1. Central Bank of Ireland fines entity for breaches of its obligations under Market Abuse Regulations
On 28 February 2024, the Central Bank of Ireland ("Central Bank") fined an investment firm ("Firm") €1,225,000 pursuant to the Market Abuse Regulations ("MAR") for a breach of its obligations under Article 16(2) of MAR which requires firms that professionally arrange transactions to "establish and maintain effective arrangements, systems and procedures1 to detect and report suspicious orders and transactions". The breaches were identified by the Central Bank during the course of its supervisory MAR Thematic Review in 2020.
The Central Bank investigation found that the Firm failed to put into place an effective trade surveillance framework to monitor, detect and report suspicious orders and transactions regarding market abuse between July 2016 to January 2022. The Firm admitted to the breach, reducing the €1,750,000 fine by 30%.
The failures by the Firm provide a useful reminder of regulated firms' obligations under MAR, including:
- Risk identification - firms are expected to identify critical market abuse risks to which they are potentially exposed as a result of their business model and activities. The identifying of such risks must be formalised or written down.
- Risk monitoring - firms are expected to calibrate the alert parameters and thresholds appropriately within its automated trade surveillance system in order to detect potential instances of market abuse. Where decisions to amend parameters for insider dealing alerts are taken, they must be substantiated by rationale or quantitative metrics in relation to the design or operational effectiveness of the alerts.
- Governance arrangements - firms are expected to have a "four-eye" approval process in place in relation to parameter changes on their automated trade surveillance system. This process involves any change to be subject to approval by at least two people as a control mechanism. Firms must also document a governance structure in respect of both the automated and manual monitoring of market abuse behaviour.
- Third Line of defence – the three lines of defence model is an important component in ensuring an organisation establishes and maintains effective arrangements, systems and procedures for the detection and reporting of suspicious orders and transactions.
Commenting on the enforcement action, the Central Bank's Director of Enforcement and Anti-Money Laundering, Seána Cunningham stated that "effective trade surveillance facilitates the submission of high quality Suspicious Transaction Order Reports (STORs) by firms to the Central Bank, which assist in the detection and combatting of market abuse". She reminded firms that this obligation is further detailed in the Regulatory Technical Standards, which were developed by the European Securities and Markets Authority and that the Central Bank has repeatedly highlighted the importance of compliance with MAR since it came into force, through supervisory engagements, Dear CEO letters and Securities Markets Risk Outlook Reports. Finally, she reinforced the Central Bank's expectation of board and senior management to take "full ownership of the governance of market conduct risk".
2. Central Bank of Ireland publishes its new Regulatory and Supervisory Outlook for 2024/25
On 29 February 2024, the Central Bank of Ireland ("Central Bank") published its Regulatory and Supervisory Outlook for 2024 ("Outlook"). The Central Bank explains that it plans to publish this Outlook annually and will set out the key risks and trends that the financial sector is experiencing, alongside the regulatory and supervisory priorities it will set in response to them. It should be noted that the Central Bank also published the letter that it sent to the Minister for Finance regarding its financial regulation priorities.
The Outlook firstly considers the risk environment and details the Central Bank's assessment of those risks and then details its priorities in the context of that risk assessment. It also includes a "spotlight" look at three areas including AI, Consumer Risk and Financial Crime.
Looking specifically at the supervisory priorities, the Outlook details 6 cross sectoral supervisory priorities and what it expects firms to do in response to these priorities. The priorities focus on:
- managing risk;
- being consumer-centric;
- resiliency;
- managing change;
- addressing climate change risk; and
- responding to operating framework deficiencies.
The Central Bank states that it will particularly be focused on the revision of the Consumer Protection Code, continuing to progress work both internationally and domestically to address systemic risks from the non-bank sector, ongoing implementation of the Individual Accountability Framework and preparation for the implementation of Markets in Crypto Assets Regulation and the Digital Operational Resilience Act.
With regards to the specific sectors, the Central Bank considers each regulated sector in turn detailing the risks relevant to the sector and then outlines its key supervisory activities on the back of those risks. Much of what is detailed is as had been expected. It should be noted that these supervisory activities are for a two year period.
