article banner

Internal Governance: what to expect under the IFR & IFD?


The Investment Firms Regulation EU 2019/2033 (IFR) and Investment Firms Directive EU 2019/2034 (IFD) establishes a tailored prudential framework for investment firms.  The new prudential regime applies to Class 2 investment firms which are not systemic by virtue of their size and interconnectedness within the wider financial system, i.e. primarily Class 2 type firms (see the classification criteria in our previous publication).

The European Banking Authority (EBA), on 17 December 2020, have published guidelines to further complement the internal governance arrangement, processes and mechanisms within the European Union in line with the requirements introduced by Directive 2019/20134.

The guidelines are currently in draft format and the EBA are due to finalise its updated guidelines on internal governance after the public consultation concluded in the first half of 2021. It is noted that Small and non‐interconnected investment firms (Class 3 Firms) are exempt from the EBA Guidelines on Internal Governance in accordance with Article 25 of Directive 2019/2034/EU.

This fifth publication in our series of article regarding the new prudential regime s will outline the high-level content of these guidelines and the focus required, from each function within investment firms to align with documentation and internal governance arrangements to the regulatory requirements. 

This article focusses on the impact of the new internal governance requirements for Class 2 investment firms as outlined below.

IFR IFD Publication 5 Internal Governance.png


Internal Governance Requirements

This section outlines the different areas of focus of the draft EBA Guidelines on Internal Governance.

Role and composition of the management body and committees:

The role and composition of the management body and committees can be categorized into five separate elements:

  1. The duties of management and the supervisory functions should be clearly defined and distinguished through appropriate terms of reference documents (ToR);
  2. The ultimate responsibility of the management function is to implement firm strategy and liaise with the supervisory function;
  3. The role of the supervisory function should include monitoring and constructively challenging the strategy of the firm;
  4. The chair of the management body should ensure clear allocation of duties between members of the management body and encourage open & critical discussion in the decision-making process; and,
  5. The committees of the management body in its supervisory function must comply with the Central Bank of Ireland (CBI) guidance. The committees should be chaired by non-executive members of the management body.

Governance framework:

The EBA guidelines on governance framework places emphasis around the organisation framework, structures and organisational framework in a group context. The management body of the firm should ensure to have written description of a suitable organisational and operational structures in place. In addition, the reporting lines and allocation of responsibilities should be clear and well-defined as well as avoiding setting up complex and non-transparent structures.

The organisational framework in a group context, the parent investment firm and its subsidiaries should ensure that processes and mechanisms are consistent and integrated on a consolidated basis.  

Risk culture and business conduct:

Investment firms should develop an integrated and firm-wide risk culture, based on a full understanding and holistic view of the risks they face and how they are managed, taking into consideration the firms risk appetite. The risk-culture parameters should be developed through policies, communication and staff training regarding the investment firm’s activities.

Internal control framework and mechanisms

Article 22 of the EU Commission Delegated Regulation 565/2017 discusses the internal control framework of the investment firm should have a permanent and effective internal compliance function with appropriate and sufficient authority and access to the managements body mission and risk management framework.

The overall responsibility of implementing an internal control framework lies with the management body.  The “Three lines of defence” model should be designed, developed and implemented to ensure proper internal control functioning. The internal control framework should cover the whole organisation, including the management body’s responsibilities and tasks, and the activities of all business lines including internal control functions and risk management framework.

Business continuity management & Transparency

Investment firms should establish a sound business continuity management and recovery plan to ensure their ability to operate on an ongoing basis and to limit losses in the event of sever business disruption. In doing so, the investment firm should carefully analyse key drivers of its exposure to severe business disruptions and asses both quantitative and qualitative factors that can potentially impact the firm. Contingency, business continuity and recovery plans should be documented and communicated to all staff with appropriate training provided.

Next Steps

The new internal governance requirements as part of the IFR/IFD prudential framework will require impacted firms to identify and remediate any gaps early to be in a position to comply with the new prescriptions of the EBA Guidelines when the EBA will publish the final version of the aforementioned guidelines.

How Grant Thornton can help

Grant Thornton’s Financial Services Risk, Consulting and Advisory teams have supported a number of investment firms with understanding, preparing for and implementing the prescriptions regarding internal governance in the last decade. In particular, our prudential risk experts have extensive knowledge of the relevant legislation and guidance and the challenges these pose to your firm.

Our experts can help your firm assess its regulatory requirements arising from the new proposed amendments to the revised Guidelines and advise on methods to ensure full compliance balanced with your business needs.

See our Prudential Risk offerings

Subscribe button.jpg