Governor Makhlouf delivers speech on Central Bank’s financial consumer protection role at publication of OECD review

On 16 December 2024, Governor of the Central Bank (“Central Bank”), George Makhlouf, delivered a speech (“Speech”) at an event marking the publication of the OECD review (“Review”) of the Central Bank’s consumer protection supervisory functions.

The Governor acknowledged that the Review is the first of its kind carried out by the OECD, providing an  opportunity, instigated by the Central Bank, for the Central Bank’s consumer protection supervisory functions to be assessed against the global standards of the G20 / OECD High – Level Principles on Financial Consumer Protection (“Principles”).

Governor Makhlouf reiterated the importance of consumer protection, particularly against a background of a fragmenting global economy and challenges presented by technology, climate and unprecedented innovation. In this regard, he highlighted the need to be able to adapt, evolve and transform. The Governor emphasised that a key element of the work being carried out by the Central Bank, in terms of adapting / evolving, is the finalising of its review of the Consumer Protection Code (“CPC”), a review that builds on the existing code and reflects the provision of financial services in a digital world. Governor Makhlouf confirmed that publication of the CPC is expected in early 2025. 

The Central Bank’s transformation of regulation and supervision was also referenced by the Governor and in the context of consumer protection, he reiterated that the new supervisory model will place consumer protection at the centre of day to day supervision – an approach that will ensure the protection of financial services consumers in a changing financial landscape, as highlighted in the Review. Further, the Governor stated that the Review, and its recommendations, will support the Central Bank in implementing its transformed supervisory approach. The implementation of the recommendations in the Review will compliment, not only the Central Bank’s new regulatory and supervisory framework, but also the new CPC with the goal of ensuring that regulated firms are operating under a modernised set of rules.

OECD Review findings and recommendations

Overall, the Review found that the Central Bank is strongly committed to fostering and upholding the G20 / OECD Principles, aligns with international standards and that its practices are consistent with peer regulators. Further, the Review found that the Central Bank is committed to transforming its approach to supervision, ensuring it remains in a position to meet its objective of ensuring consumers of financial services are protected in all respects in a changing and increasingly complex and interconnected financial landscape.

However, the Review also identifies areas for improvement and sets out a series of recommendations. The Review states that its recommendations are intended to support the Central Bank’s transformation and they touch on some of the areas of strategic focus for the Central Bank, including accelerating the evolution of its risk - based supervisory approach. Delivered in conjunction with an integrated supervisory approach, the Review maintains that the recommendations represent an opportunity for the Central Bank to drive ever better outcomes for consumers. 

The recommendations of the Review are grouped under six themes as follows:

• theme 1: ensuring consumers continue to be protected as part of the Central Bank’s integrated supervisory approach;
• theme 2: embedding an approach for measuring and demonstrating the effectiveness of the financial consumer protection supervisory functions of the Central Bank. Under this theme, it is also recommended that the effectiveness of “Dear CEO” letter, as a supervisory tool, should be assessed and reviewed.
• theme 3: engaging with consumers and consumer groups. The Review notes that interviews with the Central Bank and stakeholders carried out as part of the Review, suggested that it may be challenging for the Central Bank to obtain the consumer perspective on the broad range of financial consumer protection matters within its remit. Accordingly, it is recommended that  the Central Bank should continue to innovate in how it engages with consumers.
• theme 4: informing and educating financial consumers and continuing to do so as part of Ireland’s National Strategy for Financial Literacy, and in line with the Central Bank’s mandate.
• theme 5: protecting consumers experiencing vulnerability. The Review notes that, given the new requirements proposed as part of the review of the CPC, the Central Bank should continue to develop its financial consumer protection supervisory functions to ensure enhanced protection of consumers in vulnerable circumstances.
• theme 6: using data in financial consumer protection supervision. The Review recommends that, as financial markets continue to evolve and grow in complexity, the Central Bank should continue to adapt its data policies and practices.

