BNY Mellon Fund Services (Ireland) DAC fined €10,780,000 and reprimanded by the Central Bank of Ireland for regulatory breaches relating to outsourcing
24 March 2022
Press Release
On 22 March 2022, the Central Bank of Ireland (the Central Bank) reprimanded and fined BNY Mellon Fund Services (Ireland) DAC (BNY DAC or the Firm) €10,780,000 pursuant to its Administrative Sanctions Procedure (the ASP) for 16 regulatory breaches relating to the outsourcing of fund administration activities.
The 16 breaches arose because of BNY DAC’s failure: to have in place an adequate outsourcing governance framework; to comply with its regulatory obligations in respect of outsourcing; and to engage openly and transparently with the Central Bank once breaches of its regulatory obligations were identified. The duration of the breaches ranged from 26 days to 6 years, spanning the period from July 2013 to December 2019.
Weaknesses within BNY DAC’s outsourcing framework were first identified by the Central Bank, and despite protracted intrusive supervisory engagement, BNY DAC failed to fully remediate all of the issues to the Central Bank’s satisfaction. This led to further breaches and extended the duration of the breaches. Following the commencement of the investigation into BNY DAC’s outsourcing failings, it committed additional breaches by providing inaccurate and misleading information to the Central Bank and by failing to report breaches as soon as it became aware of them.
The Central Bank’s investigation identified serious systemic breaches across BNY DAC’s outsourcing framework. These failings undermined BNY DAC’s ability to effectively identify and manage the risks associated with its outsourcing arrangements; undermined the Central Bank’s ability to properly assess, monitor and supervise BNY DAC’s outsourcing of regulated activities; and created unnecessary potential risks to its clients, investors and the financial markets.
The Central Bank has determined the appropriate fine to be €15,400,000, which has been reduced by 30% to €10,780,000 in accordance with the settlement discount scheme provided for in the Central Bank’s ASP. This is the largest monetary penalty imposed on a Fund Service Provider in Ireland to date.
The Central Bank’s Director of Enforcement and Anti-Money Laundering, Seana Cunningham, said "In recent years, in recognition of the increasing reliance regulated firms have placed on outsourcing, the Central Bank has increased its focus on outsourcing, specifically the management by regulated firms of the risks associated with outsourcing, through targeted onsite inspections, wider thematic reviews and public engagement. While outsourcing can be beneficial, that is only the case where firms manage their outsourcing arrangements and associated risks correctly. If outsourcing is not effectively managed, it has the potential to cause investor detriment and threaten the operational resilience of regulated firms and the Irish financial system.
"The investigation into BNY DAC found systemic weakness across its entire outsourcing framework. Despite intervention by the Central Bank over a number of years, BNY DAC repeatedly failed to address these deficiencies. The Central Bank expects firms to take the necessary actions to remediate weaknesses communicated to them and will hold firms fully accountable where they fail to do so.
"This investigation also found that BNY DAC failed to act with expediency, transparency and openness even once it was aware that there were further issues with its outsourcing arrangements. The Central Bank expects firms to be candid in all of their dealings with the Central Bank. This is even more important when failures have occurred. Regulated firms must have a culture, driven by their boards, which supports transparency with the regulator."
BACKGROUND
BNY DAC is authorised by the Central Bank as a fund administrator pursuant to Part II of the Investment Intermediaries Act 1995. The Bank of New York Mellon Corporation, one of the top three fund administrators globally, is the ultimate parent of BNY DAC. BNY DAC is the second largest fund administrator in Ireland with just over €1.13 trillion in assets under administration.
As a fund administrator, BNY DAC’s principal activity is the provision of fund administration services, often referred to as “back office” activities, on behalf of fund managers both in Ireland and globally. These fund administration services support the day-to-day operations of investment funds. BNY DAC provides fund administration services to a variety of investment funds (some of which are domiciled in Ireland and others elsewhere around the world). Outsourcing is an integral part of BNY DAC’s operating model.
