Region

Jurisdiction

Regulator

2024-04-16

Guidance on the Individual Accountability Framework

The Central Bank of Ireland issued this April 2024 guidance to implement the Individual Accountability Framework established by the Central Bank (Individual Accountability Framework) Act 2023. The document details requirements for the Senior Executive Accountability Regime, including the Duty of Responsibility, Statements of Responsibilities, and Management Responsibilities Maps for in-scope firms. It further outlines the Common and Additional Conduct Standards, as well as strengthened Fitness and Probity certification obligations for individuals performing Controlled Functions.

Ireland

Central Bank of Ireland

Guidance on the Individual Accountability Framework April 2024

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 2 Contents ..............................................................................................................................2 Glossary of Terms ..............................................................................5 Part A .................................................................................................. 10

The Individual Accountability Framework.................. 11 The Central Bank (Individual Accountability Framework) Act 2023 ............................................................................................................................11 The Central Bank Regulations ..................................................................14 IAF Guidance..................................................................................................15 Part B................................................................................................... 18
The Senior Executive Accountability Regime ............ 19 2.1 Introduction ............................................................................................19 2.2 Scope .........................................................................................................21 2.3 Sharing of Roles.................................................................................22 2.4 Responsibilities under the SEAR.......................................................25 Inherent Responsibilities ...............................................................................25 Prescribed Responsibilities ...........................................................................25 Responsibilities in respect of NEDs and INEDs .......................................30 Other Responsibilities.....................................................................................33 2.5 Statements of Responsibilities ..........................................................35 Submission of Statements of Responsibilities to the Central Bank...35 Information to be included within a Statement of Responsibilities ..37 Updates to and retention of the Statement of Responsibilities .........39 2.6 Management Responsibilities Map..................................................40 Submission of the Management Responsibilities Map to the Central Bank......................................................................................................................40 Preparation of the Management Responsibilities Map ........................41 2.7 The interaction between the Statements of Responsibilities and the Management Responsibilities Map .........................................45 2.8 Duty of Responsibility..........................................................................48

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 3 Introduction .......................................................................................................48 Compliance with the Duty .............................................................................49 Contravention of the Duty.............................................................................49 Reasonable Steps..............................................................................................51 Enforcement – Administrative Sanctions .................................................51 2.9 Interaction between the Fitness and Probity Regime and SEAR ............................................................................................................................53 Collective Decision Making...........................................................................53 Fitness and Probity Regime...........................................................................53 PCF Approval Process.....................................................................................54 Temporary PCF Appointments.....................................................................55 Temporary Officers..........................................................................................55 F&P Outsourcing Exemption.........................................................................55 Part C................................................................................................... 59 3. Reasonable Steps ................................................................. 60 Considerations in determining whether reasonable steps were taken ................................................................................................................................63 Guidance on the Conduct Standards........................................ 72 4. Overarching Guidance on the Conduct Standards ... 73 Interaction with the Fitness and Probity Regime ...............................76 Exemptions from Fitness and Probity Standards....................................77 Holding Companies ..........................................................................................79 Temporary Officers..........................................................................................80 Guidance in relation to obligations on the firm in respect of Conduct Standards.......................................................................................81 Notification by the firm in respect of Conduct Standards....................82 Provision of training on Conduct Standards.............................................82 Integrating the Common Conduct Standards ..........................................83 5. Common Conduct Standards ........................................... 85 5.1 Introduction ............................................................................................85 5.2 Acting with Honesty and Integrity ...................................................86 5.3 Acting with Due Skill, Care and Diligence ......................................89

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 4 Collective Decision Making...........................................................................91 Acting with due skill care and diligence as a member of the Board...93 Other behaviours..............................................................................................94 5.4 Cooperating in Good Faith and Without Delay ............................94 5.5 Acting in the Best Interests of Customers and Treating Them Fairly and Professionally............................................................................96 5.6 Operating in Compliance with Standards of Market Conduct and Trading Venue Rules............................................................................99 6. Additional Conduct Standards ......................................101 6.1 Introduction .........................................................................................101 6.2 Additional Conduct Standard (a)....................................................103 6.3 Additional Conduct Standard (b) ...................................................106 6.4 Additional Conduct Standard (c)....................................................109 6.5 Additional Conduct Standard (d) ...................................................110 Part D ................................................................................................113 7. Fitness & Probity Regime ................................................114 7.1 Introduction .........................................................................................114 7.2 Certification.........................................................................................115 Background - Existing obligations under the F&P Regime................ 115 The certification requirement(s)............................................................... 115 Identification of CFs to which the certification requirement(s) will apply .................................................................................................................. 117 Forming the view that the individual meets the standards .............. 118 Frequency/conduct of the certification process.................................. 120 Provision of data in relation to certification/ Submission to the Central Bank................................................................................................................... 121 Retention of data in relation to certification ........................................ 122 Responsibility for and compliance with the certification process.. 123 Material changes or concerns regarding fitness and/or probity..... 124 Breach of Section 21 of the 2010 Act...................................................... 125 7.3 Holding Companies ............................................................................125 7.4 Head of Material Business Line ......................................................125

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 5 Appendices......................................................................................128 APPENDIX 1 ...................................................................................129 APPENDIX 2 ...................................................................................131 APPENDIX 3 ...................................................................................142 APPENDIX 4 ...................................................................................143 APPENDIX 5 ...................................................................................144

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 6 Glossary of Terms Allocated Responsibilities: Responsibilities which have been allocated by a firm to a PCF role holder for the purposes of Section 53B(1)(b) of the 2010 Act as amended by the IAF Act. Allocated Responsibilities refer to and are comprised of both responsibilities prescribed by the Central Bank in regulations or any other responsibility identified by the firm and allocated to a PCF role holder in addition to that PCF role holder’s inherent and prescribed responsibilities. Allocated Responsibilities are referred to as ‘Prescribed and Other Responsibilities’ throughout this IAF Guidance Area of the business for which the individual was/is responsible: for the purpose of this IAF Guidance the term ‘area of the business for which the individual was/is responsible’ is used in place of the legislative text ‘functions of the person in relation to the regulated financial service provider’ ASP: The Central Bank’s Administrative Sanctions Procedure under Part IIIC of the 1942 Act (as amended) Central Bank/Bank: The Central Bank of Ireland The Central Bank Regulations: SEAR Regulations, Certification Regulations, PCF Regulations, Holding Companies Regulations and any other Central Bank regulations relevant to the IAF Certification Regulations: Central Bank Reform Act 2010 (Section 21(6)) Regulations 20XX) CF: Controlled Function in accordance with Section 18 of the Central Bank Reform Act 2010 (as amended) (which includes PCFs) Conduct Standards: Common Conduct Standards and Additional Conduct Standards both together are referred to as ‘Conduct Standards’ throughout the IAF Guidance

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 7 Corporate Governance Requirements: the Central Bank Corporate Governance Requirements for Credit Institutions 2015, the Central Bank Corporate Governance Requirements for Insurance Undertakings 2015, the Central Bank Corporate Governance Requirements for Investment Firms and Market Operators 2018, and other domestic and international governance requirements applicable to firms, as relevant ECB: the European Central Bank F&P Regime: the Central Bank’s Fitness and Probity Regime under Part 3 of the Central Bank Reform Act 2010 Firm: Regulated Financial Service Provider referred to as ‘firm’ throughout the IAF Guidance. In certain instances the term ‘Regulated Financial Service Provider’ or ’regulated firm’ is also used In-scope firms: Firms in scope ofthe SEARreferred to as ‘in-scope firms’ throughout the IAF Guidance F&P Guidance: Guidance on Fitness and Probity Standards 20181 and/or Guidance on Fitness and Probity for Credit Unions2 , as applicable F&P Standards: Fitness and Probity Standards and/or the Fitness and Probity Standards for Credit Unions, as applicable General Principles: General principles of the Central Bank’s Consumer Protection Code3 Holding Company: means any of the following established in the State: (a) a financial holding company, within the meaning given by point (20) of Article 4(1) of the Capital Requirements Regulation; (b) a mixed

1 https://www.centralbank.ie/docs/default-source/regulation/how-we-regulate/fitnessprobity/guidance-on-fitness-and-probity-standards.pdf?sfvrsn=a5bcdb1d_10 2https://www.centralbank.ie/docs/default-source/regulation/how-we-regulate/fitnessprobity/credit-unions/guidance-on-fitness-and-probity-for-credit-unions.pdf?sfvrsn=c6a2d51d_16 3 https://www.centralbank.ie/docs/default-source/regulation/consumer-protection/other-codes-ofconduct/4-gns-4-2-7-cp-code-2012.pdf

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 8 financial holding company, within the meaning given by point (21) of Article 4(1) of the Capital Requirements Regulation; (c) an insurance holding company, within the meaning given by Regulation 215(1) of the European Union (Insurance and Reinsurance) Regulations 2015 (S.I. No. 485 of 2015); (d) an investment holding company, within the meaning of the European Union (Investment Firms) Regulations 2021 (S.I. No. 355 of 2021) Holding Companies Regulations: Central Bank Reform Act 2010 (Sections 20(1) and 22(2A) – Holding Companies) Regulations 20XX IAF: the Individual Accountability Framework The IAF Act: the Central Bank (Individual Accountability Framework) Act 2023 IAF Guidance: this Guidance on the Individual Accountability Framework Individual: the IAF Act refers to ‘person’, for clarity and consistency the term ‘individual’ in place of ‘person’ is used for the purpose of this IAF Guidance INED: Independent Non-Executive Director NED: Non-Executive Director PCF: Pre-Approval Controlled Function PCF Regulations: Central Bank Reform Act 2010 (Sections 20 and 22) Regulations 2011, as amended Reasonable Steps: the IAF Act refers to ‘any steps that it is reasonable in the circumstances for the person to take’ which has been abbreviated to ‘reasonable steps’ for the purpose of this IAF Guidance SEAR: Senior Executive Accountability Regime

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 9 SEAR Regulations: Central Bank (Supervision and Enforcement) Act 2013 (Section 48(1)) (Senior Executive Accountability Regime) Regulations 20XX The 1942 Act: the Central Bank Act 1942 The 2010 Act: the Central Bank Reform Act 2010 The 2013 Act: the Central Bank (Supervision and Enforcement) Act 2013

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 10 Part A Chapter 1 The Individual Accountability Framework

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 11

The Individual Accountability Framework 1.1. Legislative change was required to allow for the introduction of the Individual Accountability Framework (IAF) requirements by the Central Bank. The IAF is given effect to by the following:  The Central Bank (Individual Accountability Framework) Act, 2023;  Regulations issued by the Central Bank: SEAR Regulations, Certification Regulations, PCF Regulations and Holding Companies Regulations; and  Central Bank IAF Guidance (the subject of this document). The Central Bank (Individual Accountability Framework) Act 2023 1.2. The Central Bank (Individual Accountability Framework) Act 2023 (the IAF Act):  Provides for a regulation making power for the Central Bank to give effect to the Senior Executive Accountability Regime (SEAR).  Imposes a statutory duty (Duty of Responsibility) on individuals performing Pre-Approval Controlled Functions (PCFs) at in-scope firms. The Duty of Responsibility applies to allPCF role holders at in-scope firms to take any steps that it is reasonable in the circumstances for them to take to avoid a contravention by their firm of its obligations under financial services legislation in relation to an aspect of the firm’s affairs for which the PCF role holder is responsible under SEAR. Avoiding a contravention includes avoiding the continuation of a contravention.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 12  Provides the Central Bank with a regulation making power to prescribe standards for the purpose of ensuring that in the conduct of its affairs a firm (a) acts in the best interests of customers and of the integrity of the market, (b) acts honestly, fairly and professionally, and (c) acts with due skill, care and diligence (the Business Standards).  Imposes obligations on individuals performing Controlled Functions (CFs) in all firms across all sectors with respect to expected standards of conduct (the Common Conduct Standards) and provides that individuals in CF roles shall take reasonable steps to ensure that the Common Conduct Standards are met.  Imposes additional obligations on senior individuals performing PCF roles and other individuals who exercise significant influence on the conduct of a firm’s affairs4 with respect to expected standards of conduct in all firms across all sectors (the Additional Conduct Standards) and provides thatindividuals in PCF/CF1 roles shall take reasonable steps to ensure that the Additional Conduct Standards are met.  Imposes a requirement on the Central Bank to prepare guidance on the Conduct Standards.  Imposes a requirement on the Central Bank to prepare guidance on the notification and training that firms must provide to CFs subject to the Conduct Standards. 1.3. In relation to enhancements to the Fitness and Probity Regime (F&P Regime) this IAF Guidance will address the amendments in the IAF Act which provide that:  A firm or holding company shall not permit an individual to perform a CF role in relation to it unless a certificate of

4 Those individuals in CF1 roles.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 13 compliance with standards of fitness and probity5 is in force in relation to the individual (i.e. Certification);  The Central Bank may make related regulations as to the giving of certificates and as to the making of reports to the Central Bank by firms or holding companies in connection with their obligations in relation to certification;  The scope of Part 3 of the Central Bank Reform Act 2010 (the 2010 Act) (and the Fitness and Probity Standards (F&P Standards) as appropriate) is amended such that the F&P Regime is extended to apply to certain categories of holding company established in Ireland; and  Section 23A of the 2010 Act is amended to reflect that the European Central Bank (ECB) has competence for the preapproval of individuals who are proposed for certain PCF roles in ‘Significant Institutions’ which are subject to the exclusive competence of the ECB under Article 4(1)e of the SSM Regulation (Regulation (EU) 468/2014) and not just members of the management body of ‘Significant Institutions’. The IAF Act also amends the F&P Investigative process, requiring changes to the Central Bank’s F&P Investigations Regulations6 and Guidance7 . 1.4. The fourth pillar of the IAF relates to theAdministrative Sanctions Procedure (ASP)8 .

5 Includes the Fitness & Probity Standards and the Fitness and Probity Standards for Credit Unions 6 S.I. No. 56/2012 - Central Bank Reform Act 2010 (Procedures Governing the Conduct of Investigations) Regulations 2012 7 Guidance on Investigations under Part 3 of the Central Bank Reform Act 2010 8 https://www.centralbank.ie/docs/default-source/publications/consultationpapers/cp154/administrative-sanctions-procedure-guidelines-december-2023.pdf

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 14 The Central Bank Regulations 1.5. In relation to the SEAR, Section 3 of the IAF Act provides for an amendment to Section 48 of the Central Bank (Supervision and Enforcement) Act 2013 (the 2013 Act) to provide the Central Bank with a regulation making power to give effect to the SEAR (the SEAR Regulations). 1.6. The SEAR Regulations set out the Central Bank’s requirements in relation to:  Scope;  Inherent Responsibilities;  Prescribed Responsibilities;  Other Responsibilities;  Statements of Responsibilities; and  Management Responsibilities Maps. 1.7. In relation to Business Standards, Section 5 of the IAF Act inserts a new PART 2A in the 2010 Act which provides the Central Bank with a regulation making power to prescribe standards for the purpose of ensuring that, in the conduct of its affairs, a firm (a) acts in the best interests of customers and of the integrity of the market, (b) acts honestly, fairly and professionally, and (c) acts with due skill, care and diligence. 9 The Business Standards will be developed in conjunction with the separate review and consultation on the Consumer Protection Code noting the parallel with the General Principles and the importance of alignment of the regulatory framework and the conduct obligations imposed on firms in this regard.

9 Regulations in this regard will be considered in due course, taking into consideration feedback from industry in relation to the review of the Consumer Protection Code

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 15 1.8. In relation to Certification, Section 10 of the IAF Act makes an amendment to Section 21 of the 2010 Act to strengthen the existing obligations on firms and holding companies in relation to the fitness and probity of CFs. It also provides the Central Bank with a regulation making power in respect of certification as to the giving of certificates and as to the making of reports to the Central Bank by firms or holding companies. 1.9. The Certification Regulations set out the Central Bank’s requirements in relation to:  The circumstances triggering a requirement to certify that a person is compliant with standards of fitness and probity, and the period of validity of such certification;  The procedures, systems and controls to be adopted and checks to be performed by firms and holding companies;  Record Keeping; and  Reporting of information by firms/holding companies to the Central Bank in relation to their obligations. 1.10. In relation to holding companies, Section 9 of the IAF Act makes an amendment to Section 20 of the 2010 Act to extend the F&P Regime to holding companies and to provide the Central Bank with a regulation making power to prescribe CFs and PCFs of holding companies (Holding Companies Regulations). IAF Guidance 1.11. The IAF Guidance sets out the Central Bank’s expectations on how firms should comply with the requirements of the SEAR, the Conduct Standards, Certification and the extension of the F&P

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 16 Regime to holding companies10. This IAF Guidance will be updated periodically as considered appropriate by the Central Bank. 1.12. The purpose of the IAF Guidance is to:  Provide increased clarity about the steps that firms and individuals can take to comply with the key elements of the IAF – SEAR, Conduct Standards, Certification and the extension of the F&P Regime to holding companies;  Provide support to firms and senior management in implementing an effective governance framework by identifying how the business and its risks are being managed, who is responsible for what and any gaps which may arise;  Outline our proposed approach to the implementation of the IAF which is founded in proportionality, predictability and reasonable expectations;  Explain the interaction of SEAR, the Conduct Standards, and Certification with the F&P Regime. 1.13.While compliance with guidance is not mandatory, the IAF Guidance represents the Central Bank’s expectations. It does not purport to address every aspect of, or potential issue that may arise in connection with these. 1.14. The IAF Guidance is structured to align with the first three key pillars of the IAF. It also addresses the interaction between the F&P Regime and the IAF. The IAF Guidance is contained in the following chapters:  Chapter 2: Guidance on the SEAR  Chapter 3: Reasonable Steps  Chapters 4, 5 and 6: Guidance on the Conduct Standards

10 The IAF Guidance does not address amendments the F&P Investigative process, requiring changes to the Central Bank’s F&P Investigations Regulations and Guidance.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 17  Chapter 7: Fitness & Probity Regime 1.15. This IAF Guidance should be read in conjunction with other IAF related requirements including the IAF Act and the regulations issued by the Central Bank. 1.16. The Conduct Standards and enhancements to the Fitness and Probity Regime are set out in legislation and became applicable on 29 December 2023. SEAR Regulations that describe responsibilities of specific roles and requirements of firms will apply to in-scope firms from 1 July 2024 and to (Independent) Non-Executive Directors at in-scope firms from 1 July 202511 .

