The Banking Regulation Review: Ireland

Introduction

Ireland has two very distinct banking sectors. The domestic banking sector was extensively restructured following Ireland's EU/International Monetary Fund (IMF) bailout in 2010 and has a substantial, but reducing, state shareholding. Meanwhile, the international banking sector has grown significantly post-Brexit. Dublin is now considered a European banking hub, hosting the EU/European Economic Area (EEA) headquarters of several major international banking groups. Ireland also has a well-developed credit union sector, holding substantial retail deposits and providing some retail banking services.2

The domestic banking sector comprises the 'pillar banks': Allied Irish Bank (AIB), Bank of Ireland (BOI) and Permanent TSB (PTSB); and, for the time being, two significant foreign-owned and domestically-focused banks, KBC Bank Ireland and Ulster Bank (part of the NatWest Group). Both KBC and Ulster Bank have announced plans to withdraw from the Irish domestic market and a series of disposals of parts of their banking books is in progress. When these two banks exit the domestic market, Irish domestic banking needs will be almost exclusively serviced by the three pillar banks, two of which currently remain controlled by the state. This situation is generally recognised as unsatisfactory, and the Department of Finance will conduct a wide-ranging strategic review of the retail banking market in 2022, which is expected to lead to government initiatives to promote competition in the sector. In the meantime, competition is provided mainly by fintechs and e-money digital challengers, with Revolut alone having over one million customers in Ireland (within a population of only five million).

Together with Frankfurt and Paris, Ireland has been an attractive destination for international banks seeking to relocate EU/EEA operations from London post-Brexit. Dublin now hosts three pan-European banks (Barclays, Citibank and Bank of America) with activities primarily focused on the wider European market. All three are significant institutions directly supervised by the European Central Bank (ECB) under the European Single Supervisory Mechanism (SSM). In relation to Ireland's domestic economy, these EU/EEA hubs are very large indeed – Barclays' EU subsidiary is now the largest Irish bank by assets. Other international banks, such as Wells Fargo and Bank of Montreal, have established smaller EU/EEA headquarters in Dublin, and the sector has continued to grow since Brexit.

The regulatory regime applicable to banks

The Central Bank of Ireland (CBI) is the national monetary authority and national central bank member of the eurosystem. Unlike the UK and some other European nations, Ireland operates a 'single peak' approach to monetary policy and financial supervision, with the CBI also being responsible for prudential regulation and conduct supervision of financial institutions in Ireland. The CBI was initially established under the Central Bank Act 1942, which has since been substantially amended and updated to reflect the CBI's structural evolution.

Prior to Ireland's membership of the eurosystem, the CBI had full responsibility for authorisation and supervision of the Irish banking sector. That changed in 2014 with the establishment of the SSM, which made the ECB the competent authority for banking supervision in the euro area. Banks designated as significant institutions (SIs) for the purposes of the SSM (the pillar banks, BOI, AIB and PTSB; the EU/EEA hubs – Barclays, Citibank and BAME; and the Irish subsidiaries of other EU SIs – KBC, Intesa and, until recently, UniCredit) are supervised by joint supervisory teams (JSTs). The remaining banks are designated as 'less significant institutions' (LSIs) and are supervised directly by the CBI within parameters set by the SSM.

The CBI's stated mission is to ensure there is ongoing oversight of financial service providers and markets, to ensure that the interests of consumers are protected and to ensure the wider economy is protected in the long term. The CBI also has statutory objectives, which include:

  1. maintaining stability of the financial system;
  2. ensuring proper and effective regulation of financial service providers and markets, ensuring customer protection;
  3. safeguarding the efficient and effective operation of payment and settlement systems; and
  4. monitoring the resolution of financial difficulties in banks and other regulated entities.

Until 2010, promoting development of the financial services industry within Ireland was an explicit part of the CBI's mandate, but following Ireland's EU/IMF bailout, the mandate was amended to remove promotion as one of the CBI's stated objectives. The CBI has to date been keen to maintain its focus on financial stability and robust supervision and to resist suggestions that it should play a part in attracting business to Ireland, publicly stating that this is the responsibility of other state agencies.

