
Welcome to the FIG Top 5 at 5
The Top 5 at 5 is a weekly update in which members of the Financial Institutions Group (FIG) identify five of the key legal and regulatory developments relevant to the financial services industry from the preceding week.
Priority is given, in the first instance, to Irish based developments but the update will also include important developments in European law and regulation.
The topics chosen are dictated by the developments during the relevant period but priority is given to cross sectoral developments. The FIG Top 5 at 5 is not intended to represent all developments of note for the relevant period but rather a snap shot of some of the issues which we feel are of particular importance.
Should you have any queries in respect of the contents of the update, please do not hesitate to contact your usual Matheson LLP contact or any member of our team detailed below.
The Top 5 at 5
On 3 July 2026, the European Union (Distance Contracts for Financial Services) Regulations 2026 (“Regulations”) were signed into law by the Tánaiste and Minister for Finance, Simon Harris TD.
The Regulations give effect to directive EU 2023/2673 (“Distance Marketing Directive”), amending the Consumer Rights Act 2022 (CRA 2022”), and related legislation, and introducing new rules for distance contracts for financial services. The Regulations aim to strengthen protections for consumers purchasing financial products or services online or over the phone.
Specifically, the Regulations insert a new Part 5A and Schedule 3A into the CRA 2022. Some of the new requirements, as per the Regulations, are as follows:
- specified pre-contract information on a durable medium must be provided;
- reminders must be given, in certain cases;
- adequate explanations and human intervention where online interfaces are used must be provided;
- deceptive or manipulative online design is to be avoided; and
- an online cancellation function for contracts concluded through an online interface must be provided.
The Regulations also:
- introduce a right for consumers to cancel relevant distance contracts within prescribed periods, including longer periods for personal pensions;
- regulate payments due on cancellation and ancillary contracts; and
- create offences and enforcement provisions for non-compliance.
Amendments to other legislation
A number of consequential amendments have also been made to various other pieces of legislation, such as:
- the European Union (Consumer Mortgage Credit Agreements) Regulations 2016;
- the European Union (Payment Services) Regulations 2018; and
- the European Union (Insurance Distribution) Regulations 2018.
Revocation
The Regulations revoke the European Communities (Distance Marketing of Consumer Financial Services) Regulations 2004.
Consumer protection
Welcoming the introduction of the Regulations, the Tánaiste stated:
“More and more people are choosing to buy financial products and services online…These new rules put consumers first and make sure their rights keep pace with how people now access financial services…Whether it’s the right to speak to a real person instead of relying solely on an automated system, clearer information before making a decision, or an easier way to cancel an eligible contract, these are practical changes that will make a real difference for consumers.”
Next Steps
The Regulations came into force on 30 June 2026.
1. AMLA launches consultation on common format for reporting suspicions
On 2 July 2026, the Anti-Money Laundering Authority (“AMLA”) launched a consultation (“Consultation”) on draft implementing technical standards (“ITS”) specifying the format to be used for the reporting of suspicions and for the provision of transaction records under article 69(3) of regulation (EU) 2024/1624 (“AML Regulation”).
Under article 69(1) of the AML Regulation, obliged entities must report any suspicion that funds or activities may be the proceeds of criminal activity or are related to terrorist financing or criminal activity, and to provide a financial intelligence unit (“FIU”), at its request, with all necessary information including information on transaction records.
Diverse reporting practices
The Consultation notes that there are varied reporting practices across the EU at present, as regards structure and content. This presents challenges for FIUs when it comes to information exchange between FIUs or with EU stakeholders. It also presents difficulties for obliged entities when operating cross-border.
In order to address those difficulties, the draft ITS set out uniform, comprehensive formats for reporting suspicions and providing transaction records.
To accommodate the various reporting and analysis platforms in use in the EU, the draft ITS do not specify the technical language to be used nor the file format. The use of a machine-readable format is encouraged.
Additionally, the draft ITS:
- introduce common templates for the provision of transaction records, adapted to the type of activity reported – banking activities, money remittance services, crypto-asset service providers, and correspondent services;
- allow flexibility for FIUs as regards the implementation of technical specifications into their national reporting systems, while trying to ensure alignment with the values provided in the accompanying interpretative note, where possible; and
- introduce a review mechanism of the data points to ensure responsiveness and clear process for the possible changes while providing predictability and consistency in the changes for all relevant stakeholders.
