements within the UK and Ireland. These standards are referred to
as International Standards on Auditing (UK and Ireland) and are comparable to
International Standards on Auditing in all material respects.
International Standard on Auditing (UK and Ireland) 700, “The Auditors Report On Financial
Statements” (as revised in June 2013), requires the auditor to include a statement as to
whether the audit has been conducted in accordance with International Standards on
Auditing (UK and Ireland) as part of the auditor’s report.
EC3
The supervisor determines that banks use valuation practices consistent with accounting
standards widely accepted internationally. The supervisor also determines that the
framework, structure and processes for fair value estimation are subject to independent
verification and validation, and that banks document any significant differences between
the valuations used for financial reporting purposes and for regulatory purposes.
Description and
findings re EC3
The Central Bank, during both on-site and off-site reviews, assesses whether the valuations
used for regulatory purposes are reliable and prudent. Where the Central Bank determines
that valuations are not sufficiently prudent, the Central Bank requires the bank to make
adjustments to its reporting for capital adequacy or regulatory reporting purposes. Any
differences in valuation practices between the financial statements and prudential reporting
would be identified as part of the annual reconciliation process whereby credit institutions
are required to reconcile annual financial statements with key COREP and FINREP
templates.
The Central Bank would expect listed credit institutions to apply IFRS while non-listed
entities would be expected to apply a recognised standard (GAAP or IFRS). It should be
noted that credit institutions that use the standardised approach to calculate credit risk will
use valuations based on accounting standards. Credit institutions on the IRBA will use their
internal valuations to calculate credit risk.
Companies within Ireland have the option of preparing “Companies Act Individual
Accounts” (section 149 of the Companies Act, 1963) or financial accounts under the
IRELAND
INTERNATIONAL MONETARY FUND 253
requirements of the IFRS (section 149A of the Companies Act, 1963). Valuation
requirements, which are consistent under both reporting regimes, are subject to external
audit.
Credit institutions are required to file prudential returns based on the following:
? EBA guidelines on supervisory reporting (COREP – solvency; FINREP – financial
information; Large Exposures).
? The Central Bank of Ireland guidelines on supervisory reporting (Liquidity,
Impairment return, QSFR, Sectoral Return, Related Party Lending Return, etc.).
The FINREP return is based on the accounting standards used in the annual audited
financial statements. Classification of the different types of securities portfolios for FINREP
reporting purposes follow the same criteria both in terms of classification and valuation
rules as those applied in the annual financial statements, i.e. securities are allocated and
transferred across these portfolios in line with IFRS/ local GAAP.
When IFRS were introduced in Ireland in 2005, the Central Bank, in unison with other
banking regulators across Europe, required that ‘prudential filters’ be applied for regulatory
reporting purposes – the COREP returns incorporate these. Prudential filters are
adjustments to IFRS based figures required by Banking Supervisors to make IFRS based
numbers suitable for regulatory purposes. Prudential filters must also be applied to local
GAAP based figures as local GAAP have converged with IFRS. The Central Bank issued
letters to credit institutions on 24 December 2004, 21 July 2005 and 29 September 2005
advising them of Central Bank requirements for prudential filters. Letters were also issued
on 18 February 2009 regarding pensions and on 22 December 2006, 22 and 23 February
2007 regarding dividends.
EC4
Laws or regulations set, or the supervisor has the power to establish the scope of external
audits of banks and the standards to be followed in performing such audits. These require
the use of a risk and materiality based approach in planning and performing the external
audit.
Description and
findings re EC4
Section 193 of the Companies Act, 1990 sets out the scope of the external audit. Regulation
54(1) of The European Communities (Statutory Audits) (Directive 2006/43/EC) Regulations
2010 (SI220 of 2010) requires that all statutory audits are carried out in accordance with
international auditing standards.
The Financial Reporting Council (FRC) issues auditing standards, based on those standards
issued by the International Auditing and Assurance Standards Board, modified to take into
account legislative requirements within the UK and Ireland. These standards are referred to
as International Standards on Auditing (UK and Ireland) and are comparable to
International Standards on Auditing in all material respects.
The Central Bank currently does not have the power to formally establish the scope of an
external audit of a bank or to establish the standards to be followed in performing such
audits. In practice, the Central Bank has relied upon its supervisory efforts to influence the
scope of external audit with good effect.
Additionally if the CBI has a specific area of concern it can undertake one of the following:
? Carry out an on-site examination in the area of concern;
? Issue an RMP to the bank to rectify the situation. Such RMPs can also include the
requirement for the firm to initiate an independent assessment of the area of
IRELAND
254 INTERNATIONAL MONETARY FUND
concern; and/or
? Implement a skilled persons’ review of the area of concern.
Section 27E of CBA 1997 allows the Central Bank to commission a report from an auditor of
any regulated entity, or an affiliate of the auditor, on all or any of the following:
a) the regulated firm’s accounting or other records;
b) the systems (if any) that the regulated firm has in place to ensure that the firm acts
prudently in the interests of its members and the interests of those to whom the
firm provides financial services;
c) any other matter in respect of which the Central Bank requires information about the
firm, or the firm’s activities, to enable the Central Bank to perform a function
imposed on it by or under an Act.
Under Section 47(2) of the Central Bank Act, 1989 the auditor of a bank may be requested
to furnish a report on whether the bank has or has not complied with a specified obligation
of a financial nature under the Central Bank Acts.
Background information:
? In June 2011 the Central Bank communicated with the Irish Banking Federation (IBF),
Irish Insurance Federation (IIF) and Dublin International Insurance and Management
Association (DIMA) setting out a proposed response in relation the recommendation
by the Comptroller & Auditor General (C&AG). At the same time the Risk,
Governance and Accounting Policy Division established a working group with
relevant audit bodies and IAASA (‘the working group’). The working group has
focused on setting out a proposed framework for how auditors should provide
assurance on the internal governance arrangements of regulated entities. Significant
progress has been achieved in setting out and agreeing a workable and efficient
framework. Output to date includes the production of initial drafts of internal
governance guidance, guidance for auditors and an initial draft of the auditor’s
assurance report.
? With respect to the legal basis, Risk, Governance and Accounting Policy Division
sought to implement a generally applicable standing requirement on auditors in
respect of assurance over internal governance via an amendment to the Central
Bank Act, 1997. Powers have been included in the Central Bank (Supervision &
Enforcement) Act 2013.
In addition to the guidance for industry the Central Bank will, together with the working
group, develop specific guidance for Auditors in relation to the provision of assurance over
internal governance. At a minimum this guidance will set out:
? the scope and required form of reporting;
? the nature and extent of testing to be performed by the auditor; and
? communication protocols between the auditor and Central Bank in relation to
findings.
Skilled Persons’ Reports
Part 2 of the Central Bank (Supervision and Enforcement) Act 2013 provides the Central
Bank with the right, for the purposes of the proper and effective regulation of a financial
service provider, to request a report on any matter as required by the Central Bank. The
person preparing the report must be sufficiently skilled to prepare such reports and must
be nominated or approved by the Central Bank, and therefore the Central Bank is not
limited to only using the External Auditor to provide the report.
IRELAND
INTERNATIONAL MONETARY FUND 255
EC5
Supervisory guidelines or local auditing standards determine that audits cover areas such
as the loan portfolio, loan loss provisions, nonperforming assets, asset valuations, trading
and other securities activities, derivatives, asset securitizations, consolidation of and other
involvement with off-balance sheet vehicles and the adequacy of internal controls over
financial reporting.
Description and
findings re EC5
Local auditing standards and Practice Notes determine that audits cover the areas listed in
EC5.
The FRC issued Practice Note 19(I) The Audit of Banks in the Republic of Ireland in June
2008. The FRC publishes Practice Notes to provide additional guidance for auditors.
International Standards on Auditing (UK and Ireland) as issued by the FRC have general
application to all audits. Practice Notes assist auditors to apply these standards to
particular circumstances and industries. Practice Notes are persuasive rather than
prescriptive and are considered indicative of good auditing practice. The Practice Notes are
supplementary to the International Standards on Auditing (UK and Ireland).
The Irish PNs relevant to regulated entities were developed by the Accountancy Bodies in
Ireland, with advice and assistance from the Central Bank, under the auspices of the
Institute of Chartered Accountants in Ireland (ICAI). They were then issued by the FRC.
Other Engagement with Auditing Bodies
Additionally the Central Bank engages with the Consultative Committee of Accountancy
Bodies – Ireland (‘CCAB-I’) regarding issues of mutual interest to the Central Bank and
auditors, for example, proposed new requirements on auditors arising from EU Directives,
domestic legislation or Central Bank requirements and to assist auditors in the
development of guidance (Practice Notes, Miscellaneous Technical Statements, Information
Notes) to assist auditors of regulated entities.
CCAB-I comprises the Association of Chartered Certified Accountants, the Chartered
Institute of Management Accountants, the Institute of Certified Public Accountants and the
Institute of Chartered Accountants in Ireland.
Finally the Head of Risk, Governance and Accounting Policy Division is a member of the
APB’s Irish Stakeholders Group which was established by the FRC to communicate with
relevant stakeholders in Ireland.
Risk, Governance and Accounting Policy Division
The Head of the Risk, Governance and Accounting Policy Division of the Central Bank is a
member of the Board of IAASA.
In relation to auditing standards Risk, Governance and Accounting Policy Division seeks to:
? assess the implications of new auditing standards and legislation impacting on the
supervision of financial institutions and financial stability;
? influence debate during the course of the development of these standards and
legislation;
? monitor developments within Europe and internationally through participation at
EBA and IOSCO standing committees and working groups and provide briefings as
required on same;
? prepare discussion and consultation papers on key issues arising;
IRELAND
256 INTERNATIONAL MONETARY FUND
? proactively seek to develop policy initiatives which will result in more effective and
efficient regulation e.g. auditor assurance project;
? produce and maintain “Frequently Asked Questions” documents in order to provide
clarity in relation to key issues for the Central Bank; and
? provide technical advice, training and interpretation of issues to the supervision
teams within the Central Bank.