The bulk of Irish legislation applicable to the regulation of banks in Ireland can be found in the Central Bank Acts 1942–2018, in statutory instruments made under the Central Bank Acts and statutory instruments made under the European Communities Act 1972, and in binding regulatory codes issued by the CBI.

Prudential regulation

i Relationship with the prudential regulator

The CBI has a reputation as a prudent, conservative, robust and intrusive regulator. In its participation in JSTs for SIs and direct supervision of LSIs, it strives to align its supervisory practices and expectations as closely as possible with ECB and European Banking Authority (EBA) guidance. The CBI's supervisory engagement with institutions operates on a risk-based approach, employing a risk-rating scale called the probability risk and impact system (PRISM).

Under PRISM, the CBI allocates risk ratings to all firms under its supervision, ranging from low to medium-low, medium-high and high. Only the broad criteria of this ratings system are disclosed, such that the CBI has considerable discretion to amend the ratings in its supervisory judgement. The most significant firms – those with the ability to have the greatest impact on financial stability and the consumer – receive a higher level of supervision under structured engagement plans, leading to early interventions to mitigate potential risks. Firms with high PRISM ratings have dedicated supervision teams and may have regulatory staff permanently based on-site. Conversely, those firms rated low or medium-low, which have the lowest potential adverse impact, are supervised reactively or through thematic assessments conducted across the industry sector. The CBI takes targeted action by means of specific on-site inspections followed by risk mitigation programmes against firms across all PRISM categories where poor behaviour comes to its attention.

Where serious failings are identified or where a bank fails to properly address a risk mitigation programme, the CBI has extensive enforcement powers under Ireland's administrative sanctions regime. The legal basis for this regime is the Central Bank (Supervision and Enforcement) Act 2013. The 2013 Act allows the CBI, following investigation and enquiry, to impose a broad range of penalties, including monetary fines, on regulated entities. The maximum fine for a bank is €10 million or 10 per cent of its turnover, whichever is higher, but in practice most investigations and enquiries are settled by agreement. Details of settlement agreements are published, and the highest penalty levied on an Irish bank to date has been €38 million. The CBI can use its supervisory and enforcement powers against Irish banks at the direction of the ECB where failings are identified at SIs, although in such cases the ECB may also have its own jurisdiction to impose direct sanctions.

Extensive regulatory disclosure and reporting obligations are imposed by EU and domestic legislation. Banks are subject to public reporting and disclosure obligations under corporate and prospectus and transparency law, but these obligations are not dealt with in detail here. Regulatory reporting and disclosure obligations fall into two categories – regular and periodic; and exceptional and ad hoc. An example of the former is standard regulatory reporting under the EU Capital Requirements Regulation (CRR), supplemented in Ireland by the European Union (Capital Requirements) Regulations 2014 (as amended) (2014 Regulations). The data disclosed to the CBI in these reports relates to a bank's own funds and financial information, including liquidity ratios and funding plans. As an example of exceptional and ad hoc reporting, under the CBI's Corporate Governance Requirements for Credit Institutions (CGRs), the CBI expects disclosure of any breaches of the CGRs within a specified period of an institution becoming aware of a breach.

ii Management of banks

Directors of Irish banks are subject to typical common law and fiduciary directors' duties, and to statutory duties under the Companies Act 2014. The 2014 Act largely, but not entirely, codifies the common law and fiduciary standards. Breaches of duty have the potential to generate personal liability for directors and to lead to proceedings for individuals to be restricted from acting as directors of Irish companies in the future.

Ireland transposed the EU's CRD IV (as amended) in the 2014 Regulations. The governance provisions of Articles 88 to 96 of CRD IV have been faithfully transposed in Regulations 76 to 84 of the 2014 Regulations, and the CBI also expects compliance with the EBA's Guidelines on Internal Governance (as revised). The CBI has supplemented CRD IV and the EBA Guidelines with its own CGRs, which impose additional core governance standards for Irish incorporated credit institutions. The CGRs are binding on all Irish- licensed banks and are treated by the CBI as part of the domestic implementation of CRD IV.

