COMMITTEE OF PUBLIC ACCOUNTS debate -
Thursday, 22 May 2008

The Chairman, Deputy Bernard Allen, has sent his apologies. His family has suffered a bereavement which prevents him from being with us today.

Witnesses should be aware that they do not enjoy absolute privilege and should be apprised as follows. Their attention and that of members is drawn to the fact that, as and from 2 August 1998, section 10 of the Committees of the Houses of the Oireachtas (Compellability, Privileges and Immunities of Witnesses) Act 1997 grants certain rights to persons identified in the course of the committee's proceedings. These rights include: the right to give evidence; the right to produce or send documents to the committee; the right to appear before the committee, either in person or through a representative; the right to make a written and oral submission; the right to request the committee to direct the attendance of witnesses and the production of documents; and the right to cross-examine witnesses. For the most part, these rights may be exercised only with the consent of the committee. Persons invited to appear before the committee are made aware of these rights and any persons identified in the course of proceedings who are not present may have to be made aware of them and provided with the transcript of the relevant part of the committee's proceedings if the committee considers it appropriate in the interests of justice.

Notwithstanding this provision in legislation, I remind members of the long-standing parliamentary practice to the effect that they should not comment on, criticise or make charges against a person outside the House, or an official, either by name or in such a way as to make him or her identifiable. Members are also reminded of the provisions within Standing Order 158 that the committee shall refrain from inquiring into the merits of a policy or policies of the Government or a Minister of the Government or the merits of the objectives of such policy or policies.

I welcome Mr. Patrick Neary, the chief executive of the Irish Financial Services Regulatory Authority and ask him to introduce his officials.

Regulation of financial markets and financial products is necessary to ensure market stability and protect the users of financial services. However, regulation comes at a cost and, ultimately, that cost is borne by the service users. Ensuring that the regulatory regime is efficient and effective is of significant public interest, and that was a key reason for undertaking the examination.

Because financial markets are constantly changing, the arrangements for public regulation had to respond to remain relevant. Since 2000, all EU member states have been involved in the implementation of the wide-ranging EU Financial Services Action Plan. Additionally, in Ireland, the Financial Regulator was established in May 2003 as the central authority for regulation of most types of financial services providers.

The regulator is an amalgamation of the departments of the Central Bank that were involved in the supervision of the credit and investment sectors, with units of the Department of Enterprise, Trade and Employment and of the Office of the Registrar of Friendly Societies dealing with the regulation of the insurance and the credit union sectors. The statutory functions assigned to the Financial Regulator also included a specific mandate to protect consumers of financial services. This involved the initiation of new consumer-focused services.

A previous value for money, VFM, report, which we published in 1999, looked at the Central Bank's financial regulation activities and made certain recommendations for improvement. We were interested in following up on the extent to which those recommendations had been implemented. The wider remit of the Financial Regulator created an opportunity to look also at the consistency of the approach to regulation he was applying across financial services sectors.

I now turn to the main findings of the examination.

The setting of clear standards for financial services providers is a key regulatory function. The basis for the standards is set out in legislation and international agreements, including the EU action plan I referred to earlier. We found that the Financial Regulator has generally been efficient in issuing rules and guidance. However, we concluded that ready access for financial services providers to complete and up-to-date standards and guidance could be improved by a redesign of the regulator's website.

One of the main recommendations in the 1999 report was about the need to develop a risk-based approach to ensuring that financial services providers comply with relevant standards. In this examination, we found that the Financial Regulator has since developed and implemented a model that rates institutions on the basis of risk. This has improved its ability to concentrate its supervision activity on those financial services providers in each sector that are assessed as being of high risk or where the impact of such risks, should they materialise, would be high.

We found, however, that there is further scope to use this risk-rating model to make supervision more effective — in short, to answer the question: how much supervision is required? As currently implemented, the model focuses on the risk of service providers relative to one another but it does not feed into an assessment by the regulator of the risk level of the sectors as a whole. We felt there was scope for the Financial Regulator to go a step further and categorise risks — defining threshold values for each risk category. An appropriate supervisory stance could then be set out for services providers in each category. That in turn would help to inform the regulator's assessment of the optimum level of resources he should allocate to supervision activity.

On-site inspection is an important element in the supervision process. The 1999 report found that the targets for on-site inspection were low, and they were not being achieved. This examination found that inspection rates in most sectors were still low. We recommended that the Financial Regulator should commission an independent review — and we suggested a peer review — of the adequacies of its current financial prudential supervision processes, and that the review should include consideration of the target frequency and duration of inspection visits, their resource levels, on-site checks that should be carried out and the follow-up. We have noted that the Financial Regulator's latest statement of strategy envisages a significant increase in the amount of on-site inspections.

Arrangements agreed at EU level have defined the responsibilities of regulators to financial services providers operating across national borders. The examination found that the Financial Regulator applies the relevant rules and guidelines on financial services providers operating on a cross-Border basis in, or from, Ireland. However, this remains an area where continuing vigilance is necessary as financial services providers become more globalised and their organisation structures and financial instruments become more complex.

Provision of information to consumers is one of the primary ways the Financial Regulator seeks to deliver on its consumer protection mandate. It publishes a wide range of advice and guidance material for consumers and carries out periodic surveys of prices of financial services. The main way in which this information is accessed is through the regulator's website. What we recommended was that the regulator should make the consumer section of its website clearer and more user-friendly, and should include a search facility to help consumers to identify quickly and accurately who is authorised to provide what kinds of financial services.