Supervisors, as part of the Auditor Protocol meetings would give their opinion with respect
to the adequacy of impairment provisioning levels or otherwise and request auditors to
take this into account.
EC6
The supervisor has the power to reject and rescind the appointment of an external auditor
who is deemed to have inadequate expertise or independence, or is not subject to or does
not adhere to established professional standards.
Description and
findings re EC6
The Central Bank does not have the power to remove an auditor. This power is reserved for
shareholders under company law. It is a matter for the Director of Corporate Enforcement
to enforce company law while IAASA is the ultimate oversight body responsible for
enforcing auditing standards. The Quality Assurance divisions of the Recognised
Accountancy Bodies (i.e. those Prescribed Accountancy Bodies whose members may be
recognised as auditors under companies legislation) also have a role in monitoring
auditors. The Central Bank requested that it be granted a power to remove an auditor of a
regulated firm within the Central Bank (Supervision and Enforcement) Bill 2011 but this was
rejected by the Department of Finance. While the Central Bank does not have the power to
remove an auditor from office immediately, the Central Bank is able to prevent an auditor
from being put in office and prevent the auditor from being reappointed in the next report
period.
The Central Bank has a power to veto the appointment or re-appointment of an auditor of
a bank or the filling of a casual vacancy of auditor. Section 46(2) of the Central Bank Act,
1989 provides that, where the Central Bank is of the opinion that it would not be in the
interest of depositors or of the ‘orderly and proper’ regulation of banking, the Central Bank
has the power to issue a Direction to the bank not to appoint or not to reappoint a named
person to the office of auditor, or the directors not to fill a casual vacancy with a named
person as auditor.
A credit institution is required to provide the Central Bank with at least 15 days’ notice prior
to filling the post of the auditor of the firm (Section 46(1) of the Central Bank Act 1989).
This power enables the Central Bank to direct the bank not to appoint the proposed
auditor.
Per Section 160(1) of the Companies Act, 1963, every company is required to appoint an
auditor or auditors to hold office from the conclusion of the AGM of the Company until the
conclusion of the next AGM of the Company. Whilst the Central Bank is not able to remove
an auditor from office during the year, the Central Bank is entitled to prevent the auditor
from being reappointed for the next reporting period thus effectively removing that
auditor from office.
The Central Bank is the central competent authority for the purposes of the Transparency
Directive, but IAASA has been designated as the competent authority for the purposes of
the financial reporting monitoring and enforcement role (i.e. Article 24(4)(h) of the
Directive). Thus, IAASA – through its Financial Reporting Supervision Unit – is responsible
IRELAND
INTERNATIONAL MONETARY FUND 257
for monitoring whether the periodic financial reporting (annual and half yearly reports) of
Issuers comply with framework requirements set out in the Directive as transposed into
Irish law and for taking appropriate action where non-compliance is identified.
If the Central Bank suspects that poor quality audits have been performed on a regulated
entity, there is a legal ‘gateway’ under which a complaint can be made to the relevant
Recognised Accountancy Body and to IAASA. Section 33AK(5)(w) of the Central Bank Act,
1942 provides the Central Bank with a legal ‘gateway’ to disclose confidential information
to the auditor of an individual supervised entity, subject to subsection 33(1), in accordance
with the Supervisory Directives.
Section 33AK(5)(x) of the Central Bank Act, 1942 provides the Central Bank with a similar
legal ‘gateway’ to disclose confidential information concerning auditors to ‘Oversight
Bodies’ i.e. the ‘Recognised Accountancy Bodies’ and IAASA. Note that this provision does
not extend to the ‘accountant’ members of the ‘Prescribed Accountancy Bodies’. It has
been used to lodge complaints regarding auditors to the Recognised Accountancy Bodies
who then assess the complaint in accordance with its own monitoring and disciplinary
procedures.
Although IAASA currently only carries out an oversight role over the Prescribed
Accountancy Bodies, it has the power under existing legislation to intervene in the
investigation and disciplinary procedures of the Prescribed Accountancy Bodies. IAASA has
the power under Section 23 of the Companies (Auditing and Accounting) Act 2003 to
conduct its own enquiries following the receipt of a complaint or on its own initiative. It has
the power under Section 24 of the Companies (Auditing and Accounting) Act 2003 to
conduct its own investigations if, in its opinion, it is appropriate or in the public interest to
do so. IAASA has carried out enquiries in the past but there is no public information
available on any Investigations that may be in progress.
There is no evidence that the Central Bank has used its power to veto the appointment of
an auditor in the past. Neither has it taken legal action against external auditors for
negligence relating to a poor quality audit, because the Central Bank has no jurisdiction
regarding the oversight of auditors – if there is a suspicion of a poor quality audit the
Central Bank has a legal gateway (Section 33AK(5)(x)) to disclose confidential information
to the relevant authorities (the Recognised Accountancy Body and to IAASA).
EC7
The supervisor determines that banks rotate their external auditors (either the firm or
individuals within the firm) from time to time.
Description and
findings re EC7
Regulation 77 of the European Communities (Statutory Audits) (Directive 2006/43/EC)
Regulations 2010 (S.I. 220 of 2010) sets out the rotation requirements for the key audit
partner or partners on public interest entity engagements. The partner responsible for
carrying out the engagement must rotate after having completed 7 years on the
engagement. The partner is prohibited for involvement with the client for 2 years after the
date of rotation.
“key audit partner” or “key audit partners” means:
a) the one or more statutory auditors designated by a statutory audit firm for a
particular audit engagement as being primarily responsible for carrying out the
statutory audit on behalf of the audit firm, or
b) in the case of a group audit, at least the one or more statutory auditors designated
by a statutory audit firm as being primarily responsible for carrying out the statutory
IRELAND
258 INTERNATIONAL MONETARY FUND
audit at the level of the group and the one or more statutory auditors designated as
being primarily responsible at the level of material subsidiaries, or
c) the one or more statutory auditors who sign the audit report.
In addition to the application of the International Standards on Auditing (UK and Ireland)
auditors are required to apply the Ethical Standards for Auditors as issued by the FRC which
are based on the Code of Ethics for Professional Accountants developed by the
International Ethics Standards Board for Accountants.
APB Ethical Standard 1 “Integrity, Objectivity and Independence” requires the audit
engagement partner to identify and assess the circumstances which could adversely affect
the auditor’s objectivity (‘threats’), including any perceived loss of independence, and to
apply procedures (‘safeguards’) which will either:
(a) eliminate the threat; or
(b) reduce the threat to an acceptable level (that is, a level at which it is not probable
that a reasonable and informed third party would conclude that the auditor’s
objectivity and independence either is impaired or is likely to be impaired).
APB Ethical Standard 3 (ES3), “Long association with the audit engagement”, provides
requirements and guidance on specific circumstances arising out of long association with
the audit engagement, which may create threats to the auditor’s objectivity or perceived
loss of independence. It gives examples of safeguards that can, in some circumstances,
eliminate the threat or reduce it to an acceptable level. In circumstances where this is not
possible, the auditor either does not accept or withdraws from the audit engagement, as
appropriate.
ES3 requires partner rotation after 5 years and prohibits involvement with the firm for a
further 5 years in the case of a listed entity. In practice the audit partner of a public interest
entity would adhere to the stricter 5 year rotation period required under ES3 rather than
the 7 year rotation period required by Regulation 77 of the European Communities
(Statutory Audits) (Directive 2006/43/EC) Regulations 2010 (S.I. 220 of 2010).
Supervisors of banks rated High Impact generally seek information on the rotation of
engagement partners. However, this is generally not the case for Medium High Impact and
Medium Low Impact credit institutions.
EC8
The supervisor meets periodically with external audit firms to discuss issues of common
interest relating to bank operations.
Description and
findings re EC8
The following table sets out the requirements for supervisors in respect of meetings with
external auditors by impact category for the purposes of meeting their engagement
activities under PRISM:
Impact High Medium-High Medium-Low Low
Required
Frequency
At least annual At least annual Every 18 months Not required
(Branches
are not
separate
legal entities
requiring an
audit)
IRELAND
INTERNATIONAL MONETARY FUND 259
Supervisors of High Impact firms are not required to hold meetings in addition to those
under the Auditor Protocol for the purposes of completing the PRISM engagement
activities. Auditor Protocol (Paragraph 9) sets out the expectation that there will be at least
two formal meetings per year, to take place at the pre-audit stage and the post-audit
stage. The Auditor Protocol applies in the first instance to High Impact firms under PRISM.
Since October 2011 the Central Bank established a working group which includes the
following representatives:
? the IAASA
? the Big 4 Accounting Firms (PWC, Deloitte, KPMG and Ernst & Young);
? the Institute of Chartered Accountants Ireland; and
? ACCA Ireland.
Additionally the Central Bank engages with the Consultative Committee of Accountancy
Bodies – Ireland (‘CCAB-I’) regarding issues of mutual interest to the Central Bank and
auditors, for example, proposed new requirements on auditors arising from EU Directives,
domestic legislation or Central Bank requirements and to assist auditors in the
development of guidance (Practice Notes, Miscellaneous Technical Statements, Information
Notes) to assist auditors of regulated entities.