Welcoming the publication of the Review, Deputy Governor, Consumer & Investor Protection, Derville Rowland said:

 “The OECD’s assessment that the Central Bank is operating in line with the G20/OECD Principles is very positive. The recommendations from the OECD will support the modernisation of our regulatory and supervisory approach.  In particular, we welcome that many of the OECD’s recommendations start from the consumer’s perspective, providing important insights as we work to ensure that this perspective is embedded in our integrated approach to supervision. This includes insights on the way in which we provide information to consumers; our work to protect consumers in vulnerable circumstances; and ultimately how we measure our effectiveness in terms of consumer outcomes.”

Next Steps

Deputy Governor Rowland stated that the Central Bank has developed a comprehensive implementation plan to address and embed the recommendations of the Review, in line with the OECD’s expectations. 

In the second week of December 2024, the Central Bank of Ireland (“Central Bank”) issued Notification Guidance for re(insurance) undertakings when outsourcing critical or important functions or activities under Solvency II (“Guidance”).

The main purpose of the Guidance is to assist (re)insurance undertakings as regards compliance with their obligations under the European Union (Insurance and Reinsurance) Regulations, 2015 (“Regulations”) which provide that an undertaking must notify the Central Bank, in a timely manner, before outsourcing critical or important functions or activities and regarding subsequent material developments with respect to those functions or activities. The Central Bank advises that the Guidance is to be read in conjunction with the Solvency II requirements.

The Guidance outlines:

• the Central Bank’s expectations with regards to the content, form and timing of the notifications; and
• the due diligence that the Central Bank expects (re)insurance undertakings to carry out prior to the outsourcing of critical or important functions or activities.

Timing, form and content

The Central Bank expects formal written notification to be provided, by way of letter / email addressed to the relevant supervisory team, before any relevant outsourcing arrangement and at least six weeks before the outsourcing is due to come into effect.  The letter / email is to be signed by the CEO or captive manager. The outsourcing notification must contain the information set out in appendix 1 of the Guidance.

Acceptance and feedback

The notification can be considered to be accepted if no concerns are raised by the Central Bank and brought to the attention of the undertaking in advance of the date that the outsourcing arrangement is due to commence. In the event that issues are raised, the Central Bank expects that these will be addressed prior to the commencement of the relevant outsourcing arrangement.

Subsequent material developments

Any subsequent material developments are required to be notified to the Central Bank. This includes any circumstances that may give the Central Bank reasons to reassess the undertaking’s compliance with Solvency II requirements or adversely affect the undertaking’s ability to deliver its services to policyholders, for example:

• a new service provider or major problems with the performance of the existing service provider;
• any sub-outsourcings.

Actions to be taken prior to outsourcing

The Guidance sets out a number of actions that the Central Bank expects undertakings to take before the outsourcing of any critical functions and includes:

• the carrying out of detailed due diligence to ensure that the service provider has the necessary ability to carry out the outsourcing function or activity; and
• consideration of the impact of the proposed outsourcing arrangement on the operations of the undertaking.

The Central Bank expects all relevant undertakings to have documentation in place showing that the forgoing matters have been attended to and the documentation is to be available to the Central Bank upon request. 

On 13 December 2024, the European Banking Authority (“EBA”) published its report (“Report”) on national competent authorities’ (“NCAs”) approaches to the anti – money laundering (“AML”) and counter – terrorist financing (“CFT”) supervision of banks.

The Report sets out the findings from the fourth round of ongoing EBA reviews of NCAs’ approaches to AML / CFT supervision of banks in member states. The Report also takes account of the actions taken by NCAs assessed in the third round to address the review team’s findings. With the conclusion of this round of reviews, the EBA has now assessed all 40 NCAs.

