Sarah Lee Senior Knowledge Lawyer
2024 AT A GLANCE
- Implementation of the Individual Accountability Framework was finalised.
- The fitness and probity assessment process has been undergoing review and enhancement.
- A public consultation commenced on proposed revisions to the Consumer Protection Code 2012.
- The revised European framework for anti-money laundering and counter-terrorist financing was published.
- Changes to the Markets in Financial Instruments Regulation are published to improve trade transparency and access to market data.
- European banking sector reforms are published, including changes to the capital requirements framework.
- The Central Bank of Ireland announced that a new supervisory approach will be implemented in 2025.
REGULATORY AND SUPERVISORY FOCUS
The Central Bank of Ireland (CBI) set out its regulatory and supervisory priorities for 2024 in its Regulatory and Supervisory Outlook Report and in a letter from Governor Makhlouf to the Minister for Finance. The CBI’s regulatory priorities included implementing the Individual Accountability Framework (IAF), developing a revised legal framework for consumer protection, and addressing systemic risks from the non-bank sector. Its EU-driven regulatory priorities included implementing the Regulation on Digital Operational Resilience (2022/2554/EU, DORA) and the Regulation on Markets in Crypto Assets (2023/1114/EU, MiCAR). The CBI’s supervisory priorities covered a range of areas, such as:
- risk management
- governance
- consumer and investor protection
- financial resilience
- anti-money laundering and counter-terrorist financing (AML/CFT)
- climate-related transition risks
The CBI recently announced that it will adopt a new supervisory approach from January 2025. The new approach will remain risk-based but will be adapted to deliver a more integrated approach to supervision. It will involve integrated teams with expertise in different areas, such as conduct, governance and financial resilience.
ENFORCEMENT AND INVESTIGATIONS
Following completion of an investigation under its administrative sanctions procedure (ASP), the CBI fined Goodbody Stockbrokers Unlimited Company €1,225,000 for breaching requirements in the Market Abuse Regulation from July 2016 to January 2022. The breaches, which were first identified by the CBI during a thematic review, related to a failure to have effective arrangements, systems and procedures (including a trade surveillance system) to monitor, detect and report suspicious orders and transactions relating to market abuse. Remarking on the matter, the Director of Enforcement stated that the CBI expects the boards and senior management of firms to take full ownership of the governance of market conduct risk.
In November 2024, the CBI fined Waystone Fund Management (IE) Limited (WFM), an alternative investment fund manager, €393,512 for breaching requirements in the European Union (Alternative Investment Fund Managers) Regulations 2013 between May 2018 and August 2020. The breaches related to WFM’s appointment of an investment manager, whereby WFM failed to, among other things, conduct adequate due diligence, monitor delegated activity, identify and manage conflicts of interest, have adequate risk management systems and act in the best interests of investors. The Director of Enforcement stated that the enforcement action reflects the CBI’s continued focus on investor protection requirements.
Towards the end of November 2024, the CBI fined BlueSnap Payment Services Ireland Limited (BlueSnap) €324,240 for breaching requirements of the European Union (Payment Services) Regulations 2018 (the 2018 Regulations) between January 2021 and December 2022. BlueSnap, which provides merchant acquiring services, breached safeguarding requirements in the 2018 Regulations by failing to deposit its customers’ funds in BlueSnap’s designated safeguarding account and failing to segregate its customers’ funds with other funds. The Director of Enforcement stated that safeguarding of customer funds will continue to be a key area of supervisory focus for the CBI.
At the end of last year, the CBI published updated guidelines on the ASP, outlining extensive changes to the ASP and the inquiry process as part of the CBI’s implementation of the IAF.
In February 2024, the Irish Financial Services Appeals Tribunal (IFSAT) published a determination in relation to a decision by the CBI to refuse to approve an individual’s application for the appointment to two Pre-Approval Controlled Functions (PCF) roles in a fund. IFSAT found issues regarding how the CBI managed the fitness and probity (F&P) assessment process, including the failure to apply fair procedures during the decision-making process. IFSAT remitted the matter back to the CBI, directing it to reassess the PCF applications having regard to IFSAT’s detailed findings. A further decision from the CBI is awaited.
FITNESS AND PROBITY
At the end of 2023, the CBI updated its F&P Standards and Guidance on F&P Standards to reflect some of the reforms under the IAF. The updates comprised amendments to the requirements to act honestly, ethically and with integrity, the inclusion of certain holding companies within the scope of the documents and the addition of the new certification process for individuals to be appointed to Controlled Functions (CF) roles.