EC9 The supervisor requires the external auditor, directly or through the bank, to report to the
supervisor matters of material significance, for example failure to comply with the licensing
criteria or breaches of banking or other laws, significant deficiencies and control
weaknesses in the bank’s financial reporting process or other matters that they believe are
likely to be of material significance to the functions of the supervisor. Laws or regulations
provide that auditors who make any such reports in good faith cannot be held liable for
breach of a duty of confidentiality.
Description and
findings re EC9
The specified circumstances under which the auditor has a duty to report to the Central
Bank under prescribed enactments differ slightly depending on the type of regulated
entity. However in general the duty extends to any fact or decision concerning the
regulated entity (or closely linked entity) of which the auditor becomes aware while
carrying out the audit where the auditor has reason to believe that:
? There are matters affecting the continuous functioning of the firm or that the firm
may not be able to fulfill its obligations to repay customers;
? There are indications of a material breach of financial services law or regulations or
of any related, condition, requirement, code, guideline, notice or direction issued
under such law/regulations;
? There are material defects in the accounting records, or in the systems of control;
? There are material inaccuracies in or omissions from any returns of a financial nature
made by the regulated firm to the Central Bank; or
? The auditor intends to issue a qualified audit opinion or to resign and not seek re-
election as auditor.
Auditors are provided with legal protection from liability under Section 47(6) of the Central
Bank, 1989 where such reports are made.
International Standard of Auditing (UK and Ireland) 250 Section B – “The Auditor’s Right
And Duty To Report To The Regulators In The Financial Sector” – addresses the auditor’s
‘right’ and ‘duty’ to report to regulators in the financial sector.
IRELAND
260 INTERNATIONAL MONETARY FUND
The auditor’s duty to report relates to those circumstances where the auditor is
required by legislation to report certain matters to regulators. There is legal protection
for auditors whereby they do not contravene the duty of confidentiality owed to their
clients in fulfilling the duty to report to regulators (provided they act in good faith).
These obligations are set out in Sections 47 and 47A of the Central Bank Act, 1989 and
Regulations 7, 8 and 9 of the Supervision of Credit Institutions, Stock Exchange Member
Firms and Investment Business Firms Regulations (also known as the ‘Post-BCCI’
Regulations – relates to ‘closely linked’ entities). [This has been amended to include
electronic money institutions within the meaning of a credit institution – Regulation 3(3) of
the European Communities (Electronic Money) Regulations, 2002 [S.I. 221 of 2002] and
UCITS – Article 50a of Directive 85/611/EEC].
Central Bank Act 1997 – Auditor’s duty to report
27B This subsection places a mandatory annual requirement on the auditor to report as
to whether circumstances have arisen which would require the auditor to report to
the Central Bank under a prescribed enactment and whether, where required, the
financial service provider has complied with the requirement to provide a
compliance statement.
27C Under this subsection the auditor is required to provide copies of any reports
provided to the Board or Management or a ‘Nil Return’ (confirmation that no
report has been issued by the external auditor) to the Central Bank.
27D Whenever an auditor of a regulated financial service provider that is a company
provides the Director of Corporate Enforcement with a report or other document
the auditor must also provide the Central Bank with a copy of that report or
document at the same time as, or as soon as practicable after, the original is
provided to the Director of Corporate Enforcement. Note the auditor is only
required to report to the Director of Corporate Enforcement ‘indictable offences’
which come to their attention during the course of the audit.
27E This subsection provides the Central Bank with a very wide-ranging enabling
power (additional to any other powers that the Central Bank has under ‘prescribed
enactments’ that govern the different types of regulated firm) whereby the Central
Bank may commission the auditor to report on a number of matters.
27F Under this subsection the Central Bank may request a copy of any record or
document provided to or obtained by the auditor during the course of their audit.
27H This subsection provides auditors and affiliates with certain immunities from
liability (additional to any legal protections provided under ‘prescribed
enactments’) and gives them legal protection regarding their duty of
confidentiality to their clients so long as they do not act in bad faith in disclosing
information to the Central Bank.
Additional
criteria
AC1
The supervisor has the power to access external auditors’ working papers, where necessary.
Description and
findings re AC1
The Central Bank has such powers. Section 27F of the CBA 1997 provides that the Central
Bank may:
“by notice in writing, require an auditor of a regulated financial service provider, or an
affiliate of the auditor, to provide the Bank with a copy of any record or information
IRELAND
INTERNATIONAL MONETARY FUND 261
provided or obtained by the auditor or affiliate in connection with an audit of the financial
service provider’s accounts that is in the possession of the auditor or affiliate.”
The intention behind this power was to enable the Central Bank to seek access to the
working papers of the auditor in relation to such information.
Assessment of
Principle 27
Largely Compliant
Comments It is within the Companies Act that responsibilities for the preparation of financial
statements reside and there is no specific provision in this regard in the Central Bank’s
powers. In addition to the Companies Acts requirements the Central Bank through Section
21.6(d) of the Corporate Governance Code holds the bank’s Board responsible for
preparation of financial statements. The Code sets out that it is the responsibility of the
Audit Committee to review any financial announcements and reports and recommend to
the board whether to approve the institution’s annual accounts (including, if relevant of the
group accounts).
The Central Bank does not have the power to reject and rescind the external auditor as
required by EC6. This power is reserved for shareholders under company law. It is a matter
for the Director of Corporate Enforcement to enforce Company Law while IAASA is the
ultimate oversight body responsible for enforcing auditing standards. While the Central
Bank does not have the power to remove an auditor from office immediately, the Central
Bank is able to prevent an auditor from being put in office and to prevent the auditor from
being reappointed in the next report period. In practice, the banks consult widely with the
Central Bank regarding their audit arrangements and all banks appoint well recognized
audit firms.
Existing legislation does not provide the Central Bank with the power to influence the
scope of the external audit or establish the standards for such an audit. Supervisors
appeared to have reasonable success in influencing the scope of external audits through
engagement with the external auditor and the bank. In addition, the CBI seeks to influence
accounting and auditing standards through its activities within the European Supervisory
Authorities (EBA, EIOPA, ESMA). The CBI also inputs into the audit Practice Notes which
have some impact on how audits are completed.
Principle 28 Disclosure and transparency. The supervisor determines that banks and banking groups
regularly publish information on a consolidated and, where appropriate, solo basis that is
easily accessible and fairly reflects their financial condition, performance, risk exposures,
risk management strategies and corporate governance policies and processes.
Essential criteria
EC1
Laws, regulations or the supervisor require periodic public disclosures
67
of information by
banks on a consolidated and, where appropriate, solo basis that adequately reflect the
bank’s true financial condition and performance, and adhere to standards promoting
comparability, relevance, reliability and timeliness of the information disclosed.
Description and
findings re EC1
Under Irish law, there are two different types of disclosures that impact credit institutions in
relation to providing transparent information on the financial condition and performance
67
For the purposes of this Essential Criterion, the disclosure requirement may be found in applicable accounting,
stock exchange listing, or other similar rules, instead of or in addition to directives issued by the supervisor.
IRELAND
262 INTERNATIONAL MONETARY FUND
of the entity: (i) those required in the financial statements of the entity; and (ii) those
required under Pillar III of the CRD.
(i) Financial Statements
Section 202 Companies Act 1990 (as Amended) requires, inter alia, that directors of
companies (including credit institutions) keep proper books of accounts and that these
accounts should give a true and fair view. Similar requirements are found in Section 76 of
the Building Societies Act, 1989 (as amended).
Credit institutions licensed by the Central Bank of Ireland produce their financial statements
in accordance with either (i) IFRS as issued by the IASB and endorsed by the European
Commission or (ii) Local (UK & Ireland) (Local GAAP) issued by the FRC (formerly the ASB)
and promulgated by the Institute of Chartered Accountants in Ireland. All publicly quoted
EU incorporated companies must prepare their consolidated financial statements in
accordance with IFRS as endorsed by the European Commission. In other instances there is
a choice whether to prepare accounts based on IFRS or Irish GAAP. The relevant legislation
governing ‘Accounts and Audit’ is Part V of the Companies Act 1963.
The financial statements of credit institutions are required to be audited. Until June 2012,
auditing standards in the UK and Ireland were developed by the Auditing Practices Board
(APB) which reported directly into the FRC Board. As part of the restructuring of the FRC,
these matters now fall under the direct remit of the FRC Board and its Codes and Standards
Committee, with the input and advice of the Audit and Assurance Council.
IAASA is the independent competent authority in Ireland with statutory responsibility for
examining whether the annual and half-yearly financial reports of Issuers coming within the
remit of the Transparency Directive are drawn up in accordance with the relevant reporting
framework. Issuers that come within the Transparency Directive Regulations (S.I. No. 277 of
2007) are entities whose securities have been admitted to trading on a regulated market
situated, or operating, within the EEA. IAASA does not undertake this role for any other set
of financial statements. The Central Bank has no role in this area.
The Central Bank monitors that the credit institutions it supervises have issued financial
statements under IFRS/Local GAAP and that these financial statements have an auditor’s
opinion expressing the opinion on whether they give a true and fair view. Banking
Supervision requests copies of annual accounts signed off by external auditors, generally
during Q2 each year.
(ii) Pillar III of the CRD
Annex XII of the CRD requires banks to make certain disclosures, i.e. Pillar 3 disclosures.
Pillar 3 sets out disclosure requirements regarding capital and risk management. The CRD
was transposed into Irish law via S.I. 660 and 661 of 2006 European Communities (Capital
Adequacy of Credit Institutions) Regulations, 2006. Part 11 of S.I. 661 of 2006 sets out the
Pillar 3 disclosure obligations applicable to credit institutions.
In addition, Section 17 of the Central Bank Act 1971 also requires holders of banking
licenses to maintain any records as may be specified by the Central Bank from time to time.
Section 18 requires the holders of banking licenses to provide the Central Bank with
information and returns concerning the relevant business carried on by the credit
institution as the Central Bank specifies from time to time.