The regulator also undertakes consumer-focused inspections designed to ensure that financial services providers carry out their businesses in accordance with the consumer protection code. This code came into force in July 2007. We found that the scale of the inspection coverage was determined by the available resources, rather than on an assessment of the risks to consumers, so we recommended that the Financial Regulator should develop a systematic risk-based approach to determining consumer-focused inspection levels.

Overall, expenditure by the Financial Regulator was around €46 million in 2006. This expenditure had increased significantly from 2004, as the regulator geared up to carry out its functions, but it also grew as a result of cost increases. Around half of the expenditure is funded by levies imposed on financial services providers. We found that there were significant delays in issuing levy notices to services providers, and recommended that the regulator should merge its budgeting and levy-setting processes to provide for earlier issuing of these notices.

The costs of regulation are not confined to the expenditure incurred by the regulator. Apart from the levy amounts that financial services providers pay, they also incur costs in dealing with the Financial Regulator and in managing their business in ways that comply with regulatory standards.

We recognise that measurement of the costs and benefits of financial regulation is inherently difficult, but progress is being made internationally in developing models for doing so. We found that the Financial Regulator is developing its capacity in this area in conjunction with its counterparts elsewhere and is using a regulatory impact assessment process to evaluate proposed new regulations. We recommended that consideration be given to using a similar approach when reviewing the relative costs and benefits of existing financial services regulations.

I would point out that it has been almost a year since the VFM report was completed, and in that time the environment in which the Financial Regulator operates has changed. I am sure the chief executive of the Financial Regulator can provide the committee with an update on these and other matters on which we reported.

I thank the members for inviting me to this meeting. We very much welcomed and supported the Comptroller and Auditor General in conducting his value for money examination of the Financial Regulator. I acknowledge and commend the constructive and collaborative approach undertaken by the audit team in conducting this work. The full on-site value for money audit commenced in December 2005 and concluded with the publication of the Comptroller and Auditor General's report of findings in July 2007. The examination covered: how we set standards and provide guidance; operational measures undertaken to monitor compliance; how we co-operate with other regulators to monitor cross-Border financial services providers efficiently and effectively; how we carry out our consumer protection mandate; and the costs of regulation.

The report acknowledged and highlighted the progress we made in establishing the new structure of financial regulation in Ireland since 2003 and concluded the following: we are generally prompt in issuing associated rules and guidance; in developing standards, regulatory policies and administrative procedures, we consult systematically with stakeholders and publish related documentation on our website; we have devoted considerable effort to developing a formal risk-rating model, and that significant progress in achieving risk-based supervision has been made; and we have been developing our capacity to assess the relative costs and benefits of new regulation where we have discretion as to how legislation is to be implemented.

Five years on from our establishment, we believe that the regulatory structure we have put in place is working very well. Our approach to regulating more than 13,000 financial services firms is grounded in a set of principles accompanied by robust fitness and probity standards, where we place a duty on the boards and management of entities to manage their business in a responsible and prudent manner, within standards set out in Irish and EU law. We have a dual mandate - to help consumers make informed decisions in a safe and fair market and to foster sound dynamic financial institutions in Ireland. We expect from the industry ethical leadership, good governance, good risk management, a willingness to engage with us as the regulator, relevant public disclosure, proper crisis planning and, most importantly, a commitment to protect customers.

The size and nature of the firms we supervise vary considerably. While we supervise large banks, insurance companies, investment funds and asset managers that operate both domestically and internationally, our remit also extends to credit unions and retail intermediaries who operate at national and local level. Some of the international financial services firms located here are at the cutting edge of financial product innovation and have enormous technical know-how. Ireland, through the IFSC, has a trillion dollar funds industry and is home to many leading investment banks and the major players in the insurance and reinsurance sectors. At the same time, we also regulate firms operating in the domestic market, be they one-person brokerages or volunteer-run credit unions. The regulatory system and approach must accommodate their diverse range of activities and be fully capable of meeting the challenge of overseeing such firms while keeping consumer protection to the fore of our agenda in line with our statutory mandate.

We have spent much of the past five years developing and embedding our regulatory approach. We aim to be proportionate and to allow time for industry to manage and embed change. We believe that our regulatory requirements should not obstruct the competitiveness and efficiency of markets and players, while, at the same time, we must ensure that financial soundness is maintained and the consumer is protected in dealing with financial services firms.

We are one of a small number of regulators who have issued and committed to a strategic plan. The publication of our strategic plan is the result of wide-ranging consultation over several months, involving our staff and management, the consultative panels, the Department of Finance and our authority. The plan, which takes account of the Government better regulation principles, gives all our stakeholders a high degree of certainty about what they can expect from us. Having defined our goals in our strategy, we are publicly accountable for our performance — measured against the objectives we have set for ourselves. We pride ourselves on being a professional, independent regulator that fosters innovation and competitiveness and will continue to strive for high standards in all that we do.

To the greatest extent possible, our regulatory regime must reflect the reality that we operate in a global marketplace where issues of speed to market and competitiveness are very important. Therefore, our work must be founded on a practical regulatory framework, informed through extensive consultation and regulatory impact analysis. With such a large financial services industry and a consumer mandate, it is vital that we operate a consultative and collaborative approach. To support this approach, the consultative consumer and industry panels were established in late 2004 as a co-ordinating mechanism for ensuring that the consultative process with our stakeholders is efficient and effective. We work closely with both consultative panels and the credit union advisory committee in many areas of our work — this engagement is positive and constructive and we welcome their views and input into the regulatory process.