11 However firms will be required to produce a Management Responsibilities Map from 1 July 2024 and include all PCF role holders including (I)NEDs on the Map to ensure clarity regarding the governance arrangements within the firm.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 18 Part B Chapter 2 Guidance on the Senior Executive Accountability Regime

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 19 2. The Senior Executive Accountability Regime 2.1 Introduction 2.1.1. The purpose of the Senior Executive Accountability Regime (SEAR) is to improve governance, performance, and accountability in firms by placing obligations on firms and senior individuals within them to set out clearly where responsibility and decision-making lies for their business and by setting out what those responsibilities entail. Individuals that occupy a Pre-Approval Controlled Function (PCF) role at in-scope firms are subject to the SEAR. 2.1.2. The IAF Act provides that the Central Bank can specify by way of regulations: (i) Inherent Responsibilities: the aspects of a firm’s affairs for which a PCF role holder has inherent responsibility. Each PCF role at in-scope firms has core responsibilities inherent in that role. (ii) Prescribed Responsibilities: Prescribed Responsibilities are those responsibilities, including the management and oversight of key risks, which a firm must allocate to an individual carrying out a PCF role at in-scope firms. (iii) Other Responsibilities: Other Responsibilities relate to material business areas, activities, control and management functions and specific projects which are within their remit but are not captured by the Inherent Responsibilities or Prescribed Responsibilities. See paragraphs 2.4.19-2.4.22 for further guidance in relation to these responsibilities.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 20 (iv) The SEAR Regulations set out the Inherent Responsibilities for each PCF role at in-scope firms, a list of Prescribed Responsibilities and the meaning of Other Responsibilities. 2.1.3. A new statutory Duty of Responsibility applies to all PCF role holders at in-scope firms to take any steps that it is reasonable in the circumstances for them to take to avoid a contravention by their firm of its obligations under financial services legislation in relation to an aspect of the firm’s affairs for which the PCF role holder is responsible under SEAR. Avoiding a contravention includes avoiding the continuation of a contravention (further guidance is set out in Section 2.8). 2.1.4. Under the SEAR Regulations, in-scope firms must ensure that a documented Statement of Responsibilities is prepared for each individual in a PCF role which clearly sets out their role and therefore indicates the Inherent Responsibilities of the role, as well as any Prescribed Responsibilities and Other Responsibilities that have been allocated to them. 2.1.5. Further, each in-scope firm will be required to produce a Management Responsibilities Map, documenting its key management and governance arrangements, and demonstrating that there are no gaps in material responsibilities across the firm. An infographic to illustrate the contents expected in the Management Responsibilities Map is included at Appendix 4.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 21 2.2 Scope 2.2.1. This Guidance on SEAR is relevant for all firms within the initial scope of SEAR12:  Credit institutions (excluding credit unions);  Insurance undertakings (excluding reinsurance undertakings, captive (re)insurance undertakings and Insurance Special Purpose Vehicles);  Investment firms which underwrite on a firm commitment basis13 and/or deal on own account and/or are authorised to hold client assets; and  Incoming third country branches 2.2.2. In relation to the applicability of the SEAR to branches it should be noted that it applies, in full, to incoming third country branches. SEAR will apply to outgoing branches of in-scope firm as an integral part of the firm on the basis that branches (unlike subsidiaries) are legally part of the regulated firm. 2.2.3. All PCFs at in-scope firms are subject to the SEARand are listed in Appendix 1. As PCFs, all Non-Executive Directors (NEDs) and Independent Non-Executive Directors (INEDs) at in-scope firms are included within the scope of the SEAR on the basis of the significance attached to their roles in terms of governance, oversight and constructive challenge, as reflected in the relevant Corporate Governance Requirements. Paragraphs 2.4.11-2.4.18 provide additional guidance in relation to NEDs and INEDs, particularly in relation to the applicable Prescribed Responsibilities.

12 The Central Bank has a power under the IAF Act to extend the SEAR to other regulated financial service providers by way of Central Bank regulations. 13 Underwriting of financial instruments or placing of financial instruments on a firm commitment basis (or both)

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 22 2.3 Sharing of Roles 2.3.1. Inherent Responsibilities are integral to the relevant PCF role and the relevant Prescribed Responsibilities should be allocated in full to a PCF role holder, therefore sharing of a PCF role in any form amongst several individuals is not permitted under the SEAR, other than in the following cases described in 2.3.2-2.3.3 below. 2.3.2. Job sharing: Where two individuals share a PCF role in a jobsharing14 arrangement, each individual is fully accountable for all the responsibilities inherent in and allocated to that PCF and, as such, responsibilities must be allocated jointly to all individuals holding that PCF role. The details of job sharing arrangements must be set out clearly on the respective Statements of Responsibilities and set out on the Management Responsibilities Map. The responsibilities of the role will be discharged where the individual can demonstrate that they took reasonable steps to discharge the responsibility, including the manner in which activities and tasks were shared amongst the job sharers and in respect of their completion on that basis. 2.3.3. Sharing of a PCF role whereby the role consists of more than one distinct business line: In certain instances, taking into consideration the business model of a firm, especially in large firms, it may be a common business practice that certain PCF roles may be performed by two individuals where the role has a distinct business line and there is no one individual who would

14 Job-sharing for the purposes of this paragraph represents an employment arrangement where two people are employed on a part-time or reduced-time basis to perform a job normally fulfilled by one person.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 23 be responsible for the whole respective area falling under the remit of a specific PCF role. The Central Bank would expect that only the following PCF roles potentially could be shared based on the business line:  PCF-18 Head of Underwriting taking into consideration retail and corporate business lines;  PCF-19 Head of Investment and for investment firms (applicable to insurance undertakings) and PCF-29 Head of Trading and PCF-30 Chief Investment Officer (applicable to investment firms) taking into consideration different investment types i.e. equity and bonds. In such cases, in determining if the situation is permissible, the arrangements should be assessed on a case-by-case basis by the firm taking into consideration the type of PCF role, the business model of the firm, common business practice in the industry, the rationale and the details of the role shared. The Inherent Responsibilities would apply in full to each role holder and the relevant Prescribed Responsibilities should be allocated in full to each PCF role holder. The distinction amongst the roles should be clearly defined on each individual’s Statement of Responsibilities and set out on the Management Responsibilities Map which will be taken into consideration in determining whether reasonable steps were taken. The sharing of PCF roles is not permitted in any other cases and it is expected that there will be one PCF role holder for all other PCF roles.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 24 2.3.4. Nature of a PCF role allows for several individuals to hold the same PCF role: The following PCF roles by their nature can be held by several individuals: PCF-1, PCF-2A, PCF-2B, PCF-16, PCF-28, PCF-41, PCF-50, PCF-54 Head of Material Business Line for insurance undertakings and PCF-55 Head of Material Business Line for investment firms. However, each individual would be holding a distinct role and the scope of responsibilities has to be clearly defined on each individual’s Statement of Responsibilities and set out on the Management Responsibilities Map.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 25 2.4 Responsibilities under the SEAR Inherent Responsibilities 2.4.1. Inherent Responsibilities are those core responsibilities that are intrinsic to a specific PCF role. 2.4.2. The Inherent Responsibilities of each PCF role at in-scope firms are set out in SEAR Regulations and are listed in Appendix 2 of the IAF Guidance for reference. The Inherent Responsibilities are inseparable from the PCF role and thus, unlike the Prescribed Responsibilities whereby the firm allocates these responsibilities to the relevant individual (as set out below), a PCF role holder will be deemed responsible for the Inherent Responsibility associated with the PCF role by virtue of occupying that role. Prescribed Responsibilities 2.4.3. In addition to the responsibilities inherent to each PCF role at in-scope firms, a firm must consider the Prescribed Responsibilities, set out by the Central Bank in the SEAR Regulations and listed in Appendix 2 for reference, as it is mandatory that these responsibilities are allocated to an individual in a PCF role at in-scope firms. 2.4.4. The purpose of Prescribed Responsibilities is to ensure that responsibilities, including the management or oversight of key risks, have been allocated to a PCF role holder, which will provide clarity as to who is responsible for key activities of the firm. The following categories of Prescribed Responsibilities are set out in Appendix 2:  General Prescribed Responsibilities,  Sector or Circumstance Specific Responsibilities,

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 26  Prescribed Responsibilities for low impact in-scope Investment Firms,  Prescribed Responsibilities for Incoming Third Country Branches. 2.4.5. The responsibilities prescribed by the Central Bank for allocation to individuals in PCF roles at in-scope firms are provided by way of a general list of Prescribed Responsibilities or 'Sector or Circumstance Specific Responsibilities' (i.e. those that are applicable to firms in some but not all sectors or in certain circumstances only). For example, PR 34 is circumstance specific - “Where the firm has established a specific steering committee to address regulatory matters, responsibility for managing the operation of the committee and for providing comprehensive and timely reporting to senior management and to the Board”. It is recognised that these Sector or Circumstance Specific Responsibilities will not apply to all in-scope firms. However, where they do, either because the in-scope firm is part of a particular sector or, a particular circumstance is applicable (i.e. they have established a particular committee) then these Sector or Circumstance Specific Responsibilities must be assigned to a PCF role holder. 2.4.6. Taking into account nature, scale and complexity, a proportionate approach in respect of Prescribed Responsibilities applies to Low PRISM impact rated in-scope investment firms. In this regard, a reduced number of 12 General Prescribed Responsibilities are applicable to such firms, which are set out in Table 8 of Appendix 2. All other elements of the SEAR apply, including Statements of Responsibilities, Management Responsibilities Map and the Duty of Responsibility.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 27 2.4.7. A tailored list of Prescribed Responsibilities for Incoming Third Country Branches is also included in Appendix 2 in Table 9. All other elements of the SEAR apply to Incoming Third Country Branches including Statements of Responsibilities, Management Responsibilities Map and the Duty of Responsibility. 2.4.8. While in-scope firms must allocate all applicable Prescribed Responsibilities among individuals in PCF roles, the Central Bank does not intend to provide prescriptive guidance in terms of the allocation of Prescribed Responsibilities to specific PCF role holders. This approach gives firms the flexibility to allocate responsibilities in a manner that accommodates different business models and organisational structures. 2.4.9. For in-scope firms an individual must be assigned PR 1 ‘Responsibility for the firm’s performance of its obligations under the Senior Executive Accountability Regime’. Whilst the day-today operation and management may be delegated to the relevant department(s), one individual must be assigned PR 1. 2.4.10. Notwithstanding the above, the following are the Central Bank's expectations in terms of the allocation of Prescribed Responsibilities to individuals in PCF roles:  Consistent allocation and monitoring of performance: A Prescribed Responsibility should be allocated to an appropriate PCF role holder. In this regard, firms should seek to ensure that there is appropriate consistency and coherence to the way in which Prescribed Responsibilities are allocated. For example, it would be

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 28 expected that Prescribed Responsibility PR 18 “Responsibility for ensuring accuracy, completeness and timely production and submission of the firm’s financial information and financial regulatory returns" be allocated to the Head of Finance. Firms shall monitor the performance of the PCF holders. In addition, the firm should satisfy itself on reasonable grounds that the individual, to which the Prescribed Responsibility is allocated, is fit and proper to perform it in line with Section 21(1) of the 2010 Act15 .  Appropriate level of seniority: A Prescribed Responsibility should be allocated to the most senior individual, with the appropriate authority, responsible for that area taking into account the governance structures of the firm. While the PCF role holder allocated the Prescribed Responsibility is ultimately responsible, the Central Bank acknowledges that tasks required to discharge the Prescribed Responsibility may be delegated to staff. Any such delegation should be appropriately arranged, managed and monitored. Chapter 3 sets out further considerations in relation to delegation including that the existence and application of the effective oversight of any delegation of responsibilities and effective safeguards against any inappropriate delegation will be taken into consideration in determining the circumstances that are relevant in respect of reasonable steps.

15 21.— (1) A regulated financial service provider shall not permit a person to perform a controlled function unless— (a) the regulated financial service provider is satisfied on reasonable grounds that the person complies with any standard of fitness and probity in a code issued under section 50, and (b) the person has agreed to comply with any such standard.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 29  The over-allocation of Prescribed Responsibilities: Firms should carefully consider the allocation of multiple Prescribed Responsibilities to any one individual in a PCF role, noting that each Prescribed Responsibility is significant. As such, firms must ensure that individuals have sufficient time and resources to carry out the allocated responsibility.  The sharing of Prescribed Responsibilities: Where two individuals share a PCF role, as referred to in Section 2.3, all individuals are individually and fully accountable for all the responsibilities allocated to that PCF, as such Prescribed Responsibilities will be allocated jointly to all individuals holding that PCF role. In other instances, Prescribed Responsibilities must not be shared.  The nature of the Prescribed Responsibility: In allocating a Prescribed Responsibility to an individual in a PCF role, the nature of the Prescribed Responsibility being allocated must also be considered. Specifically, where the Prescribed Responsibilities are non-executive in nature (listed below), these must be allocated to NEDs. Such an approach eliminates any potential misallocation of executive or non-executive Prescribed Responsibilities. Further information on the responsibilities and accountability of NEDs and INEDs is set out in paragraphs below.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 30 Table 1 | Non-Executive Prescribed Responsibilities16 Non-Executive Prescribed Responsibilities17 PR 4 Responsibility for leading the development of the firm’s culture, including on matters relating to diversity and inclusion, by the Board. PR 6 Responsibility for overseeing the development of the firm’s remuneration policies and practices. PR 8 Responsibility for safeguarding the independence of the internal audit function and for oversight of the function and the Head of Internal Audit. PR 9 Responsibility for safeguarding the independence of the compliance function and for oversight of the function and the Head of Compliance. PR 10 Responsibility for safeguarding the independence of the risk function and for oversight of the function and the Chief Risk Officer. PR 11 Responsibility for leading the development and monitoring effective implementation of policies and procedures for succession planning, induction, training and professional development of all members of the Board. PR 12 Responsibility for ensuring the independence, autonomy and effectiveness of the firm’s policies and procedures on whistleblowing. Responsibilities in respect of NEDs and INEDs 2.4.11. While the Central Bank recognises that NEDs and INEDs do not manage a firm's business in an executive capacity, they play an essential role as members of the board in respect of the

16 The application of the SEAR to (I)NEDs comes into effect on 1 July 2025. However firms will be required to produce a Management Responsibilities Map from 1 July 2024 and include all PCF role holders including (I)NEDs on the Map to ensure clarity regarding the governance arrangements within the firm. 17 In reference to General PRs and low-impact in-scope Investment firm PRs.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 31 oversight of the firm and in safeguarding a firm’s governance framework. 2.4.12. The Corporate Governance Requirements address the role of INEDs, NEDs and Executive Directors as follows:  INEDs: As an integral component of the board, INEDs represent a key layer of oversight of the activities of a firm. It is essential for INEDs to bring an independent viewpoint to the deliberations of the board that is objective and independent of the activities of the management and of the firm.  NEDs: The role of NEDs is to ensure that there is an effective executive team in place, participate actively in constructively challenging and developing strategies proposed by the executive team, participate actively in the board’s decision-making process, participate actively in board committees (where established) and exercise appropriate oversight of execution by the executive team of the agreed strategies, goals and objectives and to monitor reporting of performance.  Executive Directors: The role of Executive Directors is to propose strategies to the board and, following challenging board scrutiny, to execute the agreed strategies to the highest possible standards. 2.4.13. In line with Corporate Governance Requirements, boards must ensure their firm’s strategy and organisational culture are consistent with its purpose and values and ensure that the appropriate culture is embedded in the organisation. Under Irish law, all directors, executive or non-executive, have, as board members, the same obligations and duties including that the board acts collectively and in good faith for the overall

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 32 benefit of the firm. The SEAR complements the statutory and fiduciary duties of directors, as set out in the Companies Act 2014. 2.4.14. The Corporate Governance Requirements set out detailed provisions on the role of the board as well as the role of individual directors including that both the role and the responsibilities of the board must be clearly documented and directors must have “a full understanding of their individual direct and indirect responsibilities and collective responsibilities”. Further, under the Central Bank's F&P Regime, NEDs and INEDs have been prescribed as PCFs capable of exercising a significant influence on the conduct of a firm's affairs. 2.4.15. As such, NEDs and INEDs represent a key layer of challenge, governance and oversight to the activities of a firm, which is reflected in the Inherent Responsibilities attached to the roles. The oversight and challenge provided by NEDs and INEDs is an important aspect to the overall culture of the firm. The responsibilities for which NEDs and INEDs are accountable are limited to non-executive responsibilities and considerations in respect of reasonable steps will be limited to what should reasonably be expected of individuals in that context. 2.4.16. INEDs that have a specific additional governance role will have additional responsibilities by way of potential Prescribed Responsibilities as set out in the Table 1 in paragraph 2.4.10. Those roles are:  Chair of the Board,  Chair of the Audit Committee,  Chair of the Risk Committee,  Chair of the Remuneration Committee,

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 33  Chair of the Nomination Committee. 2.4.17. Such an approach supports and reinforces the Corporate Governance Requirements, which set out requirements for committees of boards and specifically requires that Chairs should be NEDs or INEDs. 2.4.18. All in-scope firms must ensure that each NED and INED has a Statement of Responsibilities. Absent an additional governance role, their responsibilities may be limited to those inherent in the role. Any additional non-executive responsibilities that have been allocated to NEDs and INEDs should be documented on the Statement of Responsibilities. Other Responsibilities 2.4.19. Firms must also consider 'Other Responsibilities’, which capture any other material functions/business areas/projects to the extent that they are not captured by the Inherent and Prescribed Responsibilities. Such responsibilities cannot, however, modify or qualify any Prescribed Responsibilities. Other Responsibilities are included as a separate category on the Statement of Responsibilities. 2.4.20. The purpose of 'Other Responsibilities' is to (i) ensure that there is clarity surrounding the allocation of responsibilities in relation to any material functions/business areas/projects (ii) to ensure that same are captured under the relevant Statements of Responsibilities to be put in place by firms in scope of SEAR; and (iii)to ensure that the key risks at a firm are identified and appropriately allocated to PCF role holders.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 34 2.4.21. It is the responsibility of the firm to determine what 'Other Responsibilities' are to be identified and allocated. However, consideration should be given to the importance of the relevant item. Any functions/business areas/projects that are not captured by the Inherent and Prescribed Responsibilities but are included on the Management Responsibilities Map should be allocated to an individual in a PCF role at an in-scope firm as an ‘Other Responsibility’. The Central Bank acknowledges that 'Other Responsibilities' will not be applicable to all firms. 2.4.22. Statements of Responsibilities should indicate where an individual has:  Responsibility for any additional material function/a firm specific business area not already captured by the Inherent or Prescribed Responsibilities and/or any additional function set out in a firm's Management Responsibilities Map. This area of responsibility would typically be an ongoing function of the firm e.g. this could be a new business line or a business line that is considered a key risk.  Responsibility for any significant project of the firm outside the normal course of business, e.g. a significant IT project, planned acquisition or high profile project. This area of responsibility would typically be limited to the length of time it takes to complete the project. While it is the responsibility of the firm to decide what projects should be included in a Statement of Responsibilities, consideration should be given to the duration and importance of the relevant item and only those meeting a

