Introduction (Kerry Beaumont)
“I have no intention of ever having to look at the RBNZ’s Enforcement Framework”.
Ouch. That is what the General Counsel of a New Zealand bank said to me after I suggested that our Enforcement Framework would provide an insight on how we would deal with a breach.
The conversation quickly moved on. So, I did not need to respond to the point in the meeting.
However, I did reflect.
Both from the perspective of my current role and from the perspective of a private practice lawyer (my previous life). And you know what. I thought their comment was fair enough.
There are very few members of society who decide to breach the law. I doubt anyone in this room, or any of your clients, arrived at work today and decided not to comply with the social licence that you, or your employers have been given to conduct business in New Zealand. We know that huge amounts of mahi is put into policies, procedures, frameworks and controls to try and make sure that the rules and regulations are complied with.
However, things do happen. We work in a complex, increasingly regulated and interconnected world. And sometimes, the rules - are simply not met.
As kaitiaki (guardian) of the financial system, our supervision and enforcement activities provide confidence to New Zealanders (and people dealing with New Zealand) that our institutions are financially sound and that regulatory standards are being met across the financial sector.
In other words, our enforcement function supports regulatory discipline and in so doing provides incentives for self– and market-discipline to operate effectively.
So, if you are going to take away just one point from our time together today, could I suggest it be this one.
Where non-compliance is identified our legislation allows the Reserve Bank to investigate and take enforcement action where appropriate. But that is not the end of the story. The RBNZ has an Enforcement Framework. It is on our website. This is our policy that applies to how we exercise our enforcement discretion. Very briefly:
- Principles and Criteria Guidelines describe the fundamental considerations that we will work through and weigh when deciding on the appropriate enforcement response. Our key principles are proportionate, risk based and transparent.
- Investigation Guidelines describe our approach to a formal enforcement investigation.
- Enforcement Guidelines describe our escalating regulatory response model.
Therefore, if something does happen - for example you, or your client, identifies that, say, there has been a breach of the AML rules - take a look at the framework and our Relationship Charter and take it from there.
So, with that said, those who wanted one point to report back to your boss – you have now got it. You can sit back and relax, or you can listen to a bit more. I am very lucky to be joined by my wonderful colleagues today, Francesca Greig, Senior Legal Counsel and Gareth Bostock, Manager of Enforcement. We are going to split our talk into three parts.
- First, I am going to provide a bit more colour on where the RBNZ is today, and how our enforcement function fits into this bigger picture.
- Francesca is then going to fill us in on what we are charged with enforcing.
- Gareth is then going to take us through our Enforcement Framework in a little more detail. He will also talk briefly to our recent enforcement actions.
We hope this will take about 40 minutes, we can then take a few questions at the end. Before we launch in any further though, I thought I would just clear up my title. As you may have noticed, I am the director of both Enforcement and Resolution.
Based on my scientific research (i.e., CVs of people who have applied for jobs in our resolution function), sometimes resolution is interpreted as being short for “dispute resolution”.
This is not the case. Resolution, in terms of my job description, covers dealing with regulated entities that are in financial distress. Resolution is where the regulator steps in to deal with a non-viable regulated entity when it is necessary to do so for financial stability reasons. There have been some recent examples off shore – Silicon Valley Bank, Signature Bank, Credit Suisse and First Capital Bank.
That said, we are confident that the banks we are responsible for supervising have sound liquidity and funding positions. We have set up a dedicated resolution function, not because of concerns within the system, but as part of intensifying our supervision activities and looking ahead in preparation for our role as resolution authority under the Deposit Takers Bill. This will ensure that our function is modern and strong in accordance with best international practice.
Here is a slide that shows Enforcement against Resolution. This can be found in our Statement of Prudential Policy on our website.
If you are interested in reading more about our assessment of the state of financial stability in New Zealand, you might want to take a look at our most recent Financial Stability Report published earlier this month (May 2023).
The Reserve Bank in 2023 and the place of enforcement
As an institution, Te Pūtea Matua, the Reserve Bank is going through the most significant changes since the 1980s. The reforms are known as “The Review”.
Phase 1 of the Review dealt with our approach to monetary policy. They came into force on 1 April 2019 and provided us with a dual mandate – price stability and contributing to maximum sustainable employment – and established our Monetary Policy Committee (MPC), replacing the single decision-maker model. This is no doubt the most high profile part of our collective mahi at the moment. However, Gareth, Francesca and I are not the right people for insights on what the MPC might do next on the OCR, or house prices. So, we will leave Phase 1 there.
