Empty Link Skip to Content

Financial Services Regulation

Setting the tone for the year ahead are the Central Bank of Ireland's ("Central Bank") key regulatory and supervisory priorities. Here we capture the significant and broad ranging, ongoing or anticipated developments which the Central Bank will be monitoring or introducing over the course of the year.

Boards and senior management should ensure that each of the priorities relevant to their business, is being considered and addressed by the necessary individuals and teams. Below we consider the publication of the priorities and two specifically named priorities which are of cross sectoral importance and interest to our financial services clients. 

Key Themes in Financial Services Regulation

Central Bank of Ireland – Key Regulatory and Supervisory Priorities for 2023

On three separate occasions in January and February this year, the Central Bank of Ireland ("Central Bank") publicly outlined its regulatory and supervisory priorities for 2023. These occasions included:

  1. on 25 January 2023, in a statement made by Gabriel Makhlouf, Governor of the Central Bank at the Joint Committee on Finance, Public Expenditure and Reform, and Taoiseach;
  2. in a letter also dated 17 January 2023, addressed to the Minister of Finance, Michael McGrath (published on 25 January 2023) and
  3. in a Dear CEO Letter dated 16 February 2023, addressed to the CEOs of all Regulated Financial Service Providers ("RFSP") ("Dear CEO Letter").

The Central Bank is clearly making an effort to be transparent with regard to its priorities which is welcomed by Matheson LLP.  We have actively communicated with our clients on all three occasions where the priorities have been detailed (please see the FIG Top 5 at 5 from 26 January, 2 February and 23 February for more details). In an ideal world these Central Bank priorities would be published in the final quarter of each year, in line with the approach taken by the European Supervisory Authorities ("ESAs") though we acknowledge that at least some of the Central Bank priorities will be driven by initiatives at EU level. Publishing priorities as early as possible greatly supports RFSPs in their regulatory and governance planning for the year ahead, particularly when it comes to identifying the areas where resources will need to be allocated.

Regarding the priorities themselves, there were no real surprises, much of what was detailed was expected. However, we would point out that the Dear CEO Letter did include one additional priority over and above the list detailed by the Governor and in the letter to the Minister for Finance. That was the inclusion of the provision of a " clear, open and transparent authorisation process". There has been some criticism of the Central Bank in this regard and the inclusion of this priority will be particularly welcomed by industry and other stakeholders.

The Central Bank (Individual Accountability Framework) Act 2023 - ready, steady go.

On 9 March 2023, the Central Bank (Individual Accountability Framework) Act 2023 ("IAF Act 2023") was signed into law by the President Michael D. Higgins, having completed all stages of Dáil Éireann ("Dáil") and Seanad Éireann ("Seanad") on 1 March 2023.

The Minister for Finance, Michael McGrath ("Minister"), having commended the Seanad amendments to the Dáil on 1 March 2023, acknowledged that getting the legislation to this point took "longer than anyone would have liked" but explained that "lengthy engagement with the Office of the Attorney General and the Central Bank" was necessary "to ensure that the legislation is effective and also constitutionally robust". 

Regarding commencement, the Minister confirmed that all sections of the legislation would be commenced as soon as possible following enactment, with the exception of Sections 3 – 6 and Section 10 which deal with the Senior Executive Accountability Regimen ("SEAR"), the conduct standards and the certification process. The Minister further advised that these sections would be commenced following completion of the Central Bank of Ireland's ("Central Bank") public consultation on these areas and that it is intended that the legislation, as enacted, would be fully implemented in the current year.  Fast forward to 13 March 2023 and the Central Bank has published the relevant consultation paper ("CP153") in which it proposes an altered implementation timeline, in so far as it pertains to the SEAR. CP 153 proposes an implementation date of July 2024 for impacted firms to comply with the SEAR requirements.

Impacted firms and industry groups will welcome this proposed extended implementation timeline, given that for a long time, the Central Bank suggested that little or no delay in implementation would be considered. Additionally as a result of this, we expect that industry groups will no longer look to lobby the Central Bank on this point and instead focus their attention on other issues.

In CP 153, the Central Bank explains that it will also issue guidance and regulations on the Fitness and Probity ("F&P") Investigative Process in March 2023 and confirms that there will be a further consultation paper in the summer on the changes to the Administrative Sanctions Procedures.  We would encourage firms to actively engage with these consultation processes and to take the opportunity to convey their views on the proposals and the challenges and difficulties which they anticipate in complying with them.

