Empty Link Skip to Content

Financial Services Regulation

Setting the tone for the year ahead are the Central Bank of Ireland's ("Central Bank") key regulatory and supervisory priorities. Here we capture the significant and broad ranging, ongoing or anticipated developments which the Central Bank will be monitoring or introducing over the course of the year.

Boards and senior management should ensure that each of the priorities relevant to their business, is being considered and addressed by the necessary individuals and teams. Below we consider the publication of the priorities and two specifically named priorities which are of cross sectoral importance and interest to our financial services clients. 

Key Themes in Financial Services Regulation

Central Bank of Ireland – Key Regulatory and Supervisory Priorities for 2023

On three separate occasions in January and February this year, the Central Bank of Ireland ("Central Bank") publicly outlined its regulatory and supervisory priorities for 2023. These occasions included:

  1. on 25 January 2023, in a statement made by Gabriel Makhlouf, Governor of the Central Bank at the Joint Committee on Finance, Public Expenditure and Reform, and Taoiseach;
  2. in a letter also dated 17 January 2023, addressed to the Minister of Finance, Michael McGrath (published on 25 January 2023) and
  3. in a Dear CEO Letter dated 16 February 2023, addressed to the CEOs of all Regulated Financial Service Providers ("RFSP") ("Dear CEO Letter").

The Central Bank is clearly making an effort to be transparent with regard to its priorities which is welcomed by Matheson LLP.  We have actively communicated with our clients on all three occasions where the priorities have been detailed (please see the FIG Top 5 at 5 from 26 January, 2 February and 23 February for more details). In an ideal world these Central Bank priorities would be published in the final quarter of each year, in line with the approach taken by the European Supervisory Authorities ("ESAs") though we acknowledge that at least some of the Central Bank priorities will be driven by initiatives at EU level. Publishing priorities as early as possible greatly supports RFSPs in their regulatory and governance planning for the year ahead, particularly when it comes to identifying the areas where resources will need to be allocated.

Regarding the priorities themselves, there were no real surprises, much of what was detailed was expected. However, we would point out that the Dear CEO Letter did include one additional priority over and above the list detailed by the Governor and in the letter to the Minister for Finance. That was the inclusion of the provision of a " clear, open and transparent authorisation process". There has been some criticism of the Central Bank in this regard and the inclusion of this priority will be particularly welcomed by industry and other stakeholders.

The Central Bank (Individual Accountability Framework) Act 2023 - ready, steady go.

On 9 March 2023, the Central Bank (Individual Accountability Framework) Act 2023 ("IAF Act 2023") was signed into law by the President Michael D. Higgins, having completed all stages of Dáil Éireann ("Dáil") and Seanad Éireann ("Seanad") on 1 March 2023.

The Minister for Finance, Michael McGrath ("Minister"), having commended the Seanad amendments to the Dáil on 1 March 2023, acknowledged that getting the legislation to this point took "longer than anyone would have liked" but explained that "lengthy engagement with the Office of the Attorney General and the Central Bank" was necessary "to ensure that the legislation is effective and also constitutionally robust". 

Regarding commencement, the Minister confirmed that all sections of the legislation would be commenced as soon as possible following enactment, with the exception of Sections 3 – 6 and Section 10 which deal with the Senior Executive Accountability Regimen ("SEAR"), the conduct standards and the certification process. The Minister further advised that these sections would be commenced following completion of the Central Bank of Ireland's ("Central Bank") public consultation on these areas and that it is intended that the legislation, as enacted, would be fully implemented in the current year.  Fast forward to 13 March 2023 and the Central Bank has published the relevant consultation paper ("CP153") in which it proposes an altered implementation timeline, in so far as it pertains to the SEAR. CP 153 proposes an implementation date of July 2024 for impacted firms to comply with the SEAR requirements.

Impacted firms and industry groups will welcome this proposed extended implementation timeline, given that for a long time, the Central Bank suggested that little or no delay in implementation would be considered. Additionally as a result of this, we expect that industry groups will no longer look to lobby the Central Bank on this point and instead focus their attention on other issues.

In CP 153, the Central Bank explains that it will also issue guidance and regulations on the Fitness and Probity ("F&P") Investigative Process in March 2023 and confirms that there will be a further consultation paper in the summer on the changes to the Administrative Sanctions Procedures.  We would encourage firms to actively engage with these consultation processes and to take the opportunity to convey their views on the proposals and the challenges and difficulties which they anticipate in complying with them.

For further detail on CP153, please refer to the FIG Top 5 at 5 dated 16 March. If you have not subscribed to receive these updates, you can do so here.

For further details on the IAF and SEAR, please refer to our dedicated webpage, which can be found here.