Phased approach
AMLA will implement the ITS by way of a two-phased approach:
- FIUs will assess the common set of data points and compare it against what they now use. AMLA will then coordinate a collective process to refine and, where needed, adapt the format, so it can be applied as consistently as possible across all FIUs; and
- the format will then be built into sectoral and FIUs’ reporting systems. The timeline, in this regard, will depend on responses to the Consultation and further technical work.
Annexes
AMLA have also published annexes, which it explains, will eventually set out the full list of data points that may be potentially submitted to the FIU in all possible cases. Not all of the data points will be needed in order to submit a report of a suspicion. Instead, a subset of data points tailored to the type of activity and the nature of the suspicion reported, will be provided.
Next Steps
The Consultation is open for feedback until 20 September 2026. AMLA will hold a public hearing on the draft ITS on 9 September 2026 – interested parties can register here.
2. AMLA consults on clear rules for cross-border FIU information exchanges
On 6 July 2026, the Anti-Money Laundering Authority (“AMLA”) launched a consultation (“Consultation”) on draft regulatory technical standards (“RTS”) on when a suspicious activity report concerns another EU country and should be shared with that country’s financial intelligence unit (“FIU”).
The Consultation aims to improve FIU cooperation across borders, with the draft RTS providing a common, clear basis for the cross-border sharing of information for every FIU.
The draft RTS set out guidance on when a report concerns another EU member state and details the criteria as to how it should be shared.
The Consultation highlights that a report can be passed on in full, as a cross-border report, or as a focused set of key data, known as a cross-border dissemination. Due to the fact that the criteria are objective and built on structured data, they can be applied automatically within the secure network that is already used by FIUs – FIU.net. AMLA has noted that this results in faster, more dependable cooperation that is less reliant on case-by-case judgement and also helps the avoidance of both under and over sharing.
Next Steps
The Consultation is open for feedback until 1 October 2026. The draft RTS state that they shall apply from 10 July 2027.
1. EIOPA launches consultation on review of insurance disclosures under taxonomy disclosures delegated act
On 1 July 2026, the European Insurance and Occupational Pensions Authority (“EIOPA”) published a consultation (“Consultation”) on proposed changes to insurance corporate disclosures under the EU taxonomy framework for environmentally sustainable activities.
The Consultation sets out EIOPA’s preliminary analysis and policy proposals as regards the current underwriting key performance indicator (“KPI”) for (re)insurance undertakings.
This follows a request from the European Commission (“Commission”), in March 2026, for the technical advice of the European Supervisory Authorities (“ESAs”) as regards simplifying and improving the disclosures delegated act (“DDA”) under the taxonomy regulation. The European Securities and Markets Authority (“ESMA”) and the European Banking Authority (“EBA”) are also conducting consultations in parallel on the same subject matter, within their respective areas of competence – see below for more detail.
The Consultation highlights that the initial Commission proposal in the request relates to the development of a methodology to allow insurance undertakings to report the share of their non-life underwriting activities covering taxonomy-aligned (“green”) companies and assets, thereby disclosing the enabling role of underwriting KPI, which is similar to existing disclosure rules for banks and asset managers, or the investment KPI of insurance underwritings, which all measure their indirect impact on the real economy based on their role in supporting other companies.
The proposals are aimed at reporting simplification, improved transparency and better alignment of insurers’ taxonomy related reporting requirements with other sustainable finance frameworks, together with those applicable to other financial institutions. The proposals in the Consultation are as follows:
Underwriting KPI
The Consultation proposes “quick fix” changes by narrowing the denominator in the taxonomy and eligibility ratios to taxonomy-eligible lines of business and renaming it to adaptation underwriting KPI. This is targeted at improving the transparency and accuracy of the disclosure. As regards the eligibility disclosure, the Consultation proposes to standardise how to calculate eligible activities in the numerator by requiring a split of premiums to cover only NatCat perils and only to include the contracts that include such coverage.