The review team found that all NCAs in this round had taken important steps to implement a risk - based approach to AML / CFT and, since the first round of reviews in 2018, the review team has seen significant developments in the NCAs’ approaches to supervision, such as:

• an enhanced focus on, and investment in, NCAs’ risk assessment methodologies and tools;
• a marked increase in cooperation, for example in the AML / CFT colleges context; and
• most NCAs had restructured their AML / CFT supervisory organisation by creating a stand-alone AML / CFT unit and increasing resources allocated to AML / CFT supervision.

However, the Report also highlighted a number areas of weakness, such as:

• weaknesses in the entity - level or sectoral risk assessment methodologies;
• AML / CFT supervision lacking a strategic approach; and
• enforcement processes that were not fully effective or deterrent.

The Report states that updates from the third round of reviews shows that all NCAs have taken action in respect of the EBA’s findings. Overall, it was reported that, while the EBA still identified shortcomings in the fourth round of reviews, the progress made since the first round suggests that the effectiveness of AML / CFT supervision will improve further and will facilitate the effective implementation of the new AML /CFT package.

Next Steps

The EBA will carry out a follow up exercise in 2025, taking stock of the actions taken by the assessed NCAs to address the EBA’s recommendations since the first round of reviews. The EBA will then share its findings with the anti-money laundering authority (“AMLA”). 

1. Commission writes to ESMA and EBA on the interplay between MiCA and PSD2

On 6 December 2024, the European Commission (“Commission”) wrote to the European Securities and Markets Authority (“ESMA”) and the European Banking Authority (“EBA”) asking both institutions to consider the overlap between crypto asset services provided by crypto – asset service providers (“CASPs”) under the regulation on markets in crypto – assets  (“MiCA”) and  payment services regulated under the directive on payment services (“PSD2”), notably in the case of certain services relating to e-money tokens (“EMTs”) (“Letter”).

EMTs have a dual nature as they are both crypto - assets regulated under MiCA, and electronic money / funds within the meaning of PSD2. Accordingly, where CASPs provide payment services with EMTs, they need to either hold an authorisation as a payment service provider (“PSP”), or partner with a PSP having an authorisation to provide the respective payment services. The Letter also details other matters resulting from the interplay between MiCA and PSD2.  In addition to this, the Letter notes that there are diverging interpretations amongst member states about the interplay between MiCA and PSD2, which may result in significant issues of regulatory arbitrage, as well as consumer protection issues.

The Letter states that the interplay is currently the subject of the ongoing revision of PSD2 with the European Parliament already having proposed some changes to the PSD3 / PSR proposals addressing the matter and the European Council currently considering these amendments. However, even if PSD3 / PSR did end up addressing the matters relating to EMTs, the date of application would still be some years away. Therefore, the Letter stresses that an arrangement will have to be found to cover the intervening period.

The Commission have requested that the EBA and ESMA explore the option of issuing an opinion under Article 9c of Regulation (EU) No 1093/2010 with regard to the enforcement of the requirements on authorisation in PSD2 as regards services with EMTs provided by CASPs that may be inadvertently covered by PSD2 (“No action letter”),

Next Steps

On 10 December 2024, the EBA responded to the Commission stating that it agreed with the concerns raised by the Commission and that it would, in conjunction with ESMA, consider the best way forward, hopefully having a response by April 2025.

2. The EBA assesses potential benefits and challenges of tokenised deposits

On 12 December 2024, the EBA published a report (“Report”) to facilitate awareness of tokenised deposits, as well as assess their potential benefits and challenges. The Report also aims to promote convergence in the classification of tokenised deposits in contrast with EMTs issued by credit institutions under MiCA.

Next Steps

The EBA stated that it will continue to monitor market developments and promote discussion on the potential benefits and challenges of tokenised deposits, as well as on issues relating to regulatory classification as compared to EMTs, which are in scope of MiCA.

