Welcome to the FIG Top 5 at 5

On 24 March 2026, Deputy Governor, Colm Kincaid, at the Central Bank of Ireland (“Central Bank”), delivered a speech (“Speech”) at the Central Bank’s consumer protection workshop (“Workshop”).

The Workshop coincides with the coming into force of the modernised consumer protection code (“CPC”).

The Speech focused on the outlook for consumers and investors, however, the Deputy Governor took the opportunity to address the broader context in which we find ourselves, considering matters such as geopolitical instability, rapid technological transformation and shifting economic conditions. Mr Kinkaid highlighted how, risks that once seemed remote, have become more likely and the question is now one of how we respond to all these changes. Additionally, he noted the benefits that have been brought about by innovation in financial services, particularly digitalisation.

Bearing the current context in mind, the Deputy Director moved on to discuss consumer and investor protection, describing it as “something that sits at the absolute heart of what we do here at the Central Bank of Ireland as a fundamental expression of our statutory mandate and our public service mission.”

He described the revised CPC as being designed for the world we now live in, taking account of both risks and opportunities. Furthermore, the Deputy Director highlighted that if a financial system does not protect consumers, then that system will ultimately fail.

In terms of risks, the Deputy Director referred to the recently published Regulatory and Supervisory Outlook Report (“RSO”) and the OECD’s Consumer Finance Risk Monitor (“OECD Report”), noting that operational risks, the threat of cyber-attacks and frauds and scams are at elevated levels – for more information on both publications, see FIG Top 5 at 5 dated 5 March 2026.

How CPC responds to changing environment

Having considered the ways in which the world is changing, the Deputy Governor explored how the revised CPC is responding, highlighting the following:

• as regards elevated levels of operational risks, the Deputy Director noted that the revised CPC responds to this with requirements regarding regulated entities’ risk management systems, internal controls and governance arrangements to manage their affairs sustainably, responsibly and in a sound and prudent way;
• when it comes to the increase in financial crime, Mr Kinkaid pointed to the revised CPC’s explicit requirements that firms take steps to protect consumers from frauds and scams and if they do occur, that consumers are supported;
• in terms of digitalisation, the revised CPC contains new requirements to make sure that digital technologies, that are used by entities, are designed and implemented with a consumer focus. On this point, the Deputy Governor highlighted that the revised CPC is technology neutral to enable it to adapt to the technology of tomorrow;
• noting that the widespread adoption of AI has changed data collection, Mr Kinkaid emphasised the revised CPC’s requirement that firms do not use data and profiling to identify behaviours / habits / biases to target consumers to their detriment; and
• addressing the time poor consumer in the face of complex choices, the Deputy Governor highlighted the revised CPC’ provisions as to improving the information consumers will receive when making key decisions like switching their mortgage or insurance and being clearer on what is required of firms to inform consumers effectively.

Integrated supervisory approach

Recognising that the risks prevalent in today’s world are not just consumer specific, but in fact system risks, Mr Kinkaid highlighted that this is why the Central Bank has fundamentally integrated its supervisory approach, emphasising that “consumer protection, safety and soundness of firms, financial stability, and integrity of the financial system are increasingly interconnected and must reinforce one another.”

CPC as a living regime

Acknowleding that the pace of change is not likely to decelerate, the Deputy Governor explained that this is why the revised CPC must be seen as the beginning of a new framework that “aims to be alive to protecting us in a landscape that is changing at an ever-increasing pace.”

He recognised the importance of the Central Bank listening to stakeholders and also the need to adapt as situations facing consumers evolve.

Firms’ responsibilities

The Deputy Director set out some responsibilities on firms as regards the revised CPC’s principles and requirements, stating that it is the responsibility of firms to:

• design better products and services with those principles in mind;
• simplify how they explain what they do and communicate with consumers in a manner that informs them effectively; and
• make their systems and processes more consumer-centric.

In fulfilling these responsibilities, Mr Kinkaid stated that such fulfilment means:

• anticipating consumer needs and risks;
• supporting customers in the situations where they may be vulnerable;
• investing in operational resilience;
• taking fraud prevention seriously and supporting consumers who fall victim to it; and
• using technology to serve consumers, rather than exploit them.

Central Bank’s upcoming work

Mr Kinkaid outlined that, in 2026, the Central Bank will carry out 52 specific bodies of work regarding protecting consumers and investors, addressing the key matters that are complained of by consumers / the key risks identified in the OECD Report / the matters raised in the RSO. Some of the planned activities are as follows:

• thematic reviews on how firms are dealing with customer complaints and their approach to root cause analysis;
• an assessment as to how firms are treating customers in vulnerable circumstances, which may include borrowers in or facing arrears;
• a review as to how firms are handling customer errors and applying learnings;
• an examination as to how firms are implementing the revised CPC’s requirements on fraud prevention and supporting fraud victims;
• a review of commission arrangements to ensure they are aligned with securing customer interests; and
• an assessment as to how firms are securing consumer interests in their strategic decision-making.