CENTRAL BANK ENGAGEMENT WITH BNY DAC
The Central Bank has engaged extensively with BNY DAC in relation to its outsourcing arrangements. This engagement has included the Central Bank issuing several Risk Mitigation Programmes (RMPs) to BNY DAC between 2014 and 2019 requiring BNY DAC to remediate issues identified in its outsourcing arrangements. Despite this repeated engagement, BNY DAC failed to address these issues, resulting in breaches which should have been remediated reoccurring and, in some instances, persisting for an extensive period of time. This engagement is summarised below:
Year | Engagement |
2014 | The Central Bank identified instances in which BNY DAC failed to notify it in advance of outsourcing servicing and activities because of inadequacies in BNY DAC’s outsourcing controls. |
| The Central Bank required BNY DAC to review its outsourcing controls, to ensure that clearance was sought from the Central Bank for all outsourced activities and to review its procedures for monitoring and reviewing its outsourcing model to include a reconciliation of the schedule of funds utilising outsourcing to ensure that all information was accurate and up to date. BNY DAC subsequently confirmed to the Central Bank that its inventory of outsourcing arrangements had been updated. (2014 RMP) |
2015 | Despite confirming to the Central Bank in 2014 that its outsourcing inventory was accurate, BNY DAC notified the Central Bank of the existence of a number of additional unapproved outsourcing arrangements that had been in operation for up to 3 years. |
2016 | The Central Bank identified issues with BNY DAC’s outsourcing arrangements regarding the level of review and oversight carried out on outsourcing service providers, and deficiencies in its NAV1 calculation process and fund accounting processes and procedures. |
2017 | The Central Bank required BNY DAC to perform a review of its outsourcing controls to ensure they were adequate to manage and monitor the risk associated with its fund accounting processes and procedures. (2017 RMP) |
| In May 2017 the Central Bank issued BNY DAC with notice of the commencement of an enforcement investigation arising out of suspected breaches of its regulatory obligations with respect to outsourcing. |
| BNY DAC informed the Central Bank that an enhanced oversight package had been developed and rolled out to all impacted funds in compliance with the 2017 RMP. It later transpired that this was not fully implemented until July 2018. |
2019 | A BNY DAC Q1 internal audit report identified breaches by BNY DAC with respect to its outsourcing arrangements that were similar to the issues raised in the 2017 RMP. |
| In May and October BNY DAC notified the Central Bank of a number of additional breaches relating to its outsourcing arrangements. These notifications minimised the nature of some of the breaches, failed to identify the number of occasions on which some breaches occurred and stated that remediation was complete when it was not. |
| In addition, BNY DAC delayed in reporting 3 breaches to the Central Bank once they were identified in February, May and October. |
| On three separate occasions, the Central Bank required BNY DAC to address issues with respect to its governance and operational risks; outsourcing governance model and controls; and the annual outsourcing returns. (2019 RMPs) |
2021 | BNY DAC confirmed that it had completed all of the remediation required by the Central Bank in the 2014, 2017 and 2019 RMPs. |
PRESCRIBED CONTRAVENTIONS
BNY DAC has admitted 16 breaches of regulatory requirements contained in the Prudential Handbook for Investment Firms (the Prudential Handbook); Annex II of Chapter 5 of the AIF Rulebook (the Outsourcing Requirements); and Central Bank (Supervision and Enforcement) Act 2013 (Section 48 (1)) (Investment Firms) Regulations 2017 (the 2017 Regulations).
Breaches in relation to Outsourcing
The majority of the contraventions relate to BNY DAC’s outsourcing arrangements and its failure to have adequate controls in place to ensure compliance with regulatory requirements, which include:
(i) Repeatedly failing to notify the Central Bank and obtain its approval prior to the commencement of new outsourcing arrangements
(ii) Repeatedly failing to monitor and assess the financial performance of outsourcing service providers
(iii) Repeatedly failing to submit correct annual outsourcing returns
(iv) Repeatedly failing to ensure that a senior member of staff completed, signed and dated a review of the check and release of the Final NAV prior to its release, and
(v) Failing to notify clients prior to the commencement of an outsourcing arrangement.
