Welcome to the FIG Top 5 at 5

On 17 November 2025, the Central Bank of Ireland (“Central Bank”) published its second Financial Stability Review (“Review”) of 2025. The Review provides an evaluation of the main risks facing the financial system and assesses its resilience to those risks, with the goal of ensuring the financial system can provide services to Irish households and businesses in both good and bad times. The Review is the second edition of the year.

The Review reflects the deliberations of the Central Bank’s Financial Stability Committee and considers adverse outcomes that may materialise, and their potential implications for domestic financial stability, rather than on presenting economic forecasts.

A high level overview of both the global and domestic risk assessments detailed in the Review is provided below.

Additionally, this update considers the Review’s assessment of the resilience of the banking and insurance sectors and the non-bank financial sector, to adverse shocks and their ability to absorb, as opposed to amplify, such shocks.

This update also addresses some of the Central Bank’s policy actions as regards safeguarding financial stability and ensuring that the resilience of the financial system is proportionate to the risks facing it.

The Governor’s Speech

The Governor of the Central Bank, Gabriel Makhlouf, delivered a speech (“Speech”) upon the release of the Review, particularly focusing on three areas as follows:

• the continued disconnect between elevated levels of economic uncertainty and stretched market valuations;
• recent high-profile bankruptcies in the US, which the Governor notes have  “raised questions about lending standards by non-banks in private credit markets, amid a scarcity of information around lending practices in these markets.” The Governor also highlighted, in a broader context, and in light of elevated leverage or liquidity mismatches, that certain segments of the non-bank financial intermediation (“NBFI”) sector have the potential to amplify adverse market shocks, “given they provide funding for banks, hold sovereign debt and are significant investors in global equity markets” ; and
• the fact that fiscal deficits are rising in many advanced economies which is leading to higher debt burdens which, in turn, reduces the ability of fiscal policy to respond effectively and support the economy in a downturn.

The Governor also commented on the global increased focus on the efficiency of financial regulation, emphasising the importance od burden reduction and an erosion of standards not becoming conflated.

Global Risks

The Review highlights that global trade policy uncertainty has fallen since the June 2025 review, which lends itself to a more positive global growth outlook – for more information on the June 2025 review, see FIG Top 5 at 5 dated 12 June 2025. However, the Review cautions that trade policy and geopolitical uncertainty remain elevated.

Some further matters highlighted in the Review are as follows:

• very high valuations in AI related stocks and historically high market concentration increase vulnerabilities that would result from a significant US stock market correction despite recent market resilience to shocks;
• concerns about lending standards in private credit have intensified following several high-profile bankruptcies – a matter addressed by Gabriel Makhlouf in his Speech;
• total market value as regards digital assets is growing at a rapid pace together with their interconnectedness with traditional financial markets, with the result that their implications for financial stability are also increasing;
• persistent budget deficits and rising government expenditure are leading to higher public debt burdens – this issue was highlighted by Gabriel Makhlouf in his Speech;
• a sudden repricing of sovereign debt could lead to stress in other parts of the financial system;
• the NBFI sector has the potential to amplify shocks in the event of a market correction; and
• cyber related incidents are emphasised as a cross-cutting risk which has the potential to disrupt the financial system as do climate related risks.

Domestic Risks

The Review notes that compared to the last review in June 2025, near term domestic risks have lessened, reflecting an easing in trade uncertainty after the US-EU trade agreement.

Some of the matters highlighted in the Review include the following:

• despite the recent turbulent international environment and the still elevated policy uncertainty, the Irish economy has remained resilient, but risks to the outlook remain “tilted to the downside”;
• short and long-term risks from economic and trade policy uncertainty to the Irish economy remain;
• sector-specific and, in some cases, firm-specific risks, have the potential to spill over into the broader economy;
• a disorderly correction in global equity markets could spill over to the domestic economy through several channels, depending on direct and indirect exposures;
• the banking system remains the main provider of financial services in Ireland and the provision of banking services remains concentrated in a small number of providers, and in that regard the Review highlights potential substitutability concerns;
• the NBFI sector is an important provider of financial services to the domestic economy, with the Review highlighting that the greater reliance on market dynamics in the NBFI sector could mean that NBFI lending could amplify the credit cycle which could then undermine medium-term economic growth;
• the adoption of new processes and technologies, while increasing efficiencies and innovation, could lead to “execution risk” as financial providers implement new technologies that are not yet fully understood; and
• without concerted action over the remainder of this decade, the Irish economy will face some element of climate risk with implications for the financial system.