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 35 minimum level of significance for the particular firm should be included.  Responsibilities of an individual that occupies the 'Head of Material Business Line' role to the extent that those responsibilities are not captured by the Prescribed Responsibilities. 2.5 Statements of Responsibilities 2.5.1. Under the SEAR Regulations, firms must ensure that each individual in a PCF role at an in-scope firm has a documented Statement of Responsibilities which clearly sets out their role and therefore indicates their Inherent Responsibilities, and also outlines the Prescribed Responsibilities and Other Responsibilities which have been allocated to them. 2.5.2. Statements of Responsibilities will promote clarity and transparency of individual responsibilities to both firms and the Central Bank and should be utilised by firms in the embedding of an effective governance framework. Submission of Statements of Responsibilities to the Central Bank 2.5.3. In-scope firms are required to have an approved Statement of Responsibilities in place for all individuals in PCF roles on implementation of the SEAR. 2.5.4. In relation to new PCF role holder appointments, an approved Statement of Responsibilities must be submitted to the Central Bank, along with the Individual Questionnaire (IQ), when approval for a PCF role is being sought.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 36 2.5.5. Where an individual holds (or seeks to hold) more than one PCF role at an in-scope firm, only one Statement of Responsibilities, addressing all of the individual’s Prescribed Responsibilities and Other Responsibilities, is required. In the case of an individual who holds (or seeks to hold) PCF roles in more than one firm, including within a group, a Statement of Responsibilities is required in respect of each firm. 2.5.6. The Statements of Responsibilities must be: (i) kept up-to-date, and contain the date and version control and be signed by the PCF role holder; (ii) reviewed on a regular basis by firms; (iii) approved on initial implementation and when it is updated; and (iv) available to the Central Bank on request. 2.5.7. The Central Bank will review Statements of Responsibilities as part of its ongoing supervision rather than set periodic reporting requirements. SEAR is a framework designed to contribute to the efficient and effective governance of firms and maintaining these documents up to date is an ongoing requirement. The Central Bank will require firms to submit Statements of Responsibilities from time to time. The timing and frequency of such requests will vary in line with our supervisory engagement model and supervisory strategy. 2.5.8. A template Statement of Responsibilities is included at Appendix 3.18

18 The Central Bank will issue a separate communication with regard to the process for submitting the Statements of Responsibilities.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 37 Information to be included within a Statement of Responsibilities 2.5.9. In addition to including the relevant Prescribed and Other Responsibilities, the Statement of Responsibilities allows for the inclusion of additional information. The main purpose is to enable individuals in PCF roles at in-scope firms to provide a breakdown of the key aspects of their Prescribed Responsibilities and/or Other Responsibilities, however, this should only be used if necessary. It is important to note that the focus in this regard is on the area of accountability as opposed to skills and competencies required for, or the tasks associated with, the role. 2.5.10. Other additional information expected in the context of Prescribed Responsibilities and Other Responsibilities includes but is not limited to:  A description of how a Prescribed Responsibility or an Other Responsibility is being shared in the context of job sharing;  A description of how a role is shared in the permitted cases as set out in paragraph 2.3.2 and 2.3.3.  Relevant information in respect of delegation of tasks. It is not expected that all tasks delegated would be noted, only significant delegations should be recorded.  The timeline associated with any short-term/projectrelated responsibility. 2.5.11. In terms of the provision of free text in relation to such additional information, the Central Bank expects:  The inclusion of relevant information only: Any additional information should reflect the specificities relevant to the Prescribed Responsibilities and Other Responsibilities by

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 38 the firm to the individual under the SEAR (as set out in Section 2.4), as opposed to detailing responsibilities which exist and are applicable to individuals in PCF roles under other legislation such as, for example, sectoral legislation or company law requirements.  An appropriate level of detail: Firms should focus on ensuring that the description provided is concise, logical and understandable from an external perspective. The Central Bank considers a word count of 100-200words to be appropriate in providing additional information on Prescribed and/or Other Responsibilities. This does not preclude the Central Bank from seeking additional information rather the intention here is to establish a baseline in terms of the level of detail to be provided.  Simple, straightforward language:An effective Statement of Responsibilities should be written in language that is straightforward and easily comprehensible. The information provided therefore should not use overly complex or legalistic language or terminology, and should not attempt to caveat or limit the extent of the assignment of any responsibility to an individual in a PCF role at an in-scope firm.  A level of consistency across the Statements of Responsibilities within an in-scope firm: While accepting that the specific information will vary between roles and the type of information required, the level of detail and the language/terminology used should be consistent across all Statements of Responsibilities in a firm.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 39  Firm-specific information: Any description of responsibilities should be reflective of relevant and current firm-specific circumstances. In this regard, firms should avoid using generic job descriptions or longstanding role profiles and rather, should provide up-todate information relevant to the specific circumstances of the firm to which the Statement of Responsibilities relates. Updates to and retention of the Statement of Responsibilities 2.5.12. As stated in paragraph 2.5.6 above, the Statements of Responsibilities must be kept up-to-date and submitted to the Central Bank on request. To this end, firms are required to treat Statements of Responsibilities as live documents, which are continually edited and updated as appropriate. 2.5.13. Notwithstanding this, all previous versions of a Statement of Responsibilities are a key part of internal corporate governance documentation, and a firm's record keeping more generally, and must therefore be dated and numbered, retained by firms for 10 years and made available to the Central Bank on request.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 40 2.6 Management Responsibilities Map 2.6.1. As set out in the SEAR Regulations, each in-scope firm must at all times have a comprehensive and up-to-date Management Responsibilities Map that describes its management and governance arrangements. 2.6.2. The Management Responsibilities Map must be produced at a legal entity/firm level, in a comprehensive, proportionate and clear single source of reference. 2.6.3. The Management Responsibilities Map should identify the individuals in PCF roles at in-scope firms (and therefore the related Inherent Responsibilities) as well as the allocation of Prescribed Responsibilities and Other Responsibilities among individuals in PCF roles at in-scope firms, to demonstrate that there are no gaps in responsibilities across the firm. The Management Responsibilities Map should be utilised by firms in the embedding of an effective governance framework. Submission of the Management Responsibilities Map to the Central Bank 2.6.4. In-scope firms are required to prepare and maintain an up to date approved Management Responsibilities Map on implementation of the SEAR. 2.6.5. A firm seeking authorisation will be required to prepare and submit a Management Responsibilities Map which will be reviewed and challenged, as appropriate, as part of an application for authorisation. 2.6.6. The Management Responsibilities Map must be: (i) kept up-to-date, and contain the date and version control;

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 41 (i) reviewed on a regular basis by firms; (ii) approved on initial implementation and when it is updated; and (iii) available to the Central Bank on request. 2.6.7. The Central Bank will review Management Responsibilities Maps as part of its ongoing supervision rather than set periodic reporting requirements. SEAR is a framework designed to contribute to the efficient and effective governance of firms and maintaining these documents up to date is an ongoing requirement as an integral part of good governance and oversight by the firm. The Central Bank will require firms to submit Management Responsibilities Maps from time to time. The timing and frequency of such requests will vary in line with our supervisory engagement model and supervisory strategy. Preparation of the Management Responsibilities Map Structure of the Management Responsibilities Map 2.6.8. The Central Bank does not intend to provide a template for the Management Responsibilities Map as the detail will vary dependent on the firm’s size, complexity, and legal and group structure. However, a guide by way of an infographic is included at Appendix 4. It is the responsibility of the firm to develop and maintain a Management Responsibilities Map that is appropriate for, and accurately reflects the structure, size and complexity of the firm including, where applicable, group governance arrangements. 2.6.9. Firms should determine the most effective method of clearly communicating the required information in the Management Responsibilities Map (which may be a combination of text and

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 42 visual aids) ensuring that the information presented therein is clear and complete and that there are no governance gaps or responsibilities that are unaccounted for. 2.6.10. A firm’s Management Responsibilities Map should include sufficient information to enable a clear understanding of how the management and governance arrangements of the firm are structured and operate in practice. 2.6.11. The Management Responsibilities Map must be a single composite document. While a Management Responsibilities Map may be extensive and complex in some cases, for small non-complex firms, it may be short and simple. Information to be included within the Management Responsibilities Map 2.6.12. The Management Responsibilities Map must include: a) A description of key aspects of the firm’s significant activities, business areas and management functions, how each aspect operates within the overall business of the firm and details of the reporting lines and lines of responsibility; b) Matters reserved for the board and how its sub committees and other senior level committees contribute to the decision making of the board; c) An organisation chart; d) The names of all the firm’s PCF role holders and summary details of the responsibilities which they hold; e) A description of responsibilities consistent with how they are described in any current Statement of Responsibilities, by way of a summary and not a duplication of the entire Statement of Responsibilities (as the intention is that the Management Responsibilities

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 43 Map is prepared in a way that makes it simple to see how the responsibilities allocated in a particular Statement of Responsibilities fit into the overall system of management and governance of the firm); f) Details of the management and governance arrangements relating to the Prescribed Responsibilities and Other Responsibilities (including the identity of the PCF role holder to whom those Prescribed Responsibilities and Other Responsibilities are allocated); g) Details of the reporting lines of PCF role holders to individuals and committees in the firm and, if applicable, other members of the group; h) Rationale for any responsibilities that are shared; i) Reasonable information about the individuals who are able to exert a significant influence on the firm, i.e. CF1s, and are identified in the Management Responsibilities Map, including:  whether they are employees of the firm and, if not, their status with the firm;  the responsibilities they have in relation to other entities in the group. j) Where a firm has outsourcing arrangements, details as to which PCF role holder is responsible for the outsourced function; k) Details of how the points above fit together and how they fit into the firm’s management and governance arrangements as a whole. 2.6.13. The Management Responsibilities Map should provide confirmation that all Prescribed Responsibilities have been allocated, and include any relevant Other Responsibilities following a review by the firm to identify these, in line with the

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 44 Guidance on Inherent, Prescribed and Other Responsibilities in Section 2.4. Key Questions for consideration by firms in compiling their Management Responsibilities Map 2.6.14. Consideration of the following key questions will aid firms in compiling their Management Responsibilities Map:  Is it easy to understand the governance structure of the firm and to identify individuals in key decision making roles? For example, is it evident whether these decisions are made by individuals or through committees? Is it easy to understand who has oversight of delivery of these decisions?  Can the reader understand who is responsible for implementing these decisions including the key responsibility of individuals in PCF roles?  Is information on responsibilities provided at a summary level? Consider moving detailed information into the Statement of Responsibilities.  Is it easy to understand who reports to whom?  Are there multiple reporting lines and, if so, is the distinction between them clear? 2.6.15. With respect to firms that are part of a group, consideration of the following key questions will aid firms in compiling their Management Responsibilities Map:  Is it clear how the firm relates to others in its group corporate structure including intra-group reporting lines and division of responsibilities?  If the firm has matrix reporting lines is it clear who is reporting to whom and for what?

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 45  If there are key group level individuals with influence over the firm (e.g. Group NEDs) are they identified and does the Management Responsibilities Map show how these key group level individuals connect with key individuals and governance bodies of the firm?  If the firm relies on group-level governance committees are these shown and can the reader understand how these relate to each other and to the formal governance of the firm (e.g. its board of directors)? Updates to and retention of the Management Responsibilities Map 19 2.6.16. As stated in paragraph 2.6.6 above, the Management Responsibilities Map must be kept up-to-date and submitted to the Central Bank on request. To this end, firms are required to treat Management Responsibilities Maps as live documents that are continually edited and updated as appropriate. 2.6.17. Notwithstanding this, all previous versions of a Responsibilities Map are a key part of internal corporate governance documentation, and a firm's record keeping more generally, and must therefore be dated and numbered, retained by firms for 10 years and made available to the Central Bank on request. 2.7 The interaction between the Statements of Responsibilities and the Management Responsibilities Map 2.7.1. The Central Bank has provided detail on the importance of Inherent Responsibilities, and on the allocation of Prescribed and Other Responsibilities in Section 2.4.

19 The Central Bank will issue a separate communication with regard to the process for submitting Responsibilities Maps

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 46 2.7.2. Afirm’s Management Responsibilities Map is, in effect, a sum of the individual Statements of Responsibilities and should therefore provide an overarching view of the allocation of Prescribed Responsibilities and Other Responsibilities across a firm. 2.7.3. It is expected that the Management Responsibilities Map should confirm that no material gaps exist in relation to the governance structure/key functions of the firm. In the development of the Management Responsibilities Map any gaps identified should be rectified. 2.7.4. Where there are revisions to a Statement of Responsibilities, consideration must be given to any impact on the Management Responsibilities Map any such revisions may have, and the Management Responsibilities Map should be updated appropriately. 2.7.5. The clarity and transparency provided by the combined use of the Statements of Responsibilities and the Management Responsibilities Map is expected to be fundamental for firms in embedding effective governance frameworks. 2.7.6. The following is a non-exhaustive list of areas where the Statements of Responsibilities and the Management Responsibilities Map will embed effective governance frameworks:  The establishment of a clear organisational structure;  The definition of transparent and consistent lines of responsibility;  The internal review of the overall system of governance within the firm;

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 47  The promotion of an appropriate risk and compliance culture;  The provision of induction and ongoing training to individuals in PCF roles;  Succession planning (mindful of diversity and inclusion considerations);  The assurance that all responsibilities making up the entirety of the activities of the firm as captured and set out in the Management Responsibilities Map have been allocated to someone appropriate in the firm which gives firms certainty that there are no gaps or areas of activity for which no one is accountable.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 48 2.8 Duty of Responsibility Introduction 2.8.1. All PCF role holders at in-scope firms are subject to a statutory Duty of Responsibility as set out in section 53B of the 2010 Act as amended by the IAF Act: “A person who has inherent or allocated responsibility for an aspect of the affairs of a regulated financial service provider shall take any steps that it is reasonable in the circumstances for the person to take to secure that, while the person has that responsibility, the aspect of the affairs of the regulated financial service provider is conducted so as to avoid contravention by it of its obligations under financial services legislation.” 2.8.2. Avoiding a contravention includes avoiding the continuation of a contravention and this section should be read accordingly. 2.8.3. The purpose of the Duty of Responsibility (in this section referred to as the Duty) is to underpin a PCF role holder’s responsibilities under SEAR, namely their Inherent Responsibilities, Prescribed Responsibilities and Other Responsibilities, each of which relates to a specific aspect of the firm’s affairs. The Duty does this by imposing an enforceable legal duty on such persons in relation to such responsibilities. 2.8.4. In summary, the Duty requires PCF role holders to take reasonable steps to ensure that the aspects of the firm’s affairs for which they are responsible under SEAR, are conducted so that the firm does not contravene its obligations under financial services legislation. Financial services legislation includes, for

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 49 example, a relevant Act or Statutory Instrument and any requirement imposed on the firm pursuant to a relevant Act or Statutory Instrument, such as a code, direction or condition. Compliance with the Duty 2.8.5. Where a PCF holder takes reasonable steps to ensure the firm complies with its obligations under financial services legislation in relation to an aspect of the firm’s affairs for which they are responsible under SEAR, the Duty is discharged. It is not possible for a PCF role holder to contravene the Duty if they have taken such steps. 2.8.6. Guidance on the circumstances relevant to assessing reasonable steps is set out in Chapter 3. Non-executives 2.8.7. The IAF Act does not distinguish between executive and nonexecutive senior management in relation to the Duty. It is recognised that NEDs and INEDs individually do not manage a firm's business in the same way as executive directors. The responsibilities for which NEDs and INEDs are accountable are more limited, relating to their role in respect of governance, oversight and challenge, therefore they are not expected to assume executive responsibilities, and considerations in respect of reasonable steps will be limited to what should reasonably be expected of individuals in that context. Contravention of the Duty 2.8.8. A contravention of the Duty will arise where a PCF role holder, who is responsible under SEAR for a given aspect of the firm’s affairs, has not taken reasonable steps to avoid the firm

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 50 contravening its obligations under financial services legislation in relation to that aspect of its affairs. Determining who was responsible for the relevant aspect of the firm’s affairs 2.8.9. A person cannot contravene the Duty if they were not, at the relevant time, responsible for the relevant aspect of the firm’s affairs. The firm’s Management Responsibilities Map and Statements of Responsibilities, which must be up-to-date, will be relevant in determining such responsibility. It may however be necessary to look beyond these documents where circumstances require it. Responsibility is a matter of substance, not form, and is not determined only by reference to the documents required under SEAR. While a firm must ensure that these documents are up-to-date and that they accurately reflect its activities, a failure to do so does not negate an individual’s responsibilities nor create responsibilities where there are none. The Duty applies to a person in relation to their responsibilities under SEAR, irrespective of whether the firm has maintained its Management Responsibilities Map and Statements of Responsibilities as required. Therefore, when determining responsibility, in addition to the Management Responsibilities Map and Statements of Responsibilities, it may be necessary to consider other sources of information such as organisational charts, minutes of meetings, emails, regulatory interviews and telephone recordings, which may help to show:  How the firm operated in practice, including how responsibilities were allocated in the firm;  The actual roles and responsibilities of PCF role holders in the firm;

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 51  The relationships between the responsibilities of the various PCF role holders in the firm. Multiple responsible persons 2.8.10. It is possible that more than one PCF role holder will have contravened the Duty where each of them fails to take reasonable steps to avoid the firm contravening its obligations in relation to that aspect. Reasonable Steps 2.8.11. The reasonableness of the steps taken by a PCF role holder will determine whether they complied with or contravened the Duty. When determining this, the Central Bank will consider the PCF role holder’s acts and omissions against any steps that the Central Bank considers that an individual, in that position, could reasonably have been expected to take. Guidance on the circumstances relevant to assessing reasonable steps is set out in Chapter 3. Enforcement – Administrative Sanctions 2.8.12. A contravention of the Duty is a ‘prescribed contravention’ for the purposes of Part IIIC of the 1942 Act. The Central Bank may, therefore, take enforcement action under the Administrative Sanctions Procedure (ASP) against a PCF role holder who has contravened the Duty. Such action may lead to sanctions including monetary penalties. 2.8.13. In exercising its enforcement powers the Central Bank acts proportionately and has regard to the degree to which responsibilities have been abrogated and the extent of any resulting harm.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 52 2.8.14. As noted above, it is possible that more than one PCF role holder will be responsible under SEAR for an aspect of the firm’s affairs in relation to which a contravention has occurred. In such circumstances, the Central Bank will consider whether it is appropriate to take enforcement action under the Duty against one, some or all such individuals.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 53 2.9 Interaction between the Fitness and Probity Regime and SEAR Collective Decision Making 2.9.1. The Central Bank considers that the introduction of the IAF does not alter the concepts of collective responsibility shared by directors as board members, and collective decision-making, which is dependent on the contributions of individual members of senior management. Further guidance on collective decisionmaking is provided in Chapter 5 on the Common Conduct Standards. Fitness and Probity Regime 2.9.2. The Fitness & Probity (F&P) Regime was introduced by the Central Bank for all regulated firms under the Central Bank Reform Act 2010 (the 2010 Act). 2.9.3. The F&P Regime addresses the suitability of individuals to fulfil relevant roles. The SEAR is about their responsibilities while performing those roles. 2.9.4. The introduction of SEAR will not result in a substantive change to the F&P Regime. While they can be thought of as two aspects of one overall framework of sound governance, for reasons of clarity, familiarity and convenience, they can continue to be considered separately. 2.9.5. The operation of the F&P Regime, including the F&P gatekeeper function and the systems in place to support the F&P Regime, will remain substantially unchanged. 2.9.6. There are two key areas where the F&P Regime interacts with the SEAR as follows:

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 54  Submission of the Individual Questionnaire (IQ) by firms seeking approval for an individual to perform a PCF role; and  Application of the F&P Outsourcing Exemption. 2.9.7. Clarity has also been provided on the extent of the application of SEAR in the case of:  Temporary PCF appointments; and  Temporary Officers. PCF Approval Process 2.9.8. Following implementation of the SEAR, an in-scope firm seeking approval for an individual to perform a PCF role will be required to submit a Statement of Responsibilities with the IQ. 2.9.9. The Statement of Responsibilities will identify the individual’s Inherent Responsibilities and set out the individual’s Prescribed and Other Responsibilities. 2.9.10. The approval process conducted by the Central Bank on receipt of an IQ will remain substantially unchanged. However, the Central Bank will have regard to the Statement of Responsibilities as part of that process. In this regard, the Statement of Responsibilities will inform the assessment carried out by the Central Bank in the same way as other documentation inform the assessment. 2.9.11. The Central Bank's risk-based approach to interviewing applicants for PCF roles will continue under the SEAR and questions relating to the Statements of Responsibilities can be expected in such interviews.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 55 2.9.12. Statements of Responsibilities may be subject to review by the relevant supervision team, in particular in terms of their adherence to the Central Bank's expectations regarding the allocation of Prescribed Responsibilities and Other Responsibilities (as outlined in Section 2.4) and in terms of the preparation of such statements (as set out in Section 2.5). Temporary PCF Appointments 2.9.13. Where an individual has been pre-approved as a PCF under Section 23 of the 2010 Act, the SEAR and Conduct Standards apply even where an appointment is (intended to be) temporary. During the temporary occupancy of a PCF role whereby an individual has been pre-approved under Section 23 of the 2010 Act, the consideration of reasonable steps will reflect the particular circumstances of the individual. Temporary Officers 2.9.14. A Temporary Officer appointed to a PCF role20, on the basis that such appointments are only permitted in the most exceptional of circumstances (e.g. in the event of the death of an individual performing a PCF), is not subject to the PCF application process, and accordingly a SoR will not be required. F&P Outsourcing Exemption 2.9.15. Table 2 below sets out the extent of the application of the F&P Regime, SEAR, and Certification and Conduct Standards where a firm has outsourced a PCF or CF role to a regulated or unregulated entity, which reflects the importance the Central Bank attaches to the effective supervision of outsourcing.

