FIG Top 5 at 5 - 13/02/2025

1.  Governor of the Central Bank delivers speech addressing strategic foresight and anticipatory governance

On 11 February 2025, Governor of the Central Bank of Ireland (“Central Bank”), Gabriel Makhlouf, delivered a speech that centred around the theme of strategic foresight and anticipatory governance and its role in shaping plans and policy decisions for the future.

The Governor highlighted the importance of building strategic foresight capacity in the context of rapid change and upheaval, as experienced domestically and globally, over the past number of decades, particularly in the last five years. Governor Makhlouf linked this concept to the Central Bank’s strategic theme of being future – focused, emphasising the vital nature of preparing for future challenges and opportunities.

The Governor then went on to identify some of the challenges and opportunities that lie ahead, as follows:

• a rapid shift to a multipolar world and the erosion of the international order that has been fundamental to global cooperation since World War II, leaving Ireland particularly vulnerable to the challenges of this geoeconomic fragmentation;
• the aging demographic in Ireland and its affect as regards future labour supply, productivity and long – term growth. Indeed, the Governor noted that this pattern is seen across the EU;
• the reshaping of the financial services industry by the rapid developments in AI, also with potential consequences for the broader economy. The Governor highlighted the need to be proactive as regards operational resilience; and
• the growing risk presented by misinformation.

In order to truly embrace strategic foresight the Governor stated that:

• time must be made for foresight through the use of methods such as horizon scanning with the development of tools to support this;
• it is important to be open and engaged, specifically, insights should be shared, perspectives challenged and a collaborative horizontal approach adopted; and
• there is a need to be more future focused and to approach governance from that perspective. 
  

2. FSPO publishes its Strategic Plan 2025 – 2027

On 11 February 2025, the Financial Services and Pensions Ombudsman (“FSPO”) published its strategic plan 2025 – 2027 (“Strategic Plan”).

This is the FSPO’s third such publication. The FSPO has stated that the priorities set out in the Strategic Plan reflect the statutory role of the FSPO and its values, as well as its goal of evolving and innovating in respect of its services with a focus on its customers and external stakeholders.

The Strategic Plan sets out three strategic priorities as follows:

1. Delivering for its customers – with continued focus on the provision of an accessible, inclusive, easy to use service to resolve complaints and the reduction of waiting times through the optimisation of systems and processes;
2. Sharing and Influencing – the FSPO intends to raise consumer awareness as regards options and rights and will also focus on influencing industry standards through engaging and sharing data from the work of the FSPO with regulators, policymakers and providers; and
3. Strengthening the FSPO team and innovating for better services – this will see a focus on better service delivery through use of technology and data together with maintaining an emphasis on the improvement of business processes, operating model and governance.

Taking the external environment into account, citing the expected revised consumer protection code, the introduction of pension auto-enrolment, increasing consumer awareness and heightened expectations, the FSPO considers it likely that complaints may increase further in number and complexity over the lifetime of the Strategic Plan. The Strategic Plan highlights that the financial services and pensions sectors, particularly, are experiencing a period of significant disruption and transformation. Some of the matters addressed in the Strategic Plan are as follows:

• the increase in complaints - the FSPO received 6,182 complaints in 2023, representing an almost 30% increase when compared to 2022, with the volume of complaints maintained in 2024;
• an uncertain and challenging international and policy context, including reference to:
  • the new European Commission;
  • the fact that the Commissioner for Financial Services and the Savings and Investments Union will be, amongst other matters, responsible for ensuring that EU rules offer appropriate levels of protection for consumers and retail investors;
  • the European investments and savings union; and
  • the increased focus on competitiveness.
• the increasing focus on sustainability as the FSPO, financial service providers, pension providers and their customers, contend with the transition to a carbon neutral economy;
• the changing consumer profile, demands and attitudes;
• legal and regulatory developments, particularly the rise of new and unregulated financial markets, including crypto. The Strategic Plan points to the potential effects of the following on the legal environment within which the FSPO operates:
  • the implementation arrangements for the 2023 Markets in Crypto Assets Regulation (“MiCA”);
  • EU regulations on crowdfunding;
  • the EU Directive on the Institutions for Occupational Retirement Provision (“IORP II”);
  • pan-European pension products (“PEPPs”); and
  • the proposed new payments services directive (“PSD3”).

Next Steps

As well as the strategic priorities set out above, the Strategic Plan also includes strategic initiatives, KPIs and a new strategic framework that the FSPO has stated will be used to measure and track progress against each strategic priority. The FSPO has stated that it will report on that progress in its annual report.