Additionally, the Consultation examines the benefits, or otherwise, of introducing a new green insured activities KPI to measure the ratio of taxonomy-aligned insured activities – this would cover all policies sold to companies that report under the taxonomy regulation, as well as retail insurance policies for housing and transport.
Combined KPI
The Consultation proposes to remove the weighted average of the underwriting and investment KPI and replace it with the KPI which represents the highest revenue for when one figure is needed, such as, with investments in insurance undertakings disclosed under the DDA or the sustainable finance disclosure regulation (“SFDR”).
Other simplifications
The Consultation also contains proposals to remove the requirement to identify gas and nuclear activities in both investment and underwriting templates and also to give more prominence to taxonomy disclosures in insurance undertakings’ annual reports.
Cross sectoral matters
In this regard, some of the proposals in the Consultation are as follows:
- streamlining group reporting to focus on the parent company’s ‘main business’ rather than reporting weighted averages for all business segments; and
- not allowing financial institutions to voluntarily use the operational expenditure KPI for calculating their exposures to non-financial undertakings, with the ESAs being of the view that this would result in increased complexity and reporting costs, while providing limited additional insight for investors, except in cases of very targeted financing.
Next Steps
The Consultation is open for feedback until 12 August 2026. EIOPA will a hold public hearing on the Consultation on 16 July 2026 – interested parties can register here. The final technical advice is due to the Commission in October 2026 – the results of the Consultation will inform this final advice.
ESMA Consultation
On 1 July 2026, the European Securities and Markets Authority (“ESMA”) also published a consultation (“ESMA Consultation”) on technical advice on selected KPIs under the taxonomy disclosures delegated act.
The ESMA Consultation sets out proposals for simplification of the taxonomy framework for non-financial undertakings and asset managers, some of which relate to:
- revising the operational expenditure KPI to address stakeholder concerns about complexity and reporting burden;
- the voluntary use of operational expenditure by financial undertakings; and
- group taxonomy reporting.
The ESMA Consultation also proposes a number of other potential simplification measures, such as, the phased-in application of new requirements.
Next Steps
The ESMA Consultation is open for feedback until 12 August 2026. A public hearing will be held on 22 July 2026 – interested parties can register here.
EBA discussion paper
On 1 the European Banking Authority (“EBA”) published a discussion paper (“Paper”) on certain KPIs and other aspects of the disclosures delegated act, under article 8 of the taxonomy regulation. The Paper seeks views on potential measures to simplify and enhance the usability of information disclosed by credit institutions and investment firms.
The Paper sets out the EBA’s preliminary assessment and proposals regarding:
- simplifying the fees and commission’s KPI, trading book KPI and off-balance sheet exposures KPI for credit institutions;
- simplifying the ‘other services’ KPI for investment firms;
- aligning grandfathering provisions for financial instruments under taxonomy disclosures with those set out in the EU green bond regulation;
- clarifying and improving group-level disclosures, including disclosures by parent undertakings and other undertakings within the group; and
- the treatment of operational expenditure KPI disclosed by non-financial undertakings in the calculation of financial undertakings’ KPI.
Next Steps
The Paper is open for feedback until 12 August 2026. The EBA will hold a public hearing on 16 July 2026 – interested parties can register here.
2. EIOPA publishes revised methodology on value for money benchmarks
On 6 July 2026, the European Insurance and Occupational Pensions Authority (“EIOPA”) published a revised methodology (“Revised Methodology”) on value for money (“VfM”) benchmarks for unit-linked and hybrid insurance products.
The Revised Methodology contains three steps to create reference benchmarks, as follows:
- step 1 – features for product clusters;
- step 2 – VfM indicators around which benchmarks will be calculated; and
- step 3 – data collection and calibration of the benchmarks.
The VfM methodology was last reviewed and published by EIOPA in October 2024 – for more information, see FIG Top 5 at 5 dated 10 October 2024.
The Revised Methodology highlights that, following initial work regarding benchmarking, EIOPA and national competent authorities (“NCAs”) have been considering the outcomes of the VfM methodology and introduced targeted refinements in 2026, further highlighting that, although significant progress has been achieved, the benchmarks methodology is still evolving and the 2026 refinements should be seen as a step towards further improving the methodology.