Resilience

Some of the matters highlighted in the Review as regards the resilience of domestic banks are as follows:

• domestic bank profitability has moderated since the interest rate cycle peak but remains above its pre-2022 level;
• the improved profitability level and stable outlook have coincided with higher returns on equity and price-to-book ratios for domestic banks;
• asset quality has continued to improve, despite the lagged effects of past higher interest rates and cost-of-living pressures;
• domestic banks’ loan exposures are subject to geopolitical risk through direct and indirect channels;
• capital levels remain above regulatory minimums and domestic banks performed comparatively well under the 2025 EBA stress test; and
• sensitivity analysis suggests that a further increase in tariffs, relative to the EBA adverse stress test scenario, would result in a relatively small increase in direct non-financial corporation loan losses for domestic banks.

As regards the Central Bank’s assessment of the resilience of the insurance sector, some of the matters highlighted are as follows:

• the solvency of Irish (re)insurers remains well in excess of regulatory requirements, despite the persistently volatile external environment;
• due to the Irish (re)insurance industry’s international footprint, firms are exposed to the increasingly turbulent geopolitical environment although Irish (re)insurers have proved resilient to the direct and indirect effects of geopolitical turbulence in recent years. However, the Review highlights that the volatile geopolitical context will arguably remain the most important source of uncertainty for (re)insurers, meaning that a spectrum of risks will need to be carefully managed;
• of particular relevance for the Irish (re)insurance sector’s international aspect, are its relatively high exposures to the US and to currency risk;
• domestic insurers represent a significant portion of the Irish (re)insurance sector, with the Review noting that their business models have proved resilient;
• Irish (re)insurers are significant investors in financial markets, with the typical firm maintaining a relatively low risk portfolio; and
• Irish (re)insurers must continue to adapt to important changes in the general risk environment, particularly climate change and cyber risk.

As regards, the non-bank financial sector, which includes investment funds and non-bank lenders, the Review highlights a number of matters as regards the Irish property funds and the commercial real estate market. However, for the purposes of this update, it is worth noting that the Review emphasises that non-bank lenders are providing a significant and growing amount of credit to SMEs in Ireland. The Review also notes that, despite some concerns around credit quality and lending standards in private credit markets, indicators of borrowers’ inability to repay loans have stayed at low levels across 2024.

Macroprudential policy

This part of the Review explains the Central Bank’s policy actions to safeguard financial stability and ensure that the resilience of the financial system is proportionate to the risks it faces. Some of the matters highlighted are as follows:

• the countercyclical capital buffer (“CCyB”) rate on Irish exposures will remain at 1.5%, with the Report explaining that this rate is considered appropriate for when cyclical risk conditions are neither elevated nor subdued;
• regarding the other systemically important institutions (“O-SII”) buffer, the number of identified O-SIIs is unchanged with a small reduction in the O-SII buffer rate for one institution;
• maintaining resilience is important in the context of the current, uncertain, macro-financial environment and the risks facing the financial system, with the Report explaining that the CCyB could be increased above 1.5% were the Central Bank to deem that cyclical risks reflect emerging imbalances or were elevated; and
• the Central Bank’s mortgage measures continue to prevent the emergence of an unsustainable relationship between credit and house prices and support the resilience of borrowers, lenders and the broader economy, with Governor Makhlouf noting that the “benefits of the measures have been evident in recent years, and in an environment of heightened economic volatility they have contributed to lower flows into mortgage arrears and supported prudent lending standards”.