IRELAND
INTERNATIONAL MONETARY FUND 263
In terms of bank public disclosures of financial information, the Central Bank does not play
a role in assessing whether the financial statements of credit institutions are compliant with
accounting standards.
However, in terms of checking for credit institutions’ Pillar III disclosures, the Central Bank
has a procedure in place with an operational checklist to review compliance. While the
Central Bank expects credit institutions subject to the CRD Pillar 3 requirements to comply
in full with same, the market discipline nature of the Pillar 3 disclosures has lead Ireland to
adopt a non-prescriptive approach to the practical aspects of the publication of Pillar 3
information such as timelines, presentation formats, verification of disclosures.
Regulation 16 of SI 661 of 2006 provides that EU based parents of credit institutions must
comply with the provisions of Part 11 on the basis of their consolidated financial situation
and states that significant subsidiaries need only disclose certain more limited information.
The Central Bank considers that subsidiaries of EU parent institutions that represent 5% or
more of group assets and/or have a market share in any sector or group of connected
sectors, which is greater than or equal to 20%, constitutes a significant subsidiary.
The Central Bank monitors that the credit institutions it supervises provide adequate and
complete Pillar III disclosures where applicable by checking for disclosures of key solvency
and risk information against its own checklist.
EC2
The supervisor determines that the required disclosures include both qualitative and
quantitative information on a bank’s financial performance, financial position, risk
management strategies and practices, risk exposures, aggregate exposures to related
parties, transactions with related parties, accounting policies, and basic business,
management, governance and remuneration. The scope and content of information
provided and the level of disaggregation and detail is commensurate with the risk profile
and systemic importance of the bank.
Description and
findings re EC2
The Central Bank monitors whether the credit institutions it supervises have issued financial
statements under IFRS/Local GAAP, and on whether these financial statements have an
auditor’s opinion expressing the opinion that they give a true and fair view. Banking
Supervision requests copies of annual accounts signed off by external auditors, generally
during Q2 each year.
Related party transactions disclosures in the financial statements are compared with
reports submitted by credit institutions under the Central Bank’s Code on Lending to
Related parties (see CP20), while Pillar 3 disclosures are compared with quantitative
information submitted by credit institutions in its regular supervisory returns, which provide
an ongoing reflection of the firm’s business activities.
As noted earlier the market discipline nature of the Pillar 3 disclosures has led Ireland to
adopt a non-prescriptive approach to the practical aspects of the publication of Pillar 3
information such as timelines, presentation formats, and verification of disclosures.
Although the Central Bank is not the competent authority for enforcing compliance with
disclosure standards (IAASA is the competent authority as set out in EC4), the Central Bank
monitors that the credit institutions it supervises provide adequate and complete Pillar III
disclosures where applicable by checking for disclosures of key solvency and risk
information against its own internal checklist.
IRELAND
264 INTERNATIONAL MONETARY FUND
Credit institutions are required to make public disclosures of related party transactions.
Conditions were imposed on banks and directions on building societies by the Central Bank
in August 2009 requiring public disclosure of lending to connected persons in their annual
financial statements. The Companies Acts 1963 to 2012 include requirements for the
company to make certain disclosures in respect of related party lending under sections
relating to Directors’ remuneration and transactions (including details of lending on
‘favourable’ terms to connected persons). The Building Societies Act 1989 requires building
societies to make certain disclosures regarding transactions with Directors.
Disclosures are required regarding related party transactions that are material and which
have not been conducted under normal market conditions by Directive 2006/46/EC. This
was implemented in Ireland by Statutory Instrument (S.I.) 450 of 2009 for Irish incorporated
companies and by amendments to S.I. 294 of 1992 for credit institutions. Accounting
standards (International Accounting Standard (IAS) 24/ Financial Reporting Standard (FRS)
8) also contain disclosure requirements on Related Party Disclosures.
Regulation 7 of S.I. 294 of 1992/European Communities (Credit Institutions: Accounts)
Regulations 1992 requires credit institutions to disclose information on related parties,
remuneration and details of group undertakings.
Disclosures by the covered banks had significant disclosure of material in relation to
impairment and provisions broken down into considerable detail.
EC3
Laws, regulations or the supervisor require banks to disclose all material entities in the
group structure.
Description and
findings re EC3
IAS 27 (Consolidated and Separate Financial Statements), IAS 28 (Investment in Associates)
and IAS 31 (Interests in Joint Ventures) for credit institutions who produce their financial
statements under IFRS and FRS 2 (Accounting for Subsidiary Undertakings) and FRS 9
(Associates and Joint Ventures) for credit institutions who produce their financial
statements under Local GAAP provide relevant accounting standard requirements for credit
institutions to disclose material entities in the group structure in their financial statements.
Regulation 7 of S.I. 294 of 1992/European Communities (Credit Institutions: Accounts)
Regulations 1992 requires credit institutions to disclose information of group undertakings.
It should be noted that for supervisory purposes, the scope of consolidation is the CRD
rather than IAS/IFRS consolidation. Accordingly, the group structure relates to the scope
under CRD consolidation. Nevertheless, examination teams are cognisant of the IAS/IFRS
group financial statements, where applicable.
Credit institutions submit high-level information on subsidiaries under the CRD scope of
consolidation as part of regular supervisory returns. These can be crosschecked against
organisation charts on record.
Similarly, the CBI can crosscheck the list of subsidiaries in Pillar 3 disclosures against the
high-level information on subsidiaries under the CRD scope of consolidation as part of
regular supervisory returns.
EC4
The supervisor or another government agency effectively reviews and enforces compliance
with disclosure standards.
IRELAND
INTERNATIONAL MONETARY FUND 265
Description and
findings re EC4
IAASA is the independent competent authority in Ireland with statutory responsibility for
examining whether the annual and half-yearly financial reports of Issuers coming within the
remit of the Transparency Directive are drawn up in accordance with the relevant reporting
framework. Issuers that come within the Transparency Directive Regulations (S.I. No. 277 of
2007) are entities whose securities have been admitted to trading on a regulated market
situated, or operating, within the EEA. IAASA does not undertake this role for any other set
of financial statements. The Central Bank has no role in this area.
All financial statements of credit institutions licensed by Central Bank are audited by “Big 4”
audit firms and they are required to provide an opinion as to whether the financial
statements give a true and fair view.
In terms of checking for credit institutions’ actual Pillar III disclosures, the Central Bank has
a procedure in place with an operational checklist to assess compliance. However, this
checklist relates to quantitative information only available to the Central Bank from other
sources e.g. supervisory returns and does not include qualitative information. If Credit
institutions fail to provide adequate Pillar III disclosures, similar to other non-compliance
issues, the Central Bank may take enforcement procedures based on non-compliance with
CRD requirements. To date, there has been no requirement to undertake enforcement
procedures.
EC5
The supervisor or other relevant bodies regularly publishes information on the banking
system in aggregate to facilitate public understanding of the banking system and the
exercise of market discipline. Such information includes aggregate data on balance sheet
indicators and statistical parameters that reflect the principal aspects of banks’ operations
(balance sheet structure, capital ratios, income earning capacity, and risk profiles).
Description and
findings re EC5
The Central Bank regularly publishes information on the banking system via its own
publications and providing data to be included in third party publications.
The Central Bank publishes and provides commentary on a broad range of financial
developments in Ireland. Publications include the Monthly Statistics, a quarterly report on
sectoral developments in private sector credit, investment funds, securities issues and
quarterly financial accounts. The Central Bank also publishes an aggregated balance sheet
of the covered banks providing details of liabilities covered by the government guarantee.
The Central Bank has also published mortgage arrears data recently. Examples of other
recent publications are:
? Macro Financial Review
? Money and Banking Statistics
? Securities Issues of Irish Resident Entities
? Quarterly Financial Accounts for Ireland
? Irish Locational Banking Statistics
? Trends in Business Credit and Deposits Q4 2012
The Central Bank contributes to IMF publications on financial soundness indicators for
deposit takers. The Financial Soundness Indicators were developed by the IMF, together
with the international community, with the aim of supporting macro prudential analysis
and assessing strengths and vulnerabilities of financial systems.
In addition, the Central Bank contributes to an ECB publication of indicators of financial and
solvency/risk parameters as part of its annual assessment of financial stability within the EU.
This data contains information on the aggregate consolidated profitability, balance sheets
IRELAND
266 INTERNATIONAL MONETARY FUND
and solvency of EU banks, and refer to all EU Member States. The banks are divided into
three size groups: small, medium-sized and large. In addition, the data provides
information on foreign-controlled institutions active in EU countries.
Additional
criteria
AC1
The disclosure requirements imposed promote disclosure of information that will help in
understanding a bank’s risk exposures during a financial reporting period, for example on
average exposures or turnover during the reporting period.
Description and
findings re AC1
In order to produce financial standards that give a true and fair view, a credit institution
would need to provide an income statement and statement of financial position under IAS
1 (Presentation of Financial Statements) for credit institutions applying IFRS and a profit
and loss account under FRS 3 (Reporting Financial Performance) and balance sheet under
various FRSs for credit institutions applying Local GAAP that would provide this detail.
In order for a credit institution to issue a set of financial statements that provide a true and
fair view, it would need to comply with inter alia: (i) IFRS 7 (which is the same as FRS 29
(Local GAAP)) – Financial Instruments: Disclosure. The objective of this IFRS is to require
entities to provide disclosures in their financial statements that enable users to evaluate:
a) the significance of financial instruments for the entity’s financial position and
performance; and
b) the nature and extent of risks arising from financial instruments to which the entity is
exposed during the period and at the end of the reporting period, and how the
entity manages those risks.