 

 


 

    Digital Operational Resilience Act

    The new Digital Operational Resilience Act (Regulation (EU) 2022/2554) ("DORA") and the supporting directive ( Directive (EU) 2022/2556) entered into force on 16 January 2023. DORA, as a regulation, will be directly effective from 17 January 2025, while the supporting directive must be transposed by the same date. DORA forms part of the European Union's ("EU") Digital Finance Package, which includes, amongst other things, the proposal for a Regulation on Markets in Crypto-assets ("MiCA"), which was discussed in the Autumn 2022 Horizon Tracker.

    DORA represents the EU's first legislative framework focusing on digital operational resilience in the financial services sector. Its impact will be felt by most financial services firms. While a 24 month implementation period appears like a considerable length of time for firms to "get their house in order", the extent of the work to be completed in order to be fully compliant should not be underestimated. Additionally, while the Level 1 text is available, the Level 2 measures are yet to be confirmed, so impacted firms will need to monitor the development of these measures as they are proposed and adapted by the European Supervisory Authorities ("ESAs") over the coming 18 months. These measures will focus largely on how the rules will function in practice.  We would encourage firms to begin, as with any new piece of legislation, with a gap analysis to identify where changes are needed to their existing frameworks. Many firms can expect that there will be a need for investment in processes, procedures, systems and expertise to ensure effective implementation.

    As previously discussed in our Insight "Understanding the interaction between DORA and the Central Bank's Operational Resilience Guidance", many financial services entities are now querying the interplay between DORA and the Central Bank of Ireland's ("Central Bank") Cross Industry Guidance on Operational Resilience (the "Guidance") published in December 2021 (which requires full implementation by December 2023). Anticipating the adoption of DORA, the Central Bank noted in its feedback statement to the consultation paper on the draft Guidance, that same was "in line with international best practice and compatible with and complementary to DORA". Additionally, the Central Bank also committed to "continue to update and align the intended outcomes of our supervisory approach with relevant international operational resilience policy developments as they evolve" and "monitor international developments after the issuance of this Guidance, including any updates to ICT & Cyber Resilience best practices".

    Two points arise here. Firstly, on the face of it, any work being carried out by firms in preparation for the 1 December 2023 deadline for compliance with the Guidance, should be compatible and complementary to any work required to demonstrate compliance with corresponding obligations under DORA.  Secondly, where this is not the case, the Central Bank will likely update their guidance accordingly. In fact, given the extent of the changes introduced through DORA, additional communications and guidance from the Central Bank could potentially be provided as it looks to the integration of DORA into its own supervisory work. This has been described as one of its key priorities for 2023.

     

    Explore the Horizon Tracker

    FIG Top 5 at 5 - 09/02/2023

    Feb 16, 2023, 11:18 AM
    Title : FIG Top 5 at 5 - 09/02/2023
    Filter services i ds :
    Engagement Time : 7
    Insight Type : Article
    Insight Date : Feb 9, 2023, 00:00 AM

    1. Central Bank (Individual Accountability Framework) Bill 2022

    On 8 February 2023, the Central Bank (Individual Accountability Framework) Bill 2022 (the "Bill") was taken at second stage, Seanad Éireann (the "Seanad").

    The Minister of State for Financial Services, Credit Unions and Insurance, Jennifer Carroll-MacNeill, (the "Minister") introduced the Bill and outlined the Bill's aims and provisions to the Seanad.

    The Minister noted that there were a number of amendments made to the Bill at Committee and Report Stages in Dáil Éireann (the "Dáil") that were "technical in nature and did not involve any substantive change to the policy objectives of the Bill". She advised that the Minister for Finance intends to bring forward another "minor technical amendment at Committee Stage relating to a transitional provision in regard to Part 7".

    During the debate, Senator McDowell raised a number of concerns regarding the personal sanctions that may be brought against individuals. He maintained that "if the Central Bank decides to prosecute individuals within this process, they will be under massive obligations to comply with the inquiry". Senator McDowell was of the belief that the powers that the Bill proposes to confer on the Central Bank of Ireland (the "Central Bank") are "excessive, and not balanced" and that the conduct standards "are demanding when deployed against an individual."

    Senator Gavan raised a number of issues previously raised by Deputy Pearse Doherty at Dáil Committee stage. The first being the issue of training. He then queried the choice of the time period of six years as the relevant period preceding the commencement of an investigation (in respect of a suspicion of a breach of the fitness and probity requirements) noting that "many issues have not come to light under such a time, which could pose a problem for ensuring accountability after the fact". He also asked the Minister to re-examine the provision in Section 15 of the Bill on the discontinuation of an investigation for reason of lack of resources.

