Welcome to the FIG Top 5 at 5

On 13 January 2026, the Government Legislation Programme for Spring 2026 was  published (“Programme”), identifying the Government’s priorities for the coming ten week parliamentary session.

The Programme identifies 30 bills to be prioritised for publication and 34 bills to be prioritised for drafting, with 78 additional bills listed under “All Other Legislation”.

There are currently 19 bills on the Dáil and Seanad order paper, while 28 bills have been published and 21 enacted, since the Government came to office on 23 January 2025.

Those of direct relevance to financial services are outlined below:

Legislation for Priority Publication

• Conclusion of IBRC Special Liquidation and Dissolution of NAMA Bill aims to effect the conclusion of the Irish Bank Resolution Corporation Special Liquidation and the dissolution of the National Asset Management Agency (“NTMA”) by the end of 2025. Further, it aims to implement appropriate arrangements to manage any remaining residual activity of both entities following the respective conclusion of their work mandates, including through the creation of a new Resolution Unit within the NTMA to manage any remaining residual activity from 2026 onwards. The Programme indicates that Heads of Bill were approved in July 2024 and that work is ongoing.

Legislation for Priority Drafting

• Co-operative Societies Bill aims to place the co-operative model on a more favourable and clearer legal basis, thereby creating a level playing field with companies and encouraging the consideration of the cooperative model as an attractive formation option for entrepreneurs. The Programme indicates that work is ongoing.
• Finance (International Financial Institutions) Bill aims to put in place the legislative authority for the Minister and the Central Bank of Ireland to contribute to the IMF Resilience and Sustainability Trust using a portion of Irelands allocation of IMF Special Drawing Rights. The Bill will also provide a government guarantee to the Central Bank of Ireland for the purpose of contributing to the IMF Trust and make other administrative amendments relating to Ireland’s membership of international financial institutions. The Programme indicates that Heads of Bill were approved in July 2025.
• Violation of Restrictive Measures Bill which will transpose EU Directive 2024/1226 on the definition of criminal offences and penalties for the violation of Union restrictive measures. The Programme indicates that Heads of Bill were approved in March 2025.

All Other Legislation

• Central Bank (Amendment) Bill which will transpose certain elements of Directive (EU) 2024/1640 (Sixth Anti-Money Laundering Directive) of relevance to the Central Bank of Ireland, through amendment to the Central Bank Reform Act 2011 and / or the Central Bank (Supervision and Enforcement) Act 2013. The Programme indicates that work is ongoing.
• UN Restrictive Measures Bill aims to create a mechanism  by which persons would be obliged to adhere to the asset freezing requirements of certain UN Security Council Resolutions in the period prior to their incorporation in an EU legislative act, in order to meet Ireland’s international obligations and prevent sanctions evasion. The Programme indicates that work is ongoing.
• Asset Covered Securities (Amendment) Bill aims to amend the Asset Covered Securities Act 2001 to facilitate the issuance of asset covered securities (covered bonds) either by specialist covered bond subsidiary entities under a specialist banking model or from non-specialist credit institutions operating under a universal banking model and related matters. The Programme indicates that Heads of Bill are being prepared.
• Personal Insolvency (Amendment) Bill aims to update aspects of personal insolvency legislation, following statutory review of Personal Insolvency Acts. The Programme indicates that work is ongoing.

Bills currently on the Dáil and Seanad Order paper as of 13 January 2026

• Credit Review Bill 2024 which aims to provide for the establishment of the Credit Review Service (“Service”) as a body corporate, with the chief executive officer of the Service being the Credit Reviewer, formalising the arrangements set out in S.I. No. 127/2010 – guidelines issued under section 210(1) of the National Asset Management Agency Act 2009 regarding lending practices and procedures and relating to the review of decisions of participating institutions to refuse credit facilities. The Programme indicates that the bill is at Second Stage in the Seanad.
• Central Bank (Amendment) Bill 2025 which aims to amend the Central Bank Act 1942 and prohibit financial service providers from discriminating against survivors of cancer from accessing financial services and to provide for related matters. The Programme indicates that the bill is at Committee Stage in Dáil Éireann.

Next Steps

The FIG Top 5 at 5 will continue to monitor the progress of the legislative initiatives and update clients when appropriate.