We are now in Phase 2 of the Review.
This has involved RBNZ and the Treasury reviewing our institutional and financial stability framework, almost from a ‘clean slate’. In broad terms, the objective has been to build a framework that meets international best practice and at the same time is fit for purpose for Aotearoa New Zealand. The findings from the 2016/17 International Money Fund, Financial Sector Assessment also fed into the Review.
This is what I want to talk to you further about, as this context helps to demonstrate the purpose and place of our enforcement function.
So, I will first start with the institutional reforms which came into place on 1 July under the Reserve Bank of New Zealand Act 2021.
The 2021 Act provides that our new overarching purpose is to ‘promote the prosperity and wellbeing of New Zealanders and contribute to a sustainable and productive economy’.
The Act also gives us a new overarching financial policy objective of ‘protecting and promoting the stability of New Zealand’s financial system’. This recognises our role in mitigating risks to the financial system, and provides direction for sector-specific regulation. It also recognises the role in stabilising the financial system during times of stress.
We now have a new Board, and modernised leadership structure – as outlined on our website.
We also now work under a Financial Policy Remit, Statement of Prudential Policy, Statement of Intent and Statement of Expectations – all of which, together with our legislation provide the foundational roots for our role as modern kaitiaki of the financial system.
The Council of Financial Regulators (known as ‘CoFR’) was also formed under the 2021 Act. CoFR is a key forum to facilitate regulatory co-ordination. If you have not done so already, please have a look at their website. In particular, the Regulatory Initiatives Calendar, which I believe is a step in the right direction in terms of co-ordination of regulatory initiatives.
Our Relationship Charter and Enforcement Framework have been designed to work in harmony with these modernised foundations.
Very briefly:
- Our Statement of Intent sets out our strategic objectives and how we intend to achieve them. With regards to enforcement, this document provides that we are intensifying our supervisory and enforcement activities. In doing so, we are promoting financial soundness and increasing confidence that our regulatory standards will be met by participants in New Zealand’s financial sector.
- Our Statement of Performance Expectations sets out specific targets that we aim to achieve in the year ahead, and how our performance against those targets will be measured and reported on.
- The Financial Policy Remit is issued by the Minister of Finance from time to time. The current Remit guides us to seek a strong, efficient, innovative and inclusive financial system.
- Our Statement of Prudential Policy outlines that we will be proactive, evidence-led and risk-based, proportionate, collaborative and outcomes-focussed.
- Our Relationship Charter holds us to account to have clear, consistent and timely communication and to work together with the industry to prioritise our shared mahi.
The Deposit Takers Bill (‘DTB’), currently before Parliament, will complete these reforms. The Bill, once enacted and in force, will replace the existing prudential regulatory regime contained in the Banking (Prudential Supervision) Act 1989 and the Non-bank Deposit Takers Act 2013.
The integration of these previously separate regimes will create a single, consistent framework for the regulation and supervision of financial institutions that essentially engage in the same activity – the business of taking ‘deposits’ from the public, and lending to individuals, households and businesses. This will be a major change for financial institutions in New Zealand and for the Reserve Bank as prudential regulator. For enforcement, we will have new tools that are designed to provide a range of options that will further facilitate a proportionate, risk-based, and transparent approach to enforcement.
Assuming the Bill is passed in its current form, there is a lot to work through as we move towards operationalising the new regime. In particular, later this year, we will be consulting on a proportionality framework, which will deal with how we will take into account the proportionality principle in the Bill when developing prudential standards. You will see that the Enforcement Framework already contains “proportionality” as a principle, and we will adjust and calibrate for cohesion with our work on DTB implementation (and other law reform progresses).
This slide shows the current timing for the introduction of the DTB (or ‘DTA’ as we sometimes refer to it – noting, of course, the Bill has not yet passed into law).
So, with that whirlwind journey through our 2021 Act and the current prudential reform (noting that, in the time available, I have not mentioned the Insurance (Prudential Supervision) Act, the Financial Market Infrastructures Act or the Anti-Money Laundering and Countering Financing of Terrorism Act), I will now hand over to Francesca.
What we are charged with enforcing (Francesca Greig)
Kerry has given you a rundown of where we’ve come from and where we’re going as a function – namely why we do what we do. I’m going to speak a little about what it is that we do. Gareth, will then outline how we do what we do.
So firstly, our remit. Who do we regulate? You might know this because you’re regulated or you represent an entity that is regulated – but the scope of our reach is quite wide.
