FIG Top 5 at 5 - 09/01/2025

1. Central Bank publishes its MiCA authorisation and supervision expectations

In the last week of December 2024, the Central Bank of Ireland (“Central Bank”) published its MiCA Authorisation and Supervision Expectations (“Guidance”). This Guidance follows the November 2024 publication by the Central Bank of its key facts document under MiCA for crypto asset service providers (“CASPS”).  For more information please see FIG Top 5 at 5 dated 28 November 2024.

The Central Bank has stated that the Guidance should be read in conjunction with the Central Bank’s 2024 Guidance on expectations for applicant firms seeking authorisation from the Central Bank to operate as a regulated firm (“Cross Sectoral Guidance”).

The Guidance applies to:

• issuers of asset referenced tokens (“ARTs”);
• issuers of electronic money tokens (“EMTs”); and
• applicant firms seeking authorisation as a CASP.

The Central Bank refers to its agreed MiCA risk appetite and states that it guides the approach of the Central Bank when authorising and supervising issuers and CASPs under MiCA.

The Guidance sets out a number of perspectives that the Central Bank’s assessments of MiCA authorisation applications will be guided by and includes the following:

• the use case and utility;
• suitability; and
• the risks associated with a crypto product or service.

Highlighted as being of fundamental importance are the following:

• whether the crypto product that is issued or offered is backed by a reserve of assets or otherwise structured to reliably meet expectations;
• regarding services, the target customer and investor base, and whether it is retail focused or aimed at institutional clients; and
• where higher inherent conduct and investor protection risks in the products offered to customers and investors are considered by the Central Bank to be present, it will have higher expectations of a firm’s ability to manage such risks.

In addition to referring to and summarising the Cross Sectoral Guidance, the Guidance specifically sets out the Central Bank’s MiCA expectations.  On a general note, the Guidance states that the Central Bank encourages early engagement on the part of potential applicant firms, with engagement with the Central Bank’s innovation hub advised. Some further general matters noted in the Guidance are as follows:

• applicant firms, particularly those proposing significant levels of passporting or outsourcing, should detail the rationale for seeking authorisation in Ireland;
• applicant firms must consider whether the proposed business model requires more than one type of licence, and take the appropriate steps to seek the required authorisations; and
• applicant firms should ensure that all submissions are of an appropriate standard, and have obtained all necessary internal / group approvals prior to submission.

The Guidance goes on to address the MiCA authorisation and supervision expectations of the Central Bank under a number of areas as follows:

• governance and accountability - firms must demonstrate substance and autonomy in Ireland and be led by a local crypto - competent executive and board with a strong understanding of the local regulatory environment. Firms are required to maintain robust governance and risk management arrangements;
• protection of client assets - the local firm is required to have full control of all client assets with robust segregation and prompt access to the reserve assets to meet redemption demands;
• business model and financial resilience – all firms are required to maintain a board approved business strategy which demonstrates the viability and sustainability of the business model and which fully reflects the vulnerabilities stemming from the product being offered;
• operational resilience – firms are obligated to ensure continuity and regularity in the performance of their services including distributed ledger technology and blockchain;
• ownership - firms must ensure a full, transparent and corroborated view of the identity of direct and indirect shareholders as well as any party, which can exercise significant influence. Ownership and operating structures must be designed to achieve maximum transparency and clarity as to the ownership of the firm;
• conflicts of interest – firms are required to ensure that no risks are posed to customer interests through conflicts of interest and that a robust system is in place which can proactively identify and remedy any conflicts in a timely manner;
• crisis management - firms must maintain detailed plans appropriate to support an orderly wind - down of their activities and timely redemption of customer funds without causing undue economic harm to their customers;
• conduct and transparency – firms are required to demonstrate how customers’ interests are secured and how the suitability of their product offering is being proactively assessed in accordance with customers’ risk tolerance; and
• anti - money laundering (“AML’”) / countering the financing of terrorism (“CFT”) - applicant firms must demonstrate that strong risk management practices and internal controls are in place in order to identify, assess and manage risks, including money laundering and terrorist financing risks and financial sanctions risks. Applicant firms must ensure compliance with the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended) and all relevant financial sanctions legislation.

Each of the areas, set out above, have a further breakdown setting out all of the matters that the Central Bank requires applicant firms to attend to.

2. Central Bank Updates: Certification Guidance, F&P Unit and Insurance Newsletter

1. Central Bank issues December 2024 PCF Annual Confirmation and CF Certification Guidance

During the last week of December 2024, the Central Bank issued its PCF annual confirmation and CF certification guidance (“Guidance”).