3. Commission adopts delegated regulation on adjustment of own funds requirement and stress testing programmes under MiCA

On 13 December 2024, the European Commission (“Commission”) adopted a delegated regulation (“Regulation”) setting out regulatory technical standards (“RTS”) specifying adjustment of own funds requirement and minimum features of stress testing programmes of issuers of asset - referenced tokens (“ARTs”) or of e-money tokens (“EMTs”).

Next Steps

The European Council and the European Parliament will now consider the Regulation and if neither has any objections, the Regulation will be published in the Official Journal of the European Union and enter into force 20 days after publication.

4. Commission adopts six delegated regulations under MiCA

On 16 December 2024, the Commission adopted three delegated regulations under MiCA  as follows:

1. Delegated Regulation  with regard to regulatory technical standards (“RTS”) specifying the data necessary for the classification of crypto - asset white papers and the practical arrangements to ensure that such data is machine – readable;
2. Delegated Regulation with regard to RTS specifying the minimum content of the governance arrangements on the remuneration policy of issuers of significant asset-referenced or e-money tokens; and
3. Delegated Regulation with regard to RTS specifying the procedure and timeframe for an issuer of asset-referenced tokens or of e-money tokens to adjust the amount of its own funds.

On 17 December 2024, the Commission adopted a Delegated Regulation as regards RTS specifying the content, methodologies and presentation of information in respect of sustainability indicators concerning the adverse impacts on the climate and other environment‐related adverse impacts under MiCA.

On 18 December 2024, the Commission adopted two further delegated regulations under MiCA as follows:

1. Delegated Regulation with regard to RTS specifying the detailed content of the information necessary to carry out the assessment of a proposed acquisition of a qualifying holding in an issuer of an ART; and
2. Delegated Regulation with regard to RTS specifying the detailed content of information necessary to carry out the assessment of a proposed acquisition of a qualifying holding in a CASP.

Next Steps

The Delegated Regulations will now be published in the Official Journal of the European Union and will enter into force 20 days after such publication.

5. ESMA publishes final reports on third set of RTS guidelines under MiCA

On 17 December 2024, the ESMA published its third, and last, set of final reports containing draft RTA and final guidelines under MiCA as follows:

• Final Report with draft RTS specifying certain requirements in relation to the detection and prevention of market abuse under MiCA.
• Final Report on the guidelines (“Guidelines”) on reverse solicitation under MiCA. ESMA has previously stated that the provision of crypto - asset services or activities by a third - country firm is strictly limited under MiCA to cases where such service is initiated at the own exclusive initiative of a client (the so called “reverse solicitation” exemption). ESMA had further stated that this exemption should be understood as very narrowly framed and must be regarded as the exception and it cannot be exploited to circumvent MiCA. ESMA has adhered to this in the Guidelines and the Guidelines set out the limited circumstances where the exception may apply.
• Final Report on the guidelines (“Guidelines”) on the conditions and criteria for the qualification of crypto - assets as financial instruments.
  Given the different approaches to the national transposition of MiFID across Member States, there is no commonly adopted application of the definition of ‘financial instrument’ under MiFID in the EU. It has been noted that this may lead to practical consequences regarding the classification of crypto-assets as financial instruments under MiCA. Accordingly, the Guidelines provide guidance on the qualification of crypto - assets as financial instruments that national competent authorities and financial market participant should consider.
• Final Report on the guidelines (“Guidelines”)  specifying EU standards on the maintenance of systems and security access protocols for offerors and persons seeking admission to trading of crypto - assets other than asset referenced tokens (“ARTs”) and EMTs.
  ESMA consulted on a draft of the Guidelines in March 2024. This final report includes a summary of the feedback received and ESMA's response to the feedback. Further, the final report explains how ESMA incorporated stakeholder feedback to prepare a final version of the Guidelines.
• Final Report on guidelines (“Guidelines”)  specifying certain requirements of MiCA on investor protection – third package. The Guidelines address:
  • guidelines on suitability specifying how CASPs, providing advice on crypto - assets or portfolio management of crypto – assets, have to give suitable recommendations to their clients or make suitable investment decisions on their behalf; and
  • guidelines on crypto - asset transfer services specifying the procedures and policies that CASPs should have in place in the context of crypto - asset transfer services.