The following is an outline of some of the supervisory activities identified for Insurance, Intermediaries, Banking, Payment and E-Money, Retail Credit firms and MiFiD Investment Firms:
Insurance
- review of reserving assumptions in light of higher inflation and interest rate scenario;
- review of governance and underwriting in sectors or lines of business which are subject to significant growth or risk profile changes;
- focus on integration of climate change and sustainability considerations by (re)insurers, and an assessment of the materiality of their climate risk exposures set out in the Central Bank climate guidance;
- research the flood protection gap and how it may change over the medium to long term due to climate change;
- review the adequacy of governance arrangements where a branch in a third country is used to conduct regulated functions or activities;
- review the oversight of critical outsourcing relationships and the maturity of operational resilience frameworks;
- assess the impact of reinsurance market contraction on insurance business models;
- commence targeted reviews focusing on firms' consumer protection risk management frameworks, health insurance renewal process and customer service;
- continued involvement with EIOPA's work on value for money in unit linked investment products;
- deepen the understanding of innovation and digitalisation in the insurance sector; and
- ongoing risk based supervision on underwriting and reserving practices, operational resilience, sustained improvement in culture and a holistic approach to risk management.
Intermediaries
- thematic inspection of professional standards in the Retail Intermediary sector with communication of findings to individual firms and the sector;
- enhanced, targeted supervision of larger Retail Intermediaries to assess whether their governance and operational risk management arrangements are commensurate with the nature, scale and complexity of their operations; and
- ongoing policy work and development of the regulatory framework through the Retail Investment Strategy and review of the Consumer Protection Code.
Banking
- assessment of asset and liability risk management frameworks;
- assessment of credit risk management, with an emphasis on proactivity for vulnerable portfolios,
- assessment of the resilience of firms’ current IT infrastructure, including cyber security that is subject to protection, detection, response and recovery plans. This will include the SSM Cyber Resilience Thematic Review and assessment of IT Risk Questionnaires;
- continued engagement with the retail banks to ensure they conduct robust consumer impact assessments of key decisions that affect their customers;
- a thematic review of how firms are engaging with borrowers in, or facing, early arrears, building on the Central Bank’s supervisory expectations of firms as set out in its November 2022 Dear CEO letter and April 2023 publication;
- conducting direct consumer research to assess and compare borrowers’ experiences of dealing with lenders, with a focus on trust;
- a focus on firms’ ability and capacity to manage the risks associated with new entrants, the evolving financial ecosystem and the implementation of digitalisation strategies;
- assessment of firms’ implementation of environmental, social and governance (ESG) supervisory expectations and remediation actions, and their progress towards enhancing ESG disclosures; and
- ongoing risk based supervision.
Payment and E-Money
- assessment of remediation actions being taken by firms to address deficiencies identified in safeguarding audits conducted in 2023;
- assessment of firms’ risk and control frameworks to ensure they are operating effectively and are prepared for unforeseen operational disruptions;
- enhanced engagement with firms who are in breach of regulatory requirements, where deficiencies are identified in their governance, risk management and control frameworks, or other key risk areas;
- ongoing enhancements to regulatory returns to ensure the Central Bank’s supervisory approach remains risk based and data driven;
- incorporating and supporting the development of incoming regulations and initiatives, related to the payment and electronic money sector; and
- ongoing risk based supervision and engagement to include the assessment of remediation actions to ensure firms holistically address the root cause of issues, being clear about the firms ownership of activity required to address underlying risk management deficiencies in a proactive manner.
Retail Credit Firms
- thematic review of how firms are engaging with borrowers in, or facing, early arrears, building in the Central Bank’s supervisory expectations of firms as set out in the its November 2022 Dear CEO letter and April 2023 publication relating to rising interest rates;
- engaging with firms in relation to operational capacity, seeking to ensure that they have the necessary processes and controls in place to engage comprehensively with borrowers and that they have the capacity to manage existing and/or service new loan books;
- continued focus on challenging firms to resolve distressed debt;
- robust authorisation process for new/transitional RCFs;
- implementation of the EU Credit Servicing Directive;
- conduct consumer research to compare borrowers’ experiences of dealing with RCFs and CSFs (alongside retail banks) with a focus on trust; and
- ongoing sectoral risk based supervision and engagement with firms to include supervision of loan transfers, enhancing data collection and data usage for the sector.