20 Under Regulation 11 of the Central Bank Reform Act 2010 (Sections 20 and 22) Regulations 2011, as amended or Regulation 10 of the Central Bank Reform Act 2010 (Sections 20 and 22 — Credit Unions) Regulations 2013, as amended

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 56 Table 2 | F&P Outsourcing Exemption Outsourced PCF role to a regulated entity Outsourced CF role to a regulated entity Outsourced PCF role to an unregulated entity Outsourced CF role to an unregulated entity F&P Regime Outsourcing firm is exempt from applying the F&P Standards and exempt from seeking preapproval from the Central Bank. Outsourcing firm is exempt from the applying F&P Standards. F&P Standards apply and the outsourcing firm must seek preapproval from the Central Bank. F&P Standards apply. SEAR Given individual is not a PCF role holder in the outsourcing firm there is no requirement to have a Statement of Responsibilities and Duty of Responsibility does not apply. N/A Individual is a PCF role holder and must have a Statement of Responsibiliti es. Duty of Responsibilit y also applies. N/A Certification Not subject to certification by outsourcing firm Not subject to Certification by outsourcing firm Applicable Applicable Conduct Standards Applicable 2.9.16. The F&P Regime includes an exemption for outsourced roles. Where a PCF role is outsourced to a regulated firm under a written outsourcing arrangement and that firm is regulated (either by the Central Bank or by an authority in another jurisdiction with similar functions to the Central Bank) for a similar business to that conducted by the firm, the individual performing the outsourced role:

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 57  Is not required to seek pre-approval from the Central Bank; and  Is exempt from the F&P Standards. However, Part 3 of the 2010 Act in relation to investigations, suspension and prohibition will continue to apply. 2.9.17. Where a firm avails of the F&P outsourcing exemption such that a role is outsourced to a regulated firm under a written outsourcing arrangement, the firm is not required to seek preapproval from the Central Bank for the individual in the outsourced firm to perform that role. As such, the role is not a PCF role21 and thus there will not be a requirement to produce and submit a Statement of Responsibilities to the Central Bank. It is expected that the overall responsibility for that role would be documented on the Statement of Responsibilities of the individual who is ultimately responsible for it within the firm and on the firm’s Management Responsibilities Map. This will ensure that the overall responsibility and related individual accountability is retained within the regulated firm. However, should that role be outsourced to a PCF role holder at another in-scope regulated firm, it is expected that the outsourced role should also be reflected on that individual’s Statement of Responsibilities and on that firm’s Management Responsibilities Map. 2.9.18. Where a PCF role is outsourced to an unregulated firm under a written outsourcing arrangement, the regulated firm is responsible for ensuring that it has obtained the Central Bank’s prior written approval for the appointment of that individual to the PCF role. Given the individual occupies a PCF role, a

21 It should be noted that a person benefitting from this exclusion from the requirement to obtain the Central Bank’s prior written approval to appointment as a PCF is a CF.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 58 Statement of Responsibilities must be produced and submitted to the Central Bank by the regulated firm. 2.9.19. In the context of SEAR, to ensure transparency and accountability, the Central Bank requires that where outsourcing arrangements are in place then there will be a PCF role holder in the regulated firm with responsibility for outsourcing arrangements. Accordingly, outsourcing is addressed by way of a General Prescribed Responsibility (PR19 “Responsibility for the firm’s outsourcing framework”). 2.9.20. Moreover, where there is outsourcing of a PCF role, the roleholder should fall under the oversight of a PCF role holder within the entity. This will need to be reflected in the relevant Statement of Responsibilities and the Management Responsibilities Map. This will ensure that the overall responsibility and related individual accountability is retained within the regulated firm. 2.9.21. With regard to outsourcing of the internal audit function specifically, the following Sector or Circumstance Specific Prescribed Responsibility applies: PR33 “Where the firm outsources its internal audit function, responsibility for taking reasonable steps to ensure that every individual involved in the performance of that function is independent from the individuals who perform external audit”.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 59 Part C Chapter 3 Reasonable Steps Chapters 4, 5 and 6 Guidance on the Conduct Standards

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 60 3. Reasonable Steps 3.1. Proportionality, predictability and reasonable expectations are the foundations of the Central Bank’s approach to implementation of the IAF. 3.2. An important concept in the IAF Act is the taking of reasonable steps by individuals to discharge their responsibilities and duties (e.g. the Duty of Responsibility and the Conduct Standards). 3.3. In determining the circumstances that are relevant for consideration in respect of reasonable steps under the Duty of Responsibility and the Conduct Standards the legislative text indicates a range of matters to be considered. These include the following: (a) the nature of the business of the regulated financial service provider, including its scale and complexity, (b) the functions of the person in relation to the regulated financial service provider, and the level of knowledge and experience that a person with such functions could reasonably be expected to have, (c) the level of knowledge and experience of the person, (d) the existence and application (or otherwise) of— (i) appropriate and effective systems (including risk management systems, internal control mechanisms and governance arrangements),

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 61 (ii) effective oversight of any delegation of responsibilities and effective safeguards against any inappropriate delegation, and (iii) appropriate and effective procedures for identifying and remedying problems, (e) the extent to which any matter referred to in paragraph (d) was within the control or influence of the person, and (f) any guidelines published by the Bank in this regard. 3.4. The following individuals should consider what would constitute reasonable steps in a particular circumstance and whether they have taken any such reasonable steps: (i) PCF role holders at firms in scope of SEAR; (ii) CF role holders (inclusive of PCF role holders) who are subject to the Common Conduct Standards; and (iii) PCF/CF1 role holders who are subject to the Additional Conduct Standards22 . 3.5. The IAF should not fundamentally change how well run firms organise their business. The concept of reasonable steps should be already embedded in CF role holders’ day-to-day actions in managing their areas of responsibility. It is acknowledged that human error can occur and that perfection is not the required standard. Rather, in assessing the steps that an individual took the Central Bank will consider what steps an individual, in that position, could reasonably have been expected to take at that

22 Section 53B(2) & Section 53C(1) and (2) of the Act 2010 (as amended by the IAF Act)

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 62 point in time. While the regulatory landscape may change, in considering this the Central Bank will look to the overall circumstances and environment, as they existed at the time rather than applying standards retrospectively or with the benefit of hindsight. The Central Bank also recognises the role of judgement exercised by those in senior roles in discharging their responsibilities and that while that judgement may have turned outto be wrong in a given circumstance, with the benefit of hindsight, it is clearly possible for that individual to demonstrate how that judgement may have been reasonable at the time. 3.6. Without limiting what constitutes reasonable steps, noting that what is reasonable is context specific and will vary according to the facts and circumstance of each individual case, and in particular when considering the circumstances outlined in paragraph 3.3 a) to f) above, the Central Bank may take the following non–exhaustive list (paragraphs 3.9 to 3.15) of considerations into account. 3.7. These considerations may not be relevant in every case and there may be other factors not listed, that are relevant. It is not possible to provide a comprehensive list that would cover every situation in every firm. Being overly prescriptive may diminish the ability of an individual, in their respective firms to fulfil their obligations. In this regard, an individual should not adopt a check-box mentality in applying the guidance. The Central Bank’s expectation is that individuals in CF roles are experienced, competent professionals and should be in a position to fully understand the area of the business for which they are responsible, take the necessary steps required to ensure that it is managed appropriately e.g. by

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 63 questioning/challenging, being thorough, making informed decisions, delegating appropriately and being in a position to discharge their duties. 3.8. PCF/CF1 role holders are also expected to understand their role in the effective running of the business more broadly, including their obligations in relation to effective collective decision-making. As well as the importance of ensuring appropriate controls and processes are in place, the Central Bank also expects an individual to think more broadly and seek to create and/or contribute to an overall environment where the risk of a contravention is minimised. Considerations in determining whether reasonable steps were taken 3.9. The Central Bank will consider the actions taken by individuals in the context of the nature, scale and complexity of the business of the firm. Consideration may include the size and complexity of the firm’s operations, the nature of the firm’s activity and the types of services provided. (i.e. a large complex firm with multiple product lines would be expected to have more extensive risk management frameworks and controls in place than a smaller less complex firm). 3.10. The Central Bank’s assessment of the functions of the individual in relation to the firm and the level of knowledge and experience of the individual, would likely include consideration of the following: 3.10.1. The individual’s role and responsibilities, and the relationship to the responsibilities of other individuals in the firm, including

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 64 in relation to any shared responsibilities or matrixmanagement structures. Individuals in CF roles should be clear on their own responsibilities and how they relate to the responsibilities of others in the firm. An individual should fully understand the risks and consequences that their decisions, actions and behaviours may have for a firm, its employees, its customers and the wider market. In addition, they should be satisfied with the quality of any input provided by another area of the firm that is required for them to carry out their responsibilities. 3.10.2. It is acknowledged that individuals coming into a more senior or different role for the first time will, subject to certain minimum expectations as to competence and capability to operate at that level, be on a learning curve. This will be taken into account in determining what steps are reasonable for them to take. 3.10.3. The level of knowledge and experience, including an individual’s technical background, relevant professional qualifications and previous experience, that the relevant individual had or could reasonably be expected to have had in their position at the relevant time, considering, among other factors:  how long they have been in the role and, where relevant, transitional arrangements for those new to the role and/or with new responsibilities;  the awareness the individual had or ought to have had of relevant regulatory requirements relevant to their role and responsibilities;  ongoing professional development including the training made available by the firm, the individual’s participation at such training, whether the individual sought further

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 65 training or support where they considered it necessary; and  the steps they took to ensure their awareness of key risks and of developments (including regulatory, economic and geo-political) that may impact the area of the business for which the individual was responsible. 3.11. In relation to the existence and application of appropriate and effective systems (including risk management systems, internal control mechanisms and governance arrangements), the Central Bank’s assessment would likely include consideration of the following in respect of the area of the business for which the individual was responsible: 3.11.1. The extent to which (on taking up responsibilities and on an ongoing basis) the individual assessed, monitored and reviewed the adequacy and effectiveness of the governance, operational and risk management arrangements in place. 3.11.2. How they informed themselves of material changes to risks in a timely manner and verified, challenged and considered any broader implications and where an actual or suspected issue was identified what action the individual took to rectify and mitigate the issue and ensure its resolution. 3.11.3. The steps taken by the individual to implement, as appropriate, adequate and effective systems and controls to comply with the relevant regulatory requirements and standards including ensuring that related policies, processes and procedures were kept up to date.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 66 3.11.4. Where reviews have been undertaken, how the relevant recommendations were implemented (including timeliness, ongoing monitoring and embedding). 3.12. In relation to the effectiveness of oversight of any delegation of responsibilities and effective safeguards against any inappropriate delegation, the Central Bank’s assessment would likely include consideration of the following in respect of the area of the business for which the individual was responsible: 3.12.1. How the individual ensured delegation, whether internal or external, was to an appropriate delegate with the required capacity, competence, knowledge, seniority and skill (e.g. has the individual satisfied themselves that appropriate due diligence was conducted?). 3.12.2. The steps taken to ensure a clear understanding of what was delegated and what was expected by way of action and reporting by the delegate, taking account of any ‘matrixmanagement’ arrangements. 3.12.3. How the individual oversaw the discharge of the delegated responsibility effectively including, but not limited to:  staying up to date on the progress of the deliverables, issues arising and their resolution;  ensuring that there were processes in place for delegates to raise material developments and risks in relation to their work;  ensuring that delegates were familiar with the procedure for escalating concerns;  ensuring that delegates were made aware of the culture and the values of the firm; and

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 67  ensuring that there were up to date procedures on dealing with whistleblowing concerns and that delegates were familiar with such procedures. 3.13. In relation to safeguards against any inappropriate delegation, the Central Bank’s assessment would likely include consideration of the following in respect of the area of the business for which the individual was responsible: 3.13.1. How the individual established clear reporting lines, including any ‘matrix management’ arrangements, whether in Ireland or overseas. 3.13.2. Steps taken to ensure adequate resources were in place and that these were appropriately deployed, including for risk and control functions. This includes but is not limited to steps by an individual:  to satisfy themselves that there were appropriate policies and procedures in place to review delegates’ knowledge and experience to ensure their suitability to fulfil the duties assigned to them and where relevant that suitable training and awareness programmes had been implemented in relation to such delegates;  to satisfy themselves that effective processes were in place in relation to managing disruptions to staffing levels such as departures, vacancies and illnesses (e.g. that a succession plan/resource plan was in place);  ensure appropriate transition, where applicable, including whether the individual took reasonable steps to ensure an orderly transition of responsibilities was completed as required.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 68 3.14. In relation to ensuring appropriate and effective procedures for identifying and remedying problems, the Central Bank’s assessment would likely include consideration of the following in respect of the area of the business for which the individual was responsible: 3.14.1. Steps taken to ensure that there were appropriate and effective procedures in place for the timely identification, remediation and mitigation of problems, breaches or issues including but not limited to:  that appropriate controls and reporting were in place to ensure identification of potential issues i.e. considering whether additional monitoring may be required in certain circumstances. For example, in relation to the expansion or restructuring of the business, highly profitable or unusual transactions or in relation to individuals who contributed significantly to the profitability of the business area or who had significant influence over the operation of a business area;  that appropriate escalation procedures were in place;  to ensure issues were raised in a comprehensive and transparent manner, thoroughly reviewed and documented;  that matters were reported internally (as required) and externally (where appropriate) and followed up to ensure resolution; and  to assess lessons learned and address implications for the wider control environment. 3.14.2. How the individual meaningfully informed themselves including, but not limited to:

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 69  assessing and monitoring risk across the three lines of defence, as appropriate;  ensuring proper reporting and seeking an explanation of issues, including for example, through ensuring appropriate internal management information mechanisms were in place and monitoring and critically interrogating any information available;  escalating the issue to relevant senior management and/or the board, as appropriate; and  obtaining, where appropriate, independent expert advice or assurance, from either inside or outside the firm as necessary. 3.14.3. The extent to which an individual took steps to prevent breaches of customers’ consumer protection rights and/or contractual rights and that they adequately considered and recognised the rights of the firm’s consumers and its obligations to them including, but not limited to, the following:  In the firm’s dealings with customers whether an individual sought to put the interests of the firm’s customers at the centre of their, and the firm’s approach, and to ensure that adequate resources, policies, procedures, systems and controls were effectively employed to this end (for example, customer complaints were handled in a fair and consistent manner).  In the firm’s dealings with customers whether an individual sought, where relevant, to ensure that effective disclosure of all relevant material information was made, on a timely basis, in adherence with legislative and regulatory requirements.  Where failings were identified, whether all the impacted customers were engaged with, whether the individual

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 70 considered its clear obligations to and impacts on its customers and acted swiftly and thoroughly to rectify any related breach and addressed any failings without delay to prevent serious and continued harm to their impacted customers.  The extent to which an individual co-operated and engaged with the Central Bank in an open, constructive and meaningful manner at all times through their actions. 3.15. In relation to the extent to which any matter referred to above in paragraphs 3.11 to 3.14 was within the control or influence of the individual, the Central Bank’s assessment would likely include consideration of the following: 3.15.1. The overall circumstances and environment in which the individual was operating at the time. For example, the Central Bank may consider how the individual prioritised matters and responded to new developments and whether these were informed by an appropriate risk assessment. Steps taken by the individual to adhere to firm procedures and in the event of nonadherence, whether such an approach was itself appropriate in the circumstances. 3.15.2. How the individual reviewed and challenged the relevance, accuracy and completeness of the information available to them, sought out additional information where necessary and whether appropriate action was taken by the individual on the basis of the review. 3.15.3. The approach taken by the individual to participating effectively in collective decisions including but not limited to:

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 71  ensuring a sufficient level of attendance at, participation in, and contribution to, relevant meetings;  ensuring that they were sufficiently and appropriately informed of the relevant matter(s) at hand; and  exercising due care, skill and diligence in contributing to such decisions. 3.16. As already noted, the IAF should not necessarily change the way well-run firms run their organisations or add significantly to the administrative burden. 3.17. Records of the steps taken that the Central Bank may seek to review or obtain may include but are not limited to:  meeting minutes of board, board committee and other internal meetings (i.e. any decision making committee that an individual sits on in respect of the discharge of their duties);  Statements of Responsibilities and the Management Responsibilities Map (for individuals at in-scope firms);  organisation charts, job descriptions, performance appraisals, documentation on delegation, agreements with delegates and reporting lines;  any other internal materials such as emails, training materials, manuals, regulatory correspondence, telephone recordings, presentations and escalation briefings in respect of issues identified.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 72 Guidance on the Conduct Standards Chapter 4 Overarching Guidance on the Conduct Standards Chapter 5 Common Conduct Standards Chapter 6 Additional Conduct Standards

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 73 4. Overarching Guidance on the Conduct Standards 4.1. The IAF provides for Conduct Standards which set out the standard of behaviour the Central Bank expects of firms and the individuals working within them. The Conduct Standards are comprised of the Common Conduct Standards and the Additional Conduct Standards (the Conduct Standards) and the Business Standards. 4.2. This Section sets out how the Conduct Standards will operate in practice, including the Central Bank’s expectations regarding how individuals subject to the Conduct Standards should comply with them. 4.3. In relation to the Business Standards, Section 17A(2) of the 2010 Act as amended by the IAF Act provides the Central Bank with a regulation making power to prescribe standards for the purpose of ensuring that in the conduct of its affairs a firm (a) acts in the best interests of customers and of the integrity of the market, (b) acts honestly, fairly and professionally, and (c) acts with due skill, care and diligence. The Business Standards will be developed in conjunction with the separate review and consultation on the Consumer Protection Code noting the parallel with the General Principles and the importance of alignment of the regulatory framework and the conduct obligations imposed on firms in this regard. 4.4. The Conduct Standards set out a single set of applicable standards of behaviour which will apply to relevant individuals

