Welcome to the FIG Top 5 at 5

On 11 December 2025, the Central Bank of Ireland (“Central Bank”) published its December 2025 Insurance Newsletter (“Newsletter”).

The Newsletter covers areas of relevance and interest to the insurance sector. Some of the matters covered in this edition include:

Thematic review of operational resilience  in the domestic life sector

The Newsletter details that the Central Bank recently concluded a thematic assessment (“Assessment”) of the domestic life insurance sector aimed at establishing whether the operational resilience frameworks of firms are aligned with the foundational aspects of the Central Bank’s cross industry guidance on operational resilience (“Guidance”). The Guidance was updated in July 2025 – for more information, see FIG Top 5 at 5 dated 24 July 2025.

The Assessment was concentrated on pillar 1 of the Guidance – “Identify and Prepare”, which encompassed an assessment of the following areas:

• governance;
• identification of critical or important business services (“CIBS”);
• setting impact tolerances for each of the CIBS; and
• mapping the end-to-end delivery of CIBS detailing the interconnections and interdependencies that exist amongst the CIBS.

Overall, the Assessment found positive practices but the Newsletter highlights a number of areas requiring improvement.

Accordingly, some of the Central Bank’s observations, highlighted in the Newsletter, include:

• as regards the concept of operational resilience, the Assessment highlighted the need for firms to be aware of the distinction between operational risk as opposed to operational resilience so that firms are in a position to manage and evolve their operational resilience approaches. It was noted that some firms treated operational resilience as a subset of operational risk, with the Newsletter highlighting that these are separate, but aligned, matters;
• in terms of governance, the Assessment found that board meeting minutes of some firms did not evidence robust discussions or challenge. In this context, the Newsletter highlights the importance of boards understanding their firm’s operational resilience by  way of challenging assumptions and asking probing questions, with such processes reflected in the minutes;
• addressing CIBS, the Newsletter emphasises that, when identifying CIBS, firms must define what the service provides, who the intended end user is and also ensure that it functions as a standalone service. The Assessment found that some insurers’ CIBS were identified through a process lens rather than a service one;
• regarding impact tolerances, the Assessment found that quite a number of firms were using time based metrics which did not identify the point of maximum acceptable disruption to the CIBS. The Newsletter highlights that firms can improve their impact tolerances by including metrics other than time based ones. Further, it is stated that firms should also assess their ability to remain within their impact tolerance by conducting scenario testing of their CIBS; and
• as mentioned above, the Assessment considered mapping interconnections and interdependencies, with the Newsletter highlighting that firms’ mapping should be sufficiently granular to allow it to identify vulnerabilities and key dependencies, and to support testing of a firm’s ability to stay within the assigned impact tolerances for each CIBS. It also advised that firms should consider developing mapping in such a way that the chain of activities involved in delivering their CIBS is visually demonstrated.

Some other matters of note include:

• the Central Bank expects that firms will continuously asses and adapt their frameworks, to align with all three pillars of the Guidance, as the operational resilience landscape continues to evolve, for example taking account of the new standards introduced by DORA; and
• additionally, the Newsletter highlights that each firm should consider their operations, services and third-party dependencies, real-world risk events, and regulatory developments, such as the coming into effect of DORA, not only as part of their ongoing assessment and enhancement of their operational resilience frameworks but also as part of their responsibilities under the Individual Accountability Framework.

Thematic review of AML / CFT governance in cross border life firms

This review (“Review”) focused on the assessment of firms’ compliance with their AML / CFT and financial sanctions (“AML / CFT and FS”) governance obligations under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (“CJA 2010”) and also under the Central Bank’s anti-money laundering and countering the financing of terrorism guidelines for the financial sector’ (“ AML / CFT Guidelines”). The Review covered firms within the cross border life (“CBL”) sector.