MiFiD Investment Firms
- program of planned and trigger based supervisory engagements across prudential, retail and wholesale conduct and safeguarding client asset requirements;
- intervening where required to address issues that could give rise to investor harm, or could undermine the safety and soundness of firms or market integrity;
- risk assessment on compliance and risk resourcing and effectiveness with specific consideration given to reliance on external and intra-group outsourcing;
- risk assessment focusing on IT and operational risk frameworks with specific consideration given to data management and cybersecurity control; and
- complete the ESMA Common Supervisory Action ("CSA") conducted to assess firms’ application of the MiFID II Marketing & Advertising Requirements and commence the ESMA CSA on the integration of sustainability requirements in firms’ suitability assessment and product governance processes and procedures.
3. Central Bank of Ireland Checklist for Completing and Submitting a Change of Business Notification
On 29 February 2024, the Central Bank of Ireland ("Central Bank") published its Checklist for Completing and Submitting a Change of Business Notification. It noted that prior to submitting the checklist, the firm should first contact the Supervision Team to discuss the proposed change of business. The Supervision team will then advise on whether formal notification is required.
The following should be noted regarding the notification:
- All sections must be completed, and where separate documentation is required, documents must be clearly marked and referenced to the relevant section number;
- A ‘√ ’ will be accepted as confirmation within the checklist, and "N/A" should be used where a section is not applicable;
- Where required documentation/confirmation/information is not provided, this should be referred to in a covering letter or email and the proposed submission date specified;
- Documents should be submitted in English or Irish; and
- Providing comprehensive submissions will minimise follow up queries.
Appendix 1 also outlines the relevant quantitative reporting templates.
4. Fourth Insurance Reform Implementation Report published
On 29 February 2024, the Government published the fourth implementation report of the Action Plan for Insurance Reform ("Report").
The Action Plan for Insurance Reform, published in December 2020, sets out 66 actions across Government to make "Ireland’s insurance sector more competitive and consumer-friendly, supporting enterprise and job creation".
The Report shows that 95 per cent, or 63 of the 66 actions, are now considered completed.
In its press release launching the Report, the Government states that the "success of the Action Plan for Insurance Reform has prompted new entrants to the Irish insurance market and helped encourage existing firms to diversify into various sectors as diverse as sports clubs to renewable energy. This has in turn significantly reduced 'pinch-points' in previously underserved areas, connecting businesses with insurance solutions and promoting consistent health and safety standards".
Other observations from the Report on reforms achieved in 2023 and to date include:
- pace and scale of the reforms has created a positive dynamic which encourages market sentiment and drives increased market capacity. Reforms to the insurance environment have helped shelter Ireland from international pressure of a “hardening” market and to highlight the positive impact of the reforms to industry/sectoral groups;
- changes to the Duty of Care - amendments to the Occupiers’ Liability Act 1995 will deliver major benefits to businesses, sporting groups and community and voluntary organisations in particular; and
- reform of the Injuries Resolution Board (formerly the Personal Injuries Assessment Board; PIAB) is now complete. The third and final phase of the Personal Injuries Resolution Board Act 2022 took effect on 14 December 2023.
Next Steps:
The Report outlines the remaining elements of the Action Plan, they include:
- Ascertain and set out the measures necessary to implement Pre-Action Protocols for personal injury cases. A legal issue in relation to the making of pre-action protocols for clinical negligence cases was resolved by way of legislative amendment in the Courts and Civil Law (Miscellaneous Provisions) Bill. Drafting of the required regulations has begun. Drafting is underway of a General Scheme of a Civil Reform Bill, which will implement a number of recommendations made by the Civil Justice Review (Kelly Report), including in regard to the creation of pre-action protocols. It is anticipated that this will be submitted to Government in early 2024.
- Monitor developments in relation to updating relevant civil justice legislation and procedures and examine any potential impacts they may have on the insurance reform agenda. The Department of Justice continues to engage with other departments and stakeholders regarding the insurance reform agenda, with a view to identifying and assessing issues relating to it.