On 17 November 2025, the Central Bank of Ireland (“Central Bank”) published the results of its recently completed thematic review (“Review”) of limited vs fair analysis of the market in the retail intermediaries (“RI”) sector.

The Review explains that the main aim was to assess whether firms are effectively disclosing the nature of the services provided to consumers on the basis of a ‘limited analysis of the market’ or a ‘fair analysis of the market’ in accordance with the meanings given to those terms in chapter 12 of the Consumer Protection Code 2012 (CPC”). The Review was carried out over three phases – a market intelligence survey, followed by a desk based review and finally a targeted review.

The Review notes that it is important that consumers are properly informed by RIs as to whether they are providing access to a small or larger number of product providers, explaining that poor disclosure as to the nature of the advice or any limitations, can interfere with a consumer’s ability to make an informed decision.

The Review also comes in the context of the Central Bank’s 2024 Regulatory and Supervisory Outlook Report where commissions and ineffective disclosures were identified as one of the key risks in the RI sector. For more information, see FIG Top 5 at 5 dated 7 March 2024.

Findings

The Review highlights two main findings, as follows:

• the results of the Review were generally positive with the majority of firms in scope demonstrating good compliance standards as regards effectively informing consumers of the nature of the service provided – that is, whether there was a limited or a fair analysis of the market. There was also good compliance when it came to the disclosure of commission arrangements with product providers; and
• the Review did find that a number of firms were incorrectly referring to their service as being independent with firms not appearing to be fully aware of the requirements of the CPC regarding the use of the word ‘independent’. This was evidenced by the fact that a number of firms were using the word ‘independent, or similar terms, when in fact they were receiving commission payments from product providers.

Good practice and areas for improvement

The Review highlights a number of good practices, some of which are as follows:

• the documentation by firms of their rationale for providing either a limited or fair analysis of the market;
• firms documenting their approach to the interpretation of ‘sufficiently large’ when offering a fair analysis service;
• terms of business (“TOB”) documents for the assessed firms were clear, easy to understand, sufficiently detailed and referred to the firm’s own specific arrangements rather than high-level detail;
• the communication of the nature of a service as ‘limited’ or ‘fair’ analysis of the market within the statement of suitability; and
• the documentation of instances where a firm was unable to offer a suitable product to a consumer.

Areas that the Review identified as needing improvement included:

• out of date TOB and / or commission statements;
• situations where there was no formal documented periodic review of key documentation occurring;
• generic, high-level and non-firm specific information in TOB and commission statements;
• a lack of regulatory update reviews with the result that firms were failing to make the necessary updates to documents and processes; and
• the use of templates provided by third parties without making them firm specific.

Action required

The Review states that all RIs should review their arrangements, practices. websites, TOB and all other marketing disclosures, against the findings and feedback in the Review, further stating that firms must also have regard to the areas for improvement and the good practices set out.

Firms that were not included in the desk based phase or the targeted review phase, but refer to themselves as ‘independent’, are expected to asses whether the use of ‘independent’, or similar terms, is in compliance with the CPC.

The Review stipulates that where firms are describing themselves as ‘independent’, but are receiving commission payments, those terms must be removed from relevant disclosures and marketing materials with immediate effect. Additionally, where a firm describes a regulated activity as ‘independent’ but receives commission payments for that activity, it must remove those terms from relevant disclosures and marketing materials.

Revised CPC

The Review reminds RIs that the revised CPC will take effect on 24 March 2026 and until then the existing 2012 CPC continues to apply to regulated firms with consumer protections that are currently in place remaining effective.

1. ESAs publish list of designated CTPPs under DORA

On 18 November 2025, the European Supervisory Authorities (“ESAs”) published the list of designated critical ICT third party providers (“CTPPs”) under article 31(9) of the Digital Operational Resilience Act (“DORA”).

DORA established an EU-wide oversight framework for CTPPs to ensure that the financial sector remains secure and resilient in the event of ICT disruptions, with the ESAs having responsibility for designating CTPPs and acting as their lead overseers, coordinating oversight actions across the EU.