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 74 in all firms23, irrespective of sector. Specifically, these comprise Common Conduct Standards for CFs (which include all PCFs as a subset of CFs), and Additional Conduct Standards for individuals performing PCF roles and other individuals who may exercise significant influence on the conduct of a firm’s affairs (CF1 roles 24). 4.5. The Conduct Standards will act as a benchmark to guide individuals, individually and collectively, as to the standards of behaviour expected of them, which will, over time, contribute to the ultimate goals of better outcomes for consumers and a more sustainable financial system. Most individuals working in the financial services industry will likely consider the Conduct Standards reflective of the sound values to which they already hold themselves. 4.6. The Conduct Standards apply to the activity/conduct of all individuals who perform CF roles at firms wherever that activity/conduct is performed. For example, whether the activity/conduct is performed in Ireland or abroad, or in respect of a client based in Ireland or abroad. This scope includes CF roles at incoming and outgoing Third Country and EEA branches given that they are in scope for the Conduct Standards (please see Appendix 5 of the IAF Guidance). 4.7. The Conduct Standards are applicable across all sectors i.e. to a wider population than SEAR. Similar to the Duty of Responsibility under the SEAR, the Conduct Standards also

23 Individuals who are performing CFs at Holding Company level only will not be subject to the Conduct Standards given that the Holding Company is not itself a regulated financial service provider. 24 CF1. Ability to exercise a significant influence on the conduct of the affairs of a regulated financial service provider.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 75 include a duty to take reasonable steps to meet the Conduct Standards as follows:  An individual who performs a CF role in relation to a firm should take the steps that it is reasonable in the circumstances for the individual to take to ensure that the Common Conduct Standards are met.  Additionally an individual who performs a PCF/CF1 role should take the steps that it is reasonable in the circumstances for the individual to take to ensure that the Additional Conduct Standards are met. 4.8. Details of the guidance in respect of reasonable steps are contained in Chapter 3 and should be interpreted in the context of the level of seniority of the roles in scope noting that there may be significant differences in the relevant responsibilities and expectations. In the context of enforcement, a breach of the Conduct Standards will be directly enforceable by the Central Bank under the ASP. The matter of reasonable steps in the context of the analysis of any of the non-exhaustive relevant circumstances set out in Section 53D of the 2010 Act as amended by the IAF Act (and paragraph 3.3 above), which may be applicable together with other relevant factors will be considered by the Central Bank on a case-by-case basis by reference to the relevant circumstances in each case. 4.9. Firms and persons performing PCFs in firms are reminded that they are required to report to the Central Bank where the firm or the PCF (as the case may be) suspects that a prescribed contravention for the purposes of Part IIIC of the 1942 Act may have occurred. Breach of the Common Conduct Standards and/or Additional Conduct Standards is a ‘prescribed contravention’ for the purposes of Part IIIC of the 1942 Act. An

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 76 example of such a reporting obligation is under Section 53F of the 2010 Act whereby paragraph (d) requires PCFs/CF1s to report suspected ‘prescribed contraventions’ or any other breach of obligations under ‘financial services legislation’. Section 38(2) of the Central Bank (Supervision and Enforcement) Act 2013 [Protected Disclosures] requires PCFs to report information relating to, inter alia, ‘prescribed contraventions’ that may have been /are being committed , where the PCF believes that the information will be of material assistance to the Bank. Interaction with the Fitness and Probity Regime 4.10. The Fitness and Probity (F&P) Regime places obligations on firms in relation to the ongoing application of the Fitness and Probity Standards (F&P Standards) to all individuals in CF roles 25 . 4.11. The Common Conduct Standards apply to all individuals in CF roles. At a high level, therefore, the F&P Regime and the Common Conduct Standards are aligned in terms of their applicability to firms and to individuals. 4.12. Conceptually, there is overlap in the F&P Standards and the Common Conduct Standards that will apply to individuals. For example, both sets of standards include requirements in relation to honesty and integrity. 4.13. However, the purpose of the F&P Standards is different to the purpose of the Conduct Standards.

25 Section 21 of the Central Bank Reform Act 2010.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 77 4.14. The F&P Standards26 set a standard that staff in CF roles must meet to ensure that they are sufficiently skilled and have the requisite integrity to be trusted in their roles, for example, an individual in a CF role must be competent and capable to perform their role. 4.15. The purpose of the Conduct Standards is different in that they govern the conduct of individuals in CF roles, imposing positive, enforceable legal obligations on individuals to act in accordance with a single set of standards of expected behaviour. While the F&P Standards are relevant to assessing individuals’ suitability prior to their appointment and on an ongoing basis while performing the controlled function, the Conduct Standards only apply once the individual is in the role. 4.16. An individual may breach a Conduct Standard but still comply with the F&P Standards in relation to a role, however a past breach of a Conduct Standard may be relevant to their ongoing suitability for a role. Conversely, an individual may fail to comply with the F&P Standards in relation to their role despite not having breached the Conduct Standards. Such determinations will depend on the facts and circumstances of the specific case. Exemptions from Fitness and Probity Standards 4.17. Certain categories of individuals are exempt27 from the scope of the F&P Standards, for example relating to EEA branches as

26 In general, the F&P Standards require that persons must: (a) be competent and capable; (b) act honestly, ethically and with integrity; and (c) be financially sound. 27 a. A person whose function is solely concerned with acting in accordance with a written set of instructions in the form of a script. b. A person performing functions for a regulated firm under a written outsourcing arrangement where that person is regulated (either by the Central Bank or by an authority in any

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 78 well as to the outsourcing of CF roles and intra-group arrangements. The F&P Regime also provides an exemption such that a firm is not required to seek pre-approval from the Central Bank whereby a PCF role is outsourced to another regulated firm, for a similar business to that conducted by the firm, under a written outsourcing arrangement. It should be noted that, while under this exemption the individual would not occupy a PCF role, the individual would occupy a CF role. 4.18. Such exemptions will not apply to the scope of the Conduct Standards as these apply directly from the legislation, and due to the differing rationales underpinning each and noting the importance of the Conduct Standards in driving improved behaviours and accountability across regulated firms. As such, where an individual is exempt from the F&P Standards, that individual will be in scope for the Conduct Standards and may be held individually accountable for their conduct and behaviour in the role. 4.19. The Additional Conduct Standards will apply to PCFs or other persons having the ability to exercise a significant influence on the conduct of the affairs of an RFSP. Such individuals are required to comply with the Additional Conduct Standards and the Common Conduct Standards given that PCFs are included in the CF population to whom the Common Conduct Standards apply. Where a firm has availed of the outsourcing exemption

jurisdiction with similar functions to the Central Bank) to provide financial services similar to those provided by the regulated firm. c. A person in a regulated EEA firm (i.e. a firm authorised by the competent authority of another EEA country) which provides cross border services into Ireland. d. A person in an Irish branch of a regulated EEA firm (i.e. a firm authorised by the competent authority of another EEA country). e. A person in a separate legal entity in a group structure of companies (whether such an entity is regulated or not) who may exercise a significant influence over a person performing a CF or a PCF in a regulated firm authorised by the Central Bank.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 79 under the F&P Standards, given the individual in the outsourced role is not pre-approved by the Central Bank for the outsourced role and does not otherwise occupy a PCF role, the individual will only be subject to the Additional Conduct Standards to the extent that the individual is identified as a CF1. 4.20. Additionally the legal obligation on firms in relation to the Conduct Standards (to notify and train staff) will apply to the relevant firm in each case (Irish regulated firms/ incoming and outgoing EEA branches/non-EEA branches). See further detail in respect of obligations in the sections below. Holding Companies 4.21. The IAF Act amends the 2010 Act such that the F&P Regime is extended to apply to holding companies established in Ireland. The change means that individuals proposed for PCF roles in holding companies will be assessed by the Central Bank under the existing F&P Regime in the same way as individuals proposed for PCF roles in firms are assessed. In addition, all CFs in holding companies will be required to comply with the F&P Standards. 4.22. Individuals who are performing CF roles at a holding company level only will not be subject to the Conduct Standards given that the holding company is not itself a regulated financial service provider. Temporary PCF Appointments 4.23. Where an individual has been pre-approved as a PCF under Section 23 of the 2010 Act, the SEAR and Conduct Standards apply even where an appointment is (intended to be)

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 80 temporary. During the temporary occupancy of a PCF role whereby an individual has been pre-approved under Section 23 of the 2010 Act, the consideration of reasonable steps will reflect the particular circumstances of the individual. Temporary Officers 4.24. A Temporary Officer appointed to a PCF role28, on the basis that such appointments are only permitted in the most exceptional of circumstances (e.g. in the event of the death of an individual performing a PCF), is not subject to the PCF application process, and accordingly will not be subject to the SEAR. However, an individual will be subject to the Additional Conduct Standards to the extent that the individual is identified as a CF1. It is the Central Bank’s expectation thatthis will be the case in relation to Temporary Officers.

28 Under Regulation 11 of the Central Bank Reform Act 2010 (Sections 20 and 22) Regulations 2011, as amended or Regulation 10 of the Central Bank Reform Act 2010 (Sections 20 and 22 — Credit Unions) Regulations 2013, as amended

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 81 Guidance in relation to obligations on the firm in respect of Conduct Standards 4.25. The IAF Act requires the Central Bank to prepare, in such form and manner it considers appropriate, guidelines for the purpose of providing practical guidance for firms relating to notification, training and the development of policies for individuals subject to Conduct Standards. 4.26. A firm has a critical role to play in integrating the Conduct Standards in its culture for all individuals, including via notifying and the provision of training (both on an initial and ongoing basis) to individuals performing CF roles. This is to ensure that such individuals have appropriate knowledge of the standards and how they apply to an individual in the performance of their role. In relation to the Conduct Standards, the IAF Act imposes obligations on the firm to notify CFs of the Common Conduct Standards and individuals in PCF/CF1 roles of the Additional Conduct Standards that apply to them and to provide training to them in this regard. There is also an obligation on the firm to establish, maintain and give effect to policies on how the Common Conduct Standards are integrated into the culture and conduct of the affairs of the firm. 4.27. For firms in scope of SEAR, an individual must be assigned PR 3 ‘Responsibility for embedding the conduct standards throughout the firm’. Whilst the day-to-day operation and management may be delegated to the relevant department(s), one individual must be assigned PR 3. For those firms outside the scope of the SEAR, the Central Bank considers the Chief Executive Officer

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 82 (PCF-8) or equivalent to be responsible and accountable for embedding the Conduct Standards throughout the firm. Notification by the firm in respect of Conduct Standards 4.28. Firms should maintain up to date records regarding the notification of the Conduct Standards to the relevant individuals. Such records do not need to be submitted to the Central Bank, but retained by the firm and made available for review upon Central Bank request. Provision of training on Conduct Standards 4.29. There is a statutory obligation on the firm to provide training to individuals in CF roles on the Common Conduct Standards and to individuals in PCF/CF1 roles on the Additional Conduct Standards to ensure that they have appropriate knowledge of them and how they apply to an individual performing that function. The firm should provide appropriate induction training in a timely manner on implementation and going forward to all newly appointed individuals in CF roles with regard to the Common Conduct Standards and to newly appointed individuals in PCF/CF1 roles with regard to the Additional Conduct Standards. The firm should also provide appropriate training on an ongoing basis to ensure that individuals are clear on their obligations in respect of the Conduct Standards and specifically what is expected of them in the context of their role. 4.30. Firms should evidence that individuals have completed the relevant training and maintain up to date records in this regard. Such records do not need to be submitted to the Central Bank

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 83 but retained by the firm and made available for review upon Central Bank request. 4.31. The firm’s training programme in relation to Conduct Standards should be subject to oversight and challenge by senior management to ensure that the firm’s training programme adheres to IAF legislative and regulatory requirements, is adequately embedded into the firm’s day-today activities, including the performance review process, and identifies areas of enhancement where required. 4.32. Senior management should ensure that it is provided with timely and effective management information in relation to Conduct Standards training and that appropriate remediation action is taken where required. The scale and level of detail contained in such reporting should be proportionate to the nature, scale and complexity of the firm. 4.33. For firms in scope of SEAR the individual in the relevant PCF role allocated PR 3 should oversee the provision of training in respect of the Conduct Standards. This includes understanding the approach and having sufficient awareness of training completion and effectiveness which can be achieved through periodic reporting and effectiveness reviews. Integrating the Common Conduct Standards 4.34. Given the wide range of individuals to whom the Common Conduct Standards apply, inclusive of employees and directors, and their high-level nature, firms should develop appropriate policies as to how the Common Conduct Standards will be incorporated into the firm’s culture in order to drive the right behaviours and standards.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 84 4.35. In this regard, firms should consider how failure to meet the Common Conduct Standards could be linked to matters such as performance review and promotion in order that such standards become meaningfully embedded in the culture of the firm. 4.36. The firm should ensure that such policies are well communicated across the business and that firms continually review their control framework and where gaps are identified take the necessary steps to review, improve and update such policies where required. This review should be subject to oversight and challenge by the firm’s senior management and for firms in scope of SEAR, the relevant individual in a PCF role allocated PR 3.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 85 5. Common Conduct Standards 5.1 Introduction 5.1.1. The Conduct Standards set out a single set of standards of behaviour the Central Bank expects of individuals. They constitute universal statutory obligations applicable to individuals in all firms, irrespective of sector, comprising Common Conduct Standards for CFs and Additional Conduct Standards for individuals performing PCF and CF1 roles. 5.1.2. The Central Bank considers these to be the basic standards that should underpin the provision of financial services and the relationships of trust that are central in this area. They are the standards to which most individuals already hold themselves. 5.1.3. Under the IAF legislation, an individual who performs a CF role (including PCFs) in relation to a firm should take the steps that it is reasonable in the circumstances for the individual to take to ensure that the Common Conduct Standards are met. Details of the guidance in respect of reasonable steps are contained in Chapter 3 and should be interpreted in the context of the level of seniority of the roles in scope noting that there may be significant differences in the relevant responsibilities and expectations. In the context of enforcement, breach of the Common Conduct Standards will be directly enforceable against individuals by the Central Bank and reasonable steps will be considered on a case-by-case basis by reference to the relevant circumstances in each case. 5.1.4. Section 53E of the 2010 Act as amended by the IAF Act contains a non – exhaustive list of standards of behaviour under

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 86 each common conduct standard. It is not intended to provide specific guidance on each of the listed behaviours on the basis that they are generally self-explanatory and should be readily understood by those to whom they apply. The IAF Guidance expands on certain aspects where it is considered that further detail on the Central Bank’s expectations would be most useful. 5.2 Acting with Honesty and Integrity 5.2.1. Section 53E (1) of the 2010 Act as amended by the IAF Act states: (a) that the person acts with honesty and integrity including: (i) having regard to the legitimate interests of the regulated financial service provider, its staff, customers and other persons with whom it engages, (ii) operating without bias and preventing or identifying and appropriately managing, conflicts of interest, (iii) not exerting pressure or influence on a customer so as to limit his or her ability to make an informed choice in relation to any financial service, (iv) not misusing or misappropriating any assets or information of the regulated financial service provider or its customers, and (v) reporting appropriately, and not impeding others from reporting, to the management of the regulated financial service provider— (I) information relevant to, or giving rise to a suspicion of, the commission of a prescribed contravention or contravention of any other legal obligation or standard imposed on the regulated financial service provider, and

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 87 (II) any matter otherwise adversely affecting the activities or interests of customers, the regulated financial service provider, its related undertakings, or the financial system in the State. 5.2.2. The Central Bank does not intend to provide detailed guidance on what it means to act with honesty and integrity on the basis that both terms are well understood and commonly used, including in respect of the F&P Regime whereby one of the F&P Standards requires a person to be “honest, ethical and to act with integrity”. 5.2.3. Integrity is fundamental to all aspects of business and may be described as behaving ethically by doing the right thing (through your words, actions and beliefs) even when no one is watching. For an individual, acting with integrity in the performance of a role/function in a firm may take a number of forms, including that an individual is trustworthy and reliable, practises and encourages open and honest communication, adheres to firm policies, follows through on their commitments and takes responsibility for their actions. Ultimately, integrity is based on positive values rather than personal gain. If an individual does something wrong deliberately, then that is likely to be an act showing a lack of integrity. Acting with integrity helps foster an open and positive work environment and a more transparent approach to decision-making, including collective decision-making. 5.2.4. Individuals should be cognisant that decision-making can be affected by the cognitive biases of both individuals and groups and continuous awareness, attention and effort is required to lessen the impact of these. It is therefore important for biases

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 88 to be recognised and acknowledged and to have strategies to counteract them for example by seeking out broader perspectives and contrarian views where possible. 5.2.5. Individuals should strictly adhere to company policies in respect of conflicts of interest, including by preventing, identifying and managing any potential conflicts in a clear and timely manner. All actual and potential conflicts of interest should be properly and appropriately communicated, discussed and documented in order to assess their materiality and decide on mitigating measures. Individuals should not participate in any decision making/discussion where it could reasonably be perceived that a potential conflict of interest exists. It is important that the prevention, identification and management of conflicts of interests are not treated as once-off exercises as contexts and circumstances will invariably change. Therefore, ongoing, considered reflection is necessary to ensure that the avoidance, identification and mitigating of conflicts is properly reviewed and handled and that any conflict is fully declared to appropriate individuals. If there is uncertainty as to whether or not a particular situation should be considered a conflict of interest, individuals should err on the side of caution and consult with the relevant experts such as the firm’s compliance or HR departments. 5.2.6. Examples of other behaviours not consistent with acting with honesty and integrity include misreporting, destroying documents in order to conceal information, not fully disclosing or providing misleading or knowingly inaccurate information to the firm, its customers, employees or the regulator, or misusing

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 89 assets or confidential information in respect of the client or their firm. 5.3 Acting with Due Skill, Care and Diligence 5.3.1. Section 53E (1) of the 2010 Act as amended by the IAF Act states: (b) that the person acts with due skill, care and diligence, including— (i) having appropriate knowledge of the business activities of the regulated financial service provider relevant to the controlled function, and the associated risks of those activities, (ii) having appropriate knowledge of the legal and regulatory framework, including any legal obligation or standard imposed on the regulated financial service provider, relevant to the controlled function, (iii) operating in compliance with the systems and controls, processes, policies and procedures of the regulated financial service provider and any legal obligation or standard imposed on the regulated financial service provider, (iv) acting without detriment to customers, the regulated financial service provider, its related undertakings, or the financial system in the State, (v) ensuring that any communication, including any record, provided to a customer or other person is clear, accurate, up to date and not misleading, (vi) acting appropriately in any decision-making, including collective decision-making, ensuring decisions are properly informed and exercising sound judgement, and