Who we regulate
New Zealand has an informal “twin peaks” model of regulating the financial services sector. The Reserve Bank and Financial Markets Authority (FMA) work hard to collaborate to jointly supervise the sector - each bearing responsibility for it, but tasked with separate functions. The FMA’s remit is primarily conduct regulation and the Reserve Bank’s remit is largely prudential.
Prudential supervision
We prudentially regulate four key sectors.
Looking at these briefly in turn:
- Registered Banks – there are 27 registered banks, four of which are the NZ subsidiaries of the four large Australian owned banks, and together they’re responsible for 85% of bank lending.
- Licensed Non-Bank Deposit Takers or “NBDTs” – these are entities that are not registered banks but that offer certain debt securities to the public and carry on the business of borrowing and lending money, or providing financial services, or both. There are presently 15 licensed NBDTs operating in New Zealand and we maintain a register of these on our website.
- Licensed Insurers – there are 89 insurers licensed to carry on insurance business in New Zealand, just over half of which are foreign owned. Again, we keep a public register of licensed insurers and their current financial strength ratings on our website; and finally
- Financial Market Infrastructures or “FMIs”. FMIs are multilateral systems or arrangements that provide clearing, settlement or recording services relating to transactions within the financial system. There are presently five designated settlement systems and, again, these are listed on our website.
Further to these, we monitor the regulatory perimeter and keep tabs on any entities holding themselves out to be registered or licensed. There are offences under each of the Acts governing the four buckets I’ve just described for any entity that represents (or rather misrepresents) that it is registered, licensed or otherwise regulated when it is not.
AML/CFT supervision
Under the AML/CFT Act, the Reserve Bank is the AML/CFT Supervisor of registered banks, life insurers, NBDTs, as well as designated business group members who would otherwise ordinarily be supervised by either the FMA or DIA. There are 70 reporting entities RBNZ supervises for AML/CFT compliance. In the life of our Enforcement function to date, amidst all manner of referrals we’re charged to receive, AML/CFT Supervision is by far our most frequent flyer!
The laws we administer
Dotted around the slide you’ll see the core Acts where we are the regulator. Together with their corresponding regulations and standards, they prescribe the regulatory framework within which entities must operate and they confer on us certain powers to enforce against non-compliance.
Our toolkit – current suite of powers
Ok. So, you work for a regulated entity – you’ve spotted a potential compliance issue – and you’ve picked up the phone or emailed your Reserve Bank supervisor to self-disclose the issue (of course)…You’ve been working closely with your supervisor to confine and remediate the issue and you may be aware the issue has the potential to justify an enforcement response. Ultimately now, you’ve been notified that the matter has been referred to enforcement for investigation.
What do we do? What can we do?
Information Gathering
First and foremost, we gather information. We want to find out as much as we can about the circumstances, risk profile, root cause and downstream impacts of the potential breach.
- Supervision: We start with internal sources. Our first port of call (and generally the source of the referral) is always the relevant supervision team. Our departments work very closely together. Enforcement may use relevant information provided to our supervision functions in the course of the supervisory relationship. We also use publicly available information and we can engage with other regulators.
- Regulated entities: We’ll then reach out to you. There are a number of ways regulated entities can provide information to the Bank:
i. You can do so voluntarily; or
ii. On a compelled basis by report or by statutory notice. This is certainly some entities’ preference. - Reports: If not already done as part of our supervisory processes, we may require reports on any corporate, financial, prudential or operational matters. These reports put the onus on the investigated party to analyse information and address issues we raise – this can actually help to expedite the investigation as you’re often best placed to assess your own data and provide commentary.
- Formal notices: We can issue formal notices under all of our legislation requiring information to be provided to us on a compelled basis. The recipient’s obligations do depend on which Act the notice is issued under but, for the most part, it is an offence not to comply with a formal notice, or to fail to provide a report when required, and that can carry fairly weighty penalties. With that in mind, we’re often very happy to share information requests in draft and to discuss the scope and timeframes to ensure it’s something you can actually respond to before we formally issue.
- Search warrants: In certain circumstances, it is necessary to collect evidence by search warrant and this is possible in both AML/CFT and prudential matters.
- Interviews: Finally, we might invite an investigated party or its representatives to attend a formal interview with us to discuss the non-compliance. In prudential matters, these interviews are, at present, voluntary.
Information gathering comes in different forms and may come in several waves from us depending on the nature and extent of an entity’s response.
