​Non-executive director Peter Oakes is a former enforcement director at the Central Bank of Ireland.
Source:

• ​https://www.bankingriskandregulation.com/why-the-guinane-case-is-a-game-changer-for-the-c-suite/

​Last week, it was revealed that the former CEO of Permanent TSB “participated” in a breach of regulation admitted by his former employer in 2019.

Three years after PTSB held up its hands to 42 regulatory breaches between 2004 and 2018, and agreed to pay €21mn in fines, the Irish regulator went after Guinane personally.

The Central Bank of Ireland opened an inquiry to determine Guinane’s role in the affair, which impacted 2,007 tracker mortgage customers and led to €54mn in redress and compensation.

The inquiry’s chair, esteemed barrister Peter Hinchcliffe, found that on the balance of probabilities, Guinane did not ensure his bank acted fairly in the best interest of its customers under a general principle of Irish consumer protection law.

​The finding sets a precedent for anyone working in regulated financial services in Ireland and marks a step-up in enforcement from the supervisor
 “Okay with that”

The facts turn on an ambiguously worded special condition known as the “SC706 clause” in certain mortgage holders’ contracts and a three-word email response.

The regulator’s case against the banking chief rests largely on what has been coined the ‘smoking gun’: “Okay with that.” Guinane emailed these three words 16 years ago when asked to sign off on a proposal from his management team. His legal staff had reviewed the proposal to deal with certain mortgage customers who wanted to return to their original low tracker-rate loan after coming off a period of fixed rates. 
The bank’s default position was to place them on a higher standard variable rate.

What should concern fintech executives and others at regulated financial services providers operating in Ireland is how the outcome of this case applies to their industries — specifically personal accountability.

Since the Irish regulator’s new Senior Executive Accountability Regime, analogous to the UK’s Senior Managers Regime, came into force in 2024, certain senior managers and board members can face proceedings independent of their employer.

Most regulated fintechs currently fall outside SEAR, which is meant primarily for banks, insurers and investment managers, but the Guinane case sets an alarming new precedent. Despite Guinane’s conduct predating SEAR by more than a decade, he has been found personally liable for PTSB’s regulatory breaches and faces a fine of up to €500,000. 

For those in management at regulated fintechs, the case is a reminder that they can be pursued and held accountable for failures by their company, even though fintechs fall outside the new SEAR regime.

​What’s more, the maximum fine went up to €1mn in July.
How was Guinane deemed accountable?

Hinchcliffe had to consider whether the banker was “a person concerned in the management” of PTSB.

While Guinane held the position of CEO, the ultimate responsibility for regulatory compliance at PTSB fell to its owner, Irish Life & Permanent Group.

While Guinane did not sit on the board of IL&PG, the inquiry ruled he fell within its jurisdiction.

These failures derive from breaches of prescribed contraventions of “relevant obligations” — for which there is no comprehensive list readily available.

Recent comments from the CBI’s former deputy governor, Sharon Donnery, now a senior executive at the European Central Bank, give some clues about the regulator’s thinking.

Donnery told the Fintech Ireland Summit in November that, in an age of rapid technological advancement, the “basics” — good governance, risk management and consumer protection — “remain true”.

Fintechs drew a sharp breath of air when she singled them out: “Unfortunately, it does have to be said that our supervisory experience continues to point to instances of [fintech] firms failing to provide the basic statutory obligations around protecting people’s money.”

​Donnery’s pointed comments and now the Guinane precedent mean that fintech executives — not just the “big boys” of banking, insurance and investment services — are on notice that they too can be proceeded against for breaching Ireland’s consumer protection code.
Firm up internal processes

Many have expressed sympathy for Guinane, whom the inquiry confirmed neither acted dishonestly nor had any intention to harm or take advantage of customers. Of particular worry for senior executives is a comment by Hinchcliffe that Guinane was entitled to receive better support from within IL&PG.

Now a sanction hearing will determine what penalty, if any, should be imposed. It could range from a caution or reprimand to a maximum cash fine of €500,000 through to being disqualified from working in management at a regulated service provider. The kicker is a potential costs order.