On 14 January 2026, Director of Capital Markets and Funds at the Central Bank of Ireland (“Central Bank”), Gerry Cross, delivered a speech at the Compliance Institute’s Annual General Meeting in which he addressed a number of topical matters, including simplification and resilience.

The Director acknowledged the common ground shared by regulators and compliance professionals in ensuring that businesses are well run and “sustainably successful”.

Director Cross focused on a number of key areas in his speech as follows:

Securing customers’ interests

The Director pointed to the Central Bank’s Consumer Protection Code (“Code”) as the cornerstone of consumer protection in financial services in Ireland, noting that the revised Code will come into force on 24 March 2026.

Acknowledging the essential role played by industry as regards the review of the Code, he went on to highlight that further clarification and guidance has been provided in the areas during the implementation period engagement process. In this regard, he highlighted that the Central Bank updated the General Code Guidance in December 2025, alongside the publication of a number of FAQs, to support industry in the implementation of the revised Code – for more information, see the update below. The Director stated that continued effort will be needed on an ongoing basis as firms apply the provisions of the revised Code in their operations.

On the topic of the regulatory expectations of firms, the Director referred to the new Standards for Business, highlighting the expectation that a regulated entity will, at all times, secure its customers’ interests. In that regard, he highlighted his previous remarks on this matter – for more information, see FIG Top 5 at 5 dated 10 October 2024.

Individual accountability

Continuing his discussion of the evolving supervisory approach of the Central Bank, Director Cross pointed to the positive effects seen in the early stages of the implementation of the Individual Accountability Framework (“IAF”), such as:

• enhanced clarity as to responsibility within financial firms;
• support for the effectiveness of collective and individual decision making within firms;
• providing an underpinning of responsibilities and accountability which is supporting the Central Bank’s evolving approach to supervision; and
• facilitating the further improvement and simplification of other areas of regulation, for example in the area of the Central Bank’s fitness and probity framework.

Director Cross touched on how the introduction of the IAF represents a significant development for compliance professionals, allowing the role of the compliance function to evolve to respond to the changing circumstances in which a firm may find itself operating.

He highlighted that the IAF is consistent with both the Securing Customer’s Interests duty and the overall simplification approach of the Central Bank.

Simplification

Under this heading, Director Cross took the opportunity to further emphasise the Central Bank’s commitment to an outcomes focused approach in light of the Draghi and Letta reports. He highlighted that the simplification of regulatory frameworks is an essential aspect in the promotion of productivity and resilience in our economy.

The Director set out that the simplification agenda of the Central Bank is centred on the recognition that achieving robust and high-quality regulation and supervision means being effective and efficient. In that regard, he discussed that the drive for simplification is an opportunity to remove unnecessary complexity without compromising the existing regulatory standards and protections that have been established in the years following the global financial crash.

Director Cross pointed to the Central Bank’s recent publication: “Regulating & Supervising well – a more effective and efficient framework”, which sets out the Central Bank’s position on simplification – for more information, see FIG Top 5 at 5 dated 11 December 2025.

Resilience

Considering the resilience of the financial system, Director Cross referenced the Great Financial Crisis in 2008 and noted that the successful reform of the regulatory regime is now evident in the way in which the financial system has adapted to recent periods of stress. Nonetheless, he emphasised the importance of financial resilience remaining at the top of firms’ agendas, allowing them to adequately assess and respond to the evolving, dynamic nature of financial risks in the system.

The Director went on to state that operational resilience is a key priority for the Central Bank in the face of the centralisation of digital processes in the functioning of the financial system, rapidly evolving technology and the role of third-party providers. He noted that DORA is a major EU policy response to the growing cyber and ICT risks.

Director Cross took the opportunity to highlight the progress made since DORA came into effect, such as:

• the commencement of incident and cyber threat reporting;
• the collection of registers of information on contractual relationships with ICT third party providers;
• the national identification of firms subject to Threat Led Penetration Testing (“TLPT”); and
• the identification of critical ICT third-party providers, and preparation for their direct oversight by the European Supervisory Authorities (“ESAs”).

He pointed out that firms are now preparing for the second collection of registers of information under DORA, and that the first TLPTs are about to begin.