Overall, the Review found a satisfactory level of compliance by firms with their AML / CFT and FS governance obligations. A number of areas for improvement were also identified across four areas, some of which are as follows:

• governance roles and responsibilities – here, it was found that although governance structures were established, clarity around roles and responsibilities for AML / CFT and FS oversight was often lacking;
• board and sub-committee meetings – the Newsletter highlights that:
  • some firms did not adequately address AML / CFT and FS matters in their agendas and all firms should ensure that AML / CFT and FS matters receive appropriate attention at all board, board sub-committee and senior management committee meetings where AML / CFT and FS responsibilities lie;
  • the Central Bank expects that AML / CFT and FS matters receive robust discussion at an appropriately senior level at board meetings and that those discussions are accurately recorded in the meeting minutes; and
  • the Central Bank expects a firm’s compliance officer to report to the board regarding any AML / CFT and FS matters and escalate any issues in a timely way;
• policies and procedures – here it was found that although firms had AML / CFT and FS policies and procedures in place, there were some gaps in comprehensiveness and practical implementation. Some firms policies were based on a parent entity jurisdiction and only referenced legislation of that jurisdiction. Accordingly, the Newsletter highlights that the Central Bank expects firms to tailor AML / CFT and FS policies to the business model of the firm in Ireland and to comply with the CJA 2010 and the AML / CFT Guidelines. The Newsletter also emphasises that the Central Bank expects firms to update their policies and procedures soon after any relevant legislation, regulation or guidance has been introduced; and
• failure to follow the firm’s own AML / CFT and FS policies and procedures – here the Newsletter points to that fact that the Review found several instances of firms not complying with their own policies and procedures, examples of which included:
  • failure to screen beneficiaries due to receive a benefit from a death claim prior to payout; and
  • failure to apply enhanced due diligence where a transaction involved a customer residing in a jurisdiction designated as a high risk third county by the EU.

The Newsletter sets out the Central Bank’s expectation that where a firm’s AML / CFT and FS policies and procedures places an obligation

on the firm to do something then the firm will carry out this action.

Thematic review of climate change materiality assessments

The Central Bank has previously stated that one of its strategic priorities is climate change risk and last year it carried out a thematic review of the materiality assessments of 29 firms, encompassing firms from non-life, life, and reinsurance sectors. This most recent review (“Review”) assessed a further cohort of firms from the same categories as regards those firms’ assessment of the materiality of their exposures to climate change risk in 2025.

The Newsletter refers to the Central Bank’s 2023 guidance for (re)insurance undertakings on climate change risk, which is aimed at helping firms by clarifying expectations as to how they consider climate change risk within their business.

The Newsletter sets out some key feedback from the Review, highlighting areas of stronger and weaker practice including:

Stronger practices:

• as regards baseline scenarios, a clear explanation of the baseline climate scenario chosen, with a rationale for the selection of the scenario / sufficient detail on the chosen pathway, including future assumptions, and what this means for potential risks to the business model and strategy;
• as regards business model and strategy, firms consider their strategic business model decisions in light of exposures identified, including how current product offerings need to be adapted in light of the climate change policy, changing customer preferences, or increased exposure;
• as regards risk appetite, a qualitative and quantitative assessment whereby the quantitative assessment focused on the key risks that the firm is exposed to; and
• as regards clear conclusions on the materiality of climate change risks, clear conclusions on the materiality of risks to which the firm is exposed. This included both first and second order impacts, showing that the firm had considered the potential implications of climate change in a holistic way.

Weaker practices:

• as regards baseline scenarios, assessments where a baseline scenario was not explicitly considered / use of the firm’s business plan as a baseline scenario / no rationale provided for the baseline scenario;
• as regards business model and strategy, a lack of joined up thinking between climate change risk analysis on the one hand and firms’ business models and strategies on the other hand; and
• as regards clear conclusions on the materiality of climate change risks, weak analysis of second order and indirect impacts.

Some other matters highlighted are as follows:

• the Central Bank expects firms to adopt an iterative approach to their climate change risk materiality assessment and demonstrate that they are building on the respective assessment as per section 7 of the Guidance;
• the Central Bank expects that (re)insurers consider the Guidance in a holistic way and not as discrete sections in isolation;
• the results of the materiality assessment should be used by firms within their strategy and business planning, leading to action being taken where needed; and
• the integration of the Guidance into firms’ governance is currently under review by the Central Bank, with the Newsletter highlighting that it will provide feedback in the next insurance newsletter.