Collaboration

The Deputy Director highlighted that today’s risks are usually not going to be solved by one single authority, citing, amongst other examples, operational resilience as requiring collaboration between financial services firms, technology companies and regulators. In that regard, Mr Kinkaid highlighted that the Central Bank has embedded collaboration into its approach, pointing to its work with the European Supervisory Authorities / the OECD / the Competition and Consumer Protection Commission / the Financial Services and Pensions Ombudsman / the Department of Finance. Mr Kinkaid also pointed to the Central Bank’s status as a trusted flagger in terms of combatting frauds and scams.

Conclusion

In concluding his remarks, Mr Kinkaid stated that the revised CPC “serves as confirmation that the Central Bank will continue to respond to the challenges facing the public we serve.” He also highlighted that the risks we face can be mitigated with the right regulatory framework, intensive supervision, collaboration across the system and a commitment to “putting consumers at the heart of everything we do”.

On 20 March 2026, Tánaiste and Minister for Finance, Simon Harris TD, and Minister of State for Financial Services, Credit Unions, and Insurance, Robert Troy TD, gave an update, by way of a press release (“Press Release”), on the Central Bank (Amendment ) Bill 2025 (“Bill”).

The Bill seeks to amend the Central Bank Act 1942 by introducing provisions prohibiting financial service providers from discriminating against cancer survivors in the provision of financial services, specifically, access to mortgage protection insurance on fair and equitable terms. The overarching aim is to enshrine the “Right to Be Forgotten” concept for cancer survivors by ensuring that they are not unjustly penalised, because of their medical history, once certain post-treatment milestones have been reached.  The Bill lends statutory weight to protections that were previously voluntary and contained in the 2023 code of practice for underwriting mortgage protection for cancer survivors (“Code”).

The Bill was adopted by the Government in July 2025 and since that date a number of amendments were developed aimed at ensuring that the Bill is legally robust, in compliance with EU law and Solvency II regulatory standards, operationally practical for insurers and regulators, and fair and effective for cancer survivors seeking mortgage protection insurance.

Existing Code

The Code disregards cancer diagnoses after seven years have elapsed since the completion of treatment or after five years where the individual concerned was under 18 at the time of diagnosis for sums insured up to €500,000

Changes

The Bill reduces the  required remission period from seven years to five years which, the Press Release highlights, is in line with international medical standards. Additionally, the threshold for mortgage protection insurance cover will be increased to €650,000 and will be subject to future reviews.

Next Steps

Final proposals are due before the Government Cabinet in the coming weeks, with the Tánaiste stating that:

“I look forward to bringing these measures to Government for approval next month and progressing them swiftly through the Oireachtas.”

On 24 March 2026, the Central Bank of Ireland (“Central Bank”) published a guide to submitting crypto-asset service providers (“CASPs”) authorisation applications (“Guide”) on the Central Bank’s portal (“Portal”).

The Guide aims to provide step-by-step guidance for CASPs seeking Central Bank authorisation, explaining how to submit pre-application and application documentation via the Portal, how to manage an application and how to communicate securely with the Central Bank.

The CASP authorisation process consists of two phases – the pre-application and the application – for more information, see FIG Top 5 at 5 dated 5 December 2024.

Guide

The Guide is intended for:

• Portal administrators managing user access within the organisation;
• applicant firms applying for CASP authorisation; and
• staff members responsible for preparing and submitting applications.

The Guide contains tables describing how applicant CASPs should submit documentation at each stage of the application process, the documents required and the submission method via the Portal.

The Guide also covers the following matters:

• Portal information and set up;
• the pre-application stage;
• application management;
• secure messaging;
• the application stage; and
• frequently asked questions.

Each of the broad headings outlined above also contain a number of subheadings which expand on each area.

Familiarisation

The Central Bank strongly recommends that applicant firms familiarise themselves with the Guide to support the provision of a complete and accurate application and to minimise any potential delays in the assessment process. Additionally, the Central Bank advises that the Guide be read in conjunction with all other applicable documentation and guidance issued by the Central Bank, as follows:

• the Central Bank’s CASP regulatory requirements;
• the relevant application forms and templates; and
• any additional guidance published by the Central Bank.

On 11 March 2026, the fifth meeting of the joint EU – UK Financial Regulatory Forum (“Forum”) took place in London. A joint statement of the Forum (“Statement”) was published on the same day.

Participants attended from the following institutions:

• the Bank of England;

• the Financial Conduct Authority;
•  the European Central Bank;
• the European Supervisory Authorities; and
•  the EU Single Resolution Board.