The Revised Methodology emphasises that level 1 and level 2 texts of the insurance distribution directive (“IDD”) do not explicitly refer to VfM benchmarks. However, article 25 of the IDD requires insurance product manufacturers to have product oversight and governance (“POG”) arrangements and a product approval process.
The Revised Methodology also refers to EIOPA’s 2021 supervisory statement (“Supervisory Statement”) on assessment of value for money of unit-linked insurance products under POG and to EIOPA’s approach to POG supervision, highlighting that in those documents VfM assessment is a clear element of product testing including the identification and quantification of costs to ensure they are justified, proportionate and aligned to the target market’s needs, objectives, and characteristics considering comparable offerings in the market.
As was the case with the 2024 methodology, EIOPA does not plan to share the benchmarks with insurance product manufacturers and / or publish them before discussion with NCAs – only when the methodology is sufficiently tested and stable. Instead, EIOPA will circulate the benchmarks to NCAs for supervisory purposes, for example, the identification of products with higher VfM risks.
Next Steps
EIOPA will carry out regular reviews of the general benchmarks methodology to adjust and improve the approach over time. It will then be reviewed at least on a two – year basis until a stable methodology has been developed.
3. Matheson launches Insurtech podcasts
Matheson’s Financial Institutions Group has recently launched a series of three podcasts focused on Insurtech.
Hosted, by James Grogan, the first episode of Matheson Talks Insurtech features Luke Mackey, CEO and Co-Founder of Kota, where they discuss scaling a start-up from the ground up, building a high-performance culture that lasts, navigating regulators and insurers and what AI really means for the insurance industry – available here.
The second episode, released today, sees James sit down with Gary Leyden, CEO of Instech.ie, to discuss Ireland’s Insurtech ecosystem and what it will take to turn Ireland into a world-leading hub for insurance innovation. The conversation explores insights on AI, regulation, investment, and why Ireland is uniquely placed to become a leader in Insurtech.
In episode three, which will be available on 16 July 2026, James chats with Tim Graham, Founder of Malcolm, about the future of insurance. Tim explores the growing role of AI agents in the insurance industry, the regulatory and consumer protection challenges that come with this shift, and how insurers can prepare for a future where AI-powered assistants become a primary channel for customer engagement.
1. ESMA publishes final report on call for evidence on streamlining financial transaction reporting under MiFIR
On 2 July 2026, the European Securities and Markets Authority (“ESMA”) published a final report (“Report”) on its June 2025 call for evidence (“CfE”) on a comprehensive approach for the simplification of transaction reporting under the markets in financial instruments regulation (“MiFIR”), the European market infrastructure regulation (“EMIR”) and the securities financing transactions regulation (“SFTR”).
For more information on the CfE, see FIG Top 5 at 5 dated 26 June 2025.
The Report aims to provide EU policymakers with a focused set of recommendations to support the simplification and integration of transaction reporting and are designed in such a way so as to distinguish between measures that can deliver short‑term relief and more structural options requiring longer‑term consideration.
The Report focuses on the key structural changes needed in the respective level 1 frameworks for reporting to allow for simplification to be implemented in more detailed level 2 and 3 measures at an ESMA level.
ESMA was guided by a set of core principles when developing the proposals in the Report, namely, preserving information value / reducing overlaps and duplication / pursuing global alignment / balancing costs and benefits.
The Report recommends a staged approach, combining short‑term intermediate measures with a longer‑term target scenario based on the “report once” principle which will include the creation of a single transaction reporting framework.
Longer term structural reform
ESMA recommends developing a single integrated transaction reporting framework across MiFIR, EMIR and SFTR, based on a “report once” principle. This includes targeted amendments to EU legislation to rationalise reporting channels across the regimes and remove duplicative reporting obligations. The changes should also set out a clear allocation of responsibilities between national and EU-level supervisors, and phased implementation of integrated reporting should be enabled.