    The Minister, in response to the query raised on the Central Bank's powers, advised that a similar regime was introduced in the United Kingdom seven years ago and the effect that it has had in organisations is that "it has become about centralising the cultural question around individual accountability but at CEO level, so it is not something just for compliance, it relates to the whole-of-bank or whole-of-institution function and is driven by the CEOs office".

    In respect of the six year rule, the Minister explained that this is being introduced in response to a concern that individuals who had reason to believe they would be subject of a fitness and probity investigation could prevent the investigation by a "strategic resignation" in advance of the investigation.

    In relation to Section 15 on the discontinuance of an investigation for lack of resources, she noted that the former Minister for Finance, Pascal Donohoe wrote to the Finance Committee in response to this question stating that he "wholeheartedly agreed" that the Central Bank should not be prevented from conducting any investigation due to lack of resources. The Minister, in response to queries on fair procedures, identified Section 15 as an example of such fair procedures "the reason for discontinuing the investigation should be as transparent as the taking of it in the first instance. As I see it, the change in section 15 is a measure to try to rebalance that".

    Next Steps

    Speaking to the Central Bank consultation process, the Minister advised that it is her understanding that the Central Bank will leave the consultation open for "a period of up to three months, with three months for analysis."

    The Bill was read a second time and now moves to Seanad Committee Stage. The Committee Stage is scheduled to take place on Tuesday, 14 February 2023. We will include an update on that in next week's FIG Top 5 at 5.

    2. Central Bank of Ireland - Addendum to the Draft Guidance Note on the Central Bank Client Asset Requirements

    On 3 February 2023, the Central Bank of Ireland (the "Central Bank") published an addendum to the Draft Guidance on the revised Client Asset Requirements (the "CAR").

    The Central Bank originally published the Draft Guidance Note on the CAR in June 2022 to assist firms in interpreting the revised CAR, which is contained in the Central Bank (Supervision and Enforcement) Act 2013 (Section 48(1)) (Investment Firms) Regulations 2023 (published on 23 January 2023) (the "Revised Central Bank Investment Firm Regulations").

    The addendum includes guidance in respect of the transfer of client assets as part of a transfer of business.

    The Revised Central Bank Investment Firm Regulations will be applicable to investment firms from 1 July 2023 and credit institutions from 1 January 2024. The final guidance on the revised CAR will also apply from those dates. Please note that the guidance and addendum are still in draft form.

    3. Central Bank  - updated notice on the "Implementation of Competent Authority Discretions in the IFD Regulations and the IFR"

    On 3 February 2023, the Central Bank updated its notice on the  Implementation of Competent Authority Discretions in the IFD Regulations and the IFR (the "Implementation Notice")

    The Implementation Notice sets out the Central Bank’s requirements and guidance in relation to the implementation of certain competent authority discretions arising under:

    • the European Union (Investment Firms) Regulations 2021 (the "IFD Regulations") which transpose the majority of Directive (EU) 2019/2034 (the "IFD") into Irish law; and
    • the European Union (Investment Firms) (No. 2) Regulations 2021 (the "IFR Regulations") and the Regulation (EU) 2019/2033 (the "IFR").

    The Implementation Notice has been updated to take account of the:

    • updated Implementation Notice for Credit Institutions;
    • finalisation of the transposition of the IFD;
    • publication of the European Commission's Delegated Regulations and European Banking Authority Guidelines under the IFD/IFR Roadmap for investment firms; and
    • notification that Central Bank permission is required before capital contributions may be recognised as CET1 capital.

    4. European Commission adopts Delegated Regulation amending RTS on MiFID II tick size regime

    On 1 February 2023, the European Commission adopted a  Delegated Regulation amending Delegated Regulation (EU) 2017/588 ("RTS 11"), which contains regulatory technical standards ("RTS") supplementing Directive 2014/65/EU ("MiFID II").

    RTS 11 sets out the tick size regime for shares, depository receipts and exchange-traded funds. A tick size is the minimum increment at which a price of a financial instrument can be changed.

    The Annex to RTS 11 contains the applicable tick size based on the average daily number of transactions ("ADNT"). Currently the calculations of the ADNT applies as of 1 April each year. The Delegated Regulation amends RTS 11 to ensure that the calculations of the ADNT apply as of the first Monday of April of each year instead. This amendment aims to align the application date of calculations in RTS 11 with the application date of calculations in Delegated Regulation (EU) 2017/587 ("RTS 1").

    The Delegated Regulation notes that this amendment has not been consulted on separately as it is a technical amendment required to ensure that the revised RTS 1 and RTS 11 are aligned regarding the application date of the calculation of average daily number of transactions in RTS 11 and of other transparency calculations based on RTS 1.