The Statement sets out the following six themes that the meeting was focused on:

• the policy outlook – the Forum considered policy priorities to promote economic growth and competitiveness, with the UK providing an update on the implementation of the financial services growth and competitiveness strategy and the EU providing an update on the SIU.
• macroeconomic and financial stability outlook – here, discussions addressed matters such as potential risks regarding cybersecurity and operational resilience. Both the UK and the EU highlighted the importance of actively monitoring the impact of the situation in the Middle East on the financial system.
• banking – developments in the banking sector, particularly as regards simplification and competitiveness, were also discussed, with the EU highlighting its current consultation on the competitiveness of the banking sector – for more information, see FIG Top 5 at 5 dated 19 February 2026. Further matters discussed are as follows:
  • Basel implementation;
  • the importance of international standards to ensure global financial stability and the effective operation of global financial markets;
  • securitisation frameworks; and
  • the importance of effective cross-border resolution frameworks.

• digital finance – the effect of evolving market developments in financial sector digital innovation and how they are shaping respective approaches was discussed. Participants emphasised the importance of working within international fora to further develop digital innovation analysis to inform policy work and supervisory approaches.
• markets reform – here, the participants updated the forum on both UK and EU reforms to benchmarks regulation. The EU and the UK highlighted the importance of their ongoing reviews of transaction reporting in terms of regulatory burden reduction. Some further matters that were addressed include:
  • the importance of enhancing active surveillance of evolving risks and vulnerabilities in the financial system, particularly in the nonbank sector; and
  • the UK’s overseas funds regime and its Consumer Composite Investments regime.

• sustainable finance – some of the areas discussed under this heading are as follows:
  • the UK provided an update on the delivery of sustainable finance priorities;
  • the EU provided an update on its omnibus simplification package and its reviews of the sustainable finance disclosure regulation and the EU taxonomy;
  • the effect of climate change on the insurance and reinsurance sector; and
  • climate‑related risks for banks and insurers.

1. Commission reviews state aid rules for banks in difficulty

On 17 March 2026, the European Commission (“Commission”) launched a call for evidence (“CfE”) regarding a review of the state aid rules for banks in difficulty.

Background

State aid rules for banks in difficulty were introduced by the Commission during the 2008 global financial crisis and were last revised in the 2013 Banking Communication. There are currently six communications in force, which apply mutatis mutandis to insurance companies, as follows:

• the 2009 Recapitalisation Communication;
• the 2009 Impaired Assets Communication;
• the 2009 Restructuring Communication;
• the 2010 and 2011 Prolongation Communications; and
• the 2013 Banking Communication.

CMDI

Since 2013, the EU has adopted legislation to manage banking crises, preserve financial stability and protect depositors and taxpayers, by way of the Crisis Management and Deposit Insurance (“CMDI”) framework – for more information, see FIG Top 5 at 5 dated 12 March 2026. The CMDI features bank resolution as a main tool for dealing with bank failures.

Review

The Commission is now of the view that the macroeconomic conditions stemming from the 2008 global financial crisis and the EU sovereign debt crisis, which justified the introduction of state aid rules, have substantially evolved and both crises have ended. The state aid rules have been evaluated by the Commission where it considered the period 2008-2022. This report (“Report”) was published on 4 March 2026. A number of areas for improvement have been identified in the Report. Stakeholders who responded to the evaluation widely supported a single communication with clear links to the CMDI framework.

Overall, the Report suggests that the rules could be made clearer and more coherent as regards other EU policies and legislation, notably the CMDI framework.

CfE

The Commission proposes to revise the EU state aid rules for banks in difficulty in order to:

• merge the existing six communications that are in force into one clearer framework;
• align state aid rules more closely with the CMDI framework;
• shift the legal basis so the rules can apply not only in systemic crises but also in normal times, mainly under Article 107(3)(c) of the TFEU;
• ensure that resolution is the preferred response where there is public interest in handling a bank failure;
• make national taxpayer-funded solutions more exceptional; and
• avoid duplicating requirements already covered by CMDI.

The CfE aims to gather any further insights following the the publication of the Report and the revised CMDI framework  and consider any such insights in the context of the potential scope and substance of future state aid rules for banks.

Next Steps

The CfE is open for feedback until 14 April 2026.

A public consultation on a draft text will follow later this year, with the Commission expecting to adopt the new communication in Q2 2027.

2. EBA publishes final report on amendments to RTS on own funds and eligible liabilities under CRR

On 19 March 2026, the European Banking Authority (“EBA”) published a final report (“Report”) containing draft regulatory technical standards (“RTS”) amending commission delegated regulation (EU) 240/2014 on the timing for the application for prior permission to reduce own funds and eligible liabilities instruments under articles 77, 78 and 78a of Regulation (EU) 575/2013 (“CRR”).

The EBA consulted on the draft RTS in July 2025 – for more information, see FIG Top 5 at 5 dated 17 July 2025.

The RTS shorten the timeframe for competent and resolution authorities to process firms’ applications to reduce their own funds and eligible liabilities instruments from four months to three months. The Report highlights that authorities now have the necessary experience and accordingly, should now be able to process ad hoc and general prior permissions within a period shorter than four months.

Reverting to a shorter timeline, the Report points out, will give more flexibility to institutions in their requests for permission for redemption and capital planning purposes while it is still seen as a sufficient and prudent timeline from a supervisory perspective.

Next Steps

The EBA has submitted the draft RTS to the European Commission for adoption.