The CGRs further regulate matters such as the minimum size and composition of the board of directors of an Irish-licensed bank, the board committee structure, the relationship between key functions (such as risk and compliance, and the reporting obligations imposed on banks in the event of governance breaches. The CBI takes the CGRs very seriously, and has conducted themed and on-site inspections to monitor institutions' compliance with them. It has also brought sanctions proceedings against institutions that it considers have not adhered adequately to the CGRs or adequately remediated identified breaches. The CBI does not permit overseas holding companies to reserve approval rights over key management decisions of Irish regulated banks, although it does expect subsidiaries to operate within group risk and credit policies appropriately adapted for local purposes.

In common with most other sophisticated global regulators, the culture and conduct of the board and management (the 'tone from the top') are central to the CBI's current regulatory approach. A cornerstone of its efforts to improve culture and individual conduct within regulated financial institutions is its fitness and probity (F&P) regime, which was introduced under the Central Bank Reform Act 2010 during the global financial crisis that commenced in 2008.

The F&P regime designates certain functions of banks and the staff working within those functions as controlled functions (CFs), and the top managers of those functions as pre-approval controlled functions (PCFs). CFs are subject to prescribed conduct standards, a requirement for individual due diligence by the institution prior to appointment and a process of annual re-certification. PCFs are a subset of CFs that, by the nature of the role, require the CBI's pre-approval prior to appointment. The process requires candidates to complete an extensive individual questionnaire and may involve (and generally for very senior positions in regulated banks, does involve) the CBI interviewing the applicant to assess his or her suitability for the role.

For significant institutions directly regulated by the ECB under the SSM, F&P assessments for members of the management body and of the board of directors are undertaken by the ECB, with the CBI acting as the 'portal' to the SSM for this purpose. The ECB has published its own guidance on F&P processes, which must be referred to in such cases, while the CBI has published F&P guidance and frequently asked questions that are invaluable when advising banks on the appropriateness of proposing candidates for specific roles.

Despite these extensive interventions in bank governance, culture and the conduct of senior individuals, the CBI remains unhappy with the extent of its powers to address individual misconduct. It has therefore advocated for extensions of its powers to sanction senior managers, and the government has announced a draft scheme of legislation to provide such powers. The resulting draft Central Bank (Individual Accountability Framework) Bill is likely to be placed before the Parliament in 2022, with the accountability regime (which is expected to be broadly like the UK's senior managers and certification regime) being introduced in 2023–2024.

Remuneration

The 2014 Regulations faithfully transposed the CRD IV remuneration rules into Irish law in Regulations 80 to 83. In practice, however, the remuneration rules for most Irish banks are considerably more restrictive than the CRD IV regime, since banks that benefited from state bailouts during the global financial crisis remain prohibited from offering total benefit packages of over €500,000 and from paying any form of variable remuneration or fringe benefit. Any bonuses that might be paid by such institutions would be subject to a 'super-tax' of almost 90 per cent. There is widespread concern within the Irish domestic banking sector that these restrictions make it very difficult to attract top talent into Irish banking, but to date the government has shown no appetite, for political reasons, to take any serious measures to moderate the regime.

Where variable remuneration is permitted (that is in the internationally owned banking sector), the CBI expects strict adherence to the EBA's Guidelines on Sound Remuneration Policies. Since the CRD IV remuneration rules and the EBA's Guidelines are standard throughout the EU, they are not dealt with in detail here. It is worth noting that Ireland has adopted the discretion under CRD IV to permit institutions to increase the maximum limit on variable pay to 200 per cent of fixed pay by following a process of shareholder approvals and engagement with the CBI.

iii Regulatory capital and liquidity

The 2014 Regulations transposed the CRD IV capital regime into Irish law, and the EU CRR is directly applicable. The CBI has adopted certain of the national discretions that are provided for under CRD IV and CRR, and has published implementation notices in this regard. Capital standards of Irish banks are generally strong, with BOI's fully loaded Common Equity Tier 1 ratio, by way of example, being 14 per cent at mid-year 2021. The most common form of capital held by Irish banks is ordinary share capital and retained earnings, with the ratio between BOI's Tier 1 and Tier 2 capital at mid-year 2021 being approximately 7:1. Risk-weighted assets are calculated based on CRR rules, with significant deference being paid by the CBI to EBA questions and answers.

