Enforcement Action: Bank of Montreal Ireland plc. reprimanded and fined €1,246,189 by the Central Bank of Ireland for breach of banking licence condition

29 April 2019 Press Release

Central Bank of Ireland

On 26 April 2019, the Central Bank of Ireland (the “Central Bank”) reprimanded and imposed a fine on Bank of Montreal Ireland plc. (the “Firm”) for breaching a condition of its banking licence by failing to submit three operational risk returns to the Central Bank, and failing to establish and maintain effective processes and internal controls to ensure compliance with this regulatory reporting condition. The Firm has admitted the breaches in full. This is the Firm’s second reprimand and fine for deficiencies in regulatory reporting.

The Central Bank’s investigation found that the breaches were caused by:

  • the Firm’s failure to establish and maintain effective processes and controls to ensure the submission of operational risk returns;
  • an over-reliance on Bank of Montreal group policies; and
  • the use of an informal process to comply with its obligation to submit operational risk returns.

The Central Bank determined that the appropriate fine was €1,780,269 which was reduced by 30% to €1,246,189 in accordance with the settlement discount scheme provided for in the Central Bank’s Administrative Sanctions Procedure (“ASP”).

Seána Cunningham, the Central Bank’s Director of Enforcement and Anti Money Laundering, said:

“All firms operating in Ireland must do so in line with their regulatory licence, and all conditions attaching to it. Compliance with licence conditions is not optional, and breaches are treated seriously by the Central Bank as
demonstrated in this enforcement action against the Firm.

The licence breach in this case centres on the Firm’s failure to submit three operational risk returns. As the risks facing the financial sector continue to grow and become more complex, it is essential that the Central Bank has a clear line of sight to any potential risks, including operational risks, within regulated firms to ensure effective supervision and to assess the resilience and integrity of all firms and the financial sector as a whole. All firms must ensure the highest standards in identifying, properly managing and monitoring, and reporting on its operational risks in line with the Central Bank’s requirements.

As a result of this investigation, the Central Bank reminds international firms, whether already established or seeking to establish a presence in Ireland, that they must put in place adequate policies, processes and controls necessary to comply with all licence conditions and regulatory obligations specific to their licence conditions to operate in Ireland.”

BACKGROUND

The Firm is a wholly-owned subsidiary of the Bank of Montreal and was established as a public limited company in Ireland in 1996. It is a credit institution licensed under Section 9 of the Central Bank Act, 1971 and is regulated by the Central Bank of Ireland.

On 14 October 2015, the Firm wrote to the Central Bank informing it that the Firm had failed to submit the following three operational risk reports: - 31 December 2014 bi-annual report, 31 March 2015 quarterly report, and 30 June 2015 bi-annual report (the “Returns”). This was in breach of a condition of the Firm’s licence and was identified by the Firm through an internal audit of the Firm’s Operational Risk Management function. The audit identified not only the failure to report on three occasions, but also failures to implement the procedures and controls necessary to comply with the licence condition.

The Central Bank then commenced an enforcement investigation into the circumstances surrounding these failures.

The investigation established that for a period from 21 August 2013 to October 2015, the Firm did not have adequate processes and controls in place to ensure that it submitted operational risk reports as required by the licence condition. The Firm employed an inadequate informal process of email diary reminders to alert the relevant employees of upcoming reporting submission dates. The diary reminders were time-limited, with the final diary reminder set for November 2014. The diary reminders were not renewed after this point with the result that the Firm failed to submit the Returns. This is concerning in circumstances where the Firm had been previously informed in 2013 by the Central Bank that its regulatory reporting of operational risk was not to the required standard.

In addition, the investigation found that the Firm was placing undue reliance on a Bank of Montreal group policy, which was not adapted at local level to ensure that the necessary processes were in place to comply with the licence condition.

The Central Bank expects firms to report to it any operational risk with the potential to affect the business of a firm. The reporting of such risks provides the Central Bank with the necessary oversight and supervision of such risks. Whilst the missed Returns did not contain any operational risk events, the Firm’s failure to submit the Returns meant that the Central Bank did not have the necessary visibility to enable it to assess the Firm’s resilience to potential operational risk exposures.

PRESCRIBED CONTRAVENTIONS

The Central Bank’s investigation identified two breaches which consist of a breach of the Central Bank Act, 1971 and a breach of the European Communities (Licensing & Supervision of Credit Institutions) Regulations 1992 (S.I. No. 395 of 1992) (as amended) and European Union (Capital Requirements) Regulations 2014 (S.I.No. 158 of 2014) namely:

1. Failure to comply with the requirements of a condition of its licence imposed pursuant to Section 10 of the Central Bank Act, 1971

The Firm failed to comply with the requirements of a condition of its licence imposed pursuant to Section 10 of the Central Bank Act, 1971, between 12 February 2015 and 14 October 2015.