Next Steps

The draft RTS  has been submitted to the Commission for adoption. The Commission will decide whether to adopt the technical standard within three months.

All of the guidelines, above, will be translated into the official EU languages and published on the ESMA website. Once published, competent authorities  have two months to notify ESMA whether they comply or intend to comply with the guidelines. All of the guidelines will apply from the date three months after publication of the translations.

1. ESMA publishes various final reports and RTS under MiFIR and MiFID

On 16 December 2024, the European Securities and Markets Authority (“ESMA”) published a number of final reports and regulatory technical standards (“RTS”). Below is a high – level summary of each:

Final Report (“Report”) and regulatory technical standards (“RTS”) on proposals for the amendment of the level 2 provisions specifying the transparency requirements for bonds, structured finance products and emission allowances, and the RTS on reasonable commercial basis (“RCB”).

The Report covers two different sections each covering one draft technical standard:

1. the amendment of RTS 2 in relation to non - equity transparency; and
2. the draft RTS on RCB.

ESMA has stated that it is continuing to work on the review of RTS 23 on supply of reference data and will publish its final report separately at a later stage next year.

Final Report (“Report”) on proposals for the amendment of the level 2 provisions specifying the requirements on equity transparency, covering technical advice to the European Commission (“Commission”) and amendments to the RTS on equity transparency.

Some of the proposals on equity transparency include:

• changes to the definition of a liquid market for equity instruments in form of technical advice;
• the post-trade transparency reports, including flags for equity instruments; and
• the specification of information to be disclosed for pre - trade transparency purposes, which is also of relevance for the equity consolidated tape.

Final Report (“Report”) on proposed amendments to certain technical standards for commodity derivatives under Directive (EU) 2024/790 amending the MiFID II Directive.

Section 3 of the Report summarises the feedback received as a result of a May 2024 consultation and sets out ESMA's response. The detailed feedback is in Annex I. As a result of the consultation, ESMA has made the following changes:

• extending the general monitoring obligations as well as the requirements to set, review and report accountability levels to trading venues trading derivatives on emission allowances;
• the exclusion of spot emission allowances from position reporting; and
• the inclusion of a new obligation to publish a second weekly position report excluding options in certain circumstances.

Final Report (“Report”) and RTS as regards consolidated tape providers (“CTPs”) and other data reporting services providers (“DRSPs”) under MiFIR II.

Next Steps

ESMA submitted all of the forgoing final reports to the European Commission (“Commission”) on 16 December 2024. The Commission has three months to decide whether or not to endorse the proposed amendments to the various RTS.

2. ESMA launches consultation on technical advice on listing act amendments to MAR and MiFID II

On 12 December 2024, ESMA published a consultation paper (“Consultation”) on draft technical advice on the implications of the Listing Act on the Market Abuse Regulation (“MAR”) and the MiFID II directive.

On 6 June 2024, in the context of the Listing Act, ESMA received a request for technical advice from the Commission on a number of points in relation to MAR. In relation to MiFID II the request for technical advice related to the delegated acts that the Commission should adopt regarding the requirements necessary for a multilateral trading facilities (“MTF”), or a segment thereof, to be registered as a small and medium enterprises (“SME”) growth market.

ESMA is seeking feedback on all matters in the Consultation, particularly the specific questions that are set out in annex I of the Consultation. 

Next Steps

The Consultation is open until 13 February 2025. ESMA has stated that it will consider all feedback received in relation to the Consultation when finalising its technical advice to the Commission. A final report containing a summary of responses to the  Consultation and the final version of ESMA's technical advice will be delivered to the Commission and published by ESMA in Q2 2025.