In general, domestic Irish banks are conservative users of credit risk mitigation for CRR purposes, with the internationally active banks being somewhat more creative in this area. As in the rest of the eurosystem, total required capital is composed of the required minimum, the required buffers and any individual Pillar 2 add-ons. Prior to the covid-19 pandemic, in its role as macroprudential authority, the CBI set the countercyclical buffer at 1 per cent but reduced this to zero with the onset of the pandemic in 2020, where it currently remains. The CBI has also set other systemically important institution buffers (O-SII buffers) for the six significant Irish banks. These buffers, ranging from 0.5 to 1.5 per cent, remain in place, and are kept under yearly review.

The CBI takes any breaches of capital rules very seriously and pays particular attention to failures in institutions' related systems and controls. In 2019, one bank was fined €5.88 million in respect of five breaches under various regulations, two of which related to breaches of CRR requirements. The relevant breaches included a failure to maintain robust governance arrangements in relation to regulatory reporting, including failure to accurately report the bank's capital position and issues surrounding calculation of own funds.

The liquidity coverage ratio (LCR) and net stable funding ratio apply in Ireland in line with CRR requirements. Where the CBI has adopted any related national discretions, it has published implementation notices in this regard. The liquidity position of Irish credit institutions is strong with BOI's mid-year 2021 LCR for example standing at 177 per cent.

In common with the rest of the EU, Ireland implemented the CRD V and CRR II amendments in December 2020, and currently awaits progress on the Commission's latest banking reform package, known as CRDVI/CRR III and published by the Commission in October 2021.

iv Recovery and resolution

As the Irish banking sector collapsed in 2010–2011, the state moved swiftly to introduce resolution powers ahead of the adoption of EU rules. At first, Ireland implemented a temporary bank stabilisation regime under the Credit Institutions Stabilisation Act 2010. Irish law was then further amended to give the CBI extensive intervention and resolution powers under the Central Bank and Credit Institutions (Resolution) Act 2011 (2011 Act). The 2011 Act now applies principally to credit unions and has been largely superseded in relation to banks experiencing financial difficulties by the European Union (Bank Recovery and Resolution) Regulations 2015 (as amended) (BRRD Regulations), which transpose the EU Bank Recovery and Resolution Directive in Ireland.

The BRRD Regulations provide an updated framework for resolving failing banks and large investment firms, and enable authorities to intervene early to prevent the failure of an institution. The CBI is the national resolution authority in Ireland, save where the credit institution is a significant institution for SSM purposes, when the ECB will have the prescribed powers under EU law. In common with its usual approach to the transposition of EU financial services law, the Irish BRRD Regulations do not diverge in significant respects from the EU directive and there is no national 'gold-plating'. Therefore, bail-in powers exist consistently with the EU directive, the CBI has the standard resolution powers provided for under EU law, and banks are required to prepare recovery and resolution plans accordingly.

Significant institutions are required to submit their resolution plans directly to the EU Single Resolution Board (SRB) and to comply with SRB guidance. While advising that institutions pay close attention to SRB guidance, for less significant institutions the CBI has also published its own 'Approach to Resolution for Banks and Investment Firms', which outlines its resolution mandates, powers and intended approaches under the BRRD Regulations.

Conduct of business

As would be expected, only licensed banks can carry on banking business in Ireland or hold themselves out as, or represent themselves to be, banks. Similarly, only licensed banks can solicit deposits in the state, and the use of the term bank in an unlicensed entity's name can lead to a presumption that these restrictions are being breached.