Director Cross cited the recent thematic work on operational resilience in the MiFiD investment firm sector, noting that the Central Bank observed a maturing of operational resilience in this sector, and identified areas where some firms need to make enhancements, such as identifying their important business services, and mapping how these services are delivered – for more information see FIG Top 5 at 5 dated 15 January 2026.

Leveraging Technology

Director Cross stated that the integration of digital technology in the financial system must continue to be aligned with the sound running of firms, consumers’ interest and financial stability.

The Director referenced the evolving integration of AI tools and technologies in the financial system and highlighted the potential for such technology to assist the Central Bank in its supervisory role, while also discussing possible risks. Some of the matters he addressed were as follows:

• it is a supervisory objective of the Central Bank to assess how AI is being used by firms providing financial services, with the overarching aim of ensuring that the use of AI by regulated entities supports the regulatory objectives of the Central Bank;
• firms need to assess whether AI is an appropriate tool in each circumstance, in consideration of the technology itself, the firms’ overall strategy, risk tolerance, and compliance framework;
• the ethical use of data is a key area of evolving AI usage in financial services, and consideration must be given to data privacy in order to avoid erosion of trust in the implementation of new technology;
• consideration must be given as to how the adoption of AI may interact with the firm’s operational risk profile and its cyber resilience; and
• AI use needs to be underpinned by effective governance and oversight, with firms adhering to the same standards expected when deploying more traditional technology.

Director Cross went on to point out that both the new EU AI Act and much of the existing relevant technology-neutral regulation will be important for firms and their compliance functions as technological integration continues to evolve.

Supervisory approach

Under this heading, Director Cross took the opportunity to discuss the Central Bank’s move to a revised supervisory approach that is integrated across all safeguarding outcomes – for more information, see FIG Top 5 at 5 dated 6 March 2025. He stated that the evolution of the Central Bank’s supervisory approach allows it to deliver more effectively on regulatory objectives by:

• being more integrated;
• being more outcomes focused; and
• being more efficient.

The Director reiterated that the implementation of the Central Bank’s revised approach is an ongoing area of focus.

On 12 December 2025, the Central Bank of Ireland (“Central Bank”) updated the General Guidance (“Guidance”) on the Consumer Protection Code (“CPC”).

The Guidance was first published in March 2025 when the Central Bank published the feedback statement to the March 2024 consultation paper on the CPC (“CPC 158”), together with the finalised regulations and guidance documents – for more information, see FIG Top 5 at 5 dated 27 March 2025.

The Central Bank explains that the Guidance has been updated to take account of additional guidance and clarifications that were identified, during the implementation period, through engagement with, and queries from, stakeholders.

The following is a high-level overview of the updates to the Guidance:

• a new subsection has been added to section 1 entitled, “Alignment with Individual Accountability Framework”, noting, amongst other matters, that the concept of reasonable steps reflected in the IAF has intentionally not been replicated in the Securing Customers’ Interests Standards for Business. In this regard, the Guidance highlights that the conduct standards referred to in the IAF, which apply to individuals, can be distinguished from obligations placed on firms via the CPC;
• a new subsection has been added to section 3.3 which deals with sustainability preferences. The new subsection, at 3.3.2, states that the CPC seeks to ensure that customers are protected from ‘greenwashing’;
• two new subsections has been added to section 3.5, which addresses digitalisation, in the form of subsections 3.5.4 and 3.5.5. Subsection 3.5.4 deals with the concept of a durable medium and also addresses the use of written consent requirements in the CPC. The requirements have been updated, where appropriate, to include oral consent. However, the Guidance states that there are some circumstances where consumers are best protected if written consent is required. Subsection 3.5.5 deals with Regulation 42 whereby notification is to be provided of withdrawal to systems / information;
• three further new subsections have also been added to section 3.5 under the heading, “Guidance to be provided on the use and navigation of digital platforms”. Some of the matters addressed by way of these new subsections include, navigations aids / the intention behind the definition of digital platform / secure payment links;
• a further infographic has been added to “Box 3: Provision of financial services through digital platforms – supporting good online decision making”, providing an illustration as to how disclosures can be presented at the payment stage. This infographic also deals with insurance as an add-on product, highlighting that care should be taken the ensure that the customer has sufficient information and time to make an informed decision about the option to purchase the add-on insurance by including appropriate pause features in the transaction process;
• section 3.6, which addresses regulatory disclosure statements, has had extra text added to subsection 3.6.2 to clarify what is meant by details of financial services in the context of SMS or WhatsApp messages. A new example box has also been added setting out an SMS example that does not require a regulatory disclosure statement;
• subsection 3.6.6 under the heading “Regulatory Disclosure Statement in Advertisements”, has some extra text added in connection with entities linking a banner / pop-up advertisement to a product specific webpage;
• section 3.7, dealing with advertising, has a new subsection by way of 3.7.3 which addresses requirements and specific wording for warning statements within advertisements;
• a further three subsections have been added to section 3.7 under a new heading entitled, “Warning Statements” and dealing with Consumer Protection Regulations 45, 82 and 83;
• another new heading has been added to section 3.7 entitled, “Hyperlinks Linking to Information Permitted Under Certain Conditions”, with two subsections, 3.7.17 and 3.7.18 and addressing Consumer Protection Regulation 76;
• further, in section 3.7, there is a new heading entitled, “Referring to annual percentage rate”, addressing Consumer Protection Regulation 150(2);
• section 3.9, which covers complaints resolution, has a new heading entitled “Procedures for managing and resolving complaints”, addressing Consumer Protection Regulation 105. Under this new heading, there are two subsections, 3.9.2 and 3.9.3;
• a new section has been added entitled “Period of Retention of Records”, which addresses Consumer Protection Regulation 117 and can be found at section 3.10. The new section provides clarifications regarding the record keeping requirements applicable in cases where a consumer engages with a firm but does not proceed to become a customer;
• a new section entitled “Miscellaneous Business Requirements” has been added to the Guidance at 3.11. This new section covers Consumer Protection Regulation 125 on procedures to be followed where a firm plans to cease to operate, merge or transfer regulated activities. It also addresses Consumer Protection Regulation 135 regarding reasons to be provided for not approving a personal consumer credit application;
• section 3.12, which deals with specific requirements for credit institutions has been updated with three new headings and corresponding subsections, as follows:
  •  “Supporting documentation to be obtained prior to providing mortgage”, which addresses Consumer Protection Regulation 178;
  •  “Required information to be included with offer document on mortgage”, which addresses Consumer Protection Regulation 173; and
  • “Process to be followed for dealing with mortgage loan applications by personal consumers”, which addresses Consumer Protection Regulation 179.

• section 3.13, which addresses specific guidance for the insurance sector, has been updated with four new headings and corresponding subsections, as follows:
  • “Consumer treatment when purchasing or renewing health insurance”, particularly highlighting that health insurance providers should note the findings of the 2025 Thematic Review on Consumer Treatment when Purchasing or Renewing Health Insurance – for more information, see FIG Top 5 at 5 dated 18 September 2025;
  • ““Important Information” box in health insurance renewal notices”, noting that this requirement aligns with the provisions in the CPC as regards informing effectively and the practice of including this “Important Information” box should be retained;
  • “Issuance of Insurance Policy”, which addresses Consumer Protection Regulation 342 regarding the practice whereby insurers may provide interim cover arrangements pending receipt of documentation required to conclude the contract;
  • “Information concerning surrender value of a life insurance policy”, which addresses Consumer Protection Regulation 345(2) with the Guidance noting that the Central Bank is not aware of any secondary market in Ireland for these policies, such that this requirement will not materialise in practice at this time.

• under the heading “Advance notification of expiry date of a policy of non-life insurance”, which deals with Consumer Protection Regulation 346, two new subsections have been added at 3.13.9 and 3.13.11; and

• in section 3.13, under the heading “Notification of lapse of cover of a health insurance policy”, which deals with Consumer Protection Regulation 347, two new subsections have been added at 3.13.18 and 3.13.19.

 

FAQs

The Central Bank has also provided a set of FAQs which set out some of the general questions that were asked, and that have been responded to, during the implementation period for the revised CPC. The Central Bank has confirmed that it will update the FAQs as further queries / clarifications arise. The FAQs address the following areas:

• referencing the CPC;
• implementing revised requirements prior to the effective date of the revised CPC / phased implementation of the CPC;
• the scope and application of the CPC;
• the application of the CPC to credit intermediaries;
• the definition of consumer versus personal consumer;
• the requirement for suitability statements for unsecured lending products;
• a trusted contact person; and
• complaints – information on relevant ombudsman and alternative dispute resolution service to be provided under Consumer Protection Regulation 61.