Assessment of
Principle 28
Compliant
Comments Credit Institutions licensed by the Central Bank of Ireland produce their financial statements
in accordance with either IFRS or Local GAAP. IAASA is the independent competent
authority in 'Ireland with statutory responsibility for examining whether the annual and
half-yearly financial reports of Issuers coming within the remit of the Transparency
Directive are drawn up in accordance with the relevant reporting framework. Issuers that
come within the Transparency Directive Regulations (S.I. No. 277 of 2007) are entities
whose securities have been admitted to trading on a regulated market situated, or
operating, within the EEA.
Pillar 3 disclosures are typically included in banks’ annual reports and include both
qualitative and quantitative disclosures including approaches to risk management and
portfolio composition.
Part of the routine activities within the supervision framework is for supervisors to assess
annual financial disclosures. This is typically a desk-top review to evaluate transparency,
accuracy and consistency with regulatory returns. The Central Bank will ensure that the
financial statements have an auditor’s opinion expressing the opinion as to whether they
give a true and fair view.
The Central Bank regularly publishes information on the banking system via its own
publications and providing data to be included in third party publications.
Principle 29 Abuse of financial services. The supervisor determines that banks have adequate policies
and processes, including strict customer due diligence (CDD) rules to promote high ethical
IRELAND
INTERNATIONAL MONETARY FUND 267
and professional standards in the financial sector and prevent the bank from being used,
intentionally or unintentionally, for criminal activities.
68
Essential criteria
EC1
Laws or regulations establish the duties, responsibilities and powers of the supervisor
related to the supervision of banks’ internal controls and enforcement of the relevant laws
and regulations regarding criminal activities.
Description and
findings re EC1
AML/CFT
The CBI was appointed competent authority under theCJA2010 for supervision and
enforcement of compliance by credit and financial institutions with obligations imposed by
the CJA2010. The CBI is therefore responsible for securing compliance by c.10, 000
regulated financial services firms with AML/CFT obligations.
CBI has powers (See EC8) to enforce compliance by designated persons which it supervises
with the requirements of the CJA2010, including
a. pursue administrative sanction or criminal action in respect of:
i. A breach of CJA2010 or
ii. A failure to execute a direction
b. give directions under S. 71 of the CJA2010 to discontinue or take certain
actions
Financial Sanctions
The CBI is the competent authority for the purposes of EU Financial Sanctions in Ireland.
Ireland designates the CBI as competent authority by identifying it as such in the relevant
annex to each EU Financial Sanctions Regulation. EU Financial Sanctions refer to economic
and financial restrictive measures, including targeted financial sanctions, which are imposed
by EU Council Regulations and which are required to be applied by all persons and entities
doing business in the EU, including nationals of non-EU countries, and also by EU nationals
and entities incorporated or constituted under the law of an EU Member States when doing
business outside the EU. The terms EU Financial Sanctions Regulations and EU Financial
Sanctions Statutory Instruments are to be construed accordingly.
The legislation governing the operation of financial sanctions within the State consists of a
series of statutory instruments and directly effective EU Regulations, which impose
obligations to apply freezing, prohibitive and reporting measures. However, the manner in
which the obligations under the EU Regulations have been given effect within the State
does not:
(a) provide an appropriate sanctions regime for non-compliance with obligations
imposed by the EU Regulations and the domestic statutory instruments; or
(b) impose obligations to put in place the infrastructure (i.e. policies, processes, systems,
records etc.) necessary to identify, prevent and detect financial assets owned by, or
financial transactions involving, sanctioned parties.
68
The Committee is aware that, in some jurisdictions, other authorities, such as a financial intelligence unit (FIU),
rather than a banking supervisor, may have primary responsibility for assessing compliance with laws and regulations
regarding criminal activities in banks, such as fraud, money laundering and the financing of terrorism. Thus, in the
context of this Principle, “the supervisor” might refer to such other authorities, in particular in Essential Criteria 7, 8
and 10. In such jurisdictions, the banking supervisor cooperates with such authorities to achieve adherence with the
criteria mentioned in this Principle.
IRELAND
268 INTERNATIONAL MONETARY FUND
These deficiencies have been raised at the appropriate levels within the Department of
Finance, up to and including the Minister for Finance. Work is ongoing between the CBI
and the Department of Finance to identify a statutory and regulatory resolution to these
deficiencies in the near term.
It is of note that all EU persons and entities are obliged to inform the competent authorities
of any information at their disposal which would facilitate the application of freezing
requirements in accordance with EU Financial Sanctions Regulations. This includes details
of any accounts frozen (account holder, number, value of funds frozen), and other details
which may be useful e.g. data on the identity of designated persons or entities and, where
appropriate, details of incoming transfers resulting in the crediting of a frozen account in
accordance with the specific arrangements for financial and credit institutions, attempts by
customers or other persons to make funds or economic resources available to a designated
person or entity without authorization, and information that suggests the freezing
measures are being circumvented. They are also obliged to co-operate with competent
authorities in verification of information. Where appropriate, they could also provide details
concerning persons and entities having names that are very similar or identical to
designated parties. EU Financial Sanctions Regulations provide that where freezing action is
undertaken or where information is provided to the Competent Authority pursuant to their
obligations under EU Financial Sanctions obligations in good faith and without negligence,
such actions will not give rise to liability of any kind on the part of the natural or legal
person or entity or body implementing it, or its directors or employees. Failure to comply
with EU Financial Sanctions regulations is a criminal offence, which is enforced by An Garda
Síochána in collaboration with the Director of Public Prosecutions.
Other criminal activities
Criminal activities are considered to be primarily matters for An Garda Síochána who have
the legal powers to deal with such activities and to whom the CBI has the power to refer
such matters. As a result, the focus of banking supervisors on such activities as part of their
ongoing supervisory engagement with credit institutions is very limited. Such engagement
that does take place tends to be high level and largely reactive (i.e. post occurrence of an
event) rather than being a proactive approach. To the extent that criminal activities, such as
fraud, take place in credit institutions, banking supervisors would be made aware either
directly by the credit institution or through liaison with internal audit or the provision of
internal audit reports (this excludes Medium Low Impact institutions where the
engagement model does not require meetings to be held with internal audit).
The CBI also has summary prosecution powers under certain legislation where it is the
competent authority. Further, under section 33AK of the Central Bank Act 1942 (as
amended) the CBI is obliged to make a report to An Garda Síochána (and other law
enforcement agencies where appropriate) where it suspects that a criminal offence may
have been committed by a supervised entity. The CBI would coordinate with law
enforcement if they are pursuing criminal action.
EC2
The supervisor determines that banks have adequate policies and processes that promote
high ethical and professional standards and prevent the bank from being used,
intentionally or unintentionally, for criminal activities. This includes the prevention and
detection of criminal activity, and reporting of such suspected activities to the appropriate
authorities.
Description and As part of their AML/CFT Risk Assessment, Prudential Supervisors request confirmation
from firms that policies and procedures have been put in place to achieve compliance with
IRELAND
INTERNATIONAL MONETARY FUND 269
findings re EC2 their obligations under the CJA2010, evidencing same through confirmation of the name of
official/committee approving and date approved. An overview of supervisory activity is
provided at EC5.
As part of its in-depth inspection work program the AML/CFT team reviews the
appropriateness and adequacy of policies and procedures in relation to AML/CFT risk.
Chapter 6, Part 4 of CJA2010 imposes obligations on designated persons (definition of
which includes credit and financial institutions) to have policies and procedures in place for
the detection and prevention of ML/TF.
EC3
In addition to reporting to the financial intelligence unit or other designated authorities,
banks report to the banking supervisor suspicious activities and incidents of fraud when
such activities/incidents are material to the safety, soundness or reputation of the bank.
69
Description and
findings re EC3
Section 38 of the Supervision and Enforcement Act of 2013 states that a person appointed
to perform a pre-approval controlled function, shall, as soon as it is practicable to do so,
disclose to the CBI information relating to an offense under any provision of financial
services legislation which he or she believes will be of material assistance to the CBI.
EC4
If the supervisor becomes aware of any additional suspicious transactions, it informs the
financial intelligence unit and, if applicable, other designated authority of such transactions.
In addition, the supervisor, directly or indirectly, shares information related to suspected or
actual criminal activities with relevant authorities.
Description and
findings re EC4
AML/CFT:
S63 (2) & (4) of the CJA2010 imposes an obligation on competent authorities (including the
CBI) to report to An Garda Síochána or the Revenue Commissioners knowledge or
suspicion of a designated persons or other persons involvement in money laundering or
terrorist financing.
Other:
Section 33AK(3) of the Central Bank Act 1942 (as inserted by Section 26 of Central Bank
and Financial Services Authority Act 2003) imposes an obligation on the supervisor to
report to the relevant authority (including An Garda Síochána and the Revenue
Commissioners) any information relevant to that body that leads the Central Bank to
suspect that:
(A) a criminal offence may have been committed by a supervised entity, or
(B) a supervised entity may have contravened a provision of company law or
competition law.
A report is not required where the supervised entity has already made the necessary
disclosures.
EC5
The supervisor determines that banks establish CDD policies and processes that are well
documented and communicated to all relevant staff. The supervisor also determines that
such policies and processes are integrated into the bank’s overall risk management and
69
Consistent with international standards, banks are to report suspicious activities involving cases of potential money
laundering and the financing of terrorism to the relevant national centre, established either as an independent
governmental authority or within an existing authority or authorities that serves as an FIU.