3. AI and Financial Services Updates:

1. Commission publishes Guidelines on AI system definition and Guidelines on prohibited artificial intelligence practices

On 4 and 6 February 2025, the European Commission (“Commission”) published two sets of guidelines relating to Regulation (EU) 2024/1689 (“AI Act”). They include

1.  Guidelines on the definition of an artificial intelligence system established by the AI Act; and

2.  Guidelines on prohibited artificial intelligence practices

In relation to the Guidelines on the definition of an AI system, the Commission explains that these guidelines aim to assist providers and other relevant persons in determining whether a software system constitutes an AI system to facilitate the effective application of the rules.

In relation to the Guidelines on prohibited AI practices, the Commission explains that these guidelines are designed to ensure the consistent, effective, and uniform application of the AI Act across the European Union. The Guidelines provide specific details of uses in financial services which firms should consider.

While both sets of guidelines offer what the Commission describes as “legal explanations and practical examples to help stakeholders understand and comply with the AI Act's requirements” they are non-binding.

Next steps

The Commission has approved the draft guidelines but they now need to be formally adopted.

2. EIOPA launches Consultation on Opinion of Artificial Intelligence Governance and Risk Management

On 10 February 2025, the European Insurance and Occupational Pensions Authority (“EIOPA”) launched a consultation on An Opinion on Artificial Intelligence Governance and Risk Management (“Consultation”).

The stated aim of the Consultation is to highlight the main principles and requirements in existing insurance sectoral legislation that should be considered in relation to those insurance AI systems that are not considered as prohibited AI practices or high-risk under the AI Act.

EIOPA explains that it has followed a principle-based approach in the Consultation which is aligned with the underlying principles and requirements of the AI Act and other international initiatives. In line with the European Commission’s broader consultation on the application of AI to financial services, EIOPA explains that it is not looking to establish new requirements, but rather provide guidance on how different provisions of insurance sectorial legislation should be interpreted in the context of AI systems that did not exist or were not widely used at the time the legislation was approved. With this in mind, the Consultation identified “high-level supervisory expectations of the governance and risk-management principles that supervisors expect undertakings to develop to ensure a responsible use of AI systems”.

The high-level supervisory expectations can be summarised as follows:

• Apply a risk-based and proportional approach:
  • Assess the risk of a firm’s different use cases for AI (Annex 1 provides examples of indicators that could be used to assess the impact of AI use cases);
  • Develop a combination of proportionate measures that ensure the responsible use of the AI system.
  • Develop a proportionate governance and risk management system regarding the firm’s use of AI covering the following - fairness and ethics; data governance; documentation and record keeping; transparency and explainability; human oversight; and accuracy, robustness and cybersecurity.
• Apply fairness and ethical principles with an emphasis on adopting a consumer centric approach;
• Implement a data governance policy which is aligned with the potential which is aligned with the potential impact of the AI use case at hand on consumers or the undertaking and in compliance with applicable data protection legislation;
• Maintain appropriate records of the training and testing data and the modelling methodologies to ensure their reproducibility and traceability;
• Adopt the necessary measures to ensure that the outcomes of AI systems can be meaningfully explained. EIOPA explains that if the complexity of the AI system hinders the full transparency and explainability, the undertaking should put in place complementary risk management measures;
• Put in place effective internal control systems depending on the nature, scale and complexity of the AI systems and during their entire lifecycle. Roles and responsibilities should be defined in policy documents to ensure that relevant staff is involved in the necessary steps of the AI system life cycle (EIOPA identifies a number of such roles and responsibilities);
• Emphasis on accuracy, robustness and cybersecurity of AI systems which is proportionate to its’ nature, scale and complexity.

Next Steps

The Consultation is open for comments until 12 May 2025.

It should also be noted that EIOPA states that it expects that it will, into the future, develop more detailed analysis on specific AI use cases or issues arising from the use of AI systems in insurance and provide further guidance, as relevant.

4. MiFIR Updates:

1. Commission consults on draft delegated regulation extending procedural rules for penalties imposed on DRSPs to CTPs under MiFIR

On 6 February 2025, the European Commission (“Commission”) launched a consultation (“Consultation”) seeking feedback on a draft delegated regulation (“Delegated Regulation”) that aims to ensure that the scope of application of the procedural rules for the European Securities and Markets Authority’s (“ESMA”) supervision of data-reporting-services providers (“DRSPs”) includes consolidated tape providers (“CTPs”).

The Delegated Regulation, which supplements the Markets in Financial Instruments Regulation (“MiFIR”), proposes to amend Delegated Regulation (EU) 2022/803 on the procedure ESMA must follow to impose fines or penalties on DRSPs. The procedural rules cover rights of defence, the collection of fines or periodic penalty payments, and the limitation periods for imposing and enforcing fines and periodic penalties

Delegated Regulation (EU) 2022/803 was adopted by the Commission on 16 February 2022. CTPS, who are also DRSPs, were intentionally left out of its scope due to an absence of entities providing consolidated tape services in the EU and because the review of the rules governing CTPs under MiFIR was still ongoing at that time.