The oversight framework is aimed at addressing potential systemic and concentration risks arising from the financial sector’s reliance on a limited number of ICT providers and is further aimed at complimenting, rather than replacing, financial entities’ own responsibilities as regards the management of ICT-related risks and the supervision already exercised over them by competent authorities (“CAs”).

In a press release, (“Press Release”) the ESAs outline that the designation process for the CTPPs followed the methodology mandated by DORA, as follows:

• firstly, the ESAs gathered the data from the registers of information (“RoIs”) maintained by financial entities;
• the ESAs then carried out a criticality assessment in conjunction with CAs from the banking, insurance, pensions, and securities and market sectors. The assessment required an evaluation as to a provider’s systemic importance / its role in supporting critical or important functions for financial entities / the level of substitutability of its services; and
• lastly, those providers that were assessed as being critical were formally notified. The process also included a right for those designated as critical to be heard by way of a reasoned statement. After this process, final designation decisions were adopted following careful review of all relevant information.

Welcoming the publication of the list of designated CTPPs, the ESAs stated that the “designation marks a crucial step in the implementation of the DORA oversight framework.”

Next Steps

The ESAs have stated, in the Press Release, that they will maintain engagement with CTPPs in the course of upcoming examination activities.

 

1. EBA updates DORA Q&As – November 2025

On 14 November 2025, the European Banking Authority (“EBA”) updated the Q&As regarding the Digital Operational Resilience Act (“DORA”).

The updated Q&As, relating to various subject matters, are as follows:

• Question DORA038 regarding the meaning of “recovering backed-up data using own systems”;
• Question 2024_7290 regarding the definition and scope of ICT services;
• Question DORA138 relating to the applicability of DORA and the Transfer of Funds Regulation requirements to virtual asset service providers not classified as crypto-asset service providers under the Markets in Crypto-Assets Regulation;
• Question DORA186 regarding direct agreements between alternative investment funds (“AIF”) and ICT service providers;
• Question DORA238 regarding the application of DORA to non-EU AIFM; and
• Question 2025-7439 regarding staff costs in the context of such costs being reported as part of gross direct and indirect costs and losses on foot of an incident.

On 18 November 2025, the European Banking Authority (“EBA”) published its supervisory priorities (“Priorities”) for 2026 – 2028.

The EBA also published the results (“Results”) of its supervisory review and evaluation process (“SREP”) for 2025.

A brief overview of each publication is set out below.

Supervisory Priorities

The Priorities are set by the supervisory board of the ECB and are based on a full assessment of the main risks and vulnerabilities for supervised entities. They are subject to annual review so that changes to the risk landscape and the outcomes of various supervisory exercises, particularly the SREP, can be accounted for.

The ECB notes that European banks are operating in a challenging environment with heightened geopolitical risks and competition from the provision of financial services by non-banks. Accordingly, the ECB highlights that this requires forward-looking risks assessments and sufficient resilience.

The ECB have set out two priorities as follows:

• strengthening banks’ resilience to geopolitical risks and macro-financial uncertainties – the ECB has highlighted that banks should ensure prudent risk taking and sound credit standards to prevent the accumulation of new non-performing loans.

Additionally, the ECB will be focusing on how banks implement the new, more risk-sensitive standardised approaches which are designed to assist the calculation of the capital requirements under the CRR III / CRD VI banking package.

Finally, due to the increasing frequency of climate-related disasters and slow progress towards the net-zero goals under the Paris Agreement, banks will be required to further strengthen  management of climate and nature-related risks; and

• strengthening banks’ operational resilience and fostering robust ICT capabilities – given that DORA is in force since the start of 2025, the ECB has stated that banks must ensure that they consistently and swiftly implement the relevant requirements, particularly those regarding ICT third-party risk and incident response management.

In addition,  addressing material shortcomings, that are identified foot of past supervisory reviews of cybersecurity, third-party risk management, risk data aggregation and risk reporting is crucial.