In addition, BNY DAC failed to ensure that its Internal Audit and Compliance functions examined all new outsourcing arrangements in order to get an accurate view of its operations within the required timeframe.
Breaches in relation to notification/ reporting
Following the commencement of the enforcement investigation, at a time when BNY DAC was on notice that the Central Bank suspected it had not complied with its regulatory obligations, BNY DAC provided inaccurate notifications of further breaches of its outsourcing obligations to the Central Bank.
The information that was provided to the Central Bank served to minimise the seriousness and extent of the breaches that BNY DAC was reporting.
(i) On 14 May 2019, BNY DAC submitted inaccurate and incomplete information to the Central Bank regarding the documenting and evidencing of required checks in advance of releasing a Final NAV2 to the market in October 2018. These checks are required in order to ensure that the correct Final NAV is released to the market. The notification identified certain instances where a senior staff member failed to carry out the appropriate checks prior to the release of the Final NAV but failed to identify all of the instances when BNY DAC was aware the appropriate checks had not been done in advance of releasing the Final NAV.
(ii) On 3 October and 23 October 2019 BNY DAC notified the Central Bank that it had failed to monitor and assess the financial performance of an outsourcing service provider as was required. BNY DAC sought to represent the breach as a ‘record-keeping issue’. However, the breach was more serious in nature as it concerned BNY DAC’s failure to undertake financial performance reviews, maintain records of financial performance reviews and to ensure that a process for monitoring and assessing the financial performance was in place for all outsourcing service providers. BNY DAC also stated in its notification that the remediation of the breaches was complete when amendments were still being made to the process. The remediation was not completed until 3 months after BNY DAC claimed it had occurred.
Furthermore, on three occasions BNY failed to notify the Central Bank of certain breaches as soon as it became aware of them contrary to its regulatory requirement. This meant that the Central Bank was unaware of the extent of BNY DAC’s outsourcing failings and believed that they had been fully remediated when they had not.
The Central Bank can only effectively supervise outsourcing arrangements if firms ensure that the Central Bank has full visibility of the activities that are being outsourced. This includes providing complete, accurate and timely information both in the normal course of business and, particularly, when breaches are identified.
REMEDIATION
BNY DAC has informed the Central Bank that it has taken the necessary steps to rectify the deficiencies that gave rise to the breaches.
PENALTY DECISION FACTORS
In deciding the appropriate penalty to impose, the Central Bank had regard to the Outline of the Administrative Sanctions Procedure 2018 and the ASP Sanctions Guidance November 2019. It considered the need to impose a level of penalty proportionate to the nature, seriousness and impact of the contraventions and the size of BNY DAC’s operations. The following particular factors are highlighted in this case:
The Nature, Seriousness and Impact of the Contraventions
The seriousness, frequency and prevalence of the breaches across BNY DAC’s outsourcing framework reveal systemic control weaknesses. These failings were further compounded by BNY DAC’s conduct after the breaches were identified.
Serious and systemic weakness of the risk management system and internal controls
The nature and number of breaches committed by BNY DAC indicates serious weaknesses within the risk management systems and internal controls across BNY DAC’s outsourcing framework. The internal controls operated by BNY DAC were not adequate to:
(i) Ensure that information it held on its outsourcing arrangements was accurate and up-to-date
(ii) Ensure compliance with BNY DAC’s own internal procedure regarding the notification of the commencement of new outsourcing arrangements to its Internal Audit and Compliance functions
(iii) Monitor and assess outsourcing service providers’ financial performance, and
(iv) Provide accurate and up to date information to the Central Bank.
BNY DAC’s repeated failure to implement adequate internal controls and to address deficiencies in its outsourcing arrangements demonstrated a systemic weakness in its internal controls.
The impact on the orderliness of the financial markets
In order to ensure accurate financial information is provided to the market, appropriate checks must be performed on Final NAVs before their release. This is because investors use the Final NAV as one of the key metrics in making investment decisions. As such, the Final NAV needs to be accurate in order that investment decisions are based on correct information. Requiring a senior staff member to sign and date a review of the checks before the Final NAV is released is a key control, which enables the Central Bank to verify that the right checks are being performed at the right time and mitigates the risk of incorrect information being released to investors.