Supervisory insights

Some matters considered in this section of the Newsletter are as follows:

• the results of a supervisory survey carried out by the Central Bank into the exposure and response of the specialty and reinsurance sectors to US social inflation. The Newsletter highlights that this is a known and actively managed risk within the Irish market, with the findings of the survey highlighting the need for continued proactive action across reserving, pricing, underwriting and risk management.

The Newsletter sets out supervisory takeaways for firms and highlights that the Central Bank will continue to monitor this risk through supervisory engagement and follow-up reviews in 2026; and

• a reminder to firms about the DORA registers of information (“RoI”) for 2026, stating that the Central Bank is currently planning on collecting the DORA RoI between February and March 2026 and will communicate further with firms towards the end of January / early February 2026.

Legislative updates

This part of the Newsletter contains an update on impending changes to EU legislation for (re)insurers as regards the Solvency II review and the Insurance Recovery and Resolution Directive (“IRRD”).  Some of the matters addressed are as follows:

• the European Commission’s adoption of the Solvency II level II delegated acts – see FIG Top 5 at 5 dated 6 November 2025;
• EIOPA consultations on Solvency II – see FIG Top 5 at 5 dated 16 October 2025;
• early insights gathered by the Central Bank on the impact of the Solvency II changes;
• the Central Bank’s implementation plans for 2026 with the Newsletter highlighting a plan to issue a survey to all (re)insurance firms (except captives) in Q1 2026, to gain further insights into how the industry will be affected by the Solvency II changes, and how many firms intend to apply for proportionality measures.

The remainder of the Newsletter covers various other matters, many of which have been covered in the FIG Top 5 at 5 over the last number of months, such as:

• changes to the insurance compensation fund levy – see FIG Top 5 at 5 dated 9 October 2025;
• the Central Bank’s approach to simplification – see FIG Top 5 at 5 dated 27 November 2025;
• sustainability updates;
• digitalisation updates, addressing AI in the main, including that the Insurance Institute, Insurance Ireland, the Society of Actuaries, and the Central Bank have collaborated to create a short four-part introduction to AI;
• updates to the fitness and probity regime – see FIG Top 5 at 5 dated 27 November 2025; and
• forthcoming thematic reviews and information requests over Q1 and H1 2026.

On 10 December 2025, the Central Bank of Ireland (“Central Bank”) published the first edition of its payment and e-money newsletter (“Newsletter”), which it states, will be a regular publication. The Newsletter provides updates on key regulatory developments in the payments and e-money sector and flags upcoming changes, particularly focusing on:

• safeguarding of users’ funds; and
• culture, governance and risk management.

Some of the matters covered in this edition include:

Thematic inspection on safeguarding

The Newsletter sets out insights from the Central Bank’s recently conducted thematic inspection on safeguarding (“Inspection”), which was aimed at assessing the operational effectiveness of firms’ safeguarding processes and infrastructure. The Newsletter highlights the importance of all firms considering the findings of the Inspection, and the Central Bank’s expectations, in the context of their own safeguarding practices. The Newsletter emphasises that that the Central Bank has “no tolerance for weaknesses in safeguarding arrangements.” 

The Inspection identified good practices but also observed some deficiencies. Some examples of both follow:

Positive practices

• users’ funds are received directly into safeguarding accounts with associated fees and interest income stripped out;
• the use of insurance as mitigation against incidents outside of firms’ control, for example, operational risk and FX risk; and
• having outsourcing risk management frameworks in place where parts of the safeguarding process is outsourced by firms.

Deficiencies

• the reconciliation process was not clearly outlined in safeguarding policies and procedures;
• a reliance on group entities to conduct due diligence of insurance providers with no oversight by firms;
• a lack of knowledge and understanding of the safeguarding insurance policies / guarantees at the Irish entity level;
• weaknesses in safeguarding incident reporting, with a lack of documented thresholds for safeguarding incident escalation together with insufficient and incomplete safeguarding incident logs; and
• significant proportions of safeguarded funds held in individual credit institutions giving rise to concentration risk.