Also, under this priority, the ECB has stated that, as part of a medium-to-longer term strategy and as banking operations become increasingly digital, it will gradually increase its efforts to engage with banks as to their use of new technology, particularly as regards AI.

The ECB explains that each Priority targets a specific set of vulnerabilities in the banking sector and in that regard, dedicated strategic objectives have been set and tailored work programmes have been developed

SREP Results

The 2025 SREP covered 105 banks that are directly supervised by the ECB, providing a review of their capital, liquidity, profitability, governance and risk management.  

Overall, it was found that banks maintained robust capital and liquidity positions and strong profitability in the second quarter of 2025.

Some further matters highlighted by the Results are as follows:

• the weighted average common equity tier 1, the highest quality of a bank’s capital, stood at 16.1% of banks’ risk-weighted assets. The leverage ratio stood at 5.9% while the total capital ratio was 20.2%;
• liquidity buffers remained well above the 100% minimum requirement, with the aggregate liquidity coverage ratio at 158% in the second quarter of 2025;
• banks retained good access to retail and wholesale funding, with an average net stable funding ratio broadly stable at 127%; and
• asset quality across the sector remained robust, with the non-performing loan ratio at 1.9% in the second quarter of 2025.

The Results highlight that the good level of resilience in the euro area banking sector is the result of several factors, such as, effective regulation / sound supervision / improvements in banks’ risk management.

On 17 November 2025, the European Insurance and Occupational Pensions Authority (“EIOPA”) published two final reports containing draft regulatory technical standards (“RTS”), introduced as a result of the Solvency II review, as follows:

Final report on draft RTS on liquidity risk management plans (“LRMPs”)

The Solvency II review introduces the requirement for insurance undertakings and groups to have LRMPs, covering liquidity analysis over the short term, that project incoming and outgoing cash flows in relation to their assets and liabilities.

LRMPs are aimed at ensuring that undertakings maintain adequate liquidity to settle their financial obligations as regards policy holders and other counterparties when they fall due, even under stressed conditions.

The RTS on LRMPs cover the following matters:

• the criteria for defining which undertakings and groups should also include a liquidity analysis over the medium and long term;
• the content and frequency of update of the LRMPs; and
• the content and frequency of update of the plans at group level.

EIOPA consulted on the RTS in October 2024 – for more information, see FIG Top 5 at 5 dated 3 October 2024. Based on feedback received, some changes were made to the RTS on LRMPs to further ensure a risk-based and proportionate approach, such as:

• the baseline threshold for carrying out the liquidity analysis over the medium and long term was increased from €12 billion to €20 billion and the default frequency of update of the LRMP was decreased from quarterly to at least annually; and
• some provisions on the content were removed, for example, the requirements to report on the cash flow projections for specific time horizons and a common liquidity risk indicator.

Final report on draft RTS on macroprudential analyses in the own risk and solvency assessment (“ORSA”) and in the application of the prudent person principle (“PPP”)

The Solvency II review introduced the requirement that supervisory authorities analyse the ORSA of an undertaking, that is requested to take macroprudential considerations into account, in their jurisdictions and ultimately provide feedback to the undertaking on the elements that should be considered in their future ORSA.

Additionally, when required by a supervisory authority, undertakings must take account of macroprudential concerns when they decide on their investment strategy (PPP related considerations).

Accordingly, these draft RTS set out the applicability criteria to be taken into account by supervisory authorities when defining the insurance or reinsurance undertakings and groups which are to be requested to carry out macroprudential analyses in the ORSA and when applying the PPP.

The RTS aim to support the effective and efficient selection of undertakings based on both qualitative and quantitative criteria.

EIOPA consulted on the RTS in October 2024 – for more information, see FIG Top 5 at 5 dated 24 October 2024. Based on feedback received, some changes were made to the RTS, particularly, the quantitative threshold  was increased to further ensure proportionality, without changing the general approach set out in the October 2024 consultation paper.

Next Steps

Both sets of draft RTS have been forwarded to the European Commission (“Commission”) for review. The Commission will decide whether or not to adopt the RTS within three months.