The MiFIR amending regulation entered into force on 28 March 2024, removing obstacles to the emergence of CTPs in the EU.

Article 1 of the Delegated Regulation amends Commission Delegated Regulation (EU) 2022/803 to ensure that its scope covers all types of DRSPs subject to ESMA supervision, including CTPs.

Next Steps

The Consultation is open for feedback until 6 March 2025.

The Delegated Regulation will enter into force on the day after its publication in the Official Journal of the European Union.

2. Commission consults on draft delegated regulation amending delegated regulation on fees relating to the supervision by ESMA of CTPs

On 10 February 2025, the European Commission (“Commission”) launched a consultation seeking feedback on a draft delegated regulation (“Delegated Regulation”). The Delegated Regulation  proposes to amend Commission Delegated Regulation (EU) 2022/930 as regards the  supervisory fees charged by the European Securities and Markets Authority (“ESMA”) to data reporting services providers (“DRSPs”) in order to extend it to include consolidated tape providers (“CTPs”).

Delegated Regulation (EU) 2022/930, which supplements the Markets in Financial Instruments Regulation (“MiFIR”), was adopted by the Commission in March 2022. CTPs were intentionally left out of the scope of Delegated Regulation (EU) 2022/930. This was due to the absence of entities providing CTP services in the EU and because the review of the rules governing CTPs under MiFIR was still ongoing at that time.

The MiFIR amending regulation entered into force on 28 March 2024 and removed the obstacles to the emergence of CTPs in the EU and also set a timeline for ESMA’s selection and authorisation of a CTP for bonds, a CTP for equity (shares and exchange-traded funds) and a CTP for over-the-counter (“OTC”) derivatives. Accordingly, it is necessary to amend Delegated Regulation (EU) 2022/930 to ensure it covers all DRSPs subject to ESMA supervision, including CTPs.

Some of the matters sets out in the Delegated Regulation are as follows:

• article 1(1) clarifies that Commission Delegated Regulation (EU) 2022/930 applies to all DRSPs subject to ESMA supervision, including CTPs;
• article 1(2) specifies that the fees charged to DRSPs should fully cover the direct and indirect costs of supervision;
• article 1(3) introduces a fixed authorisation fee applicable to CTPs;
• article 1(4) introduces a new article on the annual supervisory fee applicable to CTPs, including a fixed fee for CTPs’ first years of operation; and
• article 1(5) introduces the methodology to be used to calculate the revenues of CTPs.

Next Steps

The Consultation is open until 10 March 2025.

The Delegated Regulation will enter into force 20 days after its publication in the Official Journal of the European Union.

5. EBA Updates:

1. EBA amends its Guidelines on ICT and security risk management measures in the context of DORA application

On 11 February 2025, the European Banking Authority (“EBA”) published a final report containing amendments to its guidelines on ICT and security risk management (“Report”). The original guidelines date back to 30 June 2020.

The Report explains that the amendments to the guidelines are needed in order to avoid duplication with the requirements on ICT risk management that were introduced by DORA. The Report reduces the scope of a number of the guidelines as follows:

• Entity scope  - only those that are covered by DORA, namely credit institutions, payment institutions, account information service providers, exempted payment institutions and exempted e-money institutions;
• The scope of the guidelines to the requirements on relationship management of the payment service users in relation to the provision of payment services.

The other guidelines will be repealed.

Next steps

The guidelines will now be translated into the official EU languages and published on the EBA website, with a consolidated version of the guidelines.

The amending guidelines will apply two months thereafter.

2. EBA opinion on draft RTS on conflicts of interest for asset-referenced token issuers under MiCA

On 5 February 2025, the European Banking Authority (“EBA”) published an opinion on the European Commission's proposed amendments to its draft regulatory technical standards (“RTS”) on conflicts of interest for issuers of asset-referenced tokens under MiCA (“Opinion”).

The EBA submitted its final draft RTS to the Commission in June 2024, for more details please see FIG Top 5 at 5 dated 13 June 2024.  In November 2024, the Commission advised the EBA that it was willing to endorse the draft RTS subject to certain amendments, it is these amendments which the Opinion addresses.

In the Opinion, the EBA states that it has only a concern with one of the amendments which relates to the deletion of the reference to "risk alignment mechanisms" for remuneration in Article 5. The EBA considers that this deletion would alter the draft RTS in a significant manner from a policy perspective and would be lead to inconsistencies with other RTS. However, the EBA explains that the Commission has agreed to reinstate the reference in the adopted version of the RTS.

The EBA has now submitted the amended draft RTS to the Commission for endorsement.

Next Steps

Following this, they will be scrutinised by the European Parliament and the Council of the EU before being published in the Official Journal of the European Union. They will come into force 20 days later.