All banks conducting business in Ireland, whether headquartered in the state or not, must comply with the CBI's Consumer Protection Code 2012 (CPC) when dealing with consumers. For these purposes, the term consumer includes partnerships and trustees, as well as companies with a turnover of less than €3 million per annum. The CPC includes detailed rules regarding, among other matters, knowing your customer, suitability, sales and promotions, packaged products and complaints handling.

Banks dealing with consumers must also comply with the CBI's Minimum Competency Code 2017 and Minimum Competency Regulations 2013. These set out minimum professional standards and qualifications for staff when dealing with consumers in relation to retail financial products, and with retail clients and elective professional clients in respect of Markets in Financial Instruments Directive investment services and activities.

Banks must comply with the EU's Anti-Money Laundering Directives as transposed in Ireland by the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010. The CBI supervises compliance by regulated entities with anti-money laundering requirements, while the responsible authorities for suspicious transactions reports are the Financial Intelligence Unit of the Irish Police and the Revenue Commissioners.

Like the rest of the EU, consumer lending in Ireland is primarily governed by the EU Consumer Credit Directive, transposed into Irish law by the European Union (Consumer Credit Agreements) Regulations 2010, and mortgage lending is governed by the EU Mortgage Credit Directive, transposed by the European Union (Mortgage Credit Agreements) Regulations 2016. Great care needs to be taken in this area, as domestic Irish legislation relating to consumer and mortgage lending that pre-dates these directives remains in effect, together with supplemental CBI guidance and binding codes of conduct (such as the Code of Conduct on Mortgage Arrears). In practice, analysing conduct requirements in this area is extremely complex. One conduct of business rule of which overseas banks transacting business in Ireland are frequently unaware is the mandatory requirement that fees and charges levied on Irish customers must be pre-approved by the CBI (Section 149 of the Consumer Credit Act 1995).

Ireland has a mandatory credit reporting regime with one central credit register that is maintained by the CBI under the Credit Reporting Act 2013. All loans to Irish resident individuals and companies must be reported to the CBI, and loan documentation must include prescribed forms of notification to borrowers that their data will be registered.

As is the case in most sophisticated jurisdictions, the sources of potential civil, criminal and regulatory liability for banks are many and various and cannot easily be summarised. Criminal prosecutions are rare, but regulatory enforcement through the administrative sanctions regime is relatively common. An important source of potential civil liability is the broad jurisdiction of the Financial Services and Pensions Ombudsman to award compensation to consumers that bring successful complaints against banks.

As a common law jurisdiction, Ireland recognises the traditional bankers' duty of confidentiality to customers, qualified in practice by extensive statutory obligations to disclose prescribed information to various authorities, such as the Revenue Commissioners. Unlike some continental European jurisdictions, there is no statutory duty of bank confidentiality and no automatic criminal consequences for staff members that disclose customer information without authority.

Funding

Irish domestic banks are today primarily funded by retail and commercial deposits and by ECB funding, while the international sector tends to be funded either by intra-group arrangements or by the wholesale market. Before 2008, due to the boom in the Irish property market, over half of Irish bank lending was funded by the issuance of bonds on the wholesale market and through inter-bank lending. The flight of this capital source following the collapse of Lehman Brothers led to the state announcing a sovereign guarantee of the entire banking sector in October 2008. Mounting liabilities under this guarantee in turn led indirectly to the state's EU/IMF bailout. As a result, Irish domestic banks tend to make conservative use of wholesale market funding today, and with ECB funding readily available, they have little short-term incentive to change.

Control of banks and transfers of banking business

i Control regime

There are currently no special legal restrictions on the foreign ownership of Irish banks or stakes therein. Competition law applies to regulate mergers and acquisitions considered to be anticompetitive, and the state is currently implementing the EU Foreign Direct Investment Screening Regulation and establishing an Investments Screening Board for that purpose. Subject to these points, foreign bank investors, whether based in the EU or otherwise, have the same rights and obligations as domestic investors as a matter of Irish law.