In the Joint Foreword to the Report by An Tánaiste, Micheál Martin TD and Minister for Finance, Michael McGrath TD, the concluding message was that "the priority now must be building on this momentum, in order to ensure the maximum benefits of the Government’s reform agenda are delivered for all. In this way, we can ensure that our insurance market supports a sustainable and fully-functioning economy, as well as wider society".
Insurance Ireland welcomed the publication of the fourth implementation report of the Action plan for Insurance Reform. Moyagh Murdock, CEO of Insurance Ireland commented that "Insurance Ireland and its members have consistently supported insurance reform and collaborated with the Government on its Action Plan" and pledged Insurance Ireland's continual support of the Cabinet Sub-Committee's Working Group in 2024.
5. Central Bank of Ireland Payments Updates
Central Bank of Ireland Director McMunn on the supervisory priorities for Payments and Electronic Money Institutions.
On February 29, 2024, Mary-Elizabeth McMunn, Director of Banking, Payments, and Credit Union Supervision at the Central Bank of Ireland ("Central Bank"), delivered a speech at the Payments and Electronic Money Institutions ("PEM") event hosted by the Central Bank.
Ms. McMunn began by referencing Governor Makhlouf's January letter to the Minister of Finance outlining the Central Bank's regulatory priorities for 2024 and the newly published Regulatory & Supervisory Outlook report. She affirmed the Central Bank's goal of ensuring a stable, resilient, and trustworthy financial sector in the interest of consumers and the economy.
Highlighting the growing importance of the PEM sector in Ireland and Europe, Ms. McMunn noted a significant increase in the number of regulated PEM firms and safeguarded funds. She emphasized the need for regulatory adaptation to technological innovation and welcomed the Department of Finance's National Payments Strategy.
Ms. McMunn reiterated the four priorities for the PEM sector for the coming year, as outlined in the Outlook Report. Ms McMunn reiterated that the key messages to the PEM sector have remained unchanged over recent years, emphasising the ongoing importance of safeguarding and wind-down planning to protect consumers' funds and maintain public trust. In this regard, Ms McMunn acknowledged a higher level of misunderstanding amongst the PEM sector in comparison to the wider industry and highlighted the significance of the Central Bank's clear and unambiguous communication through various publications and direct engagement with firms. Ms McMunn emphasised the importance of firms engaging with their respective supervisors and maintaining an honest and open dialogue, both at the time of application for authorisation and during its subsequent supervision
Ms McMunn then turned her attention to the five key areas of focus for PEM firms to align with the Central Bank's supervisory objectives; substantive presence, governance and risk management, operational resilience, entry and exit planning, and diversity and culture.
In concluding her speech, Ms. McMunn emphasised the growing significance of the PEM sector while urging firms to prioritise customer fund security and effective business management. She highlighted deficiencies revealed in a recent safeguarding audit and stressed the importance of addressing these issues for sustainable growth.
For more details on the National Payment Strategy, please see the FIG Top 5 at 5 dated 14 December 2023.
BPFI National Payments Conference
On March 4, 2024, the second National Payments Conference hosted by the Banking and Payments Federation Ireland was held ("Conference").
European Commissioner for Financial Stability, Financial Services and the Capital Markets Union, Mairead McGuiness, gave a keynote speech at the Conference. Ms McGuiness discussed a number of topics including:
- Fraud adaptation: The Commissioner discussed the need for transaction monitoring and risk analysis as well as the need for organisations to conduct IBAN name verification;
- The Digital Euro was presented as a payment option that co-exists alongside cash and widens consumers choices of payment methods. The benefits of the digital euro were highlighted as: access to offline payments, transactions are as private as paying in cash and the implementation of a pan-European payment scheme;
- On the Access to Cash Bill, Ms McGuinness explained that the acceptance of cash is as important as the access to cash; and
- The need for stability in the European market to account for the series of new regulations that will be implemented. Looking forward, regulators will focus on the implementation of new regulations and ironing out any issues that arise.