The Newsletter also sets out a list of the Central Bank’s expectations, some of which are as follows:

• that there is a robust, board approved, safeguarding risk framework in place aimed at ensuring that users’ funds are appropriately identified, managed and protected on a day-to-day basis;
• that firms appoint an individual that is directly responsible for safeguarding. Here, the Newsletter highlights that a new preapproval controlled function (“PCF”) role will be introduced in 2026, namely, PCF-56 Head of Safeguarding, and firms will be required to appoint a person to this role;
• annual safeguarding training is provided to the board and staff;
• local teams with responsibility for the oversight of safeguarding should have full and detailed knowledge of the coverage of the firm’s insurance policy;
• an appropriate wind down strategy should be in place, including details as to the return of users’ funds in a solvent and insolvent wind down situation;
• annual compliance should be carried out; and
• the board of a firm should receive regular safeguarding updates.

Cross-sectoral customer experience review

The Newsletter also features an update on the Central Bank’s review (“Review”) that examined customer experience via customer complaints across firms in certain sectors. The Newsletter explains how the Review highlighted that firms need to take additional steps to support customers in getting effective customer service and information throughout the customer journey. Specifically, the Newsletter emphasises that firms should:

• consider the Central Bank’s expectations for managing customer service risk; and
• take a consumer-centric approach that helps deliver fair outcomes for customers.

As regards the Consumer Protection Code (“Code”), the Newsletter states that the Central Bank expects that firms are complying with all regulatory requirements relating to complaints handling and complaints management – including proactively identifying complaints as early as possible.

The Newsletter goes on to set out the Central Bank’s expectations as regards customer service, for example:

• the provision of clear, timely and accurate information to customers, ensuring that employees have the requisite knowledge across products, services and processes to engage with customers;
• firms should be able to demonstrate evidence of thorough investigation and resolution of complaints, as set out under chapter 12 of the Code; and
• firms should have robust and effective governance and control frameworks, processes and procedures in place to ensure that all customer complaints are handled quickly, efficiently and fairly.

The remainder of the Newsletter addresses:

• a focus on qualifying holdings application, reminding all persons who directly or indirectly propose to acquire a qualifying holding or increase a qualifying holding in a PI / EMI, that they must give advance notice to the Central Bank. The Newsletter goes on to set out information as to what a qualifying holding is / documentation needed for a notification to the Central Bank / assessment and approval of a qualifying holding. The Newsletter also sets out a list of helpful tips as regards any such application;
• changes to the fitness and probity regime, particularly noting that the recently updated Guidance on the Fitness and Probity Standards (“Guidance”) has removed the need for separate third-party lawyer / notary attestation for PI, EMI and account information service providers in most cases. For more information on the Guidance, see FIG Top 5 at 5 dated 27 November 2025;
• the obligation for firms to appoint a head of safeguarding oversight PCF role, as referred to above, in 2026, with further information to be provided next year;
• the requirement, by 9 April 2026, for firms providing SEPA instant payments to submit a new return, “SEPA Instant Payments Transfers Individual”;
• the publication, by the Central Bank, of a revised AML / CFT risk evaluation questionnaire, templates and guidance. The first return, which covers the calendar year 2024, is to be submitted to the Central Bank by 13 February 2026;
• a brief update on the revised CPC – for more information see FIG Top 5 at 5 dated 27 March 2025; and
• key dates for 2026 returns, including submission of the DORA register of information by 4 April 2026.

On 12 December 2025, the Central Bank of Ireland (“Central Bank”) issued a public statement (“Statement”) regarding enforcement action between the Central Bank and Mr Philip Smith, former chief executive officer (“CEO”) and executive director of RSA Insurance Ireland DAC (“RSAII”).

The Statement explains that the Central Bank has reprimanded Mr Smith and disqualified him from being involved in the management of a regulated financial service provider for 13 years.

Prescribed contravention

The action taken by the Central Bank relates to Mr Smith’s involvement in a breach by RSAII of article 13(1)(a) of the European Communities (Non-Life Insurance) Framework Regulations 1994 (“Prescribed Contravention”), which requires insurance undertakings to maintain adequate technical reserves for all underwriting liabilities.