Requirements in relation to the acquisition and disposal of qualifying holdings in credit institutions are set out in the 2014 Regulations and are consistent with those requirements imposed under CRDIV and CRR. The CBI must be notified, and approval must be sought in advance of a proposed acquisition of a direct or indirect holding in a bank (i.e., 10 per cent or more of the voting rights or capital in the bank, or a holding that allows that person to exercise a significant influence over the bank's direction or management). Notification and approval are also required in respect of direct or indirect increases (above thresholds of 10, 20, 33 or 50 per cent) in such a qualifying holding. Approval is now granted directly by the ECB under the SSM.

ii Transfers of banking business

Assets and liabilities relating to banking business can be transferred from one Irish licensed bank to another Irish licensed bank under a statutory scheme of transfer mechanism provided for under the Central Bank Act 1971. When a holder of a banking licence wants to transfer, in whole or in part, its banking business to another banking licence holder, the parties must submit a scheme for the transfer to the Minister for Finance for approval. The process requires the Minister to consult with the CBI and also requires certain statutory advertisements to be published in daily newspapers and in the Official Gazette. There is no court approval process involved.

The year in review

2021 posed challenges for the Irish banking sector with the continuing impact of the pandemic on Irish society and of Brexit on the Irish economy. However, there has been a trend of continuing and increasing stability following the enormous challenges and radical changes that affected both banking regulation and the banking sector in Ireland in the wake of the financial crisis in 2008. The government has been slowly selling down its holdings in the pillar banks – its stake in BOI has now reduced to under 7 per cent, while its holding in AIB has reduced to under 70 per cent, and the disposal of a further 15 per cent is expected during 2022.

The CBI has continued its vigorous approach to enforcement, including reprimanding and fining a major player in the market €24.5 million for failures to have a robust framework in place to ensure continuity of service in the event of a significant IT disruption. Supervisory focus on banks' non-performing loan (NPL) management continued in 2021. Irish NPL portfolio trades have been substantial in recent years and are expected to continue to increase due to the impact of covid-19, the exit of substantial players from the market, Irish banks disposing of legacy NPLs and investment cycles of early loan acquirers ending.

Finally, the CBI's scrutiny of culture and conduct at regulated institutions continued in 2021, and significant legal changes are now expected to reinforce individual accountability of senior managers in regulated firms. The Central Bank (Individual Accountability Framework) Bill, expected to make its way through Parliament in 2022, will create Ireland's first comprehensive senior executive accountability regime (SEAR). The SEAR will introduce prescribed responsibilities for senior managers and strengthen firms' obligations to undertake due diligence on staff. It will also impose more onerous conduct standards that can be enforced directly by the CBI against staff through fines and other sanctions.

Outlook and conclusions

Irish banks are more exposed than other eurozone counterparts to interest income, and the prospect of increasing ECB rates in 2022 is positive for them. The government removed almost all covid-19 pandemic restrictions in early February 2022, and growth of between 8 to 10 per cent of GDP is predicated this year. This all points to a rosy future for Irish banking. On the other hand, it is likely that as pandemic supports are removed, banks will need to deal with higher-than-average small and medium-sized enterprise insolvencies. Dealing with retail customers in mortgage arrears also continues to be a serious challenge.

On the regulatory front, the focus on culture and conduct will continue through 2022 as the SEAR legislation proceeds through the Irish legislature. Climate risk will be a significant area of focus for the CBI, with the CBI setting out its expectations for the Irish banking sector and the wider financial services industry in a 'Dear CEO' letter in November 2021. Finally, there will be an increased focus on technology, cyber and outsourcing risk: the CBI published its Cross-Industry Guidance on Operational Resilience and its Cross-Industry Guidance on Outsourcing in December 2021. Inspections and possible enforcement are expected in these areas in 2022.

Footnotes

1 Liam Flynn is a partner and Joanne Costello and Seán van Haaster are associates at Mason Hayes & Curran LLP.

2 The regulation of that sector lies outside the scope of this chapter.

The Law Reviews content