1. Central Bank updates guidance for completion of schedule 2 AML / CFT registration form

On 15 January 2026, the Central Bank of Ireland (“Central Bank”) published an updated version of its guidance for the completion of the schedule 2 anti-money laundering / countering the financing of terrorism (“AML /CFT”) form (“Guidance”). The Guidance replaces the previous version that applied from 20 May 2019 to 14 January 2026.

The following is an overview of the main changes:

• reference to the Criminal Justice Act 2013 and the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2018 has been removed and the Guidance now refers solely to the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended;
• the section entitled “How to register as a Schedule 2 Firm”, has been amended to refer to post registration changes and directs relevant parties to a linked address on the Central Bank’s website for more information on post registration changes;
• there is a new section, entitled, “Registration for the Central Bank’s Portal”, setting out that in order to submit the schedule 2 form, a firm is required to set up a firm administrator via the Central Bank’s portal; and
• the table setting out the completion notes has been move from section 7 in the prior version to a standalone section at the end of the Guidance, with the notes regarding the following matters having been added / updated:
• Schedule 2 Rationale;
• Types of Customers;
• Industries or Sectors your Customers are involved in;
• Total Staff Directly or Indirectly Employed by the Firm;
• Financial Details;
• Name of the Ultimate Parent Group;
• Name of Regulator;
• Firm availing if Section 110 Tax Provisions;
• Reporting to the Central Bank; and
• Central Bank Institution Code.

2. EBA and AMLA announce complete handover of AML / CFT mandates

On 19 January 2026, the European Banking Authority (“EBA”) and the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (“AMLA”) published a joint press release (“Press Release”) announcing that the EBA and the AMLA have, as of 1 January 2026, completed the transfer of all AML / CFT mandates and functions from the EBA to the AMLA.

Some of the matters highlighted in the Press Release include:

• key EBA tools and expertise such as, the EuReCa database, supervisory insights and risk assessments, have been transferred to the AMLA;
• all existing guidelines and standards remain in force until they are replaced by the AMLA;
• the AMLA will complete the EU’s single rulebook, advance supervisory convergence and will also coordinate the work of financial intelligence units with the aim of enhancing the cross border exchange of financial intelligence; and
• the EBA will continue to address money laundering risks through prudential regulation.

1. EIOPA publishes new strategy towards 2030 and revised single programming document 2026 -2028

On 15 January 2026, the European Insurance and Occupational Pensions Authority (“EIOPA”) published its new strategy (“Strategy”) which looks ahead to 2030.

EIOPA has stated that it has developed the Strategy to take account of geopolitical tensions, economic fragility and environmental challenges and in that regard, highlights the need to advance the savings and investment union (“SIU”), strengthen the single market and build trust such that EU citizens will make the move from saving to investing.

Recognising the move towards smarter regulation, the Strategy encompasses EIOPA’s focus on finding the right balance between simplification, financial stability, and consumer protection.

The Strategy highlights three strategic areas of activity, as follows:

Strengthening single market integration

Under this heading, EIOPA has identified the following “actionable objectives”:

• promoting high quality convergent supervision across the EU through the development and application of common supervisory frameworks, methodologies and tools while also assessing the consistent implementation of regulatory requirements. The Strategy also highlights the importance of regular exchange of knowledge, best practices and insights on emerging supervisory challenges by NCAs, stating that it will work to facilitate this;
• strengthening the supervisory response across the single market through robust, proportionate and effective supervisory actions / overseeing critical third-party service providers / robust and consistent supervision of internal models; and
• deepening global engagement through contributing to the implementation of a common insurance capital standard / continuation of the strong cooperation with third-country supervisors and international bodies to manage global financial risks.