We take a risk-based supervisory approach guided by the nature of the risks inherent in the business of each financial service provider we regulate. We target our resources on those businesses and activities with the higher and more complex risk profiles and with the propensity to have the greatest impact in the event of failure. In general, well-controlled institutions with predominantly professional business will attract a reduced focus of regulation.

The internal risk rating system we have adopted, and which was examined by the Comptroller and Auditor General as part of his audit, evaluates financial service providers under a number of general and specific risk headings. The specific risk categories include, for example, credit, funding, liquidity, underwriting and market risk. The potential impact of an institution on a number of stakeholders, should it encounter difficulties, is also evaluated and forms part of the final rating. Information from sources such as inspections, on and off-site reviews, prudential returns and financial statements, feed into the rating process. The rating evaluation is updated regularly and is then used as a basis for the allocation of resources to the supervision of particular activities and types of entities. By focusing our resources on the areas of greatest risk, our supervision of those that represent a lower risk is reduced. For those financial service providers with a high level of interaction with retail customers in the domestic market, including those holding client money in a fiduciary capacity, a heightened level of oversight of these activities can be expected. In this regard, our consumer protection code and mandatory competency requirements require financial service providers to serve the best interests of their customers in their daily interface with retail customers.

We are committed to continuous examination and upgrading of our own processes and procedures. Following wide consultation, we implemented a stakeholder protocol last July. This protocol sets out targets we commit to deliver on key processes to our stakeholders. It includes targets for authorisation, inspection, consultation and prospectus approval processes. The industry panel has endorsed the protocol, indicating that we are leading the field in having such public commitments in place.

Before I comment on some of the recommendations in the report of the Comptroller and Auditor General, and how we are progressing with their implementation, members may be interested to know that the publication of the report came at a time when the Financial Regulator had also been subject to a number of other international benchmarking studies, including the financial action task force, which commented favourably on our system to combat money laundering and terrorist financing, as well as the International Monetary Fund and the World Bank which published their assessment of the stability of Ireland's financial system. Their comments about the strategy of the Financial Regulator and our overall strategic approach to regulation were positive also.

Turning to the key recommendations of the Comptroller and Auditor General's report, we were pleased the report noted that many of the recommendations had already been identified by us and had been included in our strategic plan. The main recommendations were as follows. Website development — the report recommended the redevelopment of the Financial Regulator websites. We consider our websites as essential communications tools that should be easy to access. We operate two websites — our corporate website at www.financialregulator.ie, and our personal finance website at www.itsyourmoney.ie. Our redeveloped personal finance website was launched in September 2007. This new site provides users with free, impartial information on banking, mortgages, personal loans and credit, savings and investments, insurance, consumer rights, pensions and budgeting. In addition, it provides on-line interactive features including cost comparisons, an on-line calculator and budget planner. Since this new website was launched, there has been an average of 1,300 daily visits to the site. The EU Commission awarded us the European consumer campaign of the year award in the financial services category for 2007.

A project to redevelop the Financial Regulator's corporate website is well under way and is scheduled to go live at the end of this year. In defining our business requirements for this project, we undertook extensive consultation both internally and externally. This consultation identified the key features for the redeveloped corporate website as follows: dedicated sections for each area of the financial services industry containing all the information relevant to that sector; a document library which will centralise all documents with searchable facilities; specific information sections in areas such as authorisation, funding levy, administrative sanctions; fast paths to key sections such as electronic reporting, on-line registers and prospectuses; a more transparent and streamlined presentation of consultations and the outcome of consultations; and overall improved navigation so that users can easily access the data and information they require.

The Comptroller and Auditor General's report includes recommendations about making better use of technology solutions. In particular, it mentions that an electronic prudential returns system should be developed with automated data validation and checking processes. A comprehensive programme of work is in progress for a single electronic reporting framework to capture electronically the various returns required both by the Financial Regulator and the Central Bank from reporting institutions. The first three phases of this project have now been delivered successfully. These have enabled us to implement the reporting requirements of two European directives — the capital requirements directive, CRD, and the markets in financial instruments directive, MiFID. The returns required under the CRD are COREP or solvency returns and FINREP/financial returns. They were defined by the European committee of banking supervisors in order to achieve commonality across member states in the implementation of the CRD. More than 5,000 automated validation checks have been included in the system. Consequently, data received are now validated on-line and available for analysis up to three weeks earlier than heretofore.

Irish regulated entities which fall under the MiFID now submit reports to us on a daily basis of their transactions on European stock exchanges. We receive 900,000 transaction reports per month. The transaction reporting exchange mechanism, which enables regulators across Europe to share these transactions, has also been implemented successfully. On average, 400,000 transactions are received every month and 500,000 are transmitted out. Our systems in this area are highly interconnected and automated and compare favourably with the systems operating across Europe. The on-line reporting is currently being extended to cater for insurance returns and further projects are planned.