The Guidance is to be used by Regulated Financial Service Providers and impacted holding companies as regards submitting annual PCF confirmation and CF certification through the Central Bank’s Portal.

The Guidance is divided into a number of sections as follows:

• purpose of the Guidance;
• user permissions;
• actions to be taken before any submission; and
• annual PCF confirmation and CF certification submissions.
  

2. Central Bank establishes dedicated Fitness and Probity Unit

On 19 December 2024, the Central Bank of Ireland (“Central Bank”) announced the establishment of a dedicated Fitness and Probity (“F&P”) Unit.

Governor George Makhlouf referenced the Enria report (“Report”), which was published in July 2024, and noted the key areas for improvement identified in the operation of the F&P regime. The Governor stated that the Central Bank accepted the findings of the Report and have used them as a basis for implementing reforms to enhance the regime’s overall effectiveness. He further stated that the Central Bank is committed to implementing the reforms as early as possible and before the end of 2024.

Governor Makhlouf stated:

“Today’s announcement of the establishment of our new dedicated Fitness and Probity Unit within the Bank is a key element of this programme of reform.

However, we recognise that this is only a first step towards delivering a fitness and probity gatekeeping process aligned with the spirit and approach of the report.  As such, work will continue in implementing and delivering a regime which supports supervisory judgement, while delivering robust, fair and transparent processes.

The new unit will be staffed from within our existing complement by experienced regulators from across the Bank."

3. Central Bank publishes its December 2024 Insurance Newsletter

On 19 December 2024, the Central Bank of Ireland (“Central Bank”) published its Insurance Newsletter  (“Newsletter”).

The Newsletter covers areas of relevance and interest to the insurance sector. Some of the matters covered in this edition include:

2025 supervisory priorities

Of particular interest in this edition of the Newsletter is the Central Bank’s identification of its 2025 supervisory priorities for the insurance sector. The Central Bank set out five broad themes as regards supervisory priorities as follows:

• financial resilience – the Newsletter states that firms can expect supervisory engagement to be centred on core elements of pricing and underwriting discipline, reserving and capital adequacy. The Central Bank sees these elements as fundamental to the resilience of individual (re)insurers, the entire sector and also as regards fair prices for consumers. Further, the Newsletter states that the Central Bank will pay specific attention to the way in which these elements are maintained through the insurance cycle.
  
  The Newsletter further states that supervision of capital adequacy will be focused on firms’ capital optimisation strategies, reasonableness of future management options as well as group recovery options.
  
  The Central Bank also intends to closely monitor the potential impacts, on the insurance sector and its consumers, of changes in the financial markets and the macro – economic environment. 
  
  
• culture, governance and risk management – the Newsletter states that the Central Bank will assess the adherence of firms to the Individual Accountability Framework (“IAF”). Such assessment will include consideration of the embeddedness of key elements of the IAF within governance frameworks, such as responsibility maps.
  
  The Central Bank will also be focused on consumer matters, through assessing firms’ overall behaviour and culture, the adequacy of product oversight and governance frameworks and adherence to the requirements of the Consumer Protection Code (“CPC”). The Newsletter states that , where considered appropriate, this may include matters such as how ‘value for money’ is being measured and addressed / disclosure of key information to consumers such as costs and benefits / the adequacy of the experience of customer facing staff.
  
• growth and complexity – the Newsletter sets out that the Central Bank will pay close attention to aspects of a firm’s business model and strategy where there has been considerable growth or complexity. In this regard, the Newsletter points to growth in speciality lines of business, such as cyber, marine and aviation risks, which may be subject to higher claims and reserve volatility.
  
  The Newsletter also states that the Central Bank will be paying particular attention to firms where business models give rose to a higher risk of day to day control from another jurisdiction.
  
  The Newsletter addresses digitalisation if the sector and states that the Central Bank will monitor the supervisory risks which may arise from increased use of technology by firms, with a particular focus on how artificial intelligence may be used in pricing and underwriting processes.
  
  
• cyber and operational resilience – in this regard, the Newsletter highlights that the Central Bank will focus on the manner in which firms are safeguarding the continuity of critical business services together with a focus on ensuring that the requirements of DORA are being properly implemented.
  
  
• sustainability -  the Newsletter emphasises the Central Bank’s existing focus on climate change risks and states that this will continue into 2025, with firms being encouraged to build on their understanding of climate change risks and take account of any implications on strategy and business model. The Central Bank will specifically focus on how such risks are being embedded into governance and risk management frameworks in accordance with the Guidance for (Re)Insurance Undertakings on Climate Change Risk.
  
  While acknowledging that it will take a proportionate approach, the Central Bank expects all firms to be able to demonstrate compliance with regulatory requirements, and the actions they are taking to meet the supervisory expectations of the Central Bank.