A recent shake-up at the CBI offers little hope of leniency for Guinane. The enforcement directorate has a new leader in the form of Colm Kincaid from the consumer protection directorate. He replaces a fellow lawyer, Seána Cunningham, who now leads the insurance supervision directorate.

However, nothing here suggests any change to the enforcement unit’s appetite and operations for pursuing individuals.

Finally, fintech executives must actively consider their internal procedures. They need to demonstrate regulatory compliance and, more importantly, prove they have considered the implications for customers when signing off on business strategies.

​One wonders whether this will be enough given comments by Mr Guinane legal team that he has been singled out and that an appeal is inevitable. After all, no other banker in Ireland has faced inquiry, despite more than half a dozen banks being hit with €280mn of fines over the exact same scandal.

Download Report - The Use of Supervisory and Regulatory Technology by Authorities and Regulated Institutions Market developments and financial stability implications 

One for all the #regtech and #suptech ambassadors / champions in the network (and you may have spotted it) - Use of Supervisory and Regulatory Technology by Authorities and Regulated Institutions covering:

• Drivers of SupTech and RegTech developments
• Benefits, challenges and risks for authorities and regulated entities
• SupTech and RegTech strategies, market interaction and monitoring developments
• SupTech resource considerations
• Applications of new technologies by regulated institutions & authorities
• Future technology use by the regulator
• Ethics of using AI models for supervision
• Case studies and examples

As you will see in the images below and in the report, less than 50% of supervisory authorities responding to the FSB survey had a Chief Data Officer or equivalent.  Areas where new RegTech tools and uses for data have been developed post 2016 are:

• Risk reporting
• Stress testing
• Microprudential reporting
• Other Macroprudential reporting

​
Whereas pre-2016, the supervisory authorities were focused on:

• Fraud Detection
• AML/CFT
• KYC & Identity and Verification
• Risk assessment
• Risk management

Future technology use by the regulator 
I thought the section 9.2 Future technology use by the was regulator interesting. The FSB reports that rapid changes to the financial landscape and evolving market structure could be accompanied by changes in supervisory surveillance techniques. [Oakes - Ok so that is relatively obvious]

85% + of survey respondents expect that the continued evolution of available technologies will result in changes to supervisory processes, with 68% expecting this to be a considerable change. However, authorities expressed concern that undue reliance on SupTech tools could lead to misplaced focus on areas where risks can be easily measured. [Oakes - so just because you can do something doesn't mean you should do it]. This may deflect attention from areas of concern that are not as easily given to quantifiable measurement [Oakes - so true].

Retaining a forward-looking human based supervisory process
Thus while authorities may recognise the importance of integrating technology into their supervisory approaches, they could also acknowledge the importance of retaining a forward-looking human based supervisory process. The modern supervisory philosophy in most jurisdictions surveyed is based on predictive and human judgement-based oversight of regulated institutions. Technology offers the opportunity to automate routine tasks, develop new analytical techniques and provide better information. Using tools such as AI and ML to analyse increasing volumes of regulatory data provides opportunities for authorities to shift their focus to those aspects where humans excel over machines, e.g. judgement-based decision making. [Oakes- couldn't add anything further to that].

Cases Studies
I also recommend a read of Annex 1 where the Case studies and examples are contained.  There are case studies from 26 supervisory authorities:

1. De Nederlandsche Bank - Becoming a smart supervisor
2. European Central Bank - Supervisory Technology Hub
3. European Central Bank - ECB’s Virtual lab
4. Bank of England - Unstructured data extraction and analysis using ML
5. People’s Bank of China - Off-site Payment Transactions Supervision Based on API and AI
6. Bank of England, Financial Conduct Authority - Digital Regulatory Reporting (DRR)
7. European Securities and Markets Authority - Web scraping, NLP and analysis of Key Information Documents
8. European Central Bank - Machine-reading of Fit and Proper Questionnaire
9. China Banking and Insurance Regulation Commission - Multi-party secure computing (credit field)
10. Banco de España - Use of NLP in relation to ESG disclosures in Spain
11. Banco de España - Tools for detection of mis-selling in Spain
12. Monetary Authority of Singapore - Network Analysis for STRs
13. Banca d’Italia - Anomaly measurement in transactions using Big Data
14. Commissione Nazionale per le Società e la Borsa (CONSOB) - Market Surveillance
15. European Central Bank - Early Warning System for Less Significant Institutions
16. European Central Bank SREP – Truffle Search Analytics for structured text documents
17. Monetary Authority of Singapore - Predictive modelling to identify representatives at higher risk of misconduct
18. Monetary Authority of Singapore - Text analysis of audited financial statements
19. Monetary Authority of Singapore - Data analytics for inspections
20. European Central Bank - Sentiment analysis 
21. European Central Bank - Network Analytics
22. Banque de France/ACPR - Augmented supervisor
23. Banque de France/ACPR - Advanced network analysis for banking supervision purposes
24. Federal Reserve Board of Governors - NLP for continuous monitoring, web searches and COVID-19 monitoring
25. Bank for International Settlements - BIS Bulletins
26. Bank of England - Policy Response Tracker
27. De Nederlandsche Bank - COVID-19 SAS-VA Dashboard
28. Monetary Authority of Singapore - Monitoring and enforcement of safe distancing measures 

Source:
https://www.fsb.org/2020/10/the-use-of-supervisory-and-regulatory-technology-by-authorities-and-regulated-institutions-market-developments-and-financial-stability-implications/

​https://www.fsb.org/2020/10/the-use-of-supervisory-and-regulatory-technology-by-authorities-and-regulated-institutions-market-developments-and-financial-stability-implications/

Here's one for the #moneylaundering typology case studies for #MLROs as part of regulatory training requirements!
 
Relates to the collapse of major investigation into the Kinahan cartel and more than half a billion euros- particularly €500,000,000 stash of cars, properties & cash handed back to the accused by a Spanish judge after collapse of money laundering case.

Continue reading at CompliReg by clicking here.

Bullet Point Summary

• This enforcement action is the 136th enforcement settlement since 2006 under the administrative sanctions procedure, bringing total fines imposed to over €103 million.
• Relates to a previous enforcement action against RSA Ireland Insurance DAC (RSAII), an insurance undertaking authorised and regulated by the Central Bank where Rory O’Connor was an Executive Director and Chief Financial Officer from 2010 to 2013.
• RSAII was fined in December 2018 €3,500,000 for what is termed a 'prescribed contravention', in that case serious breaches of financial services law (admitted by RSAII), including but not limited to the failure to establish and maintain technical reserves in accordance with Article 13(1)(a) of the European Communities (Non-Life Insurance) Framework Regulations 1994, S.I. No. 359 of 1994.  Technical reserves are the amount set aside by an insurance company to cover its liability for claims.
• Mr O'Connor's "misconduct merited a disqualification period of 12 years and a monetary penalty of €100,000"; however following a settlement discount, the sanction was reduced to 8 years 4 months and €70,000 respectively.

• The action against Mr O’Connor arose, as admitted, by his participation in the prescribed contravention in RSAII’s breach of Article 13(1)(a) of the 1994 Regulations, which requires an insurance undertaking to maintain sufficient levels of Technical Reserves (the Prescribed Contravention). 
• ​The Central Bank’s investigation found that Mr O’Connor participated in the prescribed contravention through his involvement in the deliberate manipulation of large loss claim reserve estimates, referred to in the enforcement action against RSAII as the “Under-Reserving Process”. 
• Unrelated to this matter, the Irish government announced in its programme for work release on 15 June 2020, the Irish government announced it will "introduce the Senior Executive Accountability Regime to deliver heightened accountability within the banking system".  (see page 25 of the Programme for Government Our Shared Future. 
• The comments from the Central Bank signal that behaviour and culture, not just conduct risk, prudential risk and fitness and probity are squarely on the Central Bank's agenda where it comes to supervisory and enforcement actions.​

Continue reading this blog at CompliReg