Independent review and benchmarking — the report recommended us to commission an independent review of the adequacy of the processes employed in the prudential supervision of regulated entities, including the frequency and duration of on-site inspections and resource levels. It also recommended that we should benchmark our inspection processes against those of other EU regulators with a broadly similar mandate. In response to this, a systematic review of business processes operated within the Financial Regulator's ambit is currently under way. We are working with external consultants on this project which will also benchmark us against comparator financial regulators and other similar businesses. The project will also assess areas of work currently undertaken by the Financial Regulator that might be suitable for outsourcing. It includes an additional strategic element to review whether the current activity profile, organisational structure, resource utilisation and risk management model used by the regulator assure the best execution of our mandate. As part of this project we are consulting our key stakeholders. It is expected that this project will be completed in the autumn, in time for any recommendations to feed into our strategic plan for 2009.

The Comptroller and Auditor General's report recommends that a risk-based approach to the setting of inspection targets should be developed for consumer-focused inspections and that the adequacy of the consumer-focused inspection process should be included in the independent review already outlined. The benchmarking project includes this consumer work. The consumer-focused inspection programme currently involves programmes of themed inspections to monitor compliance with consumer protection requirements. Themes are selected based on issues of particular concern to consumers and will ensure that we cover a large percentage of the retail market.

Relevant themes and the financial service providers for inspection are determined by market concerns identified through our market intelligence, the experience of our staff, contacts with consumers, the Financial Services Ombudsman, consumer complaints and other feedback from consumers, previous inspections-visits to regulated financial service providers and other sources. Our overall aim is to improve the level of compliance of firms with the code and to ensure that financial service providers are acting at all times in the best interests of consumers. Where a specific compliance issue arises with an individual firm, this is addressed directly with the firm and, where appropriate, regulatory action may be taken. The results of these themed inspections are now published on completion. We continue to develop the sources of market intelligence, which help us focus on issues where the interests of consumers need to be protected.

As regards our levy process, the Comptroller and Auditor General recommended that the levy process should be merged with the budget estimation process, to provide timelier levy notices to individual financial service providers. As a first step, our finance and funding units were merged in late 2007 and this has already resulted in better management reporting and improvements in the speed of collection of the levy. We are also in a tender process towards outsourcing to a single agent the task of collecting funding levies.

The Comptroller and Auditor General recommends that the Financial Regulator should use a method similar to regulatory impact analysis to review the impact of the existing body of financial services regulation, to ensure as far as possible that the benefits resulting from regulation are justified by the costs imposed. In this regard, we are fully committed to the Department of Finance project on the consolidation and simplification of financial services legislation. In addition, the industry consultative panel has appointed consultants, with our agreement, to assist in identifying and prioritising possible unnecessary regulatory requirements that are within our power to amend. Both consultative panels will share the output of this work, which is expected in another month or so.

I hope I have given the Vice Chairman and committee members a good overview of how we are progressing with the various recommendations contained in the Comptroller and Auditor General's value for money report. My colleagues and I will be happy to answer any questions.

I welcome Mr. Neary, Ms Mooney and Ms O'Dea and thank them for the presentation. I wish to go back to the costings which perhaps we can take one by one. In 2004, there was an operational cost of slightly in excess of €35 million while in 2006, it was more than €45.5 million. In regard to the figures covered under cost-effective regulation, does Mr. Neary have any idea of the cost for 2007? There is a target that 50% of the authority's budget will be covered by levies from the insurance companies. Is that included in those figures?

I think I have some figures on our budget which I will give the Deputy and on the movement in our budget over recent years. In 2004, our annual budget was €38.5 million; in 2005, it was €44.5 million; in 2006; it was €48.6 million; and in 2007, it was €51.6 million. That is the progression in the overall budget. The industry carries 50% of that while the Exchequer carries the other 50%.

Yes. I do not have the particular detail on expenditure vis-à-vis budget but there has been a tendency to come in somewhat under budget. There are a couple of reasons for that. It is a growing organisation and each year we must budget for a staff complement which, over those years, has grown from 335 to 380. There is progressive growth in staff numbers.

Our budget must provide for growth in staff numbers but we are competing in an extremely competitive marketplace to get key staff. We do not have the same staff turnover difficulties as the commercial sector but we are still fighting a competitive process to reach a full complement. This impacts on the budget because one must provide for the staff complement in the budget every year. We make a fairly good stab at trying to predict what the number will be but, invariably, we have not reached it over recent years. That is a big element of coming in under budget because the staffing element is the biggest part of our budget.

It would be helpful if we could look at cost versus budget after the meeting. It is a good news story if one is coming in under budget. One should tell people that.

My follow-on question relates to the levies, which were mentioned. There have been complaints from insurance companies, in particular, which cover the bulk of the levies, about when the authority seeks those levies. It is mainly done mid-year or after mid-year when firms have already done their budgets, which makes it difficult for them. To where does Mr. Neary hope to go in terms of when the levies are sought from the insurance companies?

The Deputy is absolutely right. That concern has been expressed and the Comptroller and Auditor General raised this point. There are two elements to the budget and levy process. The first element is estimating our budget for the following year based on resources and the various overheads we incur. We must estimate that figure and then apply it to the various industry sectors. Different measures are used to apply it. In the case of banks, it is total assets; in the case of insurance companies, it is total premium income; and in the case of intermediaries, it can be turnover. The problem is that we must ground that application on the data at the end of the year. It takes us a while to get and compile that data and to work out how we apply our budget to the sector. That is where the time lag occurs.

The Comptroller and Auditor General said we could achieve efficiencies internally in tying up the budgetary and the levy application people as closely as possible. We have done that but there is an inevitable time lag. We are trying to shorten it as much as we can. I think the electronic reporting, which sends us the information and has great analytical capacity, will help that process. March or April will be as good as we will ever achieve.