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 90 (vii) monitoring the performance of any delegated tasks and ensuring that those tasks are appropriately performed. 5.3.2. In respect of an individual, acting with due skill, care and diligence in the performance of their role in the firm means acting to the best of their abilities and in a consistent manner to a standard that could reasonably be expected from an individual in such a role. It will include consideration of their qualifications, experience, knowledge and other relevant factors, for example, the length of time in a particular role and other responsibilities the individual may have. This does not represent a standard of perfection, errors of judgment, or omissions, which are not deliberate, may happen. In this regard, an individual is not expected to exhibit in the performance of their role/function a greater degree of skill, care and diligence than might reasonably be expected from an individual in the relevant role with the relevant qualifications, knowledge and experience. 5.3.3. It is important for an individual to have a clear and comprehensive understanding of the business activities of the firm that are relevant to their role/ function and the specific responsibilities that are to be undertaken in the relevant function including but not limited to the associated risks and the related legal and regulatory framework. An individual should proactively keep themselves informed with regard to developments relevant to their role/function, including for example changes in respect of the legal and regulatory framework, the firm’s market, customer base, industry and the associated impact on risks by engaging in relevant training and maintaining qualifications as required. In doing so an individual should consider if they have sufficient knowledge to explain an

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 91 issue and if not should seek the relevant expertise on a timely basis. Where relevant, an individual should ensure they are compliant with the applicable Minimum Competency Code issued by the Central Bank. 5.3.4. In respect of any delegated tasks, an individual should monitor performance of the delegated task on an ongoing basis, including but not limited to staying up to date and knowledgeable about the issues or activities delegated, receiving reports on progress and where appropriate challenging the information received as well as progress made. 5.3.5. An individual’s compliance with the systems and controls, processes, policies and procedures of the firm and any legal obligation and standard imposed on the firm should be considered as enablers of the effective operation of the business as opposed to impediments. Individual compliance should go beyond ‘ticking the box’. Compliance should be observed to be ‘active’ in that individuals are using their own initiative to act in a compliant manner rather than it being driven by prompts and/or threats of punitive actions. Collective Decision Making 5.3.6. In developing the IAF, the Central Bank is mindful of the need to ensure that the important role of collective decision-making in the running of firms is not negatively impacted as an unintended consequence of placing increased focus on individual accountability. The Central Bank considers that the introduction of the IAF does not alter the concepts of collective responsibility shared by directors as board members, and collective decision-making, which is dependent on the

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 92 appropriate contributions of individual members of senior management in order to be robust. In terms of the Central Bank’s expectations of individuals, these have not changed. 5.3.7. Participation in collective decision making goes beyond the board and formal board committees, for example this may include an executive committee, asset and liability committee, steering or project committees related to key business or regulatory initiatives. As part of the fulfilment of their individual responsibilities, CF role holders should ensure that all decisions are properly informed, that they exercise sound judgement and contribute to collective decisions, as would be appropriate. 5.3.8. Reflective of the importance that the Central Bank places on collective responsibility and the collective functioning of the firm via collective decision-making, CF role holders should be fully informed of matters for which they are collectively responsible, even if other individuals are responsible for those specific areas, so that they can actively contribute to and challenge relevant decisions. Members of the board and other senior individuals should also be familiar with obligations that apply under the corporate governance framework and Companies Acts in respect of their role and responsibilities in decision making at the firm. 5.3.9. Individuals should attend and actively contribute to relevant meetings and be appropriately informed of the matter(s) at hand. This will typically involve reviewing relevant management information, consulting with staff and if appropriate obtaining advice from experts either through internal or external channels in a timely manner. To ensure that

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 93 a firm’s collective decision making can benefit from a group’s diversity in terms of knowledge, experience and skills and avoid barriers to effective decisions such as groupthink, herd behaviour or domineering individuals, individuals should exercise due care, skill and diligence when partaking in collective decision making. This includes, for example:  Ensuring sufficient attention to and awareness of their own behaviour, cognitive biases of participants and the group dynamics that influence the results.  Providing input and constructive challenge, in such way that recognises both the value and limitations of their own knowledge, skills and experience.  Contributing in an engaging and inclusive manner such as through active listening, allowing appropriate opportunity for points to be made by others and allowing for adequate debate and review of the matter(s) at hand including consideration of any potential risks arising from such a decision. 5.3.10. Where an individual considers a decision may not be in the best interests of customers based on facts and the information at hand on the matter and following appropriate and effective challenge, they should take appropriate follow-up action. Acting with due skill care and diligence as a member of the Board 5.3.11. The Central Bank notes that directors have fiduciary duties under the Companies Act 2014, which are complementary to the Common Conduct Standards. In respect of the Common Conduct Standard to act with due skill care and diligence, this applies to all Directors (both executive and non-executive)

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 94 exercising their role and responsibilities as a member of the board, other governing body, or its committees. This includes, taking part in meetings, preparing and reviewing papers in advance of meetings, actively participating in collective decisions, constructively challenging, engaging in consultation and reporting to the relevant body or committee as required. Other behaviours 5.3.12. Examples of other behaviours not consistent with acting with skill, care and diligence include providing advice or guidance to customers where an individual is not competent to do so, engaging in acts, omissions or business practices that could be reasonably expected to cause customer detriment, failing to explain the risks of a product to a customer or providing false, inadequate or misleading information to others including details relating to a product, an individual’s qualifications, past employment record or experience. 5.4 Cooperating in Good Faith and Without Delay 5.4.1. Section 53E (1) of the 2010 Act as amended by the IAF Act states: (c) that the person cooperates in good faith and without delay with the Bank and with authorities that perform functions in a jurisdiction other than the State that are comparable to one or more of the functions performed by the Bank under financial services legislation, including— (i) responding to requests and requirements under financial services legislation in an open and timely manner, (ii) disclosing information or records when required to do so under financial services legislation,

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 95 (iii) attending meetings and interviews when required to do so under financial services legislation, (iv) not providing false, inaccurate or misleading information, records or explanations, (v) not destroying, hiding or putting beyond reach information or records that it is reasonable for the person to expect to be required to be disclosed under financial services legislation, and (vi) not engaging in evasive, misleading or obstructive conduct. 5.4.2. The standard to cooperate in good faith and without delay with the Central Bank and other regulators (i.e. regulators who have a role in regulating the particular activity, for example overseas regulators in an inward/outward branch) does not represent a duty on an individual to proactively report or disclose information. In the context of this standard co-operating in good faith and without delay, the Central Bank (or other regulator as relevant) might reasonably expect an individual that receives a specific request for information or attendance at a meeting, that the individual should accommodate any such request in a timely, co-operative and transparent manner, answering any questions openly and honestly. 5.4.3. An individual should report any such information by following existing processes in the firm for reporting information to the Central Bank (or other regulators). Information should be provided in a prompt and unambiguous manner ensuring that salient information is readily identifiable and not consolidated or grouped amongst irrelevant data. Providing information in a piecemeal or ambiguous manner could be considered as an effort to conceal or evade the detection of information.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 96 5.4.4. Factors to consider in assessing compliance with this standard include:  whether the individual has provided information in line with the firm’s existing internal processes for reporting information to the Central Bank (or other regulators);  whether the individual has contributed to a decision not to report information;  whether the individual has tried to prevent the information from being reported;  whether the individual has provided comprehensive relevant and complete information when first requested. 5.4.5. Examples of other behaviours not consistent with co-operating in good faith and without delay with the Central Bank (or other regulators) include being untruthful, providing false or misleading information or being uncooperative, failure to report information in accordance with the existing internal processes, influencing a decision not to report an issue or obstructing the reporting of information, pressuring others in respect of reporting of information, failing to attend an interview, reply to questions or requests for information in a timely manner without good reason. 29 5.5 Acting in the Best Interests of Customers and Treating Them Fairly and Professionally 5.5.1. Section 53E (1) of the 2010 Act as amended by the IAF Act states: (d) that the person acts in the best interests of customers and treats them fairly and professionally, including

29 Good reasons could include, where applicable, a right to preserve legal professional privilege, a right to avoid self-incrimination, complying with an order of a court or complying with an obligation imposed by law or by a regulator.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 97 (i) ensuring that customers are informed in a clear manner of relevant information relating to financial services of which they ought to be aware, and not impeding the provision of relevant information to customers, (ii) communicating with customers in a timely manner having regard to the urgency of any matter and the time required by the customer to consider the relevant information, (iii) assessing the needs and circumstances of customers, including their level of knowledge and experience of financial services, their financial circumstances and the range of options available to them, and ensuring that any advice or recommendation provided to customers is appropriate and tailored to their needs and circumstances, (iv) ensuring that customers are not misled as to the advantages of any financial service, (v) acknowledging and seeking to resolve, any complaints received from customers, (vi) resolving errors or mistakes affecting customers, and disclosing errors or mistakes to the customers affected in a timely manner, and (vii) not acting in a manner that is unfair to customers. 5.5.2. This standard introduces an obligation on individuals to act in the best interests of customers and treat them fairly and professionally. This standard applies to all individuals regardless of whether they have direct contact or dealings with customers, recognising the importance that individuals consider how their actions (or failure to act) can negatively affect outcomes for customers or result in customers being treated unfairly. 5.5.3. All individuals have a responsibility to act in the best interests of customers throughout the product design, distribution and

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 98 delivery lifecycles. The focus should be on the outcomes for customers and whether those outcomes are what would be expected where firms are acting in the customers’ best interests. In deciding what it means to ‘act in the best interests of customers’, a key determinant is the reasonable expectations of those customers. 5.5.4. Individuals should ensure that their communication with customers is clear and comprehensible. Individuals should ensure that in their dealings with customers, they make full disclosure of all relevant material information, available to them, in a way that seeks to inform the customer. Individuals should pay attention to feedback from customers that may indicate problems, which need to be addressed. 5.5.5. In respect of errors or issues arising, individuals should communicate all relevant information to the appropriate individuals within their firm in a timely manner. If responsible for resolving the error or issue, individuals should consider the root cause(s) of such errors or issues and take the necessary action to remedy the root causes so as to lessen the chances of those errors or issues reoccurring. Also, individuals should review the causes of errors and issues and determine without delay the extent to which other customers of the firm may also be affected. It is important for the firm and for individuals within a firm to act without having to wait for a complaint or other prompt from a customer. 5.5.6. The IAF Act contains a non – exhaustive list of example behaviours, which are aligned to acting in the best interests of customers and treating them fairly and professionally, and it is not intended to provide specific guidance on each behaviour on

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 99 the basis that they are generally self-explanatory. Other behaviours not consistent with acting in the best interests of customers and treating them fairly and professionally include undertaking, recommending or providing advice on transactions without a reasonable understanding of the risk to a customer or of the downsides of a product, or generally providing advice or guidance to customers where you are not competent to do so. 5.6 Operating in Compliance with Standards of Market Conduct and Trading Venue Rules 5.6.1. Section 53E (1) of the 2010 Act as amended by the IAF Act states: (e) that the person operates in compliance with standards of market conduct and trading venue rules to which the regulated financial service provider is subject by law and any market codes that apply to the affairs of the regulated financial service provider. 5.6.2. In the context of this common conduct standard, ‘market’ should be understood as encompassing any place where buying and selling interests interact or where quotes are provided. 5.6.3. CF role holders should refrain from improper actions, behaviours or practices that are contrary to the firm’s code of conduct that could result in harm to the firm, its customers, counterparties and market participants or damage to the integrity and transparency of financial markets. 5.6.4. CF role holders should comply with internal processes, policies and procedures, systems and controls that firms have adopted

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 100 for the purpose of ensuring the compliance with the market conduct standards to which the firm is subject. 5.6.5. In order to comply with the standard, CF role holders should take reasonable steps to ensure that they have an awareness and understanding of: (1) The relevant regulatory framework which applies to the firm’s activities, and the regulatory requirements and expectations relevant to their role and, (2) Conduct risks relevant to the function the individual performs and / or market activity in which the individual engages. 5.6.6. CF role holders should comply with industry Codes of Conduct/Practices related to the firm’s activities and where the firm has made a commitment to adhere to the codes /practices and has internal policies, procedures and controls in place to meet this commitment.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 101 6. Additional Conduct Standards 6.1 Introduction 6.1.1. As set out in section 53F of the 2010 Act as amended by the IAF Act, in the case of an individual who performs a PCF or a CF1 role, the Additional Conduct Standards are: “(a) that the business of the regulated financial service provider is controlled effectively, (b) that the business of the regulated financial service provider is conducted in accordance with its obligations under financial services legislation, (c) that any delegated tasks are assigned to an appropriate person with effective oversight, and (d) that any information of which the Bank would reasonably expect notice in respect of the business of the regulated financial service provider is disclosed promptly and appropriately to the Bank, including information relevant to, or giving rise to a suspicion or expectation of, any of the following: (i) commission of an offence by the regulated financial service provider or a person performing a controlled function in relation to it; (ii) commission of a prescribed contravention or any other breach of obligations under financial services legislation by the regulated financial service provider or a person performing a controlled function in relation to it; (iii) concealment or deliberate destruction of evidence relating to a matter referred to in subparagraph (i) or (ii);

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 102 (iv) provision of false or misleading information to the Bank relating to a matter referred to in subparagraph (i) or (ii); (v) obstruction or impeding of an investigation relating to a matter referred to in subparagraph (i) or (ii); (vi) commencement of legal proceedings by or against the regulated financial service provider arising from its obligations under financial services legislation; (vii) commencement of legal proceedings against the regulated financial service provider which may impact on its ability to continue to trade; (viii) anything that may otherwise interfere significantly with the operation of the regulated financial service provider or its compliance with its obligations under financial services legislation; (ix) a decision by the regulated financial service provider to cease to provide financial services of a particular description”. 6.1.2. This IAF Guidance sets out the Central Bank’s expectation in relation to compliance specific to each Additional Conduct Standard. Please refer to Chapter 3 with regard to some nonexhaustive guidance on steps it is reasonable in the circumstances for an individual to take in respect of each of the Additional Conduct Standards. 6.1.3. It is recognised that NEDs and INEDs individually do not manage a firm's business in the same way as executive directors. The responsibilities for which NEDs and INEDs are accountable are more limited, relating to their role in respect of governance, oversight and challenge, therefore they are not expected to assume executive responsibilities. The standards

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 103 to be met by these individuals in their role as NEDs and INEDs will relate purely to their non-executive, oversight functions and will be limited to what should reasonably be expected of individuals in that context. 6.2 Additional Conduct Standard (a) that the business of the regulated financial service provider is controlled effectively. 6.2.1. An individual should ensure that they fully understand the area of the business for which they are responsible (e.g. regulations, market, customer base for example, to ensure they are protecting the best interests of their consumers at all time, industry, business changes etc.) and keep themselves properly informed and up-to date with regard to developments. An individual should corroborate, challenge and consider the wider implications of the information available to them and seek additional information where necessary. 6.2.2. Mindful of a firm’s business model, which will vary by firm-tofirm, certain PCFs may have broader responsibilities for the running of the business. For example, the role of Chief Executive Officer, who is accountable for the performance and results of the firm, does not just focus on a particular business area but has responsibility for carrying out the management of the conduct of the whole of the business (or relevant activities) of a firm. PCF role holders in attending and contributing at meetings at which collective decisions are made, should ensure they have sufficient information and understanding of the matter(s) at hand to participate effectively in the collective decision making, commensurate with the parameters of their role including any broader responsibilities in the running of the business where relevant. In such circumstances where PCF role

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 104 holders do not have sufficient information and understanding of the matter(s) they should take steps to obtain it and ensure that they are appropriately informed, seeking further briefings and explanations to the extent necessary. PCF role holders should rationally challenge and debate the matters including review of any risks involved in the decision and take appropriate follow-up action where the outcome is not in the best interest of the firm and its related stakeholders, including its customers. 6.2.3. In organising the area of business for which they are responsible, an individual should consider the board approved strategy and plans for the business. These will typically determine the risks inherent in the business and the levels of risk that the business is prepared to take on, how the business is to be run to manage risks and therefore the level and intensity of control and monitoring that is needed. In circumstances where the firm:  undertakes a high-risk strategy, an individual should fully assess the impact of such strategy on the firm and ensure that they implement the proposed strategy in an appropriately controlled way.  has a high growth strategy, an individual should demonstrate that they fully assessed the impact on the firm’s stakeholders, including the firm’s customers, of successful delivery of such a strategy and that, it is not at the expense of adherence by the firm to regulatory requirements.  is a strategy taker from an overseas parent company, an individual should demonstrate that in implementing this strategy they identified/challenged on any aspects of the overseas strategy that may not have been compatible

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 105 with the local business and/or with the regulatory and consumer protection framework. 6.2.4. An individual should ensure that they have the necessary framework in place to effectively and proactively oversee the monitoring, identification and rectification of any weak and ineffective systems and controls, in the areas for which they are responsible. Recommendations on system and control improvements, including those arising from internal and external reviews, should be considered and implemented, where appropriate, in a timely manner. In the event that a recommendation is not implemented, an individual should have a documented rationale to support the course of action adopted. 6.2.5. An individual should ensure that the responsibilities and accountabilities of those staff for which they are responsible are clearly defined and understood and appropriately allocated and that reporting lines, including in relation to issue escalation and resolution, are clearly set out and understood. Particular attention should be given by the individual to ensure:  clear reporting lines, authorisation levels and job descriptions/ responsibilities.  clarity in the case of ‘matrix’ or dual reporting arrangements whether in Ireland or overseas.  regular review of the appropriateness of responsibilities allocated.  An open and transparent communication environment is fostered at all levels of reporting lines.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 106 6.2.6. An individual should ensure that appropriate policies and procedures are in place for reviewing the competence, knowledge, skills and performance of their staff members and for assessing their suitability to fulfil their duties. This includes not giving undue weight to a staff member’s contribution to the firm’s financial performance when considering the suitability or continuing suitability of that staff member for a particular role. 6.2.7. An individual should ensure that there is a comprehensive and orderly transition when there are personnel changes in roles under their oversight or responsibility. This could include, where appropriate, a comprehensive set of guidance for the successor, addressing matters of relevance to performing the function, ensuring compliance with regulatory requirements, and maintaining effective control and a series of transitional handover meetings, which all relevant individuals attend. 6.3 Additional Conduct Standard (b) that the business of the regulated financial service provider is conducted in accordance with its obligations under financial services legislation. 6.3.1. An individual should ensure their firm's compliance with the relevant regulatory requirements by ensuring the operational effectiveness of related systems and controls. This does not mean that they themselves have to put in place the systems or controls for the business unless that is within their role and responsibilities. However, they are required to ensure that the area of the business for which they are responsible has appropriate and up to date operating policies and procedures with clear and well-defined steps for complying with the detail of all of the relevant regulatory requirements.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 107 6.3.2. An individual should ensure that compliance with relevant regulatory requirements is appropriately monitored and that all staff are aware of and understand the need for compliance. This includes that an individual should seek to ensure that suitable training is provided to staff at an appropriate frequency to enable them to fully understand the business (e.g. regulatory, market, industry, business changes) and keep adequately informed and up-to date with regard to the evolving regulatory environment in which they operate and that there is clarity regarding how requirements apply to each individual role. Factors, which might be considered, in addition to the provision of structured training and/or on the job training, include how feedback on the quality of training is gathered/assessed/actioned and whether requests for additional training or ad-hoc training or support are considered and facilitated as appropriate. Further, the individual themselves should promote the embedding of a culture of compliance, by visibly leading by example and setting a tone that supports and encourages the compliance of those in the relevant area. 6.3.3. Where there are concerns with staff performance, and in particular where these relate to compliance with regulatory requirements, an individual should be satisfied, that:  prompt action is taken to conduct an independent investigation (whether this is by an internal or external individual) of the concerns.  the investigation is properly conducted, leading to clear findings and informing appropriate resolution.  while the investigation is ongoing and prior to resolution of the issues arising an interim plan is put in place to