IRELAND
270 INTERNATIONAL MONETARY FUND
there are appropriate steps to identify, assess, monitor, manage and mitigate risks of
money laundering and the financing of terrorism with respect to customers, countries and
regions, as well as to products, services, transactions and delivery channels on an ongoing
basis. The CDD management programme, on a group-wide basis, has as its essential
elements:
(a) a customer acceptance policy that identifies business relationships that the bank will
not accept based on identified risks;
(b) a customer identification, verification and due diligence programme on an ongoing
basis; this encompasses verification of beneficial ownership, understanding the
purpose and nature of the business relationship, and risk-based reviews to ensure
that records are updated and relevant;
(c) policies and processes to monitor and recognize unusual or potentially suspicious
transactions;
(d) enhanced due diligence on high-risk accounts (e.g. escalation to the bank’s senior
management level of decisions on entering into business relationships with these
accounts or maintaining such relationships when an existing relationship becomes
high-risk);
(e) enhanced due diligence on politically exposed persons (including, among other
things, escalation to the bank’s senior management level of decisions on entering
into business relationships with these persons); and
(f) clear rules on what records must be kept on CDD and individual transactions and
their retention period. Such records have at least a five year retention period.
Description and
findings re EC5
Overview ECs5-7
The CJA2010 which came into force on 15 July 2010, was enacted to transpose the EU’s
Third Money Laundering Directive and its implementing directive into Irish Law. The
CJA2010 addressed deficiencies in Ireland’s AML/CFT regime identified in the 2006 FATF
Mutual Evaluation Report, and consolidated existing legislation in this area. With the
enactment of the Criminal Justice Act 2013 in June 2013, which further strengthened
legislation in a small number of areas, Ireland successfully exited the FATF third round
Mutual Evaluation Report process.
The key obligations of the CJA2010 with which designated persons (of which credit
institutions are one category) are required to comply are set out in Part 4 of the CJA2010
and are summarized as follows:
? Chapter 3 Customer Due Diligence imposes obligations on designated persons to
identify and verify customers, identify beneficial ownership, and apply enhanced due
diligence requirements to higher risk relationships.
? Chapter 4 Reporting of suspicious transactions imposes obligations on designated
persons to identify and report suspicious transactions.
? Chapter 6 Policies and Procedures imposes obligations on designated persons to
have policies and procedures in place for the prevention and detection of money
laundering/terrorist financing (ML/TF) activities. This includes but is not limited to
having in place policies and procedures for:
o the assessment of ML/TF risk
IRELAND
INTERNATIONAL MONETARY FUND 271
o internal controls for management/mitigation of such risks
o monitoring of compliance with policies and procedures
o maintenance of records
o ensuring that all relevant personnel are instructed in the law and can
adequately fulfill their duties on behalf of the designated person
? Chapter 7 Special provisions applying to credit and financial institutions imposes a
number of miscellaneous obligations e.g. prevention of anonymous accounts.
? Core Guidelines have been published by the Department of Finance to which
designated persons may have regard when interpreting and applying the CJA2010.
? Section 60(2) of the CJA2010 appoints the Central Bank as Competent Authority for
the supervision of credit and financial institutions regarding compliance with
requirements arising under the CJA2010. The Central Bank has confirmed that it will
have regard to the Core Guidelines issued by the Department of Finance when
assessing compliance with the CJA2010.
? Reporting of suspicious transactions are made by credit and financial institutions
directly to the financial intelligence units of the Irish police force (“An Garda
Síochána”) and the Revenue commissioners, who have responsibility for the
investigation and disposition of those reports.
The Criminal Justice Act 2013 which, was passed into law on 14
th
June 2013 makes
amendments to the CJA2010 to align it with FATF recommendations. Specifically, these
amendments relate to:
? the application of enhanced CDD measures in higher risk situations;
? the application of a minimum level of due diligence rather than no measures in low
risk situations where simplified CDD applies;
? the making of Suspicious Transaction reports on grounds of “reasonable suspicion”
rather than “real risk” of money laundering;
? the keeping of CDD records up to date;
? the completion of CDD on existing customers;
? the reduction in the occasional transaction threshold for occasional wire transfers;
? the allocation of responsibility for the registration and monitoring of Trust &
Company Service Providers-subsidiaries of credit and financial institutions.
Supervisory Activity:
As provided for under the CJA2010, and Financial Action Task Force (FATF)
recommendations, the CBI has taken a risk based approach to supervising the regulated
population. This approach and the supporting supervisory engagement model were
formally approved within the CBI on 4 February 2013, and is integrated into the CBI
prudential supervisory engagement model under PRISM. To this end the supervised
population has been classified by PRISM impact rating, with appropriate supervisory tools
deployed against each classification.
A program to monitor compliance with CJA 2010 has been in place since July 2010. The
program was further developed in 2012 to integrate into the CBI prudential supervisory
engagement model under PRISM. The current program was formally approved within the
CBI on 4
th
February 2013 and implemented immediately.
IRELAND
272 INTERNATIONAL MONETARY FUND
Overview of activity since September 2010:
Impact rating Activity
High impact firms
? Full onsite inspection: 2013 – 3 firms
? Thematic onsite inspection: 2012 – 1
firm
? Desktop inspection – 2011 – 1 firm,
2012 – 1 firm
? Offsite review through risk assessment
questionnaire: 2013 – 3 firms
Medium High impact firms
? Full onsite inspection: 2010 – 1 firm,
? Thematic onsite inspection: 2011 – 1
firm, 2012 – 1 firm
? Desktop inspection – 2011 – 1 firm
? Offsite review through risk assessment
questionnaire: 2013 – 9 firms
Since September 2010, the CBI has conducted 8 onsite inspections. Of these, in-depth
inspections were conducted on 4 banks (combined balance sheet representing c.40% of
gross sector assets). Additionally the CBI has conducted offsite reviews through risk
assessment questionnaires covering 21 banks, providing high-level intelligence on the
status of AML controls for nearly all regulated entities within the sector. The questionnaire
facilitates an analysis of AML/CFT risk through an evaluation of (i) the inherent risk posed
by the bank’s business model, (ii) the firm’s AML/CFT control framework and (iii) the track
record of the firm in management operational risk. Branches of foreign banks have not
been reviewed. The results of the supervisory programme for 2013 are being used by the
CBI to develop a baseline on the level of compliance for the sector. Where inspections or
assessments have been completed, the CBI has communicated suspected deficiencies to
the banks and where gaps have been confirmed remediation plans have been put in place.
As yet no enforcement action in terms of ASP or criminal prosecution has been taken
against the sector. Total staff dedicated to CJA2010 compliance numbers seven and is
supported by other supervisory staff.
The CBI has not issued policy guidance to banks on the implementation of CJA2010. The
Department of Finance published on its website high level cross-sectoral guidance (the
“Core Guidelines”). In the Core Guidelines it makes reference to the fact that the guidance
does not constitute secondary legislation and firms must always refer directly to the
CJA2010 when ascertaining their statutory obligations. The CBI was centrally involved in the
development of the cross-sectoral Core Guidelines. The Core Guidelines are very detailed in
nature and reflect CBI views on the interpretation of the CJA2010, hence the statement by
the CBI at the time of publication that the CBI “will have regard to these guidelines in
assessing compliance by designated persons with the Act.
The CBI intends to issue a communication to the banking sector detailing any recurring
themes and/or best practice from recent inspections.
IRELAND
INTERNATIONAL MONETARY FUND 273
EC5
As part of the 4 in-depth inspections conducted since 2010, CDD was reviewed. The reviews
included an assessment of the appropriateness and adequacy of the firm’s approach to
CDD including risk assessment, governance, risk management and control.
As part of their AML/CFT Risk Assessment, Prudential Supervisors request confirmation
from firms that they can demonstrate compliance with their obligations under the CJA2010
in relation to CDD including:
i. Assessment of AML/CFT risk presented by the firm’s business model
ii. Policies and procedures that reflect risk based approach to CDD
iii. Independent testing of application of policies and procedures
iv. Provision of MI to senior management on AML/CFT KPIs
v. Testing of outsourcing and third party reliance arrangements
vi. Ongoing monitoring of accounts, evidencing same through confirmation of the
name of official/committee approving and frequency of reporting and latest date
approved.
Chapter 3 of Part 4 of the CJA2010 sets out the CDD obligations to be fulfilled by
designated persons which addresses each of the essential elements (a) through (f) of EC5
above.
Chapter 6 of Part 4 of the CJA2010 imposes obligations upon designated persons in
relation to internal policies, procedures, training and record retention. Included in Part 4 is
an obligation under Section 54(2) “to assess and manage the risks of money laundering or
terrorist financing.”
Additional guidance in respect of these obligations is set out in the Core Guidelines
published on the Department of Finance website. In particular, Section III of the Core
Guidelines provides additional guidance in respect of S54(2) on what is expected of
designated persons in the assessment and management of the risk to a business of misuse
for money laundering or terrorist financing purposes.
EC6
The supervisor determines that banks have in addition to normal due diligence, specific
policies and processes regarding correspondent banking. Such policies and processes
include:
(a) gathering sufficient information about their respondent banks to understand fully the
nature of their business and customer base, and how they are supervised; and
(b) not establishing or continuing correspondent relationships with those that do not
have adequate controls against criminal activities or that are not effectively
supervised by the relevant authorities, or with those banks that are considered to be
shell banks.
Description and
findings re EC6
As part of its in-depth inspection work program the AML/CFT team reviewed the
appropriateness and adequacy of the firm’s approach to correspondent banking including
IRELAND
274 INTERNATIONAL MONETARY FUND
risk assessment, governance, risk management and control. This is supported by on-site
sample testing of key controls.
As part of their AML/CFT Risk Assessment, Prudential Supervisors request confirmation
from firms that they can demonstrate compliance with their obligations under the CJA2010
in relation to establishing and maintaining correspondent banking relationships, evidencing
same through confirmation of the name of official/committee approving and date
approved.