On 21 August 2013, the Central Bank wrote to the Firm pursuant to Section 10 Central Bank Act, 1971, imposing a number of conditions on the licence of the Firm. Schedule 5 of this correspondence imposed the following condition: “Bank of Montreal Ireland plc shall submit to the Central Bank, on a quarterly and bi-annual basis and as required, information relating to the management of operational risk as set out in Appendix 1” (the “Condition”).

The Firm failed to submit the Returns to the Central Bank, in contravention of the requirement of the Firm’s licence condition to submit the quarterly and bi-annual operational risk returns within 30 working days of the end of each reporting period.

2. Failure to have in place and maintain effective processes to ensure compliance with the Condition

The Firm contravened Regulation 16(1), (3) & (4) of the 1992 Regulations between 21 August 2013 and 31 March 2014 and Regulation 61(1) and (3) of the 2014 Regulations between 1 April 2014 and October 2015, by failing to have in place and to maintain:

  • effective processes to ensure the compilation and submission of operational risk returns in compliance with the Condition;: and
  • adequate internal control mechanisms to ensure the compilation and submission of three operational risk returns, namely the 31 December 2014 bi-annual report, the 31 March 2015 quarterly report, and the 30 June 2015 bi-annual report in compliance with the Condition,

which led to a failure on the part of the Firm to submit the Returns.

The investigation found that, despite the Condition having been imposed for more than a year, the Firm did not have any written procedure in place as to how the Condition would be complied with until September 2014 when it adopted a Bank of Montreal group policy and procedure. Furthermore, that procedure was not fit for purpose, as it did not specify how the operational risk returns would be prepared, completed and submitted, and by whom.

It was not until October 2015 following the identification of the breach of condition that the Firm established a procedure which clearly and adequately detailed how the Condition was to be adhered to.

REMEDIATION

The Central Bank is satisfied that the Firm has taken the necessary steps to rectify the failings that gave rise to the breaches.

PENALTY DECISION FACTORS

In deciding the appropriate penalty to impose, the Central Bank has taken the following into account:

  • The need for an effective deterrent impact on the Firm and other regulated entities;
  • The previous enforcement action taken against the Firm in 2014 for deficiencies in regulatory reporting, which was an aggravating factor in this case; and
  • The Firm disclosed all relevant information at an early stage in advance of the investigation, engaged constructively and showed a clear willingness to facilitate the Central Bank’s investigation at all times in advance of and during the investigation. The level of co-operation by the Firm was a mitigating factor in this case.

The Central Bank confirms that the investigation is now closed.

NOTES

1. This is the Central Bank’s 127th settlement since 2006 under its Administrative Sanctions Procedure, bringing total fines imposed by the Central Bank to over €70 million.

2. Funds collected from penalties are included in the Central Bank’s Surplus Income, which is payable directly to the Exchequer, following approval of the Statement of Accounts. The penalties are not included in general Central Bank revenue.

3. The fine reflects the application of a settlement discount of 30%, as per the discount scheme set out in the Central Bank’s “Outline of the Administrative Sanctions Procedure 2018” which is here.

4. Section 10 of the Central Bank Act 1971 requires firms to comply with the requirements of a condition of its licence. It states that “a licence shall be subject to such conditions……as the Bank may impose and specify at the time of the grant thereof, being conditions which in the opinion of the Bank are calculated to promote the orderly and proper conduct of regulation”

5. The European Communities (Licensing & Supervision of Credit Institutions) Regulations 1992 (S.I. No. 395 of 1992) (as amended) (the “1992 Regulations”) were in force between 1 January 1993 to 31 March 2014. These were repealed and replaced by the European Union (Capital Requirements) Regulations 2014 (S.I. No. 158 of 2014) (the “2014 Regulations”) which are here.

6. Regulation 16, sub-sections (1), (3) and (4) of the 1992 Regulations require firms to have robust governance arrangements including having effective processes to identify, manage and report the risks it is or might be exposed to and to have adequate internal control mechanisms in place.

7. Regulation 61 sub-sections (1) and (3) of the 2014 Regulations mirror the relevant provisions of Regulation 16(3) of the 1992 Regulations which require firms to have robust governance arrangements including having effective processes to identify, manage and report the risks it is or might be exposed to and to have adequate internal control mechanisms in place.