In some cases, BNY DAC only completed the required checks on the Final NAV after it was released to the market. The failure of BNY DAC to ensure that the appropriate checks were carried out in advance of releasing the Final NAV meant that there was a risk of the wrong NAV being released to external third parties, including the financial markets. This in turn could have led to investment decisions being made on the basis of inaccurate information.
Aggravating Factor
An aggravating factor has been applied in this case with respect to BNY DAC’s failure to take remedial action when breaches were identified. This happened when BNY DAC failed to take appropriate remedial steps to address recurring failures to comply with the Prudential Handbook, the Outsourcing Requirements, and the 2017 Regulations.
It also occurred when BNY DAC failed to properly embed a number of RMPs which were issued by the Central Bank within a five year period, requiring BNY DAC to take a number of measures to bring it into compliance with regulatory requirements. Two of those RMPs addressed similar issues. The fact that repeated RMPs were required in a five year period highlights a continued theme of governance and operational issues that failed to be properly addressed by BNY DAC. Had it addressed those failings, the breaches would not have persisted or reoccurred over an extended period of time and in some instances may not have occurred at all.
Other Considerations
- BNY DAC’s financial position and the need to impose a proportionate level of penalty.
- The need to have an appropriate deterrent impact for BNY DAC, the fund administration sector and the regulated financial service sector.
This enforcement action against the Firm is now concluded.
NOTES
- The fine imposed by the Central Bank was imposed under Section 33AQ of the Central Bank Act 1942. The maximum penalty under Section 33AQ is €10,000,000, or an amount equal to 10% of the annual turnover of a regulated financial service provider, whichever is the greater.
- This is the Central Bank’s 147 settlement under is Administrative Sanctions Procedure, bringing the total fines imposed by the Central Bank to over €201.7 million.
- Funds collected from penalties are included in the Central Bank’s Surplus Income, which is payable directly to the Exchequer, following approval of the Statement of Accounts. The penalties are not included in general Central Bank revenue.
- The fine reflects the application of an early settlement discount of 30%, as per the discount scheme set out in the Central Bank’s Outline of the Administrative Sanctions Procedure 2018 which is here: link (PDF 748.07KB).
- A copy of the ASP Sanctions Guidance November 2019 is available here: link (PDF 632KB). This guidance provides further information on the application of the sanctioning factors set out in the Outline of the Administrative Sanctions Procedure 2018 and the Inquiry Guidelines prescribed pursuant to Section 33BD of the Central Bank Act 1942 (a copy of which is here: link (PDF 1.13MB)).These documents should be read together.
- The Prudential Handbook for Investment Firms, Annex II of Chapter 5 of the AIF Rulebook, and Central Bank (Supervision and Enforcement) Act 2013 (Section 48 (1)) (Investment Firms) Regulations 2017 are available on the Central Bank’s website www.centralbank.ie.
- Where the Central Bank assesses and rates the level of risk in an area as too high, the Central Bank specifies remedial actions a firm must take, and the deadline for doing so. This is called a “Risk Mitigation Programme”.
- In November 2018 the Central Bank issued cross-industry minimum supervisory expectations in relation to outsourcing arrangements, risk management controls and business continuity practices which is available here: link (PDF 1.4MB).
- In April 2019 the Central Bank hosted a conference on outsourcing. The aim of the conference was to generate discussion on outsourcing related risks, specifically regarding practical experiences and challenges in ensuring good governance and risk management. Opening remarks by Derville Rowland, Director General, Financial Conduct and a speech by Bernd Rummel, Principal Policy Expert, Prudential Regulation and Supervisory Policy, European Banking Authority are available here: link.
- In December 2021 the Central Bank issued cross-industry guidance on outsourcing which is available here: link (PDF 1.4MB).
1NAV (Net Asset Value) is the price of a unit in the fund (i.e. the price at which it is bought/sold).
2A Final NAV is a NAV calculated for the purposes of dealing in an investment fund.