Also speaking at the Conference was Vasileios Madouros, Deputy Governor, Central Bank of Ireland ("Central Bank"). The Deputy Governor spoke to the "remarkable change and innovation in domestic payments" and Ireland's role as host to a growing and innovative payments sector. However, he also explained that there is still a way to go to ensure consumers are supported through the payments journey. To this end he welcomed the development of the National Payments Strategy by the Department of Finance stating that it provides a platform to address this issue. He then took the opportunity to outline the details of the Central Bank's response to the public consultation on the Department of Finance’s National Payments Strategy.
For further details on the Central Bank's response to the consultation on the National Payments Strategy, please see below.
Central Bank of Ireland's response to the consultation on the National Payments Strategy
On 4 March 2024, the Central Bank of Ireland ("Central Bank") published its response to the Department of Finance's public consultation concerning the National Payments Strategy ("NPS"). In the response, the Central Bank provides industry context for the position it takes as well as setting out what it believes to be the key priorities in the context of the development of the NPS.
Industry Context
The Central Bank’s ultimate vision for the payments ecosystem in Ireland is in alignment with the core pillars outlined in the NPS consultation. The Central Bank maintains that due to the complex nature of the payments ecosystem and its participants, many of the key enablers for achieving that vision require a system-wide approach. Coordinated efforts on the part of industry, the Central Bank and government are required to build a solid foundation for the future. This is why it states, that "many of the Central Bank’s recommended initiatives involve establishing national fora for effective coordination". Added to this, the Central Bank acknowledges the need to be conscious of parallel initiatives, both domestic and European, as well as key Central Bank consultations and plans including in relation to the Consumer Protection Code and the development of its innovation work.
It should also be noted that the Central Bank took the opportunity to highlight that "any new, relevant costs of financial regulation, stemming from the NPS, would be part of the annual Industry Funding Levy to be paid by regulated entities".
Priorities
The Central Bank considered each of the core pillars of the NPS and developed four overarching High Level Priorities, as proposed focus areas through to the end 2030. They are as follows:
Priority 1: Coordinated Action to Realise the Benefits of Innovation and Integration in a European Context
Material payment account operators shall ensure that Irish consumers and small businesses benefit from payment innovations that exist elsewhere in Europe. Emerging payment systems, schemes, standards, and arrangements shall be integrated with Europe and interoperable with other key markets. National public authorities and industry associations should engage in coordinated efforts to align digitalisation strategies and initiatives, including consideration for people in vulnerable circumstances.
Priority 2: Safeguarding Cash as a Means of Payment
Cash should be widely available and accepted as a means of payment, and this choice should be safeguarded for consumers and businesses.
Priority 3: Maintaining Security and Resilience in Payments
Issuers, operators, participants, and enabling network providers engage collectively to ensure the security and resilience of the payments ecosystem, including addressing emerging payment fraud risks and coordinating system-wide contingency efforts. PSPs shall accept and adopt consumer-controlled digital identity solution(s) as a means of combatting fraud (including, but not necessarily limited to, the EU Digital Identity Wallets mandated by European legislation). National Competent Authorities shall keep pace with technological change by – inter alia – continuously assessing the suitability of existing regulatory and legislative frameworks, and amending where necessary.
Principle 4: Enhancing Research and Analytical Insights
National public authorities, industry associations, and research institutes shall enhance capacity for informed policy and decision-making on payments issues through research and analytical insights.
The response sets out recommendations in order to meet the priorities detailed. These are include such things as:
- centralised collection of data on key open banking indicators;
- establishment of a National Working Group dedicated to exploration of A2A;
- availability of one or more effective A2A solutions for transactions at the point-of-interaction
- market leaders to integrate with at least one ‘value-add’ Pan-European A2A payment solution
- National Coordinator for digitalisation and new technologies;
- development of balanced cash access methodology;
- establishment of a National Payments Fraud Taskforce;
- adoption of consumer-controlled digital identity solutions to combat fraud:
- granting powers to liquidate non-bank providers;
- establishment of a national working group on system-wide contingencies;
- collaborative research on comparative efficiency of different retail payment methods;
- comparative summary analytics under Payment Statistics Regulation;
- consumer payment preferences and behavioural study; and
- establish a recurring consumer payment preferences and behavioural survey.