In the life assurance sector, one is looking at premium income. In terms of the premium income of the main firms over recent years, one is probably looking at 10% to 15% increases across the board. Does the legislation not provide for the authority to seek provisional levies on the basis of a company's premium income in the previous year plus 10%? All the companies benchmark against each other anyway on premium income and market share. Is there a provision in the legislation which would allow the authority to seek provisional levies and the following year to do a plus or minus on them?

That is possible and we have looked at it. I do not believe we have drawn a conclusion one way or the other. It is on the table and I would not reject it out of hand. It is a possibility if we can establish a pattern. Indeed, the Comptroller and Auditor General mentioned it to us. It has much validity. When we get the organisation to what we might call a steady state, that would be the time to try to do that. It is an excellent suggestion and I would not rule it out.

I refer to relative costs. I am aware, and it has been stated in the report, that the Irish insurance market is unique. If one compares the relative cost of the regulator with those in Britain and Germany — I believe the Comptroller and Auditor General mentioned this in the report — based on premium income, it looks as if we are substantially more expensive in terms of regulation and the management of the regulator. It is a good 50% more expensive in some instances. Will Mr. Neary explain why we are more expensive than larger markets?

It is extremely difficult to benchmark regulators because one must factor in many things, including the level of service, the expectations of industry, the timelines, the resources, etc. The first element of benchmarking is what one gets for one's buck, which is an important one. There is a kind of fixed level of supervision which one must do under the legislation. No matter how big or small an entity, one has a certain number of responsibilities under the legislation.

Taking fixed elements of costs across all regulators in Europe, the larger the quantum of firms there is, the easier it is to spread it across firms. The population of firms is an element as well.

I am not trying to duck the question. We have work to do in this area. It was suggested by the Comptroller and Auditor General and it is one of the areas we have asked our consultants to look at to give us further information, to assess it and to establish the drivers of the differences and how we can explain them. We do not have that information yet but it is on the agenda of the consultants.

That would be very important in the context of what was mentioned a couple of times in Mr. Neary's statement and in the Comptroller and Auditor General's report about the possibility of outsourcing in some of the areas. I see that in one aspect of the levies, the regulator is tendering at present.

If we look at relative costs and the figures we have, Ireland relative to Germany and the UK is €264 million, based on premium income, while the figure for Germany is €170 million and the figure for the UK is €196 million. Mr. Neary said he is aware of that but has he costed it on the outsourcing side? There has been an increase in staff. Obviously, some of the staff the Financial Regulator is trying to attract will come from within the insurance sector because previous experience would be required. Is Mr. Neary in a position to indicate the possible cost on the outsourcing side?

We are trying to identify processes to enable us to outsource. The one we have examined, which is currently out to tender, is the premium levy collection process. Theoretically, it is easy enough but in practice it is more difficult. People assume that when one outsources something, one can essentially wash one's hands of it and merely await delivery of the final output. It is sometimes not that easy because a fair degree of management commitment is required from the organisation to ensure that those to whom it has been outsourced do what they are supposed to do.

In our discussions on this matter, questions arose as to the amount of internal support we should devote to it. There have to be clear efficiencies. If we are to oursource activities, we must be in a position to free up resources internally and we must not duplicate what——

The Financial Services Ombudsman with whom, I am sure, the Financial Regulator has some interaction, outsourced the collection of levies. I received several complaints in this regard. If one refers to the multi-agency intermediaries in the broker market, such levies involve small amounts, perhaps €200. Responsibility for the collection of these levies has been given to a debt collection agency. Brokers are not in a position to discover the nature of the information given to that third party. In the context of the collection of premium levies, the Financial Regulator holds extremely sensitive information.

Brokers, be they authorised advisers or whatever, make submissions to the Financial Regulator each year. Those submissions contain extremely sensitive business information. I accept that the Financial Regulator is not here to answer on behalf of the Financial Services Ombudsman. However, brokers who have contacted me in respect of this matter cannot discover from the ombudsman the information that has been given to the third party to which I refer. If we are to go down the road of outsourcing, it is crucial that the Financial Regulator's customers — namely, insurance companies and brokers — will be made aware of the information that has been provided to a third party and the format in which it has been given.

There was a recent case — of which Mr. Neary will be aware — where data was not encrypted, laptop computers were lost, and so on. I will not refer specifically to the companies involved. The Financial Services Ombudsman mentioned that one of these companies lost three or four laptops. However, I cannot discover whether the information the ombudsman sends on to the third party collection agency used by his office is encrypted. I ask that the Financial Regulator give careful consideration to this aspect of outsourcing. I am concerned about the way the Financial Services Ombudsman is behaving in this regard at present.

Consumer protection is probably the most important aspect of the Financial Regulator's work. The Financial Regulator must ensure that companies are compliant in this regard on the basis of information it receives. Is Mr. Neary satisfied with the Financial Regulator's position vis-à-vis consumer protection? I am particularly interested in the position as regards inspection rates. There is a major onus — and rightly so — on the broker market to ensure that salespeople are compliant, have engaged in disclosure, and so on. However, only 1% of multi-agency intermediaries were visited last year. That figure is astoundingly low. Will Mr. Neary comment on that?