Following the determination of IFSAT mentioned above, the CBI announced it would commission an independent review of its F&P assessment process to ensure it remains effective and to identify areas for improvement. The CBI published the terms of reference for the review in March 2024 and the findings and recommendations in July 2024. The findings reflect themes such as clarity of supervisory expectations, internal governance of the F&P assessment process, and fairness, efficiency and transparency of the process. Included in the detailed recommendations was the recommendation to amend the F&P Standards to reflect good practices in other jurisdictions, and to consolidate the F&P Standards with CBI guidance and codes relating to F&P, minimum competency and corporate governance. The CBI stated that the recommendations “should be” in place by the end of 2024.
IAF
The implementation of the IAF, including the senior executive accountability regime (SEAR), was finalised this year following the publication of several legislative acts (see below), representing some of the most impactful regulatory developments in Ireland in recent years.
At the end of last year, the CBI published two sets of regulations (SI 663/2023 and SI 664/2023), which prescribe new and amended PCF roles for certain regulated firms and new PCF and CF roles for certain types of holding companies of those regulated firms. The new PCF roles are ‘Head of Client Asset Oversight’ in credit institutions and ‘Head of Material Business Line’ in insurance undertakings and in investment firms. For holding companies, the new PCF roles are ‘the office of the chair of the board of the holding company’ and ‘the office of director of the holding company’. The PCF role of ‘Branch manager of branches established outside the State’ (PCF-16) was amended by the introduction of a materiality threshold, whereby the branch manager will only be a PCF-16 role in circumstances where the business arising from the branch amounts to 5% or more of the assets, revenues, or gross written premium of the regulated firm. In February 2024, the CBI published an information note providing guidance on the application and impact of the new materiality threshold.
In January 2024, the CBI published regulations referred to as the ‘Certification Regulations’ (SI 2/2024). These specify requirements regarding certificates of compliance issued by regulated firms under section 21 of the Central Bank Reform Act 2010, including in relation to the form, content and period of validity of the certificate, and the adoption of related procedures, systems and checks by firms.
As a final step to implement the IAF, the CBI published regulations (SI 147/2024) to bring SEAR into effect for all PCFs of in-scope firms from 1 July 2024 (except for non-executive directors and independent non-executive directors, in whose case the regulations will apply from 1 July 2025). SEAR clarifies senior individuals’ roles and responsibilities and enhances the CBI’s ability to hold those individuals to account for regulatory breaches in the area for which they are responsible.
REVIEW OF THE CONSUMER PROTECTION CODE 2012
Another key Irish regulatory development was the CBI’s launch of a public consultation as part of its review of the Consumer Protection Code 2012 (the CPC) in March 2024. The CBI’s review of the CPC comes amid new product offerings and technological developments in the financial services industry, which necessitated a re-evaluation of the existing requirements to ensure continued efficacy and relevance so that consumers remain protected.
The CBI proposes to replace the CPC with two new sets of regulations. One set will contain ‘Standards for Business’ that were originally anticipated under the IAF and will replace the existing ‘General Principles’. The Standards for Business will be complemented by ‘Supporting Standards for Business’, which provide further detail on how firms should comply with the standards. This second set of regulations will contain new, enhanced and existing conduct of business requirements, which will apply on a cross-sectoral basis or a sector-specific basis. The new and enhanced conduct of business requirements focus on themes such as:
- digitalisation
- informing effectively
- mortgage credit
- unregulated activities
- fraud
- vulnerable consumers
- climate sustainability
The CBI also published two new guidance documents as part of the consultation. The ‘Guidance on Securing Customers’ Interests’ outlines detailed expectations in relation to firms’ obligations under the new Business Standard to secure customers’ interests. The ‘Guidance on Protecting Consumers in Vulnerable Circumstances’, as the name suggests, outlines expectations in relation to the identification and treatment of vulnerable consumers.
The CBI expects to publish the new regulations and guidance in early 2025 and they are expected to apply 12 months from the date of publication.
AML/CFT
The European Commission’s legislative package of enhanced AML/CFT rules was published in the Official Journal of the EU in June 2024 comprising Regulation (EU) 2024/1624 (the AML Regulation), Directive (EU) 2024/1640 (AMLD 6) and Regulation (EU) 2024/1620 (the AMLA Regulation). The package also included a fourth act – the Transfer of Funds Regulation (Regulation (EU) 2023/1113) – which applies from 30 December 2024.