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 108 mitigate any risks identified such that the firm and relevant stakeholders are protected from any performance deficiencies identified.  the response or actions on foot of the investigation are appropriate to resolve the concerns, which could include whether the individual should continue in their role.  weight is not given to a staff member’s contribution to the firm’s financial performance when considering the above. 6.3.4. In the case of a temporary appointment, an individual, in their oversight of such an appointment, should satisfy themselves that appropriate arrangements are in place to ensure ongoing compliance with the regulatory requirements to avoid increased risk and disruption during any transition or interim period and ensure any risk to compliance with regulatory requirements as a result of the temporary appointment is mitigated appropriately. 6.3.5. An individual should keep themselves up to date and informed in a timely manner about potential or actual breaches of the regulatory requirements, including understanding the reasons for failure and obtaining expert opinions where appropriate. Where an individual becomes aware of issues that involve potential or actual breaches of regulatory requirements in the area of the business of the firm for which they are responsible, they should ensure that the root cause of such potential or actual breaches is adequately investigated (including for example consideration of whether the utilisation of internal audit or external advisors is appropriate) and is fully resolved in a timely and appropriate manner. Steps should be taken to mitigate the risk of recurrence which may include an adequate remediation plan being implemented to ensure such a breach

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 109 does not reoccur and that any wider lessons learnt are applied across the organisation where required. It is not unreasonable for the firm to carry out a cost benefit analysis (CBA) when assessing any recommendations for improvements. However, any CBA undertaken should only be one of the factors considered and not the only consideration that drives the ultimate decision. In doing a CBA, firms need to be conscious of the wider implications for customers, markets and corporate and social responsibility. 6.4 Additional Conduct Standard (c) that any delegated tasks are assigned to an appropriate person with effective oversight. 6.4.1. An individual, while retaining overall accountability, may delegate the management of the day-to-day business, where it is appropriate to do so. The extent of the delegation will depend on, amongst other factors, the nature, scale and complexity of the business. 6.4.2. The larger and more complex the business, the greater the need for clear and effective delegation and reporting lines, which will involve documenting the scope of that delegation and the reporting lines. 6.4.3. An individual should delegate only when they are satisfied that the delegate has the competence, knowledge, seniority, skill and capacity to deal with the tasks or activities being delegated. 6.4.4. Any such delegation should be appropriately arranged, managed and monitored. This includes for example:

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 110  Ensuring a clear understanding of what is being delegated and what is expected from the individual to whom they are delegating.  Continuing oversight of the delegated activity, including but not limited to continuing oversight of the performance of an outside contractor in connection with the delegated activity, staying up to date and knowledgeable about the issues or activities delegated, receiving reports on progress and where appropriate, challenging the information received.  Ensuring appropriate systems are in place to escalate and address issues effectively, including ensuring they are dealt with at an appropriate level, in an appropriate way and on a timely basis. Complex or high-risk issues may need enhanced control and monitoring.  Where an issue raises significant concerns, an individual should act clearly and decisively. 6.5 Additional Conduct Standard (d) that any information of which the Bank would reasonably expect notice in respect of the business of the regulated financial service provider is disclosed promptly and appropriately to the Bank, including information relevant to, or giving rise to a suspicion or expectation of, any of the following: (i) commission of an offence by the regulated financial service provider or a person performing a controlled function in relation to it; (ii) commission of a prescribed contravention or any other breach of obligations under financial services legislation by the

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 111 regulated financial service provider or a person performing a controlled function in relation to it; (iii) concealment or deliberate destruction of evidence relating to a matter referred to in subparagraph (i) or (ii); (iv) provision of false or misleading information to the Bank relating to a matter referred to in subparagraph (i) or (ii); (v) obstruction or impeding of an investigation relating to a matter referred to in subparagraph (i) or (ii); (vi) commencement of legal proceedings by or against the regulated financial service provider arising from its obligations under financial services legislation; (vii) commencement of legal proceedings against the regulated financial service provider which may impact on its ability to continue to trade; (viii) anything that may otherwise interfere significantly with the operation of the regulated financial service provider or its compliance with its obligations under financial services legislation; (ix) a decision by the regulated financial service provider to cease to provide financial services of a particular description. 6.5.1. An individual should act in an open and co-operative manner and disclose, promptly and appropriately, any information of which the Central Bank would reasonably expect notice, including making a disclosure in the absence of a specific request or query from the Central Bank where relevant matters come to their attention. This includes providing complete and adequate information on a timely basis to an appropriate contact at the Central Bank to facilitate an understanding of the matter and its potential implications. By virtue of their position, they are expected to have access to information of potential regulatory significance and to have the expertise to recognise when this is something which the Central Bank would reasonably expect notice of. 6.5.2. Where an individual becomes aware of information which they might expect the Central Bank could reasonably expect notice,

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 112 they should determine whether that information falls within the scope of their responsibilities:  If it does fall within the scope of their responsibilities, and if it is otherwise appropriate to do so, then they should ensure that it is disclosed to the Central Bank promptly.  If it does not reasonably fall within the scope of their responsibilities, then, in the absence of any reason to the contrary, they might reasonably assume that its disclosure to the Central Bank was being dealt with by the individual with responsibility for dealing with information of that nature, and should obtain confirmation of this now that the matter has come to their attention. 6.5.3. Similarly, if they are not sure whether it is within the scope of their responsibility and whether the matter is being dealt with by another individual, the Central Bank would expect them to promptly make enquiries to clarify such responsibilities, rather than disregard the matter. 6.5.4. Where a decision was made not to report the matter an individual must be able to evidence that this decision was made after reasonable enquiry and analysis of the situation.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 113 Part D Chapter 7 Fitness & Probity Regime

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 114 7. Fitness & Probity Regime 7.1 Introduction 7.1.1. As set out in Chapter 1, the IAF introduces enhancements to the Fitness and Probity (F&P) Regime. As noted in paragraph 1.3, certain more general enhancements to the F&P Regime are the subject of separate guidance. The key changes which this IAF Guidance30 seeks to address from the perspective of the firms, holding companies and individuals performing CF roles are that the F&P Regime has been:  amended to include an obligation on firms to proactively certify that certain staff are fit and proper and capable of performing their roles with integrity and competence;  extended to apply to holding companies established in Ireland; and  amended to include Head of Material Business Line as a PCF role for insurance undertakings and investment firms.

30 The Guidance on the Fitness and Probity Standards has been amended to reflect these changes.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 115 7.2 Certification Background - Existing obligations under the F&P Regime 7.2.1. Part 3 of the 2010 Act requires that an individual performing a CF role must have a level of fitness and probity appropriate to the performance of that particular function. Further, Section 21 of the 2010 Act prohibits a firm from allowing an individual to perform a CF role unless the firm is satisfied on reasonable grounds that the individual complies with any standards of fitness and probity issued by the Central Bank in a code under Section 5031 of the 2010 Act. 7.2.2. The related Fitness and Probity Standards and the Fitness and Probity Standards for Credit Unions (both referred to as F&P Standards) require individuals in CF roles to be:  competent and capable;  honest, ethical and to act with integrity; and  financially sound. 7.2.3. Therefore, a firm cannot appoint an individual to a CF, or allow them to continue in such a role, if it is not satisfied that the individual meets the above standards (or indeed any of the relevant codes, as applicable). The same prohibition applies to the firm if the individual in the CF role has not agreed with the firm in writing to comply with the above standards (or any of the codes that may be applicable to them). The certification requirement(s) 7.2.4. Section 21 of the 2010 Act, as amended by the IAF Act, and the Certification Regulations require that where a firm/holding

31 Such codes include the Fitness & Probity Standards, the Fitness and Probity Standards for Credit Unions and the Minimum Competency Code

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 116 company is satisfied on reasonable grounds that a person performing a CF role, (i) complies with any standard of fitness and probity issued by the Central Bank under section 50 of the 2010 Act; and (ii) agrees in writing to comply with such standard of fitness and probity and to notify the firm/holding company without delay if for any reason he or she no longer complies with such standard of fitness and probity, the firm/holding company is required to certify that the individual complies with such standards of fitness and probity. 7.2.5. An entity which becomes a firm or holding company must certify individuals in CF roles within 5 days of becoming a firm/holding company or as otherwise agreed with the Central Bank. In this regard, it should be noted that the steps required to certify individuals in CF roles will be completed as part of the authorisation process. 7.2.6. Accordingly, firms and holding companies are required to documentthe following in respect of each individual in a CF role as part of the certification process: a) Confirmation that the firm/holding company is satisfied that the individual meets any standards of fitness and probity applicable to the CF role(s); b) Confirmation that the individual has agreed to comply with those standards; c) Identification of the CF role(s) held; d) An outline of the aspects of the affairs of the firm/holding company in which the individual will be involved in performing the CF role(s); e) Details of the steps taken by the firm/ holding company in forming the view that the individual meets any standards of fitness and probity applicable to the CF role(s); and

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 117 f) Whether the role is outsourced to an unregulated entity. 7.2.7. Where an individual performing a CF role does not comply, or continue to comply, with the F&P Standards and therefore cannot be certified, the firm/ holding company cannot permit that individual to perform, or continue to perform, the CF. Identification of CFs to which the certification requirement(s) will apply 7.2.8. Section 21 of the 2010 Act applies to all firms and holding companies subject to the F&P Regime. Accordingly, the certification requirements will apply to all firms and holding companies and are relevant to all individuals in CF roles within them, with the exception of those individuals in CF roles to whom the exemptions from the F&P Standards apply. 7.2.9. Firms and holding companies are required to maintain a register of individuals in CF roles and the specific CF role performed by them as defined by CF1-CF11. 32 The Central Bank has previously noted33 that good practices identified include a requirement to review the job description when a vacancy arises to determine if the role is CF or PCF in nature, and guidelines setting out the key principles and rationale for the general interpretation of the CFs across the firm. The Central Bank encourages the use of such practices in respect of all CF or PCF roles performed within the firm or outsourced to an unregulated Outsourced Service Provider.

32 https://www.centralbank.ie/docs/default-source/regulation/how-weregulate/authorisation/fitness-probity/regulated-financial-service-providers/list-of-11-controlledfunctions.pdf?sfvrsn=4 33 https://www.centralbank.ie/docs/default-source/regulation/how-we-regulate/fitnessprobity/news/dear-ceo-letter---thematic-inspections-of-compliance-with-obligations-under-thefitness-and-probity-regime.pdf

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 118 7.2.10. As set out in Section 5 of the Guidance on the Fitness and Probity Standards, where a CF role is outsourced to an ‘unregulated entity’, the firm/holding company remains responsible for its obligations under Section 21 of the 2010 Act and Certification Regulations, including the certification process in respect of each individual in the CF role. 7.2.11. Firms and holding companies are required to maintain an accurate and up-to-date register of individuals in CF roles, which is reflective of the Certification process as outlined in this section. 7.2.12. Firms and holding companies are not required to submit the register to the Central Bank unless requested to do so. However, the list of individuals performing CF roles must be made available to the Central Bank on request. Details in respect of the information to be submitted to the Central Bank with regard to Section 21 of the 2010 Act and the Certification Regulations are set out in paragraphs 7.2.18 - 7.2.19. Forming the view that the individual meets the standards 7.2.13. The firm/holding company must undertake appropriate due diligence to satisfy itself that each individual performing a CF role is fit and proper to perform that role and be in a position to certify same. 7.2.14. Guidance on the specific due diligence to be undertaken and on how firms/holding companies should determine the standard of fitness and probity to a particular CF role is provided in detail in the Guidance on the Fitness and Probity Standards, a summary of which is set out below.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 119 7.2.15. On the basis of shortcomings relating to firms' compliance with the ongoing fitness and probity obligations, and specifically initial and ongoing due diligence process, and in the context of compliance with Section 21 of the 2010 Act and the Certification Regulations, the Central Bank clarifies its expectations in relation to due diligence as follows:  all due diligence is applicable to the CF population to which the certification requirement applies;  all due diligence must be performed prior to appointment and on an ongoing basis, with limited exceptions relevant prior to appointment only (e.g. reference checks, interview or application, or record of previous experience) or which are applicable only in certain circumstances; and  the majority of due diligence must be assessed by the firm/holding company itself in the case of PCFs and CF1- 2. While the F&P Guidance sets out the Central Bank’s expectations in relation to due diligence, it does not purport to address every possible check and, as such, firms should apply an approach consistent with the nature, scale and complexity of the firm and the roles therein. Table 3 | Due Diligence Standard Supporting documents obtained from a third party Frequency PCF CF1- 2 CF3- 11 Competent and Capable Provision of a copy of the relevant transcripts Initial (and ongoing if applicable) Y Professional Body Check Initial (and ongoing if subject to renewal) Y

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 120 Y = Checks undertaken by the firms/holding companies SC = Self Certify I/A = If Applicable Frequency/conduct of the certification process 7.2.16. Section 21 of the 2010 Act is a continuing obligation on firms and holding companies. It is not a one off obligation discharged once due diligence has been undertaken upon commencement, or in relation to an initial appointment to a CF role. Accordingly, under the Certification Regulations, firms and holding companies are required to carry out the certification process in respect of all individuals in CF roles:  prior to appointment (or in the case of a PCF, prior to the submission of an IQ to the Central Bank);  on an annual basis; and/or  in respect of any new CF role(s) assumed, in advance of appointment to same. 7.2.17. In respect of individuals holding more than one CF role concurrently, the Central Bank envisages one single certification process that is reflective of all CF roles held, Employer’s References Initial Y Minimum Competency Code and Minimum Competency Regulations 2017 Initial and ongoing I/A I/A SC/Y Conflicts Initial and ongoing SC Honest, ethical and with Integrity Garda Check/Convictions Initial and ongoing SC Regulator Check Initial and ongoing Y Y SC Financial Soundness Judgements Search Initial and ongoing Y Y SC

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 121 completed prior to appointment, on an annual basis and/or in respect of any new CF role(s) assumed in advance of appointment to same. Provision of data in relation to certification/ Submission to the Central Bank 7.2.18. It is not the Central Bank’s expectation that firms and holding companies provide individual certificates to each CF, nor is it intended that an individual confirmation of the completion of the certification process in respect of each CF is submitted to the Central Bank. Further details regarding the retention and submission of data in relation to certification are set out below. 7.2.19. As part of the Annual PCF Confirmation process firms and holding companies are required to: (i) submit confirmation of the completion of the certification process for each PCF role holder to the Central Bank on an annual basis via the Annual PCF Confirmation Return; and (ii) confirm the completion of the overall certification process in respect of all other CF role holders on an annual basis via the Annual Overall Certification Process Return. 7.2.20. While it is expected that the majority of firms/holding companies should be in a position to confirm the completion of the overall certification process annually, the Central Bank notes that there may be circumstances whereby firms/holding companies cannot confirm same (for example, where an individual in a CF role has yet to complete the CPD hours but is scheduled to do so within a reasonable timeframe). In such circumstances, firms/holding companies should assess the materiality of the situation, and where it is determined that it

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 122 will not impact on the certification of the individual, firms/holding companies are required to record any such instance and the reason for same, as well as an appropriate timeframe within which it will be remedied, and to confirm that the overall certification process has otherwise been completed. Retention of data in relation to certification 7.2.21. Firms and holding companies are required to maintain all information collected in compliance with its obligations under Section 21 of the 2010 Act and the Certification Regulations for the duration during which the individual performs the CF role. This includes the documentation of, and records in relation to, the certification of each individual in a CF role, and the due diligence and the agreements to comply with the standards of fitness and probity. 7.2.22. Firms and holding companies are required to maintain the information collected in compliance with Section 21 of the 2010 Act and the Certification Regulations for a minimum of 6 years after that individual has ceased to perform the CF on behalf of the firm. 7.2.23. The Central Bank may require to see any such records or due diligence either in the context of an investigation of a firm’s/holding company’s compliance with Section 21 of the 2010 Act, and the Certification Regulations or an investigation in relation to an individual's fitness and probity to perform a CF role.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 123 7.2.24. Firms/holding companies should have regard to their obligations under General Data Protection Regulation34 in holding the information referred to in this Section including ensuring that the information is held securely and in an appropriate manner. Responsibility for and compliance with the certification process 7.2.25. Firms and holding companies should implement procedures to manage the firm’s/holding company’s compliance obligations with Section 21 of the 2010 Act and the Certification Regulations. 7.2.26. In this regard, the Central Bank recognises that firms/holding companies may wish to incorporate the certification process within existing processes and, as such, the Central Bank has not prescribed a format for certification. For example, some firms may wish to incorporate the certification process as part of their ongoing performance monitoring. 7.2.27. The Central Bank will engage in periodic follow-up with firms/holding companies regarding the appropriateness of and compliance with the certification process, through ongoing supervisory engagement and/or thematic inspections. 7.2.28. Further, there should be one individual within a firm with overall responsibility for certification. Accordingly, for those firms in scope of SEAR, an individual must be assigned PR 2 ‘Responsibility for the firm’s performance of its obligations under the Fitness and Probity Regime under Part 3 of the 2010 Act’.