On the Deputy's overall question regarding whether we are satisfied with the structure currently in place, our focus in the first five years was to build a structure that would protect consumers. We now have in place a very strong consumer protection code that would stand up to scrutiny in any jurisdiction. Key parts of the code, which do not exist in other jurisdictions, include the suitability requirement relating to credit. When an institution extends credit to a customer, he or she must traverse a suitability hurdle. Credit can only be extended to those who are suitable. There are many other features such as highlighting the cost of consolidated debt, and so on, which offer strong protection. When putting in place the consumer protection code, we used consumer groups and consumer focus groups as opposed to just looking towards the industry. We took on board all stakeholder views when developing it.

The other key pillar is the competency framework. A requirement now exists whereby anyone who sells a product to a consumer must meet minimum competency standards.

Exactly. The level of competency one must meet depends on what one sells. Those are key pillars to the consumer protection code we have set up.

The third pillar is that of consumer information. The Comptroller and Auditor General quite rightly pointed out that our interim website was not suitable for consumers because even though it contained consumer information it was not specifically designed with them in mind. Our new website is specifically designed for consumers. It is designed in such a way that busy consumers who have other things to do can access the information they need quickly. All the information relating to costs, for example, is live and up to date. There is a strong framework in place.

On the inspection rate, I wish to place in context the way in which we make inspections and indicate why we have adopted this strategy. On-site inspections provide some information about firms. One can go on-site, examine files and discover whether a company meets the requirements of the code. I will explain in greater detail in a moment. However, in the view of the authority, the key element missing from the consumer protection framework was the dedication at board and management level to put in place systems and controls that protect consumers. Historically, systems and controls in large insurance companies, banks and smaller firms centred around financial control. They were focused on ensuring that the financial controls were tight. They did not extend to ensuring that consumers obtained the products suitable for them and in respect of which there was a follow-up process.

I appreciate that. When the Financial Regulator came into being as the Irish Financial Services Regulatory Authority, IFSRA, in 2003, it visited practically every office in the country. People were nearly forced to go on the run and were obliged to get their acts together. Previously we did not have proper regulation. In many sectors, the majority of people still purchase products through intermediaries. It is amazing that only 1% of such intermediaries are inspected on an annual basis. I do not believe it is possible to discover whether an intermediary or firm is giving customers the correct products, providing disclosure documents or explaining commission structures and the costs involved unless on-site inspections are carried out.

I accept Ms O'Dea's comments regarding the website. However, people made substantial investments in the past year. In the case of ISTC, questions arose as to the advice given to people and the suitability of the product. Is 1% an acceptable figure for annual inspections or should a benchmark of, for example, 10% be set?

I am not satisfied with the 1% inspection rate. However, we have now moved towards themed inspections. I would not like the Deputy to have the impression that we do not have any active investigations under way in respect of particular areas. I am not at liberty to discuss those investigations with him now.

However, such investigations are being carried out.

As regards choosing our themes, if, for example we are examining the suitability of mortgages, we cut across the intermediary and banking sectors, namely, the mortgage providers. We take up a much greater percentage of the market in the context of the bang we get for our buck. We examine approximately 60% to 70% of the retail market by making these new themed inspections. We no longer do inspections by simply targeting firms. We regulate 10,000 entities and would have a very small hit rate if we did it that way.

Going from 1%, what is the desired reach? Is it 5% or 10%? I understand that the director has the themed inspections, which is fair enough, as that mechanism goes across a number of companies. Perhaps we cannot have the answer right now but one of my concerns as a committee member — and this is about members giving the director feedback in turn — is that the inspection rate is far too low. I appreciate that it is very tough in a market where there are 10,000 or 13,000 entities, depending on which figures are read. We must try also to identify the exact figure.

Mr. Neary mentioned the sophistication of certain companies versus the sophistication of products. Consumer protection starts with the products that we allow on the market. There is now a propensity for the multi-geared product, whether this be in property, equity products or high-risk bonds, the latter of which have caused serious problems for people. All of these products have to be signed off by the Central Bank as authorised products.

How do the delegates see the regulator's role in making sure that we do not have these high-risk products, or at least that we do not have too many of them? In some instances people do not even have to put forward their own money. The institution in question tells them that a €50,000 minimum premium is required and that its bank will advance them that money. They do not even spend the money and yet are gearing up three or four times. That is great if it goes one way but not if it goes the other way. That is a big concern of mine.

It is a valid question and I hope we can address all elements of it. Ms O'Dea will help me with that question. The system involves an authorisation process for the entity. That requires that ethical people with competence and integrity are given authorisation and entrusted by the State to run a financial services business and engage with customers. Customers also require choice. They like to have a range of products and we believe they should have as much and that we should promote competition, innovation and choice for consumers in the marketplace. We should not put obstructions in their way.

We marry the ethical behaviour of the firms and the servicing of the choices that customers require by making sure that suitable products are sold and that arrangements are in place to assess, in the case of each client, what might be a suitable product. That is one element of it.

The Deputy is quite right. The first thing is the fact find, for which the initial requirement is that the institution gathers whatever facts it needs to know about the customer. There are also specific requirements within the code in respect of geared products and geared tracker bonds. If a person is getting into a highly leveraged derivative or a product at the very high-risk end of the market, the code has very particular disclosure requirements. From our point of view, the key thing is that we can take enforcement action because we now have these as specified statutory requirements. In the past, there was no specific statute requiring that type of selling but now there is.