In 2018, RSAII was fined for the Prescribed Contravention, after admitting that on 30 September 2013 there was a significant shortfall in its technical reserves as a result of the under reserving of 17 large loss claims.

Maintaining sufficient reserves

The Statement goes on to set out that Mr Smith, as CEO of RSAII, oversaw a process whereby claims handlers were prevented or delayed from recording their recommended estimates on RSAII’s database, resulting in claims estimates being understated on the database. Consequently, the technical reserves did not reflect RSAII’s estimated liability for certain large loss claims, creating a risk that RSAII might not have been in a position to pay claims made by and against its policyholders.

The Statement describes maintaining sufficient reserves to meet underwriting liabilities as “the cornerstone of conducting business in all insurance entities.”

Serious breach

The Statement sets out the disqualification period of 13 years is commensurate with the seriousness of the breach. The Central Bank also considered that a monetary penalty of €120,000 was merited, however, taking into account Mr Smith’s financial circumstances, did not ultimately impose this penalty.

Trust in financial services

Colm Kinkaid, Deputy Governor at the Central Bank, stated that:

“The actions of directors and senior executives shape the conduct and operating culture of the firms they lead – none more so than the CEO. For consumers of financial products, including policyholders, to have trust in financial services, they need to be confident that their best interests will be secured. These consumers rely on directors and senior executives to manage their businesses in a way that not only adheres to the rules but builds an effective organisational culture based on standards such as professionalism, integrity and accountability to deliver fair outcomes that have the interests of consumers at heart.”

On 9 December 2025, the European Insurance and Occupational Pensions Authority (“EIOPA”) launched seven consultations on policy instruments regarding the implementation of the Insurance Recovery and Resolution Directive (“IRRD”).

This latest set of consultations follows two previous sets of consultations on IRRD – for more information, see FIG Top 5 at 5 dated 1 May 2025 and FIG Top 5 at 5 dated 24 July 2025.

These most recent consultations propose draft guidelines and technical standards covering the scenarios and indicators to be used in pre-emptive recovery plans, the criteria for simplified obligations and the methodology for establishing the independence of valuers in the resolution process, among others.

The consultations are as follows:

• Consultation on the proposal for guidelines to specify further the range of scenarios in pre-emptive recovery planning – the scenarios include system wide and insurance specific stress events, for example, mass policy lapses, the impact of which will be assessed on the solvency position, liquidity and profitability of the undertaking or group.
• Consultation on the proposal for guidelines to specify further the qualitative and quantitative indicators in pre-emptive recovery planning – including indicators related to capital and liquidity positions, asset quality, profitability, market conditions, macroeconomic conditions and operational events.
• Consultation on the proposal for guidelines to specify how information should be provided in summary or collective form for the purposes of article 66(2) of IRRD – these guidelines set out the rules around the use of exemptions to professional secrecy for confidential information, particularly for cases where disclosures are made in summary or in collective form without allowing the identification of individual entities.
• Consultation on the proposal for guidelines to specify further details on the criteria on simplified obligations under IRRD – these guidelines further specify factors such as the nature of business, shareholding structure, legal form, risk profile, size, legal status, interconnectedness metrics as well as the scope and complexity of activities to be considered when assessing whether an undertaking or group is eligible for simplified obligations.
• Consultation on the proposal for regulatory technical standards (“RTS”) on the independence of valuers for resolution under article 24(6) of IRRD –the RTS set out the conditions under which a candidate valuer is deemed to be independent from both the resolution authority and the entity under resolution and may perform the valuation of an entity’s assets and liabilities.
• Consultation on the proposal for RTS on contractual recognition of resolution stay powers under article 52 of IRRD – the RTS establish standardised terms for financial contracts that would allow the resolution authority to exercise its powers to suspend or restrict rights and obligations over contracts governed by third country law.
• Consultation on the proposal for RTS specifying methodologies and principles on the valuation of liabilities arising from derivatives in the resolution process.

