Second Time Lucky – Central Bank Issues Another “Dear CEO” Letter on Fitness and Probity Requirements

The Central Bank of Ireland has published a “Dear CEO” letter following on from its recent thematic inspections of compliance by Regulated Financial Service Providers (“Firms”) with their obligations under the Fitness and Probity Regime. The Central Bank expects all Firms to take appropriate action to address the issues outlined in its letter and to be able to evidence this to the Central Bank, if requested.


In April 2019, the Central Bank issued a “Dear CEO” letter outlining its concerns regarding Firms’ understanding of the extent of their legal obligations under the Fitness and Probity Regime and indicating that each Firm, together with its Board, should review its fitness and probity policies, procedures and practices and address any identified shortcomings.  See our related briefing here.

Subsequently, the Central Bank undertook thematic onsite inspections across a sample of Firms in the insurance and banking sectors, which focused on evaluating the processes in place to manage compliance with the requirements of the Fitness and Probity Regime. The inspections focused on the following areas:

  • awareness and understanding within Firms of their compliance obligations;
  • initial and on-going due diligence processes;
  • oversight and control of outsourcing arrangements;
  • processes and channels for effective engagement with the Central Bank; and
  • the role of the Compliance Function with regard to the Fitness and Probity Regime.

The recent Dear CEO letter sets out the key findings and observations from the inspections together with the Central Bank’s expectations and is to be read in conjunction with the April 2019 letter, the Central Bank’s Fitness and Probity Standards and the associated fitness and probity guidance.  Details of the findings and observations are set out in Appendix 1 of the Dear CEO letter. You can find the related press release and a link to letter here.

Awareness and understanding within Firms of their compliance obligations

According to the letter, the level of awareness of fitness and probity obligations was weak throughout many of the Firms, in particular at Board level and Board appointments were generally not subject to the same level of scrutiny or formality as other appointments to Pre-Approval Controlled Functions (“PCF”) or Controlled Functions (“CF”). In addition, in the Central Bank's view, many Firms lacked coherent fitness and probity policies and procedures.

Board Appointments

The Central Bank expects each Firm to:

  • scrutinise properly, and for Board Members to discuss and/or challenge, Board appointments;
  • ensure that the Board approves the relevant appointment and that the appointment process is supported by interview notes and suitability assessments; and
  • have in place, and use, a succession plan which sets out the skills, competencies and experience required for the various roles and/or how the proposed successor would demonstrate/acquire the same.

The CEO should not be involved in screening Board candidates due to the potential for conflicts of interest to arise.

Policies and Procedures

While the quality of policies and procedures in relation to fitness and probity varied from Firm to Firm, according to the Central Bank the majority of Firms had disjointed processes that did not clearly outline the roles and responsibilities of the various functions performing fitness and probity related tasks.

Firms should consider whether they:

  • clearly document roles and responsibilities in relation to the fitness and probity process;
  • maintain a register of employees performing PCF or CF roles; and
  • regularly review individuals to determine whether their role has changed so that it comes within the Fitness and Probity Regime.

Due Diligence

The Central Bank identified the due diligence process as the area of most consistent weakness across all Firms both in terms of initial and on-going due diligence.

Initial Due Diligence

The Central Bank expects to see that each Firm:

  • undertakes sufficiently robust due diligence to evidence compliance with the requirements of the Fitness and Probity Standards, including obtaining (and retaining) evidence of academic qualifications, references from previous employers, interview notes and a documented assessment as to a candidate’s suitability;
  • carries out judgement searches, regulatory searches, directorship searches and adverse media searches, including adverse media searches regarding previous employers that could assist with identifying potential fitness and probity concerns for further examination;
  • discloses in the IQ all actually and potentially relevant information to the Central Bank’s assessment of a proposed appointee’s fitness and probity, including any adverse information together with an explanation as to why this does not affect the individual’s suitability for the role proposed. Where a firm has a doubt as to the materiality of a piece of information in this regard, it should disclose that information and explain its doubts to the Central Bank.

On-going Due Diligence

The Central Bank assessed the conduct of on-going due diligence as particularly weak. In addition to each PCF and CF role holder annually certifying their compliance with, and their agreement to abide by, the Fitness and Probity Standards, the Central Bank expects each Firm to:

  • conduct on-going due diligence screening of staff to ensure there has been no change in circumstance that may affect an individual's fitness or probity; and
  • investigate any concerns regarding the fitness and probity of a person performing a CF role and take action as appropriate without delay.


When outsourcing PCF or CF roles to an unregulated Outsource Service Provider (“OSP”), the Central Bank expects each Firm, as part of its due diligence in appointing CF role holders, to obtain the required documentation and to make appropriate inquiries as to the OSP’s process for assessing fitness and probity. In addition, an outsourcing Firm should have a process in place to verify whether PCF or CF roles are being performed in the context of outsourcing.

Central Bank Engagement

In the Central Bank’s view, overall, Firms have not adequately developed, documented or embedded their processes relating to engagement with the Central Bank on fitness and probity issues, including IQ submission process. Each Firm should consider whether it has:

  • clearly defined procedures covering the various stages of the IQ process including initiation, compilation, completion, review, approval and submission of the IQ application;
  • robust processes in place to identify, escalate and notify an appropriate individual or function within the Firm, in a timely manner, of potential concerns regarding the fitness and probity of a CF or PCF holder; and
  • policies or procedures to support these escalations of potential concerns (i.e. investigation of concerns and the taking of timely action as appropriate) or to ensure timely notification of actions taken, to the Central Bank.

Role of the Compliance Function

According to the Central Bank, each Firm should ensure that its fitness and probity processes and procedures are subject to robust compliance testing. The fitness and probity process should be subject to comprehensive oversight by the Compliance Function and periodic independent review by the Internal Audit Function to ensure it is fit for purpose. Firms should avoid placing over reliance on the Compliance Function, which could potentially create key person risk.

Next Steps and Comment

The Central Bank expects each Firm to review and assess the findings and observations set out in Appendix 1 of the letter, in the context of potential issues with their own systems and processes. Consequently, each Firm should take this opportunity to review its relevant process and procedures to ensure that they comply with the Central Bank’s expectations.  Any Firm that has not already done so should also ensure that it takes into account the Central Bank’s letter of April 2019 when conducting this review.

As this is now the second time in the space of eighteen months that the Central Bank has written to remind Firms of their obligations under the fitness and probity regime, it is unlikely that Firms found wanting in this area in the future will be given much quarter by the Central Bank for any material failures in their processes and procedures around fitness and probity.

Moreover, Firms that take the time now to put in place best in class fitness and probity policies and procedures will be much better placed to comply with the anticipated new regulatory framework for individual accountability, once this becomes law (see our related briefing here).  In this regard, we understand that the Central Bank (Amendment) Bill, which will set out the new framework, is in an advanced stage of drafting and is expected to undergo pre-legislative scrutiny as part of the Government’s Autumn Legislative Programme. See our related briefing here.

This document has been prepared by McCann FitzGerald LLP for general guidance only and should not be regarded as a substitute for professional advice. Such advice should always be taken before acting on any of the matters discussed.