One of our key strategic objectives for the next year or so relates to transparency. We believe that there is still a distance to go with financial institutions in terms of how they inform their consumers. The consumer protection code has a requirement that states that institutions should give information "in a way that seeks to inform". Critically, it states that an institution's documentation should contain information that can be spelled out in the explanatory text. There is, of course, a verbal interaction between the consumer and the person selling the product. It is very difficult to police that sales process from a regulatory point of view. We very much expect that financial institutions, large or small, will put in place procedures whereby key risks are disclosed to customers at the point of sale. That is our expectation.

Do our guests not have a role, as the regulator, to look at the type of geared products that are there? Perhaps gearing or leveraging can be capped but there are some products on the market that are red hot. Anybody can see this. The problem is that people do not use these merely as part of their portfolio but are putting their entire portfolio into very high-risk products. Is the authority happy with the number of high-risk products available? Is it satisfied that the regulator has done its job in protecting the customer?

The product itself must meet certain requirements. An insurance company cannot simply bring a product to the market without reference to either the Irish Financial Services Regulatory Authority or the Central Bank. The secretary of a company must make sure that the product fits certain criteria and that it is not just thrown out on the market.

I might be able to clarify this for the Deputy. In the case of insurance companies there are business lines, such as accident and public liability, motor and others, and various categories of authorisation that can be awarded. Within those lines, as a form of light protection, there is a range of products that can be provided to the customer. It is in the provision of those products that we insist that they be suitable for any particular customer.

We do not get any sense from our consultative process or from our own market intelligence that there is any desire to ban products or to put any impediments in the way of product development. The way by which consumers are best protected is by giving them choice and making sure that when those products are provided by the financial services providers to customers, that all warnings are taken into account. We place accountability for that squarely on the shoulders of the board of management of the firms that sell such products.

One of our colleagues in Seanad Éireann, Senator Shane Ross, said that the Financial Regulator is a laughing stock. Is it a laughing stock? He was referring in particular to the slowness — identified again and again by this report — of the authority's reaction to major events in financial markets, and specifically to the DCC v. Fyffes case which went to the Supreme Court and to serious allegations of insider dealing. What action, if any, has the authority taken on market abuses?

I notice in its 2007 report that there is a very brief reference to anonymous research and securities in publications. There is a report that the authority warned people not to run down Anglo-Irish Bank and one or two other brief references. What did the authority do about the elephant in the room regarding market abuses in this country? Did it not fail in this matter?

In a related issue, the public is gravely concerned about the performance in financial management of a number of professions, including some not directly involved in finance, such as solicitors, estate agents and developers. We have recently had the situation of a prominent solicitor going on the run abroad, and several other solicitors' businesses have been closed down by the Law Society. Solicitors obviously have significant power as executors of undertakings. What action, if any, has the authority taken on any of these matters? Can it substantiate the case that was made in the Seanad or show that it is not a laughing stock?

I hope we are not regarded as a laughing stock but that is not for me to judge. I will leave that to the members' good selves.

Am I free to talk about the DCC-Fyffes matter? I can only speak about this based on what is in the public domain, if that is all right with the Vice Chairman. I do not have information because we do not regulate this entity so I can only provide information about the role of the regulator in this respect. Within that constraint——

I can give a fairly safe answer on this, because I can draw a line in the sand with regard to market abuse. The case mentioned by the Deputy was a highly publicised recent civil case that brought certain findings to light. These findings relate to behaviour that went on in 2001 and 2002 and predate the establishment of the Financial Regulator. At the time, insider dealing and the policing of it was a responsibility of the Irish Stock Exchange. The Financial Regulator only became responsible for the matter in 2006, under the market abuse directive, which includes insider dealing and market manipulation. The activity and behaviour in question, therefore, predated the establishment of our office. We had nothing to do with the oversight of the behaviour in the case mentioned. That case does not apply to us and we are not accountable for it.

For the future, we are responsible for dealing with market abuse. Behaviour that went on around St. Patrick's Day was mentioned. We have an investigation in progress to address the rumours floating around at the time, affecting the financial institution that says it happened and to see to what extent some of the rumours were deliberately created to support deliberate trading strategies by individuals that may have been connected with the firms in question or who may have been in possession of insider information.

The Deputy raised an issue regarding solicitors, estate agents and developers. It may sound as if I am trying to avoid responsibility or accountability for these, but we do not supervise solicitors, estate agents or developers. We have no regulatory role in these matters. If there is any connection between them and our role, it relates to the degree to which the risk that we are presuming may be understood to be managed through reliance on solicitors' undertakings. Perhaps we should, therefore, take a fresh look at the security that solicitors' undertakings provide. However, that is part of a much wider system and we are only a small cog in the wheel in that regard. To be clear, we have no regulatory role in these matters.

The Comptroller and Auditor General states clearly in his report that it has been the Financial Regulator's practice to hold unauthorised lenders to account. A general criticism of the authority is that it chases the little people, the credit unions and smaller operators, but seems to be hands off when it comes to bigger operators.

I cannot control those perceptions. I can only explain the system. We try to apply resources where we see the main risks in the system. There are two elements to that. First, we try to ensure that the institutions with which consumers do business and to which they entrust their life savings and deposits are financially sound and can meet their obligations as they fall due and that they are liquid operations. Second, we try to ensure that these institutions behave in a proper manner in the way they sell their products to their customers. That is what the system is designed to do.