To harmonise AML/CFT rules in the EU, the provisions of the Fourth Anti-Money Laundering Directive have been enhanced and moved to the AML Regulation, while the Fourth and Fifth Anti-Money Laundering Directives will be repealed. AMLD 6 contains rules on beneficial ownership, responsibilities of financial intelligence units and supervision at a national level. Member States must transpose most of AMLD 6 into national law by 10 July 2027 (although a provision on the accessibility of beneficial ownership central registers must be transposed by 10 July 2025 and another by 10 July 2026). The AML Regulation also applies from 10 July 2027. The AMLA Regulation (most of which applies from 1 July 2025) establishes a regulatory authority for AML/CFT and introduces an integrated supervisory system for the financial and non-financial sectors.
For more on what to expect from this legislation, see our latest client briefing.
INVESTMENT SERVICES
In March 2024, two pieces of EU legislation to amend the Markets in Financial Instruments Directive (MiFID II) and the Markets in Financial Instruments Regulation (MiFIR) were published (Directive (EU) 2024/790 and Regulation (EU) 2024/791). The amendments are based on European Commission proposals following a mandatory review process to assess the functioning of the regime after two years of application. They relate to wholesale market areas and primarily aim to enhance trade transparency and access to market data, improve the level playing field between execution venues and maintain the global competitiveness of EU financial market infrastructures.
BASEL III REFORMS
To implement the final Basel III standards in the EU banking sector and separate EU-specific reforms, two pieces of EU legislation amending the Capital Requirements Directive and the Capital Requirements Regulation were published in June 2024 (Directive (EU) 2024/1619 (CRD 6) and Regulation (EU) 2024/1623 (CRR 3)).
CRD 6 will:
- impose requirements on EU credit institutions and their holding companies to pre-notify competent authorities and, in some cases, obtain pre-approval for certain share transfers, business transfers and mergers
- introduce a new regime for third-country branches
- require the integration of ESG risks into governance arrangements and risk management frameworks.
CRR 3 aims to boost the financial resilience of EU credit institutions by implementing the Basel III standards, which include:
- updates to the methodology for calculating credit risk
- a new standardised approach for operational risk
- a revised market risk framework
- a new output floor to standardise risk assessments
- a revised credit valuation adjustment risk framework
- enhanced disclosure requirements relating ESG risks
Member States are required to transpose CRD 6 by 10 January 2026 and apply the transposing measures from 11 January 2026, save for certain provisions relating to the new third-country branch regime, which have a later application date. CRR 3 will apply from 1 January 2025 subject to a number of provisions that will apply from different dates, including on a phased basis. In addition, application of the revised market risk framework, referred to as the “fundamental review of the trading book” (FRTB), has been postponed by one year to 1 January 2026. The postponement is intended to maintain a level playing field between the EU and the United States, which has delayed implementing the FRTB standards.
LOOKING AHEAD
- The Finance (Provision of Access to Cash Infrastructure) Bill 2024 (the Bill) began the legislative process in Dáil Éireann prior to the announcement of the General Election and the dissolution of the Dáil. The Bill aims to ensure that sufficient and effective access to cash infrastructure is available to individuals and small and medium-sized businesses in Ireland. Due to dissolution, the Bill has now lapsed, and it is not known if it will be reinstated when a new Government is formed (see Legislation and the dissolution of Dáil Éireann for more on the impact of elections on legislation).
- From 17 January 2025, DORA will introduce a harmonised regulatory framework, requiring EU financial entities to enhance their information and communication technology (ICT) and cyber risk management so that they can effectively mitigate against, respond to, and recover from ICT-related incidents and cyber threats.
- The provisions in MiCAR applicable to crypto-asset service providers will apply from 30 December 2024. This will represent full application of MiCAR, as issuers of e-money tokens and asset-referenced tokens have been subject to applicable requirements in MiCAR since 30 June 2024.
- The legislative proposals for a third Payment Services Directive (PSD 3) and a Payment Services Regulation (PSR) will progress through the EU’s legislative process next year. The most significant change proposed by PSD 3 is the introduction of a sole licensing requirement and process for firms providing payment services or e-money services, thereby consolidating the regulatory regime for such firms. The PSR will contain detailed requirements applicable to the provision of payment and e-money services.
- The EU’s proposed retail investment package is expected to progress in 2025. The key pillar of the package is a directive to enhance the existing retail investor protection framework provided for in sector-specific legislation (MiFID II, the Insurance Distribution Directive, the UCITS Directive, the Alternative Investment Fund Managers Directive and the Solvency II Directive). See the Asset Management chapter for more on this.