Transformation of regulation and supervision

While reiterating the forthcoming changes to regulation and supervision, the Newsletter announced the appointment of  Seána Cunningham as Director of Insurance and that she will take up her role in January 2025.

DORA

The Newsletter highlights the DORA industry briefing that took place on 6 November 2024.

The Newsletter also provides updates on the following topics:

• timelines as regards registers of information;
• the ESAs workshop on 18 December 2024;
• ESAs statement on DORA application; and
• an update on threat-led penetration testing

Revised outsourcing notification guidance 

For more information, please see FIG Top 5 at 5 dated 19 December 2024.

Artificial intelligence act 

The Newsletter highlights that the first set of requirements apply from 2 February 2025, at which stage the rules on prohibited activities come into effect, and providers and deployers must ensure their staff have a sufficient level of AI literacy.

3. EIOPA Updates:

1. EIOPA revokes previous guidelines to avoid duplication and overlaps with DORA

On 19 December 2024, the European Insurance and Occupational Pensions Authority (“EIOPA”) issued a statement (“Statement”) announcing that it will withdraw two previously published guidelines and amend an opinion related to the use of information communication technology (“ICT”) by undertakings.

In undertaking this action, EIOPA aims to eliminate overlaps and foster a unified regulatory framework for digital operational resilience in the European insurance and occupational pension funds sectors.

The following guidelines are to be withdrawn:

• the “guidelines on information communication technology security and governance" issued in the context of Solvency II; and
• the "guidelines on outsourcing to cloud service providers" issued in the context of Solvency II.

The following opinion is to be amended:

• the "Opinion on the supervision of the management of operational risks faced by IORPs" issued in the context of IORP II. It removes the section on cyber risks along with all references and annexes relating to it. The amended opinion is available here.

Next Steps

The changes will take effect from 17 January 2025. Following the withdrawal of the guidelines and the introduction of amendments to the opinion, national supervisors across the EEA are expected to adjust their national frameworks to remove duplications that may exist and to continue to ensure a level playing field.

2. ESRB publishes advice to EIOPA on criteria for identification of exceptional sector – wide shocks under Solvency II

On 23 December 2024, the European Systemic Risk Board (“ESRB”) published its advice to the European Insurance and Occupational Pensions Authority (“EIOPA”) on the criteria for the identification of exceptional sector – wide shocks under Solvency II (“Advice”). The Advice document is the ESRB’s advice to EIOPA, reflecting the ESRB’s macroprudential perspective.

The Advice follows a consultation carried out by EIOPA in October 2024. For more information please see FIG Top 5 at 5 dated 3 October 2024.

Under the new article 144c of the Solvency II Directive, which will be inserted by the Solvency II Amending Directive,  at a time of exceptional shocks, supervisors may require insurers with a particularly vulnerable risk profile to restrict or suspend dividend payments, share buybacks or bonuses with the aim of preserving the financial position of individual insurers during periods of exceptional sector - wide shocks.

EIOPA is required to consult the ESRB and develop draft regulatory technical standards (“RTS”) which specify criteria for the identification of exceptional sector - wide shocks. The criteria would ensure consistent conditions for applying supervisory measures.

The Advice considers the draft RTS developed by EIOPA in relation to the requirements set out in the new articles 144a to 144d of the new Chapter VIIa of the Amending Directive and their potential interaction with other provisions of the Amending Directive.

Some of the matters highlighted by the ESRB in its Advice, are as follows:

• The ESRB notes that, in contrast with the previous Directive, insurers must now take a macroprudential perspective on pre – existing requirements, for example, underwriting and risk management activities. This obligation also applies in respect of the new supervisory provisions of articles 144a to 144d. In view of the fact that these articles are interlinked, the ESRB has stated that EIOPA should ensure that draft RTSs with a macroprudential perspective are considered jointly;
• The ESRB have commended EIOPA for developing criteria that provide authorities with the flexibility they need to take action;
• The Advice sets out a number of areas where the RTS could be further developed to make sure that they are applied and interpreted consistently, such as:
  • clarifying that the criteria set out in the RTS are not a closed list;
  • expanding the background on sector - wide shocks;
  • considering transmission and amplification factors as part of the criteria for identification; and
  • providing background and clarification on key concepts that are not defined in the directive, for example the insurance sector and financial position.

If such matters are not considered in the RTS, the ESRB recommends that they should, at least, be in the preamble to guide supervisors. In this way, EIOPA will be able to clarify the objectives of the RTS, thereby, ensuring a clearer understanding of specific terms.

