The Central Bank has fined BNY Mellon Fund Services (Ireland) DAC €10.78 million and reprimanded the company for a prolonged series of regulatory breaches relating to its outsourcing of fund administration activities.
It is the largest monetary penalty imposed on a fund service provider in Ireland to date and one of the largest fines ever issued by the Central Bank overall.
The regulator said the case had involved an “aggravating factor” because this Irish subsidiary of Bank of New York Mellon Corporation had failed to take remedial action when the breaches were identified and had also repeatedly failed to complete risk mitigation programmes issued by the Central Bank.
“Had it addressed those failings, the breaches would not have persisted or reoccurred over an extended period of time and in some instances may not have occurred at all,” the Central Bank said.
It identified a total of 16 breaches by the Dublin-headquartered fund administrator, ranging from 26 days to six years in duration and spanning a period from July 2013 to December 2019.
These arose because of its failure to have in place adequate outsourcing governance, its failure to comply with regulatory obligations and its failure to engage openly and transparently with the Central Bank once the breaches were identified.
Despite “protracted intrusive supervisory engagement” by the bank after it first identified problems with how BNY managed outsourcing, the fund administrator “failed to fully remediate all of the issues to the Central Bank’s satisfaction”.
The firm then committed additional breaches “by providing inaccurate and misleading information” and by failing to report breaches as soon as it became aware of them.
In a statement, the fund administrator said it regretted the breaches and has now taken the necessary steps to rectify the deficiencies that gave rise to them.
“BNY Mellon Fund Services (Ireland) DAC sincerely regrets failing to meet its regulatory requirements and the expectations of the Central Bank of Ireland in relation to the oversight of outsourced fund administration activities and related regulatory engagement,” it said.
“We remain steadfastly focused on demonstrating fulfilment of our regulatory obligations and being a strong and trusted partner.”
‘Unnecessary’ potential risks
The Central Bank said the “serious systemic breaches” had undermined BNY’s ability to identify and manage risks and had undermined the regulator’s ability to assess, monitor and supervise BNY’s outsourcing of regulated activities.
The breaches also “created unnecessary potential risks” to clients, investors and the financial markets.
The bank initially set the fine at €15.4 million, but it was reduced by 30 per cent in accordance with its standard settlement discount scheme.
Seána Cunningham, the Central Bank’s director of enforcement and anti-money laundering, said BNY DAC’s entire outsourcing operations had been found to be systemically weak.
“The Central Bank expects firms to take the necessary actions to remediate weaknesses communicated to them and will hold firms fully accountable where they fail to do so,” Ms Cunningham said.
“This investigation also found that BNY DAC failed to act with expediency, transparency and openness, even once it was aware that there were further issues with its outsourcing arrangements. The Central Bank expects firms to be candid in all of their dealings with the Central Bank.
“This is even more important when failures have occurred. Regulated firms must have a culture, driven by their boards, which supports transparency with the regulator.”
The Central Bank has stepped up its focus on the increasing use of outsourcing by regulated firms in recent years, hosting a conference on the topic in April 2019 and issuing cross-industry guidance last December.
An Irish subsidiary of US banking giant JP Morgan was fined €1.6 million in 2019 for regulatory breaches relating to the outsourcing of fund administration activities.
Although it believes firms may have good reasons to outsource certain operations, the regulator has reminded them that it requires full visibility of the activities that are being outsourced.
“If outsourcing is not effectively managed, it has the potential to cause investor detriment and threaten the operational resilience of regulated firms and the Irish financial system,” said Ms Cunningham.
The Bank of New York Mellon Corporation, the ultimate parent of the BNY unit regulated by the Central Bank, is one of the top three fund administrators in the world, while the Irish unit is the second largest fund administrator in the Republic with just over €1.3 trillion in assets under administration.
BNY Mellon first established a presence in Ireland in 1994 and has offices in Cork and Wexford as well as Dublin.
BNY DAC’s principal activity is the provision of fund administration services, often referred to as back office activities, on behalf of fund managers both in the Irish market and globally. Outsourcing is “an integral part” of its operating model, the Central Bank noted.
It said it had “engaged extensively” with BNY since 2014, when it first identified instances in which BNY failed to notify it in advance of outsourcing servicing and activities.
In 2015, despite having told the Central Bank a year earlier that its outsourcing inventory was accurate, BNY notified the bank of the existence of a number of additional unapproved outsourcing arrangements that had been in operation for up to three years.
In May 2017, the Central Bank issued BNY with notice of the commencement of an enforcement investigation arising out of suspected breaches of its regulatory obligations with respect to outsourcing.
BNY told the regulator that an enhanced oversight package had been developed and rolled out to all the impacted funds. It later transpired this had not been fully implemented until July 2018.
In 2019, a BNY internal audit identified breaches in respect to its outsourcing arrangements that were similar to the issues raised in 2017. In May and October 2019, it notified the Central Bank of the breaches. But the notifications “minimised the nature of some of the breaches, failed to identify the number of occasions on which some breaches occurred and stated that remediation was complete when it was not”.
BNY also delayed in reporting three breaches to the Central Bank when they were identified in February, May and October 2019.
On three separate occasions in 2019, the Central Bank instructed BNY to address issues with respect to its governance and operational risks, outsourcing governance model and controls, and the annual outsourcing returns.
BNY only confirmed to the Central Bank in 2021 that it had completed all actions it had been asked to implement by the regulator in 2014, 2017 and 2019.