Formal Enforcement Responses
Once we’ve got the information we need, we’ll analyse this by reference to our Enforcement Framework, which Gareth will talk you through, and ultimately reach a recommendation as to the appropriate outcome. There are a number of tools we can engage to respond to non-compliance.
So what can you expect? Let’s work up the ladder.
- No enforcement response: referrals are made to us if a matter has the potential to justify an enforcement response, so it’s of course possible there won’t be one. There may however be a supervisory response, such as board engagement, issuing directions, increased reporting or oversight of remediation.
- Infringement notices / fees: Infringement notices are a new power that the Reserve Bank has under the RBNZ Act 2021 to address infringement offences (being failure to respond to s262 information request notices or failure to comply with a notice to test and report on bank note handling machines). Infringement notices will also feature in the DTA. They’re designed to provide a targeted, timely and cost-efficient enforcement outcome for the more minor and unambiguous offences.
- We may issue (a) public or private formal warnings; (b) statutory warnings under the AML/CFT Act, such as those issued to Westpac Banking Corporation, NZ Branch in 2021 and BNZ in 2022, (c) changes of licensing conditions, or (d) removal of directors. We may also not take formal enforcement action, but issue a media statement, for example regarding closure of an investigation into non-compliance, as was done in respect of ANZ last month.
- Enforceable undertakings: In AML/CFT matters, we can accept enforceable undertakings – commitments from entities that are enforceable in court.
- Court-response: And finally, where the non-compliance is serious, repetitive, systemic, or causes serious harm to the financial system, a court response may be the only appropriate response to achieve our purpose and objectives. Our higher-level enforcement responses include civil action for pecuniary penalties or injunctive relief in AML/CFT matters, or prosecution of offences under AML/CFT and prudential Acts. A recent example being the civil pecuniary penalty proceedings brought against TSB Bank in 2021.
Our toolkit – the expansion pack – powers and outcomes under the DTA
We have a broad mandate to protect the integrity of, and maintain public confidence in, the financial system, but we haven’t to date been armed with a full toolkit that some of our counterparts, at home and abroad, are equipped with. The toolkit has been lacking the full range of graduated options, certainly in the prudential space, with a somewhat disproportionate focus on criminal penalties.
Kerry spoke about the Review of the 1989 Act, the second phase of which involves replacing the prudential regime in that Act and the NBDT Act with the Deposit Takers Act – the DTA.
A key driver of the legislative review has been ensuring the Reserve Bank has all the necessary modern tools to supervise and enforce compliance, and to resolve failing institutions. Doing so acknowledges that enforcement actions sit naturally along a continuum as we fulfil the role of midwife, cop, judge and undertaker in one for our supervised population.
Now I preface my next comments, about anticipated changes under the DTA, by noting that of course, when I say DTA, it remains a Bill and the Bill has not yet passed so the summary that follows is based on the bill as reported back by the Finance and Expenditure Committee.
There will be a lot of changes for us all under the DTA, so I’ll just highlight a few changes that relate to what I’ve been speaking about today from an enforcement perspective.
In terms of information gathering powers, note the addition of two things:
- On-site inspection in the prudential context. This tool will primarily be used in the course of routine supervision, but it may feed into our approach to information gathering. During the on-site, the Reserve Bank can require employees, directors and agents of deposit takers to answer questions and provide information. It will be an offence to refuse to comply or otherwise obstruct the inspection.
- Questioning under oath: Similarly, we’ll have the power under the DTA to appoint an investigator who will be able to compel the provision of information including the questioning of any director, employee, or any other person, under oath or affirmation.
In terms of enforcement responses, we’ll see at least three key changes:
- Infringement notices to respond to the introduction of infringement offences for a broad range of prudential failings. Infringement notices are an efficient and proportionate means of incentivising compliance with relatively minor prudential requirements.
- We’ll be able to accept enforceable undertakings in new contexts. We’ve had these for AML, but this will be a new feature in the prudential space. As the undertaking is agreed with the entity, it has the potential to result in much more tailored, proportionate and efficient outcomes than could be achieved by a direction or court action.
- Finally we’ll see civil pecuniary penalties for prudential non-compliance which demonstrates a rebalancing away from the current emphasis on criminal penalties. This is a more proportionate response for breaches that are neither reckless nor deliberate, but pecuniary penalties will nevertheless still be reserved for significant breaches of regulatory requirements.
I’ll pass over to Gareth to discuss our Enforcement Framework.
Regulatory Response Model (Gareth Bostock)
We apply an escalated regulatory response model which shows how we escalate our response to the nature of the breach.
