EBA consults on Draft guidelines on internal governance under the Investment Firms Directive

The European Banking Authority (EBA) is seeking responses to its consultation paper EBA/CP/2020/27 on Draft Guidelines on internal governance under the Investment Firms Directive (Draft Guidelines). MiFID investment firms and other interested parties have until 17 March 2021 to respond to the consultation.  

MiFID firms authorised by the Central Bank of Ireland (Central Bank) should review the Draft Guidelines, confirm whether they will fall within their scope and if so identify any required enhancements to current arrangements in time for expected June 2021 implementation.

Background

The Investment Firms Directive (EU) 2019/2034 (IFD) requires the EBA, in consultation with the European Securities Markets Authority (ESMA), to issue guidelines on MiFID investment firms' internal governance arrangements. 

In-scope firms

Currently, the Central Bank's Corporate Governance Requirements for Investment Firms and Market Operators 2018 apply to Irish MiFID firms designated as High, Medium High or Medium Low Impact under the Central Bank PRISM framework. Finally, Low Impact MiFID firms who fall outside those two frameworks are required to comply with high level requirements set out in Ireland's EU MiFID Regulations 2017.

The IFD/IFR will change the way that the Irish MiFID firms are prudentially regulated. A relatively small number of "Class 1" MiFID firms will be regulated in the same way as banks under the CRD IV regime and subject to banking internal governance requirements that have been separately consulted on. The remaining firms will be either Class 3 Firms because they are "Small and not interconnected" (SNI) or Class 2 Firms which is effectively a default category.  The Draft Guidelines are addressed to such Class 2 Firms and do not apply to SNI firms. SNI firms will be required to have robust strategies, policies, processes and systems for the management and monitoring of risks.

Proposals

The Draft Guidelines cover a lot of familiar ground and seek to ensure that Class 2 Firms' internal governance arrangements, processes and mechanisms establish and promote a sound risk culture.

They complement IFD internal governance rules that require:

(a) a clear organisational structure and well‐defined, transparent and consistent lines of responsibility 
(b) effective processes to identify, manage, monitor and report risks
(c) adequate internal control mechanisms, including sound administration and accounting procedures
(d) remuneration policies and practices that promote sound and effective risk management. 

These requirements are subject to traditional proportionality principles. 

The Draft Guidelines consist of seven sections: 

1. Proportionality – the principle of proportionality is set out in IFD and allows for the internal governance arrangements of a firm, including within a group, to be consistent with the firm's individual risk profile and commensurate to their size, business model and the nature, scale and complexity of their activities.
    
2. Role and Composition of the Management Body and Committees – this addresses the role and responsibilities of the management body, the management function of the management body, the supervisory function of the management body, the role of the chair of the management body and the committees of the management body in its supervisory function.
    
3. Governance Framework – this addresses the organisational framework and structure of a firm and the organisational framework in a group context.
    
4. Risk Culture and Business Conduct – this deals with risk culture, corporate values and code of conduct, the conflict of interest policy at a firm level, transactions with members of the management body and their related parties, a conflict of interest policy for staff, internal alert procedures and the reporting of breaches to competent authorities.
    
5. Internal Control Framework and Mechanisms – this addresses the internal control framework, implementation of an internal control framework, the risk management framework, internal control functions, the risk management function, the compliance function and the internal audit function.
    
6. Business Continuity Management – firms must establish a sound business continuity management and recovery plan and may establish a specific independent business continuity function. In preparing the plan firms should analysis its exposures to severe business disruptions and assess their potential impact. The analysis should cover all business lines and internal units and should feed in to defining the recovery priorities and objectives.
    
7. Transparency – firms must communicate their strategies, policies and procedures to all relevant staff, who should understand and adhere to same. In addition, where parent undertakings are required to publish descriptions of their legal structure and governance and organisational structure, the Draft Guidelines set out minimum information requirements.

Key changes

The Draft Guidelines are more detailed than existing requirements, particularly in relation to the role and responsibility of the management body. In addition, issues such as continuity management and transparency are now being treated as specific governance requirements.
 
Next steps

Investment Firms will be conscious of the need to review their existing governance framework against the proposals in the Draft Guidelines and to make any submissions ahead of the 17 March 2021 deadline. 

Our dedicated IFD/IFR webpage hosts additional information and guidance on the implementation of the new prudential framework for investment firms. 

For further information contact Dario Dagostino, Kevin Allen, Patrick Brandt and Mark Devane, Financial Regulation Partners and Sinéad Prunty, Financial Regulation Knowledge Lawyer.