In our second podcast episode in series 1 of “Conversations With Coopman”, Kevin McHugh, Founder and Managing Director of Priory GRC Consulting joins co-hosts Andrew Murphy and Mark Fallon to discuss regulation driven by the Central Bank of Ireland (CBI).

Kevin has two decades of board-level international experience across multiple businesses in Europe, North America and Australia, in all areas across governance, risk management and compliance. Today, Kevin runs Priory GRC Consulting, a boutique consulting firm advising on all aspects of governance, risk and compliance.

In this episode, Kevin provides insights into the main challenges facing CBI regulated firms from a risk and regulatory perspective, the importance of a risk culture and how businesses address this, and finally, he delves into the fitness and probity process with the CBI and what candidates should take into consideration.

Key takeaways from the conversation include:

1) RISK MANAGEMENT CHALLENGES FACING CBI REGULATED FIRMS
Firms are facing increasing risk management regulatory expectations as the CBI’s standards continue to rise due to a number of different factors.

Under The Single Supervisory Mechanism which started in 2014, the ECB in Frankfurt took responsibility for the largest banks. Other than this, day to day regulation was initially left to local regulators on the basis that they did things according to Frankfurt rules, which led to a significant increase in standards across the board. Directors of regulated firms now ultimately have responsibility for risk which is significant given the huge agenda on the regulatory front.

The expectations of directors are also increasing, and boards are looking to risk, among others, to ensure that all bases are covered. The role of the Chief Risk Officer therefore needs to take more of a strategic position, with increased stakeholder management and operational focus across the business. Setting the risk appetite and looping this in with the wider business strategy is key. There is also increased focus on data remediation and increasing the importance of clean data for effective reporting which in turn will make for a better relationship with the regulator and other stakeholders.
2) TECHNICAL AREAS OF REGULATORY FOCUS
The biggest focus at present is being driven from the pressures of dealing with Covid-19 and seeing how resilient businesses are, specifically what is the demand for the services being offered and how operations work from home. The broad theme is ensuring that the customer is at the centre which is driving increased attention to conduct and credit risk. Looking at the agreements being entered into during the downturn and understanding how to manage non-performing loans are also areas of focus.

There is also a focus on capital and liquidity assessments of the financial institutions and this is resulting in greater stress testing being conducted not just locally but across Europe. The European Union (EU) is also looking at business models and profitability of the Euro banks as the divergence from profitability continues from the US Banks.
3) THE MEANING OF CULTURE IN THE EYES OF A REGULATOR
In 2016, the European Central Bank (ECB) identified four areas which are key to establishing an appropriate risk culture – the tone from the top, clear accountabilities, open two-way communication, and appropriate remuneration and incentives. The Dutch Central Bank, seen as a world leader, set the tone within the EU in driving culture and in Ireland, the initiative started with the main banks as they looked to rebuild trust after the tracker mortgage issues.

The CBI focuses on whether the firm’s norms, philosophies and values support or hinder effective risk and reputation management. Taking this further, Ed Sibley of the CBI has identified three key areas for consideration – the impact of individual actions and group dynamics on the firm and its reputation, the extent to which risk culture facilitates or deters appropriate behaviour, and the measures necessary to optimise the firm’s position.

At present, there is a sense that in Ireland, financial institutions have a bit of a mountain to climb to get back to the standards to which they aspire. Things are getting better and conduct risk is getting more attention in the boardroom which is setting the tone from the top. Work needs to continue in aligning all levels; from the top to the middle to the bottom, the culture is not yet consistent but improvements can be achieved through cultural audits to identify areas of management focus. Audits will often involve internal surveys and interviews, and assessment of whether performance management and other incentives facilitate or deter appropriate behaviours that do not optimise the risk culture.
4) TRENDS IN THE CBI’S EXPECTATIONS IN RELATION TO PRE-APPROVED CONTROLLED FUNCTIONS
Expectations are rising; the CBI is being open with this and it is reflected in a number of ways. Firms are expected to have good due diligence in place for their hiring process prior to the probity and fitness interview with the CBI. With increased expectations the CBI do not hesitate to intervene if a candidate cannot demonstrate that he/she is suitable for the role for which he/she is applying

There will be increases in instances where candidates are coming from a company where there have been issues. Guidance on how to present the case is centred around full disclosure, in other words the basic principle is to get the issues out in the open with the CBI but to do so in the right way.

Interviews are increasingly common and onerous and very much focused on the role the person is applying for and their ability to do the role in question, and not focused on previous career experience or achievements. They ultimately want to get under the bonnet to assess whether the individual understands the business model, associated risks and gives them confidence in executing the role.

During Covid-19, these processes have shortened in order to be more practical and the CBI is being even more selective in the interviews they carry out, a note that employers should take in ensuring due diligence is conducted in their own hiring processes.
TO WRAP UP
As highlighted, companies must address a number of key areas to satisfy the CBI’s and the ECB’s demand to improve risk cultures across an organisation. Finding the right person and ensuring their fitness for a role, is of paramount importance, especially at the executive level where the onus is on them to set the right culture from the top.

Listen to “Risk & Regulation With Kevin McHugh” on Spotify, Apple or Anchor now, or sign-up to receive the latest podcast episodes straight to your inbox.

If you are interested in taking part in the podcast series, send your details to connect@coopman.ie and we will be in contact soon.