Section 38, Chapter 3 of Part 4 of CJA2010 imposes an obligation on designated persons to
perform enhanced customer due diligence in respect of correspondent banking
relationships. There is no specific obligation within this section to terminate existing
relationships however there is an over-riding requirement under Section 54 of CJA2010 for
a designated person to adopt policies and procedures to prevent the commission of
ML/TF.
EC7
The supervisor determines that banks have sufficient controls and systems to prevent,
identify and report potential abuses of financial services, including money laundering and
the financing of terrorism.
Description and
findings re EC7
As part of its in-depth inspection work program the AML/CFT team review the
appropriateness and adequacy of the firm’s approach to identification and reporting of
suspicious transactions, the governance, risk management and control of this process. This
is supported by on-site sample testing of key controls.
As part of their AML/CFT Risk Assessment, Prudential Supervisors request confirmation
from firms that they can demonstrate compliance with their obligations under the CJA2010
in relation to identification and reporting of suspicious transactions including:
i. governance,
ii. processes and procedures
iii. management information
Firms must provide evidence for same through confirmation of the name of
official/committee approving and date approved.
Chapter 4 of Part 4 of the CJA2010 places obligations on designated persons to identify
and report suspicious transactions.
In addition, Section 19 of the Criminal Justice Act 2011 (CJA2011) makes it an offence for a
person not to report to An Garda Síochána, information which he knows or believes might
be of material assistance in preventing the commission of certain offences or amongst
other things secure the conviction of any persons for those relevant offences. These certain
offences are contained in the schedule to the CJA2011 and include offences related to
banking, theft, fraud and money laundering and terrorist offences.
EC8
The supervisor has adequate powers to take action against a bank that does not comply
with its obligations related to relevant laws and regulations regarding criminal activities.
Description and
findings re EC8
Within the CJA2010, for all relevant sections, failure to comply with the obligations
imposed under such sections is defined as a criminal offence.
CBI has powers to enforce compliance by designated persons which it supervises with the
requirements of the CJA2010, including
IRELAND
INTERNATIONAL MONETARY FUND 275
a. pursue administrative sanction* or criminal action in respect of:
i. A breach of CJA2010 or
ii. A failure to execute a direction
b. give directions under S. 71 of the CJA2010 to discontinue or take certain
actions
*Section 33AN of the Central Bank Act, 1942 provides for certain prescribed contraventions
to be subject to civil enforcement powers of the CBI (Administrative Sanctions Procedure
(ASP)). S114(4) of the CJA 2010 includes an amendment of the Central Bank Act 1942 to
include contraventions of Part 4 of the CJA2010 as prescribed contraventions under Section
33AN.
EC9
The supervisor determines that banks have:
(a) requirements for internal audit and/or external experts
70
to independently evaluate
the relevant risk management policies, processes and controls. The supervisor has
access to their reports;
(b) established policies and processes to designate compliance officers at the banks’
management level, and appoint a relevant dedicated officer to whom potential
abuses of the banks’ financial services (including suspicious transactions) are
reported;
(c) adequate screening policies and processes to ensure high ethical and professional
standards when hiring staff; or when entering into an agency or outsourcing
relationship; and
(d) ongoing training programmes for their staff, including on CDD and methods to
monitor and detect criminal and suspicious activities.
Description and
findings re EC9
All areas:
The CBI does not have a specific requirement to require banks to establish an internal audit
function or to appoint a head of internal audit, however, banks are required to put in place
adequate internal control mechanisms and robust governance arrangements (see CP26).
This requirement emanates from the Corporate Governance Code 2010 which has been
imposed as a condition on the license of each of the banks. Furthermore, the CBI could
impose an obligation to have such functions in place (if they are not in place or not
adequately in place) using regulation 70 of S.I. 661 of 2006. The internal audit function is
expected to independently evaluate the relevant risk management policies, processes and
controls. However, the extent to which they evaluate the risk management policies,
processes and controls in relation to criminal activities is not prescribed.
Supervisors have access to internal audit reports.
The EBA Guidelines on Internal Governance (GL44) require banks to establish a compliance
function. The EBA guidelines are applicable to all Irish licensed banks. The CBI is currently
working on codifying GL44 in 2013. The Fit & Proper Standards 2011 and the Central Bank
70
These could be external auditors or other qualified parties, commissioned with an appropriate mandate, and
subject to appropriate confidentiality restrictions.
IRELAND
276 INTERNATIONAL MONETARY FUND
Reform Act 2010 provide the Central Bank with the power to reject the appointment of the
head of compliance as well as the power to remove incumbent compliance heads if
deemed necessary. There is no requirement to appoint a relevant dedicated officer to
whom potential abuses of the banks’ financial services are reported. In the absence of a
dedicated officer it would be expected that the compliance officer would fulfill this role.
AML/CFT:
As noted earlier, Chapter 6 of Part 4 of the CJA2010 imposes general obligations upon
banks in relation to policies, procedures, etc. The Core Guidelines include specific guidance
as to measures that firms should take to demonstrate compliance with the CJA2010 which
aligns with the elements described in items (b) through (d) of EC9 above. There is nothing
in the CJA2010 or the guidance that specifically requires internal audit or other expert
evaluation of a designated persons AML/CFT control framework; however, it is expected
that reliance can be placed on the general obligations applicable to credit institutions
described above.
1. General
All High Impact Irish licensed banks have appointed a local internal audit head and
function. Medium High Impact and Medium Low Impact banks are permitted to rely on the
internal audit function of their parent.
All banks have either a compliance officer or a compliance function (see CP26).
Material outsourcing relationships are assessed by Banking Supervision in relation to the
extent of adherence to the EBA Guidelines. Certain key functions (PCFs) require compliance
with fitness and probity requirements of the Central Bank.
2. AML/CFT
As part of its in-depth inspection work program the AML/CFT team review the
appropriateness and adequacy of the firm’s overall framework for management of
AML/CFT risk addressing elements (a) through (d) of the essential criteria above.
Specifically the program assesses and tests the implementation of an appropriate
governance structure for management of AML/CFT risk, including:
(a) clear definition of the roles and responsibilities of each line of defense
(b) clear definition of escalation and signoff processes for key risks (e.g. high-risk
customers take-on; transaction screening criteria; suspicious transaction reporting)
(c) implementation of comprehensive training program tailored to the role being
fulfilled
(d) adherence to legislative requirements relating to outsourcing or third party reliance,
including ongoing testing of those relationships
As part of their AML/CFT Risk Assessment, Prudential Supervisors request confirmation
from firms that they can demonstrate compliance with their obligations under the CJA2010
in relation to the establishment of an effective governance structure for management of
AML/CFT risk in relation to the following areas:
i. Implementation of effective organizational structure
ii. Implementation of training re CJA2010
IRELAND
INTERNATIONAL MONETARY FUND 277
iii. Implementation of plan for ongoing training
iv. Implementation of program of testing of key controls
v. Provision of MI to senior management on AML/CFT KPIs
vi. Testing of outsourcing and third party reliance arrangements
Firms must provide evidence of same through confirmation of the name of
official/committee approving and frequency of reporting and latest date approved.
EC10
The supervisor determines that banks have and follow clear policies and processes for staff
to report any problems related to the abuse of the banks’ financial services to either local
management or the relevant dedicated officer or to both. The supervisor also determines
that banks have and utilize adequate management information systems to provide the
banks’ Boards, management and the dedicated officers with timely and appropriate
information on such activities.
Description and
findings re EC10
Adequacy of reporting has been reviewed as part of the AML inspections conducted by the
CBI in the past three years. Deficiencies noted were communicated to the banks’
management. The CBI will adjust its monitoring program based on findings of the current reviews.
The revised program/strategy will see an additional in-depth inspection being conducted in
2014 and onsite thematic inspections in 2015. The CBI intends to issue a communication to
the banking sector detailing any recurring themes and/or best practice from recent
inspections.
EC11
Laws provide that a member of a bank’s staff who reports suspicious activity in good faith
either internally or directly to the relevant authority cannot be held liable.
Description and
findings re EC11
The Supervision and Enforcement Act 2013 sets the requirement.
Chapter 4 of Part 4 of the CJA2010 sets out the obligations in relation to the reporting of
suspicious transactions. S47 of this Chapter 4 provides an exemption from liability to
persons making reports in accordance with these obligations.
In addition, Section 19 of the CJA2011 makes it an offence for a person not to report to An
Garda Síochána, information which he knows or believes might be of material assistance in
preventing the commission of certain offences or amongst other things secure the
conviction of any persons for those relevant offences. These certain offences are contained
in the schedule to the CJA2011 and include offences related to banking, theft, fraud and
money laundering and terrorist offences. Employees are protected from penalization for
disclosing certain information.
EC12
The supervisor, directly or indirectly, cooperates with the relevant domestic and foreign
financial sector supervisory authorities or shares with them information related to
suspected or actual criminal activities where this information is for supervisory purposes.
Description and
findings re EC12
Domestic:
The CBI is a member of the Money Laundering Steering Committee, a committee chaired
by the Department of Finance with responsibility for coordinating and progressing national
AML/CFT initiatives.
International:
The CBI is a member of the EBA’s AML Committee where it contributes to development of
EU supervisory policy and intra-agency collaboration.
The CBI was significantly involved in the drafting and finalizing of a home-host protocol to
be used by colleges of supervisors collaborating on the AML/CFT supervision of cross-
IRELAND
278 INTERNATIONAL MONETARY FUND
border payment institutions. It is currently working with a number of EU regulators (Nordic
Regulators, Germany, and UK) on developing an implementation framework for this
protocol.
EC13
Unless done by another authority, the supervisor has in-house resources with specialist
expertise for addressing criminal activities. In this case, the supervisor regularly provides
information on risks of money laundering and the financing of terrorism to the banks.