34 REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 124 Whilst the day-to-day operation and management may be delegated to the relevant department(s), one individual must be assigned PR 2. For those firms outside the scope of the SEAR, in line with the existing approach to due diligence for PCFs and the Annual PCF Confirmation, the Central Bank considers the Chief Executive Officer or equivalent to be responsible and accountable for certification. Material changes or concerns regarding fitness and/or probity 7.2.29. In addition to the requirement for firms and holding companies to obtain confirmation that an individual in aCF role has agreed to comply with the fitness and probity standards under Section 21 of the 2010 Act and to comply with the Certification Regulations, firms and holding companies should require individuals performing CF roles to notify the firm or holding company of any material changes in respect of initial due diligence carried out. 7.2.30. Further, the Central Bank expects that firms/holding companies carry out an audit of individuals performing CFs and PCFs on an annual basis by asking individuals in CF and PCF roles to confirm whether they are aware of any material developments in relation to their compliance with the F&P Standards of which the firm/holding company ought to be aware. 7.2.31. Where a firm/holding company becomes aware that there may be concerns regarding the fitness and probity of an individual performing a CF role, the Central Bank expects the firm/holding company to investigate such concerns and take action as appropriate without delay.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 125 Breach of Section 21 of the 2010 Act 7.2.32. Breach of Section 21 of the 2010 Act, may result in the imposition of sanctions on the firm pursuant to Part IIIC of the 1942 Act. 7.2.33. A decision by the Central Bank to impose sanctions under Part IIIC of the 1942 Act for breach of Section 21 of the 2010 Act may be appealed to the Irish Financial Services Appeals Tribunal. 7.3 Holding Companies 7.3.1. The IAF Act amends the 2010 Act such that the F&P Regime is extended to apply to holding companies established in Ireland. The change means that individuals proposed for PCF roles in holding companies will be assessed by the Central Bank under the existing F&P Regime in the same way as individuals proposed for PCF roles in firms are assessed. In addition, CFs in holding companies will be required to comply with the F&P Standards. 7.3.2. The Guidance on the Fitness and Probity Standards provides guidance for firms with regard to their obligations under Section 21 of the 2010 Act in relation to the F&P Standards. It sets out the steps which the Central Bank would expect a firm to take in order to satisfy itself on reasonable grounds that individuals performing CFs are compliant with the F&P Standards. 7.4 Head of Material Business Line 7.4.1. Section 22 of the Central Bank Reform Act 2010 enables the Central Bank to prescribe PCFs by regulation. Following the introduction of a new PCF-50 Head of Material Business Line

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 126 for credit institutions in October 2020, in order to ensure that the list of PCF roles is appropriate to capture the present and future changes to the nature, scale and complexity of the firms, the Central Bank deems it appropriate to introduce the Head of Material Business Line role for insurance undertakings and investment firms set out below. 7.4.2. The Head of Material Business Line for insurance undertakings (PCF-54) is an individual who has significant influence over the performance of a material line e.g. oversees the performance of that business line and the business line in question satisfies either of the following quantitative criteria: a) has gross total technical provisions (whether positive or negative) equal to or in excess of €10 billion; or b) accounts for 25 per cent or more of the insurance undertaking’s gross earned premium, if that gross earned premium is above €1bn per annum. 7.4.3. The Head of Material Business Line for investment firms (PCF55) is an individual who has significant influence over the performance of a material line e.g. oversees the performance of that business line and the business line in question satisfies either of the following quantitative criteria: a) has gross total assets equal to or in excess of €5 billion; b) or accounts for 10 per cent or more of the investment firm’s gross revenue. 7.4.4. The role of Head of Material Business Line would typically include responsibility for management of a material business line at a firm (including Balance Sheet and Profit & Loss management) which would be considered capable of having an impact on the firm due to the commercial or strategic

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 127 importance of that business line. It is anticipated that this role would usually be held by a senior individual with a direct reporting line to the Chief Executive (PCF-8). 7.4.5. Individuals who are already pre-approved as PCF-17 -Head of Retail Sales or PCF18 - Head of Underwriting, will not be required to also seek pre-approval as a Head of Material Business Line. After an individual has been approved and is performing the role, that individual remains in place until such time as they leave their role, even if there are fluctuations in the quantitative criteria post approval.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 128 Appendices

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 129 APPENDIX 1 Table 4 | Pre-Approval Controlled functions (PCFs) that are relevant for firms in scope of SEAR35

35 Please see PCF Regulations setting out complete list of PCF roles: https://www.irishstatutebook.ie/eli/2023/si/663/made/en/print#:~:text=S.I.- ,No.,22)%20(Amendment)%20Regulations%202023&text=%E2%80%9CIris%20Oifigi%C3%BAil%E2% 80%9D%20of%2022nd%20December%2C%202023 Pre-Approval Controlled functions (PCFs) for firms in scope of SEAR General PCF-1 Executive director PCF-2A Non-executive director PCF-2B Independent non-executive director PCF-3 Chair of the board PCF-4 Chair of the audit committee PCF-5 Chair of the risk committee PCF-6 Chair of the remuneration committee PCF-7 Chair of the nomination committee PCF-8 Chief executive PCF-11 Head of Finance PCF-12 Head of Compliance PCF-13 Head of Internal Audit PCF-14 Chief Risk Officer PCF-16 Branch Manager of branches outside Ireland PCF-17 Head of Retail Sales PCF-42 Chief Operating Officer PCF-49 Chief Information Officer PCF-52 Head of Anti-Money Laundering and Counter Terrorist Financing Compliance Insurance

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 130 PCF-18 Head of Underwriting PCF-19 Head of Investment PCF-43 Head of Claims PCF-48 Head of Actuarial Function PCF-54 Head of Material Business Line Banking PCF-21 Head of Treasury PCF-22 Head of Credit PCF-23 Head of Asset and Liability Management PCF-50 Head of Material Business Line PCF-51 Head of Market Risk PCF-53 Head of Client Asset Oversight Investment firms PCF-28 Branch Managers in Ireland PCF-29 Head of Trading PCF-30 Chief Investment Officer PCF-45 Head of Client Asset Oversight PCF-55 Head of Material Business Line Financial Service Providers established outside Ireland PCF-41 Manager of a branch in Ireland of a regulated financial service provider established in a country that is not an EEA country

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 131 APPENDIX 2 Table 5 | Inherent Responsibilities Table 5.1 Inherent Responsibilities Part 1

PCF-1 Executive director Directing the business of the firm.
PCF-8 Chief Executive Overall responsibility for managing and steering the business activities of the firm.
PCF-11 Head of Finance Overall responsibility for managing the financial resources, financial planning and financial reporting of the firm and reporting directly to the Board or relevant subcommittee, or both, on financial affairs.
PCF-12 Head of Compliance Overall responsibility for managing the operation of the compliance function and reporting directly to the Board or relevant subcommittee, or both, on compliance matters.
PCF-13 Head of Internal Audit Overall responsibility for managing the operation of the firm’s internal audit function and reporting directly to the Board or relevant subcommittee, or both, on internal audit matters.
PCF-14 Chief Risk Officer Overall responsibility for managing the firm’s risk function and reporting directly to the Board or relevant subcommittee, or both, on risk management matters.
PCF-16 Branch Manager of branches established outside the State Overall responsibility for managing the operations of a branch of the firm located outside of the State.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 132 8. PCF-17 Head of Retail Sales Overall responsibility for managing the operation of the firm’s retail sales function. 9. PCF-42 Chief Operating Officer Overall responsibility for managing the internal operations of the firm. 10. PCF-41 Manager of a branch in Ireland of a regulated financial service provider established in a country that is not an EEA country Overall responsibility for managing the operations of a branch of the firm located in the State. 11. PCF-49 Chief Information Officer Overall responsibility for managing the firm’s information and communications technology which the firm relies upon. 12. PCF-52 Head of AntiMoney Laundering and Counter Terrorist Financing Compliance Overall responsibility for managing the firm’s anti-money laundering and countering the financing of terrorism compliance functions, and reporting directly to the board on anti-money laundering and countering the financing of terrorism compliance matters. Part 2 Investment Firms 13. PCF-28 Branch Managers in Ireland Overall responsibility for managing the operations of the branch in the State. 14. PCF-29 Head of Trading Overall responsibility for managing the operation of the firm’s trading function. 15. PCF-30 Chief Investment Officer Overall responsibility for managing the operation of the firm’s investment functions.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 133 16. PCF-45 Head of Client Asset Oversight Overall responsibility for managing the operation of the firm’s client asset function. 17. PCF-55 Head of Material Business Line Overall responsibility for managing the operation of a material business line at the firm. Part 3 Insurance Undertakings. 18. PCF-18 Head of Underwriting Overall responsibility for managing the operation of the firm’s underwriting function. 19. PCF19 Head of Investment Overall responsibility for managing the operation of the firm’s investment function. 20. PCF-43 Head of Claims Overall responsibility for managing the operation of the firm’s claims function. 21. PCF-48 Head of Actuarial Function Overall responsibility for managing the operation of the firm’s actuarial function. 22. PCF-54 Head of Material Business Line Overall responsibility for managing the operation of a material business line at the firm. Part 4 Credit Institutions 23. PCF-21 Head of Treasury Overall responsibility for managing the operation of the firm’s treasury function. 24. PCF-22 Head of Credit Overall responsibility for managing the operation of the firm’s credit function. 25. PCF-23 Head of Asset and Liability Management Overall responsibility for managing the operation of the firm’s asset and liability management function. 26. PCF-50 Head of Material Business Line Overall responsibility for managing the operation of a material business line at the firm. 27. PCF-51 Head of Market Risk Overall responsibility for managing the operation of the firm’s market risk function.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 134 28. PCF-53 Head of Client Asset Oversight Overall responsibility for managing the operation of the firm’s client asset function. Table 5.2 Inherent Responsibilities Non-Executive Roles

PCF-2A Nonexecutive director Overseeing and monitoring the strategy and management of the firm.
PCF-2B Independent Non-executive director Overseeing and monitoring the strategy and management of the firm.
PCF-3 Chair of the Board Chairing meetings of the Board, leading and overseeing its performance.
PCF-4 Chair of the audit committee Chairing meetings of the audit committee, leading and overseeing the committee’s performance.
PCF-5 Chair of the risk committee Chairing meetings of the risk committee, leading and overseeing the committee’s performance.
PCF-6 Chair of the remuneration committee Chairing meetings of the remuneration committee, leading and overseeing the committee’s performance.
PCF-7 Chair of the nomination committee Chairing meetings of the nomination committee, leading and overseeing the committee’s performance.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 135 Table 6 | General Prescribed Responsibilities General Prescribed Responsibilities PR1 Responsibility for the firm’s performance of its obligations under the Senior Executive Accountability Regime. PR2 Responsibility for the firm’s performance of its obligations under the Fitness and Probity Regime under Part 3 of the 2010 Act. PR3 Responsibility for embedding the conduct standards throughout the firm. PR4 Responsibility for leading the development of the firm’s culture, including on matters relating to diversity and inclusion, by the Board. PR5 Responsibility for overseeing the adoption of the firm’s culture, including on matters relating to diversity and inclusion, in the day-to-day operation of the firm. PR6 Responsibility for overseeing the development of the firm’s remuneration policies and practices. PR7 Responsibility for ensuring that action is taken to prevent further harm or detriment to customers where the firm becomes aware that a decision or action taken or failure to act has caused harm or detriment to customers. PR8 Responsibility for safeguarding the independence of the internal audit function and for oversight of the function and the Head of Internal Audit. PR9 Responsibility for safeguarding the independence of the compliance function and for oversight of the function and the Head of Compliance. PR10 Responsibility for safeguarding the independence of the risk function and for oversight of the function and the Chief Risk Officer. PR11 Responsibility for leading the development and monitoring implementation of effective policies and procedures for succession planning, induction,

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 136 training and professional development of all members of the Board. PR12 Responsibility for ensuring the independence, autonomy and effectiveness of the firm’s policies and procedures on whistleblowing. PR13 Responsibility for monitoring implementation of effective policies and procedures for succession planning, induction, training and professional development of staff. PR14 Responsibility for developing and maintaining the firm’s recovery plan, the accurate and timely reporting of all information required for recovery and resolution purposes, the implementation of measures necessary to achieve the operationalisation of recovery and resolution strategies, and for overseeing the internal processes regarding their governance, including the coordination of the entity’s compliance in those respects. PR15 Responsibility for managing the firm’s internal stresstests and ensuring the accuracy and timeliness of information provided to the Central Bank for the purposes of stress-testing. PR16 Responsibility for the board’s development and maintenance of the firm’s business model. PR17 Responsibility for managing the calculation and maintenance of the firm’s capital, funding and liquidity. PR18 Responsibility for ensuring accuracy, completeness and timely production and submission of the firm’s financial information and financial regulatory returns. PR19 Responsibility for the firm’s outsourcing framework. PR20 Responsibility for managing the anti-money laundering and countering the financing of terrorism (‘AML/CFT’) compliance function in order to address the firm’s money laundering and terrorist financing risks including:  the development and oversight of a robust AML/CFT framework; and

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 137  overseeing the implementation and effective application of AML/CFT systems and controls. PR21 Responsibility for oversight and governance of strategic decisions, key business initiatives, including development of products, to ensure focus on delivering fair outcomes for customers. PR22 Responsibility for the development and implementation of Information and Communication Technology (ICT) strategy; ensuring the efficient and secure operation of ICT systems; oversight of delivery of ICT projects; and management and development of ICT resources. PR23 Responsibility for developing an internal audit charter, developing a risk based audit plan with appropriate and timely actions and reporting taken in relation to audit findings. PR 24 Responsibility for managing financial risks from climate change. Table 7 | Sector or Circumstance Specific Responsibilities Sector or Circumstance Specific Responsibilities Credit Institutions PR 25 Responsibility for overseeing the credit granting process for new, renewal and re-financing of existing credits, providing challenge in relation to all aspects of current and proposed credit risk exposures, providing comprehensive and timely information to senior management and credit committee on the firm’s adherence to policies, guidelines, procedures and limits. Insurance Undertakings PR 26 Responsibility for developing and implementing the insurance undertaking’s reinsurance/retrocession programme. PR 27 Responsibility for implementing the Own Risk and Solvency Assessment (ORSA) process in the insurance undertaking.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 138 PR 28 Responsibility for ensuring that appropriate validation of the technical provisions is conducted in the insurance undertaking. Circumstance specific responsibilities PR29 Where the firm has a treasury management function, responsibility for managing the firm’s treasury management functions and associated risks. PR30 Where the firm holds client assets, responsibility for the firm’s compliance with client asset requirements. PR 31 Where the firm carries out proprietary trading, responsibility for the firm’s proprietary trading activities. PR 32 Where the firm does not have a Chief Risk Officer (CRO), responsibility for the compliance of the firm’s risk management systems, policies and procedures. PR 33 Where the firm outsources its internal audit function, responsibility for taking reasonable steps to ensure that every person involved in the performance of that function is independent from the persons who perform external audit PR34 Where the firm has established a specific steering committee to address regulatory matters, responsibility for managing the operation of the committee and for providing comprehensive and timely reporting to senior management and to the board. Table 8 | Prescribed Responsibilities in the application of proportionality to low impact in-scope Investment Firms Prescribed Responsibilities in the application of proportionality to low impact in-scope Investment Firms General Prescribed Responsibilities PR1 Responsibility for the firm’s performance of its obligations under the Senior Executive Accountability Regime. PR2 Responsibility for the firm’s performance of its obligations under the Fitness & Probity regime under Part 3 of the Central Bank Act 2010.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 139 PR3 Responsibility for embedding the conduct standards throughout the firm. PR4 Responsibility for leading the development of the firm’s culture, including on matters relating to diversity and inclusion, by the Board. PR9 Responsibility for safeguarding the independence of the compliance function and for oversight of the function and the Head of Compliance. PR11 Responsibility for leading the development and monitoring implementation of effective policies and procedures for succession planning, induction, training and professional development of all members of the Board. PR17 Responsibility for managing the calculation and maintenance of the firm’s capital, funding and liquidity. PR18 Responsibility for ensuring accuracy, completeness and timely production and submission of the firm’s financial information and financial regulatory returns. PR20 Responsibility for managing the anti-money laundering/ and countering the financing of terrorism (‘AML/CFT’) compliance function in order to address the firm’s money laundering and terrorist financing risks including:  the development and oversight of a robust AML/CFT framework; and  overseeing the implementation and effective application of AML/CFT systems and controls. PR21 Responsibility for oversight and governance of strategic decisions, key business initiatives, including development, of products to focus on delivering fair outcomes for customers. PR22 Responsibility for the development and implementation of Information and Communication Technology (ICT) strategy; ensuring the efficient and secure operation of ICT systems; oversight of delivery of ICT projects; and management and development of ICT resources. PR30 Responsibility for the firm’s compliance with client asset requirements.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 140 Table 9 | Prescribed Responsibilities for Incoming Third Country Branches Prescribed Responsibilities for incoming Third Country Branches TCBPR1 Responsibility for the Third Country Branch’s performance of its obligations under the Senior Executive Accountability Regime. TCBPR2 Responsibility for the Third Country Branch’s performance of its obligations under the Fitness and Probity Regime under Part 3 of the Central Bank Act 2010. TCBPR3 Responsibility for embedding the conduct standards throughout the Third Country Branch. TCBPR4 Responsibility for managing the anti-money laundering and countering the financing of terrorism (‘AML/CFT’) compliance function in order to address the Third Country Branch’s money laundering and terrorist financing risks including:  the development and oversight of a robust AML/CFT framework; and  overseeing the implementation and effective application of AML/CFT systems and controls. TCBPR5 Responsibility for the Third Country Branch’s compliance with client asset requirements. TCBPR6 Responsibility for ensuring that the Third Country Branch has effective processes in place to identify and manage the risks to which the Third Country Branch is or might be exposed. TCBPR7 Responsibility for monitoring, and on a regular basis assessing, the adequacy and effectiveness of measures and procedures put in place by the Third Country Branch to comply with its regulatory and supervisory obligations, as well as associated risks. TCBPR8 Responsibility for the escalation of correspondence from the Central Bank and other regulators in respect of the Third Country Branch to the Branch Management Committee or, where appropriate, to the board of the parent undertaking or holding companies of the Third Country Branch’s group.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 141 TCBPR9 Responsibility for ensuring that the internal control framework is effective. TCBPR10 Responsibility for management of the Third Country Branch’s capital and liquidity or, where relevant, the submission of information to the Central Bank/relevant competent authority on the Third Country Branch’s capital and liquidity position. TCBPR11 Responsibility for ensuring accuracy, completeness and timely production and submission of the Third Country Branch’s financial reports and regulatory returns. TCBPR12 Responsibility for the development and maintenance of the Third Country Branch’s business model by the Branch Management Committee. TCBPR13 Responsibility for managing the Operational Risk within the Third Country Branch.

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 142 APPENDIX 3 Table 10 | Statement of Responsibilities SENIOR EXECUTIVE ACCOUNTABILITY REGIME Statement of Responsibilities Name: Firm: Proposing Contact: Current PCF Role(s): Effective Date of Responsibilities: General Prescribed Responsibilities Applicable? Select applicable roles (from a drop-down list). Sector Specific Responsibilities Applicable? Select applicable responsibilities (from a drop-down list). Circumstance Specific Responsibilities Applicable? Select applicable responsibilities (from a drop-down list). Is the Prescribed Responsibility shared: Yes / No Additional information regarding the allocated Prescribed Responsibility: If the answer to the previous question is Yes then this becomes a mandatory field for completion with details of the sharing arrangement Other Responsibilities: Free text optional area for detailing other responsibilities held Supplementary information Free text optional area for detailing other relevant information

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 143 APPENDIX 4

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 144 APPENDIX 5 Table 11 Regime/ Branch type Incoming EEA branches Outgoing EEA branches Incoming Third Country Branches Outgoing Third Country Branches F&P Regime: Branch Manager PCF Exempt PCF-16 (and any other PCFs in existence) PCF-41 (and any other PCFs in existence) PCF-16 (and any other PCFs in existence) F&P Regime: F&P Standards Do not apply due to exemption, however Part 3 of the 2010 Act does apply Applicable where such individuals are CFs IAF: Common and Additional Conduct Standards Applicable IAF: SEAR Not Applicable Applicable to the Irish firms. Duty of Responsibility applies to PCFs and there should be a Statement of Responsibilities for PCF-16 (and any other Applicable Applicable to the Irish firms. Duty of Responsibility applies to PCFs and there should be a Statement of Responsibilities for PCF-16 (and any other

Guidance on the Individual Accountability Framework Central Bank of Ireland Page 145 PCFs within the branch). The branch should also be reflected in the Irish firm’s Management Responsibilities Map. PCFs within the branch). The branch should also be reflected in the Irish firm’s Management Responsibilities Map.

T: +353 (0)1 224 6000 www.centralbank.ie