Short-medium term level recommendations
The Report sets out eight recommendations in the Report – they are summarised in tables 3 to 11. They are targeted at providing early relief and supporting the transition to the longer term structural reform. Some of the recommendations are as follows:
- the revision of dual‑sided reporting, under EMIR and SFTR, through delegated reporting;
- streamlining the intragroup reporting exemption framework under article 9 EMIR;
- reduction of the back reporting horizon for the reporting of historical corrections;
- targeted exemptions from MiFIR regulatory technical standard (“RTS”) 22 2(5) transaction reporting requirements for transactions that do not provide material value for market abuse surveillance; and
- deprioritising a limited list of RTS 22 and 23 of MiFIR optional fields.
Next Steps
The Report highlights that next steps are dependent on ESMA level 1 recommendations being translated into concrete legislative steps in the context of ongoing negotiations on relevant MiFIR, EMIR and SFTR provisions.
If the level 1 negotiations are concluded in early course, with all necessary level 1 changes made by mid-2028, then ESMA expects that the new integrated reporting model would be up and running within five years from now.
If the level 1 framework is in place by mid-2028, ESMA expects the new integrated reporting model to be in force by the second half of 2031, allowing for a 12–18 month implementation period for firms.
The implementation timeline for independent intermediate measures will depend on their legal nature
2. ESMA publishes supervisory briefing on triangular passporting under MiFID II
On 7 July 2026, the European Securities and Markets Authority (“ESMA”) published a supervisory briefing (“Briefing”) on triangular passporting under the directive on markets in financial instruments (“MiFID II”).
Triangular passporting is where authorised investment firms use a branch or tied agent established through the freedom of establishment in a host member state (“Second Member State”) to provide investment services in accordance with the freedom to provide investment services and activities in another host member state (“Third Member State”).
The Briefing aims to promote common supervisory approaches and practices across national competent authorities (“NCAs”) as regards triangular passporting, with the Briefing highlighting that the practice can present challenges in the context of NCA’s supervisory work, firms’ compliance with the relevant MiFID II requirements and investor protection.
ESMA highlights that the Briefing does not create any new legal obligations, rather it provides practical guidance for firms and NCAs.
The Briefing addresses the following supervisory expectations:
- firms’ responsibilities – in a passporting notification to the NCA of the home member state, the firm relying on triangular passporting must specify that they intend to use a branch or tied agent established in a Second Member State to provide services and activities in a Third Member State. In addition, firms are expected to specify any authorised services and activities they intend to provide cross-border into the Third Member State any change in their service provision through passporting;
- supervisory competences – firms should not use triangular passporting to circumvent supervisory competences, for example, forum shopping. ESMA expects firms intending to rely on triangular passporting to conduct, and regularly review, if necessary, an internal assessment of risks arising from this specific cross-border model, highlighting that risks increase when a firm’s internal processes must be governed under more than two jurisdictions, as in a triangular scheme;
- general information to clients – ESMA expects firms to clearly inform their clients in the Third Member State that the service is provided by the firm through a branch or tied agent established in the Second Member State. The Briefing highlights that the decision to provide investment services leveraging on an existing branch or tied agent in Second Member State should not hamper or harm investors’ rights, nor cause confusion or uncertainty regarding the allocation of responsibilities within the firm. Any information addressed by the firm to a client should be fair, clear, and not misleading; and
- client access to alternative dispute resolution mechanisms and compensation schemes – firms are expected to inform their clients in a clear and non-misleading manner about their access to complaints and redress procedures, where, because of triangular passporting, such clients are provided with investment services in a Third Member State outside the territory of the member state where the licensed entity, branch or tied agent is located. In addition, clients should be informed about any applicable investor compensation scheme. In terms of complaints, the Briefing highlights clients should be able to submit complaints in any language used by the firm in its marketing communications or contractual documents provided to them. Firms must accept complaints submitted to either the head office or the branch or tied agent.
1. ESRB publishes warning on systemic risks from frontier AI systems and is supported by ESAs
On 7 July 2026, the European Systemic Risk Board (“ESRB”) published a warning (“Warning”) on systemic risks stemming from frontier AI models (“FAIMs”).
The ESRB highlights that the Warning comes on foot of the ESRB general board’s (“General Board”) assessment of systemic cyber risk as severe in June – in March 2026 it had been classified as elevated.
The Warning explains that FAIMs are advanced AI models capable of materially affecting offensive or defensive cyber operations, potentially threatening the systems underpinning the ICT environments on which financial infrastructure relies.