As Deputy O'Brien mentioned earlier, the system also contains a role for the Financial Services Ombudsman. If there are complaints about individual services, people go to him and he feeds us information that helps us target our resources towards areas we see as risky or that represent bad behaviour.

I draw a distinction between the unauthorised people we follow up — those who are supposed to be authorised in accordance with our laws — as opposed to those who do not fall to be authorised under the legislation we operate. We liaise with the Garda to ensure appropriate action is taken in such cases.

The concern we have is that nobody is regulating on the financial side. I return to the Comptroller and Auditor General's report as it relates to the prudential side. From chapter 3 onwards, it outlines a series of significant failures. For example, the authority seems to have major problems with computers and its websites. Even this morning, the website still seems incredibly deficient. A range of documents are on the site in PDF format and no search function is available. The office was criticised about this a long time ago and advised that it should offer better information.

It appears the reports on the number of entities the office is regulating are currently produced manually, potentially leading to an element of human error in the estimates. This was commented on in chapter 3.4. Why has the office a manual system in this era?

Various other comments were made. On auditor reporting, in chapter 3.53 we discover that insurance companies did not send in any management letters or statements from external auditors. With regard to the external auditor function, the insurance companies are missing; they are off the graph. Insurance companies are criticised again and again by the Comptroller and Auditor General and there seems to be a major failure of compliance in that regard.

On the matter of on-site inspections carried out, companies have a very good chance of not being inspected, or just once every four years. My colleague made this point also. There is a four-year cycle, but only 9% of insurance companies were subjected to on-site inspections in 2005 and less than 1% of investment firms. There is a very good chance that companies will not be inspected.

Chapter 3.68 covers review meetings. Why are the review meetings not used as a basic way of keeping track of financial companies? Only 2% of retail intermediaries had review meetings and only 5% of investment firms. It seems there is a litany of problems and difficulties. The committee is concerned about these, particularly as they relate to the prudential role of the authority. The standard of the prudential role is not high enough. The authority has difficulties with staff. I understand that of 350 staff, some 200 are engaged in the prudential side. There seems to be significant staff turnover, reading between the lines of the Comptroller and Auditor General's report and the value for money report.

Would Mr. Neary agree that chapter 3 outlines a series of prudential failures with regard to the invigilation of the financial sector for which the authority is responsible and should get right?

I will try to respond to the questions raised as they were asked. The first related to the use of information technology and the websites. We do not dispute the findings of the Comptroller and Auditor General with regard to our use of IT or the websites. We have now finalised the consumer-based website. It is an extremely good website and would be regarded as one of the best in its class by any fair commentator. We have more work to do on the industry website. I gave a flavour in my opening statement of what will be included in that. The IT is linked to this.

Part of the reason we were not as advanced as we would like to have been with our IT was that we wanted to ensure that we built an IT system that was compatible with the IT systems being built in Europe to collect the prudential and markets data. We now have a web-based reporting system that has validations as good as those anywhere in Europe, and the system is compatible with European systems. I am not an IT expert, but they are compatible through XBRL, a language which enables our systems to engage and talk with the systems in the reporting institutions. This is a huge leap forward for us. We were right to be cautious and take our time.

I agree there is more work to be done, but there is a lead-in time to developing technology. We believe it is better to do it right, rather than rush it through and pretend we have a system. It is essential that we provide value for money and that is our agenda. There is no dispute over the finding. We accept it.

I will deal with that question. The Deputy also referred to the matter of the non-receipt of management letters from the auditors. A different regime had applied in the case of the insurance companies. This regime had been put in place while the insurance companies were supervised by the Department of Enterprise, Trade and Employment. They got an annual directors' compliance sign-off which was reconciled into the annual accounts and which took account of the management letters being provided for the auditors. The insurance supervisor at that time was of the view that the directors' compliance statement addressed this formality of collecting the information for the auditors. To give comfort to the system I do not believe that the system was in any way lacking or remiss in not having the formality of collecting the management letters directly from the accountants and that they fed through the directors' compliance statement. I hope this gives the committee comfort on this matter.

If one looks at the number of inspections I can understand how one might come to the conclusion that there are not enough of them. However, the inspections are part of the overall system of regulation and are part of the risk rating approach. This approach is grounded in a number of different areas of data collection and of exercised judgment. It is based on the information that comes in from the regulatory reports. This is now driven by the European committee of banking supervisors which has set out a large matrix of information which we collect and analyse to assess financial soundness. It also involves discussions with the auditors, review of internal audit reports and on-site visits.

In a large and extremely complex audit, such as a bank, the on-site visits are not about box-ticking but rather to do with conducting an evaluation of the systems of controls, checks and balances. The information from the inspection process feeds into our overall assessment of the risk of that institution. For example, this process put us in the position of being able to identify a weakness in the area of liquidity management. We reacted by requiring the Irish banks to put in place new liquidity arrangements. This had us very well-placed to anticipate the difficulties that emerged last year in the financial markets. I agree with the Deputy that as a headline figure it appears weak but this is part of the overall regulatory arrangement.

Is the Financial Regulator confidentthat the kind of bank run such as occurred in the case of Northern Rock, Bear Stearns in America and others in Germany, could not happen in Ireland given the mechanisms that have been put in place? Some Irish consumers were customers of Northern Rock which seemed to be a web-based bank and it was impossible for Irish users of that bank to gain direct access to their funds. Is the Financial Regulator confident that nothing worse than Northern Rock could happen to Irish-based banks?