Section 3 of the Advice considers opportunities to support the effective future application of the RTS and the new supervisory provisions under articles 144a to 144d more broadly.

Section 4 of the Advice sets out other matters considered by the ESRB as regards articles 144a to 144d and includes advice for EIOPA on how to make sure that draft RTSs, guidelines and opinions, with a macroprudential perspective, are considered holistically.

Next Steps

EIOPA is required to submit the final draft RTS to the European Commission 12 months from the date on which the Amending Directive enters into force, being 28 January 2026 in light of the fact that the Amending Directive will enter into force on 28 January 2025.

4. Recent Publications in the Official Journal:

1. Implementing regulation on supervisory reporting requirements under CRR published on OJEU

On 27 December 2024, Commission Implementing Regulation (EU) 2024 / 3117 (“Repealing Regulation”) was published in the Official Journal of the European Union (“OJEU”).

In July 2024, the European Banking Authority (“EBA”) published its final report on the final draft implementing technical standards (“ITS”), which will repeal Commission Implementing Regulation (EU) 2021 / 451. For more information, please see FIG Top 5 at 5 dated 18 July 2024.

CRR III has been applicable since 1 January 2025 and amends the CRR in order to implement the final set of international standards of the Basel Committee on Banking Supervision (“Basel III”). 

The repeal of Implementing Regulation (EU) 2021 / 451 was considered necessary due to the large number of changes required under CRR III to implement Basel III. It was considered that merely amending Implementing Regulation (EU) 2021 / 451 would make it extremely cumbersome for the economic operators concerned to find out which reporting requirements apply to them.  It has ceased to apply since 1 January 2025 except for the following:

• article 5(12) and Annex I, templates 18 to 24, and Annex II, Part II, points 5.1 to 5.7; and
• article 15, which will continue to apply until 31 December 2025 only for the purposes of article 5(4) of the Repealing Regulation.

Next Steps

The Repealing Regulation has been in force since 28 December 2024, being the day following its publication in the OJEU and it will apply from 28 June 2025.

2. Solvency II and IRDD directives published in the OJEU

On 8 January 2024, the directive amending the Solvency II Directive (“Solvency II”) and the Directive on Insurance Recovery and Resolution (“IRDD”), were published in the Official Journal of the European Union (“OJEU”).

This follows on from the adoption of both pieces of legislation by the Council of the European Union on 5 November 2024. For more information, please see FIG Top 5 at 5 dated 7 November 2024.

Next Steps

Solvency II

The Solvency II Amending Directive will enter into force on 28 January 2025, being 20 days following publication in the OJEU. Member states are required to transpose the Directive by 29 January 2027 and it will apply from 30 January 2027.

IRRD

The IRRD will enter into force on 28 January 2025, being 20 days following publication in the OJEU. Member states are required to transpose IRRD in respect of articles 1 – 91, 96 and 97 by 29 January 2027. Those measures will apply from 30 January 2027. Articles 92 to 95 shall apply from 30 January 2027.

5. EBA publishes consultation on draft RTS on prudential treatment of crypto – asset exposures

On 8 January 2025, the European Banking Authority (“EBA”) published a consultation paper (“Consultation”) on draft regulatory technical standards (“RTS”) regarding the calculation and aggregation of crypto exposure values under article 501d(5) of the CRR.

Under article 501d(5) of the CRR III, the EBA is required to develop draft RTS in order to set out the necessary technical elements such that institutions will be able to calculate their own funds requirements in accordance with article 501d(2)(b) and (c) and include:

• how to calculate the value of the exposures in crypto - assets;
• how to aggregate short and long positions in crypto - assets for the purposes of calculation during the transitional period; and
• the application of the total exposure limit in other crypto-assets.

In drafting the RTS, the EBA is required to take account of the requirements of MiCA as well as the Basel Committee’s standard on the prudential treatment of crypto – asset exposures (“Basel Standard”).

The draft RTS further develops the relevant capital treatment, and aligns with the Basel Standard in so far as possible, for:

• credit risk;
• counterparty credit risk;
• market risk; and
• credit valuation adjustment risk for asset reference tokens and other crypto – assets exposures.

The aim of the RTS is to ensure harmonisation of the capital requirements on crypto – assets exposures by institutions across the European Union. The EBA has stated that transitional provisions in CRR III , together with the draft RTS, should ensure that institutions are able to adequately capitalise their crypto – asset exposures until a permanent prudential treatment comes into force.

Section 4 of the Consultation sets out the draft RTS and contains seven questions, together with explanatory text for Consultation purposes.

Next Steps

The Consultation is open until 8 April 2025. The EBA will hold a virtual public hearing on 4 March 2025, interested parties have until 28 February 2025 to register.