Noting that, ultimately, FAIMs will strengthen cyber resilience, nonetheless, in the short to medium term, they provide threat actors with opportunities to discover vulnerabilities and execute cyberattacks with increased speed, scale and sophistication. Additionally, the fact that the leading AI providers are outside the EU means that the EU is exposed from a strategic dependency perspective and also to geopolitical risks.
The Warning addresses the systems risks from FAIMs under three headings:
the new risk landscape for the EU’s financial system;
systemic assessment; and
the potential implications.
To reinforce the warning, the General Board calls on the EU to scale up its capacity, expertise and strategic autonomy in this area, highlighting that this will require coordinated action from all parties, including AI providers, software providers, security firms, open-source maintainers, financial institutions and authorities at both national and EU level. In that regard, the ESRB welcomes the publication of a letter (“Letter”) from European Central Bank (“ECB”) banking supervision to CEOs of significant euro area banks – the Letter sets out supervisory expectations for addressing the evolving AI-related cyber threat landscape.
The Warning highlights that the ESRB will monitor the use and development of FAIMs and their impact on the financial sector from a systemic risk perspective. In addition, the ESRB will reassess developments in each quarterly risk assessment at the General Board level and consider other actions when needed.
ESAs support
On 7 July 2026, the European Insurance and Occupational Pensions Authority (“EIOPA”), the European Banking Authority (“EBA”) and the European Securities and Markets Authority (“ESMA”) published a press release (“Press Release”) welcoming and supporting the ESRB’s Warning.
The Press Release highlights the recent publication of the European Supervisory Authorities’ (“ESAs”) publication of its first annual report on major ICT-related incidents under DORA – for more information, see FIG Top 5 at 5 dated 11 June 2026.
The ESAs urge financial entities to make appropriate arrangements to adapt their cybersecurity capabilities and invites competent authorities to reflect these developments in their supervisory activities. The Press Release also highlights the work of the ESAs to ensure that financial entities across the EU proactively identify and mitigate risks in line with the requirements under DORA.
2. EBA publishes final report on draft guidelines on authorisation of third-country branches under CRD6
On 7 July 2026, the European Banking Authority (“EBA”) published its final report (“Report”) on draft guidelines (“Guidelines”) on the authorisation of third-country branches (“TCB”) under article 48c (8) of directive 2013/36/EU (“CRD”).
The EBA consulted on the Guidelines in November 2025 – for more information, see FIG Top 5 at 5 dated 6 November 2025.
The Guidelines are addressed to competent authorities and to the third-country head undertakings submitting an application.
The Guidelines detail:
- the list of information to be included in the application for authorisation submitted by the applicant head undertaking;
- the procedure for authorisation, together with the standard forms and templates for the provision of the information referred to above;
- the assessment of the conditions for granting authorisation; and
- the condition under which competent authorities may rely on information that has already been provided in the process of any prior authorisation TCB authorisation.
In terms of their scope, the Guidelines cover applications for authorisation of TCBs that will be subject to the requirements set out in Title VI of CRD. The Guidelines do not apply to applications for authorisation of TCBs that, based on national law, are subject to the same requirements applicable to credit institutions, except for those requirements that do not apply to credit institutions, for example, booking requirements for originated business.
To ensure the guidelines are applied proportionality, TCBs are categorised into two classes:
- class 1 for TCBs classified as having a higher risk profile if certain conditions apply; and
- class 2 if none of the conditions apply.
The guidelines include a standard letter for requesting information to a third-country authority, and a standard submission letter and template for submitting the application.
Feedback
Section 4.3 of the Report contains a summary of the feedback received during the consultation, noting that the Guidelines were generally welcomed, in particular, as regards the promotion of greater harmonisation and predictability in the assessment of TCBs across member states.
Next Steps
The Guidelines will be translated into the official EU languages and published on the EBA’s website. The Guidelines will apply from 11 January 2027.

Thought Leadership
Matheson Talks Financial Regulation Podcast
The Matheson Financial Institutions Group are delighted to share with you some useful podcasts.




