This is not a sequential model of intervention and the tools listed in the model are only examples. We choose the most appropriate tool or combination of tools from anywhere within the model to suit the circumstances. There may be overlaps or tools that run in parallel.
We have the ability to use a proportionate approach to escalate and intensify our actions as appropriate.
Most issues will be handled in the course of normal Supervision. If a problem is not addressed, there may be heightened supervision.
But if non-compliance persists or involves serious non-compliance referral to enforcement will be necessary for an investigation to be carried out.
The findings of the investigation will determine what response is needed, so all responses in the model (refer slide) will still be available. In order to determine an appropriate enforcement response an enforcement framework is an essential tool.
We will prioritise the investigation of matters that pose a risk to us fulfilling our financial stability objective and/or achieving the specific purposes and objectives of our legislation.
Enforcement Framework
I am going to refer you to these documents on our website, hoping I get a different response than Kerry did. Nonetheless, this overview will be a useful starter.
The Enforcement Framework is public so you know what our approach to investigation and enforcement will be.
I am going to ask and answer an important question. What is an investigation? An investigation is an in depth inquiry into events to establish the facts of a matter, with evidence collected in a forensic way. It is not a search for facts to prove a breach. It is wider than that. We want the truth!
So, when Enforcement opens an investigation please don’t think we are just out to get you - we’ll be out to get you after a breach has been established…..of course I am joking…or am I? [joke]
The Enforcement Framework comprises of three parts as shown on our slide:
- Enforcement Principles and Criteria
- Enforcement Guidelines
- Investigation Guidelines
We consulted with the industry on the Principles and Criteria and also used the submissions when developing the guidelines.
Enforcement Principles and Criteria:
The Enforcement Principles and Criteria describe the fundamental considerations for the enforcement framework that we will work through and weigh when deciding on the appropriate enforcement response.
They also provide us with a lens through which we evaluate enforcement matters. This allows us to provide consistency about the way we select matters for investigation, carry out investigations, and ultimately take decisions relating to enforcement matters.
Our three enforcement principles are:
- We will adopt a risk-based approach. This involves an assessment of key factors such as the nature of the regulated entity and the seriousness and significance of the non-compliance or issue involved. We will look broadly at the circumstances of the non-compliance.
- We will be proportionate. This involves an assessment of the burden and cost of an enforcement response. Accordingly, an enforcement response will be scaled to: the significance of the non-compliance; the level of harm or potential harm involved, and the expected benefits from that enforcement response.
- We will be transparent which has two important factors, transparency of process and transparency of outcome.
Our four enforcement criteria go into more detail about how these principles will be applied. These are considerations of the following factors:
- Seriousness of conduct which considers the prevalence of non-compliance; the period of non-compliance and repetition in the firm or the sector; the magnitude and impact of non-compliance, and executive or operational knowledge within the entity.
- Responsiveness which includes assessing the entity’s co-operation with RBNZ; the entity’s relevant compliance history; and the entity’s conduct in proactively resolving the non-compliance.
- Public trust and confidence in which we consider whether an enforcement response would promote public confidence in the law or in the financial system, including whether an enforcement response is consistent and fair. We assess whether the enforcement response will provide a deterrence value and whether an enforcement response will promote the maintenance of the law.
- Efficacy is where we analyse the strength of evidence and any available credible defence. We also look to see whether the proposed action will support other regulatory bodies objectives, and any relevant potential outcomes of proposed action.
The Enforcement Principles and Criteria are necessarily drafted at a high level as they are intended to apply to all of the areas for which we are responsible.
Enforcement Guidelines
The Enforcement Guidelines describe in more detail how we apply our escalating regulatory response model and further detail on how we apply the Principles and Criteria when selecting the appropriate enforcement response.
An example of this escalating response in practice is TSB Bank Ltd.
RBNZ brought civil proceedings against TSB Bank Ltd in which the High Court ordered TSB to pay a pecuniary penalty of $3.5 million for various acknowledged breaches of the AML/CFT Act. These proceedings were an escalated regulatory response to continued non-compliance by TSB and followed a formal warning we previously issued in 2016 for failures relating to its review and maintenance of its AML/CFT risk assessment.
Investigation Guidelines
The Investigation Guidelines describe our approach to investigations and how we apply the principles and criteria throughout the lifecycle of an investigation. They also describe our use of information gathering powers under our legislation.
Conclusion
That is a run through of the Reserve Bank’s Enforcement Framework.
Taken together, we are confident that these will inform anyone who is the subject of an investigation of what to expect during the investigation process.