    5. EIOPA Updates

    5.1 EIOPA 2023 Supervisory Convergence Plan

    On 1 February 2023, EIOPA published its  Supervisory Convergence Plan for 2023. The Supervisory Convergence Plan identifies EIOPA’s three main priorities to enhance supervisory convergence in 2023 which includes the implementation of the common supervisory culture and the development of supervisory convergence tools; the risks to the internal market and the level playing field; and the supervision of emerging risks.

    EIOPA's priorities for common supervisory culture and supervisory tools include:

    • The risk assessment framework and application of proportionality including reviewing the Guidelines on Supervisory Review Process and a possible review of the Chapter on Risk Assessment Framework in the Supervisory Handbook.
    • Common benchmarks for the supervision of internal models including promoting benchmark studies on internal models.
    • Supervisory assessment of conduct risks including expanding the types of conduct risk assessments, working on issues with exclusions and lack of clarity in insurance contracts, developing a supervisory statement on monitoring and addressing  value for money risks and finalising the peer review on Product Oversight Governance.
    • Supervisory approach to environmental, social and governance risks including revising the Supervisory Handbook chapter on supervision of climate-related risks in Solvency II Pillar II; monitoring the application of the Opinion on the use of climate change risk scenarios in ORSA, monitoring greenwashing; conducting a follow up analysis of consumers’ understanding of natural catastrophe insurance coverage.
    • Group supervision including improving the Supervisory Handbook chapters on group supervision, in particular on the treatment of own funds.
    • Supervisory technology including working on supervisory technology solutions for the collection of information.
    • Captives  - following the proposal for a more proportionate treatment of captives in the Solvency II review,EIOPA will publish recommendations to NCAs on how to supervise some specificities of captives (re)insurance undertakings where divergences of practices have been found.
    • Supervisory tools in cross-border contexts including conducting analysis on the use of different tools and powers in cross border contexts and focus on targeted EIOPA tools and powers.

    EIOPA's priorities for risks to the internal market include:

    • Calculation of technical provisions including raising awareness on the impact of increasing inflation on the calculation of technical provisions.
    • Internal model outcomes, modelling methodologies and supervisory practices including initiating a comparative study on modelling of life risk and an analysis over operational risk modelling methodologies and supervisory practices.
    • Authorisations, fitness and propriety on the implementation of Article 31a of the ESAs regulation - EIOPA will work with the other ESAs to set up a cross sectoral system for information exchanges for assessments of holders of qualifying holdings, directors and key function holders.
    • Third country reinsurance - EIOPA will work further on the establishment of a cooperation framework between EU and third countries supervisors.

    EIOPA's priorities for emerging risks include:

    • IT security and governance-related risks including implementing and fulfilling its policy mandates under the new regulation on digital operational resilience.
    • Digital transformation including finalising a supervisory statement on differential pricing practices, addressing financial inclusion in the digital age and analysing the opportunities and challenges of an open insurance framework.
    • Cyber underwriting - analysing cyber underwriting practices, in particular the access to cyber coverage for Small and Medium Enterprises.
    • Digital business model analysis including developing supervisory convergence tools to support NCAs in the performance of the business model analysis in the context of the insurance digital market.

    5.2 EIOPA reports on insurers’ use of climate-related adaptation measures in non-life underwriting practices

    On 6 February 2023, EIOPA published a  report on insurers’ inclusion of adaptation measures to climate change in their non-life underwriting practices. The report is the outcome of a pilot exercise on impact underwriting that EIOPA conducted in 2022.

    EIOPA notes that while progress is being made in how insurance undertakings are adapting their non-life underwriting practices to climate change, overall the market appears to be at an early stage and there is further room for improvement. EIOPA will continue its work on impact underwriting including raising public awareness about climate risks and related prevention measures as well as promoting the use of open-source modelling and data.

    5.3 EIOPA supervisory statement on oversight of third country governance arrangements

    On 3 February 2023, EIOPA published a  Supervisory Statement on oversight of third country governance arrangements following consultation in August 2022. The supervisory statement sets out supervisory expectations to address supervisory practices in relation to governance arrangements in third countries and aims to enhance the supervision and monitoring of insurance undertakings’ and intermediaries’ compliance with relevant EU legislation concerning governance arrangements in third countries.

    Speaking on the publication of the Supervisory Statement, Petra Hielkema, Chair of EIOPA said: “For us supervisors, it is important that third country branches of EU insurers do what they are meant to do: primarily serve the people and businesses of the country in which they are established. What we want to avoid is situations where overseas branches are more than outposts while the EU entities to which they are linked - together with their decision-making and risk management capacities - become empty shells."

    HoldingImage_558x245_Blue HoldingImage_450x200_Red
    Authors :
    Co Authors
    Services :
    Related Insights

    The Latest Financial Regulation Developments

    Read the Full Report