Next Steps

All seven consultations are open for feedback until 20 March 2026.

1. ECB publishes recommendations on simplification of EU banking rules

On 11 December 2025, the European Central Bank (“ECB”) published the recommendations (“Recommendations”) of the ECB’s governing council’s high-level task force on simplification.

The Recommendations are aimed at simplifying the EU banking framework while maintaining the resilience of the banking system. The ECB stated that European harmonisation should be fostered and that international cooperation is essential. The ECB also highlighted that all jurisdictions should ensure “full, timely and faithful implementation of Basel III.”

Some of the Recommendations are as follows:

• simplify the design of banks’ capital requirements and buffers, also known as capital stacks by introducing two changes, the first being to merge the existing layers of capital buffers into just two and the second being to reduce the leverage ratio framework from four elements to two;
• enhance the capacity of additional tier 1 capital to absorb losses when a bank is operating normally – this would improve the quality of banks’ capital;
• a significant increase in proportionality under EU banking rules by expanding the existing small banks regime to include more banks and simplifying their applicable rules in a prudent and harmonised manner;
• to simplify the macroprudential framework, automatic reciprocation of macroprudential measures is recommended, ensuring that all banks active in a country where macroprudential measures are applicable will be subject to that measure;
• as regards the framework for failure of banks, it is recommended aligning the resolution requirements that apply to all banks more closely with those that apply to the global systemically important banks;
• in the interests of further harmonisation, changing EU banking rules from directives to directly applicable regulations;
• as regards supervision, it is recommended that the single rule book should be completed and that rules regarding  licensing, governance and transactions with related parties, should be harmonised;
• simplify the EU-wide stress test by streamlining its methodology and scope and making its results more useful from a banking system and individual bank perspective; and
• European authorities should share data more widely with each other, allowing banks to report only once with the result that a fully integrated reporting system at a European level would be created for statistical, prudential and resolution purposes.

On 11 December 2005, the ECB also published a report entitled “Streamlining supervision, safeguarding resilience”, focused on the ECB’s ongoing agenda to increase the effectiveness, efficiency and risk focus of European banking supervision under the Single Supervisory Mechanism. The ECB explains that, amongst other things, this publication complements the Recommendations

Next Steps

The Recommendations have been endorsed by the governing council and will be presented to the European Commission.

2. ECB announces 2026 geopolitical risk stress test for banks in SSM

On 12 December 2025, the European Central Bank (“ECB”) announced, by way of a press release (“Press Release”),  that it will carry out a geopolitical risk reverse stress test (“Stress Test”) across 110 directly supervised banks in 2026.

Predetermined

In a reverse stress test, the ECB explained, a pre-determined outcome will be prescribed and each bank will define the scenario in which that outcome would occur.

Cross-cutting

The ECB describe geopolitical risk as a cross-cutting risk driver that can have an impact on banks’ traditional risk categories. It cuts across credit, market, liquidity, business model, governance and operational risks. Further, it can also affect banks through multiple channels, including financial markets, the real economy and the safety and security of banks’ operations.

In the Press Release, the ECB restated that geopolitical risk remains at the centre of its supervisory priorities for 2026 – 2028 – for more information, see FIG Top 5 at 5 dated 20 November 2025.

Process

Each bank will be asked to identify the most relevant geopolitical risk events that could lead to at least a 300-basis point depletion in its common equity tier 1 capital and to provide information about how the scenario may affect their solvency, liquidity and funding conditions. The Stress Test will be conducted as part of banks’ internal capital adequacy assessment process (“ICAAP”), with the ECB explaining that this means that banks will be able to use existing supervisory data collection templates.

Outcome

The results of the Stress Test will be used to inform and complement the supervisory review and evaluation process (“SREP”) in a qualitative way and in line with the broader 2026 ICAAP. The ECB has stated that any weaknesses identified by the Stress Test will feed into the SREP assessment, with a focus on banks’ ability to incorporate geopolitical risks into their risk materiality assessments, their stress-testing framework and capabilities and their risk data aggregation and reporting capabilities.

Next Steps

The ECB will communicate the results of the stress test in summer 2026.