Description and
findings re EC13
This role does not currently fall within the responsibilities of the Central Bank.
Assessment of
Principle 29
Materially Noncompliant
Comments Anti-Money Laundering legislation was strengthened in 2010 through the CJA 2010 which
was further amended in 2013. The scope of the legislation is comprehensive.
The CBI has conducted 8 onsite inspections which includes 4 in-depth onsite inspections. In
addition, offsite reviews have been conducted on 21 banks through the use of a risk
assessment questionnaire. The questionnaire facilitates an analysis of AML/CFT risk
through an evaluation of (i) the inherent risk posed by the bank’s business model, (ii) the
firm’s AML/CFT control framework and (iii) the track record of the firm in management
operational risk.
Work remains for the CBI in monitoring compliance:
a) The current legislative framework, the CJA 2010, is comprehensive and provides the
CBI with significant powers to enable it to assert its supervisory authority. However, the
framework (Section 107 of the CJA 2010) also envisages the approval of guidelines for
the purposes of guiding designated persons (banks) on the application of Part 4 of the
CJA 2010 Such guidelines which would provide valuable assistance in fleshing out the
expectations in relation to compliance with the legislation; the CBI should work with
Justice to provide guidance to banks. . Such guidelines would also provide greater
clarity to designated persons as to the standards expected in relation to interpreting
“reasonable measures” and “due diligence.” In addition, the CBI should issue
communications following its inspections setting out principal findings and its
expectations as to how compliance with the CJA 2010 can be demonstrated.
b) Branches of foreign banks have not been inspected or reviewed for compliance with
the CJA 2010.
c) Reviewing whether the balance, to date, of onsite and offsite is adequate to determine
verify compliance.
IRELAND
INTERNATIONAL MONETARY FUND 279
Recommended Actions
A. Recommended Actions to Improve Compliance with the Basel Core
Principles
Reference Principle Recommended Action
Principle (2) - Amend existing legislation to detail the framework for Central
Bank independence. Also address reasons for removal of
Commission members to be similar to Governor.
- Take steps to fill vacancies in BSD.
Principle (5)
- Consider options for improving the CBI’s ability to conduct fit
and proper reviews during licensing of banks owned by
unregulated parents.
- Study enforceability of special conditions to the license that
must be accepted by parent company at time of approval to
enhance CBI enforcement authority.
Principle (9)
- Consider the distribution of resources and supervisory tasks across
Medium Low and Low Impact ratings
- Consider expanding KRIs in PRISM to include a broader suite of risk
metrics i.e. operational risk and IRRBB
Principle (15) - For banks accredited to use internal models, annual assessment that
banks comply with supervisory standards (e.g. validation)
- Implementation of framework to assess IT across regulated banks
Principle (17)
- Increase frequency and loan sample size for Medium Low banks
Principle (18)
- Greater frequency and depth of onsite reviews of loan loss
provisioning practices (e.g. testing of assumptions against
experience, recognition of default, prudent valuations)
Principle (20) - Amend the RPL code to include asset sales, deposits and other
areas addressed in CP. Also expand information in RPL
regulatory reports so that a more complete offsite compliance
assessment may be made.
Principle (27) - Enact legislation giving the Central Bank the power to reject or rescind
external auditors.
Principle (29)
- Expand supervisory scope to include branches of foreign banks,
- Statutory guidelines, approved as envisaged by Section 107 of the CJA
2010, should be issued. Review the current balance between onsite
and offsite reviews. Currently emphasis is heavily weighted on offsite.
IRELAND
280 INTERNATIONAL MONETARY FUND
Authorities' Response to the Assessment
1. Recognition of Financial Sector Reform and Strengthening of Supervision of Credit
Institutions
The Irish authorities wish to express their appreciation to the IMF and its Mission team for their
detailed assessment of Ireland’s compliance with the Basel Core Principles for Effective Banking
Supervision.
We welcome the IMF’s acknowledgement of the continued strengthening of the supervisory process
through substantial changes to both regulation and legislation, achieved in collaboration with our
external partners under Ireland’s financial support programme, in a challenging environment, which
included the restructuring and stabilisation of the Irish banking sector.
A risk based supervisory approach to banking supervision was implemented by the Central Bank in
2011 by means of a new risk assessment framework. This framework was accompanied by a
substantial increase in resources and encompasses a much more intrusive approach than existed
previously. Our supervisory regime is determined further by our assessment of the impact risk of
each credit institution and our resources are allocated to conduct supervisory engagement further
to that assessment. In addition, significant changes to the legal framework have been achieved,
which have resulted in enhanced powers for the Central Bank.
2. Specific Comments on IMF Findings and Ratings
While the Irish Authorities are generally in agreement with the report, the Irish Authorities would
make the following comments in relation to those Core Principles which have been rated by the IMF
as Materially Non-Compliant:
CP 2 Independence
The Irish authorities are pleased to note that there was no observed political interference with the
Central Bank of Ireland. While we are disappointed with the IMF finding regarding CP2, we note
that this relates to hypothetical concerns regarding a small number of legislative provisions from
within the corpus of Irish financial services law, rather than any manifest experience of the Central
Bank’s statutory or regulatory independence being compromised.
The independence of the Irish Central Bank is a core pillar of the Irish financial system and is
essential for both the system’s effectiveness and its international credibility. For this reason, when
introducing reforming legislation to restructure the Central Bank following the financial crisis, the
Government took great care to reaffirm the Central Bank’s independence. To underline this point,
the Government has further introduced a range of measures to strengthen the powers of the Central
Bank and to extend its remit into new areas of responsibility such as bank resolution.
IRELAND
INTERNATIONAL MONETARY FUND 281
While the Irish authorities do not fully agree with the IMF view under this category, we will consider
the recommendation for a more detailed framework for Central Bank independence in the context
of any future review of the statutory basis of the Central Bank.
CP 9 Supervisory Techniques and Tools
Ireland’s approach to supervision is risk based and starts with the premise that all firms are not
equally crucial in the banking system and the wider economy. Supervisory efforts and resources are
focused on those firms whose failure would have a significant impact upon the banking system, the
economy, the taxpayer and the consumer. This approach to supervision is in keeping with the IMF’s
and the Basel Committee’s principle of proportionality.
The IMF has rated Core Principle 9 as being Materially Non-Compliant. However, the specific issues
raised by the IMF mainly relate to potential calibration issues with the supervisory engagement
model for the least risky and non-systemically important cohort of Irish licensed banks i.e. medium
low impact banks. This cohort of 10 non-retail institutions comprises 3% of total Irish banking
system assets, does not take retail deposits, comprises 2% of all Irish corporate deposits, is not
involved in retail lending, and transacts with counterparties who are predominantly business to
business and intra-group. Moreover, although the IMF views the Medium Low Impact engagement
model as heavily reactive with light data validation/verification, this description is only accurate for
low impact credit institutions, i.e. branches of EU Banks operating in Ireland, which are primarily
under foreign prudential supervision. No Irish licensed bank has been categorised as low impact.
The Central Bank will follow the two recommendations made by the IMF relating to CP 9. We will
review the distribution of resources and supervisory tasks across medium low and low impact credit
institutions as the Single Supervisory Mechanism (“SSM”) enters into force. As part of our
implementation of the SSM requirements we will adhere to the requirements of the SSM
Supervisory Manual which sets out the processes, procedures and methodology for the supervision
of both Significant and Less Significant institutions, including supervisory tasks and KRIs.
CP 20 Related Party Transactions
Related party transactions in the Irish banking system are predominantly in respect of lending rather
than service contracts or deposits, and accordingly the Central Bank has tailored its supervisory
regime to capture higher risk transactions in this area. The supervisory approach includes a Code of
Practice (“the Code”) to which all licensed credit institutions must adhere and a detailed reporting
framework is in place to ensure that the requirements set out in the Code are being met on an on-
going basis. The framework also includes on-site testing, lending limits and the requirement for the
prior approval of the Central Bank for transactions over €1m.
While the Irish Authorities therefore do not entirely agree with the IMF’s rating of Materially Non-
Compliant in relation to related party transactions, the Central Bank will undertake an evaluation of
related party transactions and will evidence any potential risks outside the scope of the current
Code. The Code will be amended accordingly.
IRELAND
282 INTERNATIONAL MONETARY FUND
CP 29 Abuse of Financial Services
The Irish Authorities will follow the IMF recommendations in relation to CP 29. In relation to
Guidelines envisaged by Section 107 of the Criminal Justice Act 2010, the Central Bank will request
that the appropriate authority, the Minister for Justice, issues such guidelines. Furthermore, the
Central Bank will communicate its principal findings to the banking sector following the Anti-Money
Laundering reviews undertaken in 2013. The Irish Authorities also note the comments regarding the
balance between onsite and offsite reviews and will undertake a review to ensure the appropriate
balance exists.
The Irish Authorities acknowledge that branches of foreign banks have not been inspected, and
while this is considered to be consistent with our risk focused approach to AML supervision, branch
inspections will be performed.
3. Concluding Authorities’ Comments on IMF Findings and Ratings
The Irish Authorities acknowledge the importance of continually monitoring and seeking to improve
the regulatory framework and supervisory practices and remain strongly committed to so doing.
To that end, the Irish Authorities will evaluate and consider the IMF’s recommendations, in the
context of the IMF’s endorsement of Ireland’s supervisory approach, as reflected in the compliant
rating for CP 8. We are currently preparing to implement the SSM requirements from 4 November
2014. The Single Supervisory Mechanism will fundamentally alter the manner in which credit
institutions are supervised within the euro area and will consequently change the way in which the
Central Bank supervises credit institutions in Ireland.
doc_279864107.pdf