Enhancing market and societal resilience against risks

Again, EIOPA has identified three “actionable objectives”, aimed at increasing resilience, as follows:

• strengthening risk assessment capabilities and preparedness by continuing to monitor financial markets and material risks / enhancing crisis prevention, management and resolution / improving preparedness and ensuring timely supervisory responses to potential shocks through joint threat exercises and early-warning mechanisms;
• contributing to societal resilience by enhancing data quality and understanding of risk drivers / further promoting informed decision-making among citizens and businesses regarding critical protection gaps / promoting transparency, fairness, and accessibility in insurance and pension products; and
• promoting cross-sectoral collaboration by supporting the development of joint frameworks and data-sharing initiatives to strengthen risk monitoring and supervisory effectiveness / deepening collaboration with EU and international authorities to facilitate timely, coordinated responses to systemic and structural risks.

Simpler, bolder, faster: better regulation supporting supervision

The “actionable objectives” identified by EIOPA under this heading are as follows:

• enhancing regulatory effectiveness through technical advice and simplification through continuing to promote proportionality in regulation and supervision / continuing the implementation of better regulation to support convergent supervision as per EIOPA’s simplification principles / early engagement in the regulatory cycle in order to provide robust, data-driven technical advice supported by sound impact assessments;
• leveraging SupTech and digital innovation through accelerating the digital transformation of EIOPA and NCAs / supporting the digital transformation of the industry; and
• strengthening data governance, management and sharing by advancing shared EU data infrastructures and standardised definitions to improve the quality, interoperability, and timeliness of supervisory data / reducing reporting burdens through streamlined data collection with greater reusability across authorities and functions.

Petra Hielkema, Chair of EIOPA, stated that:

“…The strategic objectives outlined in this roadmap will guide our actions and inform our decisions in the years ahead, helping Europe’s insurers and pension providers maintain their relevance as they continue to deliver essential services to households and businesses during times of transformation.”

Single programming document

On 19 January 2026, EIOPA published a revised version of its single programming document (“SPD”) for 2026 – 2028, which includes its work programme for 2026. EIOPA previously published its 2026 work programme in October 2025 – for more information, see FIG Top 5 at 5 dated 9 October 2025.

EIOPA’s priorities, as set out in the SPD, are focused on strengthening single market integration, enhancing market and societal resilience against risks, and better regulation and supervision – as reflected in the Strategy, discussed above.

Some of the areas highlighted by EIOPA in the SPD include:

• the convergent implementation of sectoral regulation and the inception of new permanent tasks regarding Solvency II and the Insurance Recovery and Resolution Directive (“IRRD”);
• in line with the objectives of the savings and investment union, EIOPA will actively contribute to initiatives for the review of the Institutions for Occupational Retirement Provision II Directive, the Pan-European Personal Pension Product Regulation and the Insurance Distribution Directive. EIOPA will also continue to actively contribute to the implementation of the Retail Investment Strategy;
• monitoring risks and opportunities regarding digital transformation and continuing to contribute to regulatory initiatives to establish clear rules for data use;
• preventing and preparing for cyber threats and other systemic risks that could affect the financial system by increasing transparency and raising awareness of insurance coverage and savings products to reduce financial losses and improve economic resilience;
• EIOPA will strengthen its efforts to oversee cross-border business and foster home-host supervisory cooperation, aimed at high quality supervision that will enhance consumer protection; and
• supporting the further gradual implementation of the activities of the pan-European systemic cyber incident co-ordination framework for relevant authorities in the event of a major cross-border cyber incident that could have a systemic impact on the EU’s financial sector.

2. ESAs and UK financial regulators sign MoU on oversight of critical ICT third party service providers under DORA

On 14 of January 2026, the European Supervisory Authorities (“ESAs”) signed a memorandum of understanding (“MoU”) with the Bank of England (“BoE”), the Prudential Regulation Authority (“PRA”), and the Financial Conduct Authority (“FCA”).

The MoU sets out the principles and key areas for cooperation and exchange of information between the ESAs and the UK financial authorities, referred to above, regarding the oversight of critical third-party service providers (“CTTPs”) under DORA and critical third parties (“CTPs”) under the UK CTP Regime.

The MoU is also targeted at fostering cooperation and the exchange of information, including in emergency situations, between the ESAs and the UK financial authorities regarding ICT third-party risk across different financial sectors, with a particular focus on developing best practices for the review of ICT risk management practices and controls, mitigation measures and incident responses.

Next Steps

The MoU shall remain operative for an unlimited period of time, unless terminated.