CBI warns conduct risk controls lacking in latest CEO letter

 

The Central Bank of Ireland (CBI) this week issued a “Dear CEO” letter raising concerns that regulated firms might not be adequately identifying and mitigating market conduct risks.

 

The letter follows a series of consultations with 24 regulated entities throughout 2019. That included on-site inspections for entities regulated by the CBI, visits to Irish entities in other jurisdictions, and more than 150 interviews with directors and CEOs, risk and compliance officers, and frontline staff.The 21 January 2020 letter, the first of the new year from the Irish regulator, outlines three main areas of concern:

  • Inadequate risk frameworks: The CBI observed that some regulated entities lacked a structured market conduct risk identification process.

 

It also identified instances where entities had a framework to identify market conduct risk, but the framework in place was not fit for purpose and/or did not identify applicable controls to mitigate identified risks.Only one regulated entity had developed a comprehensive and effective market conduct risk framework in line with the 2019 industry communication in an especially proactive manner, the regulator said.

  • Poor governance: There were instances where the CEO did not have autonomy in market conduct risk decision-making, which goes against the expectation that the Board and senior management should take ownership for market conduct risks.

 

In some cases, moreover, senior staff in Ireland effectively reported on a hard-line basis to management at group level. In some global structures, the CBI observed poor flow of conduct-related information between branches and affiliates of Irish entities and the Irish entity itself.

  • Failing to identify the risk of market abuse: there were instances of ineffective MAR3 trade surveillance systems in some regulated entities, particularly in relation to how they generate, analyse and close alerts.

 

Oversight of trade surveillance activity at outsourced partners and other third parties was often deficient as well, with some firms providing insufficient monitoring and supervision of the outsource arrangements.

 

So, what happens now?

In light of its findings, the CBI said that it ‘expects market participants to place a renewed focus on ensuring they have in place frameworks that effectively protect the best interests of investors and they operate in a fair, orderly and transparent manner.’Moreover, they said that ‘The Central Bank’s supervisory work in 2020 will include focussing on regulated entities’ ability to identify market conduct risk; the extent to which they are sufficiently well controlled to govern wholesale market conduct risk; and the flow and escalation of conduct-specific information within and across regulated entities and groups.’With conduct risk becoming a key regulatory focus in recent years, firms should seek to adopt a more proactive approach and framework, complying with the spirit (rather than just the letter) of any laws and regulations.