For further detail on CP153, please refer to the FIG Top 5 at 5 dated 16 March. If you have not subscribed to receive these updates, you can do so here.

For further details on the IAF and SEAR, please refer to our dedicated webpage, which can be found here.

 

 


 

    Digital Operational Resilience Act

    The new Digital Operational Resilience Act (Regulation (EU) 2022/2554) ("DORA") and the supporting directive ( Directive (EU) 2022/2556) entered into force on 16 January 2023. DORA, as a regulation, will be directly effective from 17 January 2025, while the supporting directive must be transposed by the same date. DORA forms part of the European Union's ("EU") Digital Finance Package, which includes, amongst other things, the proposal for a Regulation on Markets in Crypto-assets ("MiCA"), which was discussed in the Autumn 2022 Horizon Tracker.

    DORA represents the EU's first legislative framework focusing on digital operational resilience in the financial services sector. Its impact will be felt by most financial services firms. While a 24 month implementation period appears like a considerable length of time for firms to "get their house in order", the extent of the work to be completed in order to be fully compliant should not be underestimated. Additionally, while the Level 1 text is available, the Level 2 measures are yet to be confirmed, so impacted firms will need to monitor the development of these measures as they are proposed and adapted by the European Supervisory Authorities ("ESAs") over the coming 18 months. These measures will focus largely on how the rules will function in practice.  We would encourage firms to begin, as with any new piece of legislation, with a gap analysis to identify where changes are needed to their existing frameworks. Many firms can expect that there will be a need for investment in processes, procedures, systems and expertise to ensure effective implementation.

    As previously discussed in our Insight "Understanding the interaction between DORA and the Central Bank's Operational Resilience Guidance", many financial services entities are now querying the interplay between DORA and the Central Bank of Ireland's ("Central Bank") Cross Industry Guidance on Operational Resilience (the "Guidance") published in December 2021 (which requires full implementation by December 2023). Anticipating the adoption of DORA, the Central Bank noted in its feedback statement to the consultation paper on the draft Guidance, that same was "in line with international best practice and compatible with and complementary to DORA". Additionally, the Central Bank also committed to "continue to update and align the intended outcomes of our supervisory approach with relevant international operational resilience policy developments as they evolve" and "monitor international developments after the issuance of this Guidance, including any updates to ICT & Cyber Resilience best practices".

    Two points arise here. Firstly, on the face of it, any work being carried out by firms in preparation for the 1 December 2023 deadline for compliance with the Guidance, should be compatible and complementary to any work required to demonstrate compliance with corresponding obligations under DORA.  Secondly, where this is not the case, the Central Bank will likely update their guidance accordingly. In fact, given the extent of the changes introduced through DORA, additional communications and guidance from the Central Bank could potentially be provided as it looks to the integration of DORA into its own supervisory work. This has been described as one of its key priorities for 2023.

     

    Explore the Horizon Tracker

    FIG Top 5 at 5 - 16/02/2023

    Feb 23, 2023, 11:56 AM
    Title : FIG Top 5 at 5 - 16/02/2023
    Filter services i ds :
    Engagement Time : 7
    Insight Type : Article
    Insight Date : Feb 16, 2023, 00:00 AM

    European Union (Money Laundering and Terrorist Financing) (Use of Financial and Other Information) Regulations 2023

    On 2 February 2023, the European Union (Money Laundering and Terrorist Financing) (Use of Financial and Other Information) Regulations 2023 (the "2023 Regulations") were signed into law.

    In order to fully understand the functioning of the 2023 Regulations, the details of the European Union (Anti-Money Laundering: Central Mechanism for Information on Safe-Deposit Boxes and Bank and Payment Accounts) Regulations 2022 (the "Central Mechanism Regulations")  need to be considered.

    The Central Mechanism Regulations were signed into law on 8 February 2022. They provide for the establishment, by the Central Bank of Ireland (the "Central Bank"), of a central database of payment accounts, bank accounts and safe-deposit boxes held with credit institutions (banks and Class 1 investment firms) (the "Central Database"). They also provide for a Central Mechanism of Ownership of Bank and Payment Accounts and Safe-Deposit Boxes (the "Central Mechanism") which enables legally prescribed authorities to search and retrieve this information as required under Directive 2015/849/EU (the "MLD4").

    Pursuant to the 2023 Regulations, credit institutions will be required to provide the Central Bank with certain information through the Central Mechanism on their customers, beneficial owners of their customers, information on bank and payment accounts, and on safe-deposit boxes.

    The 2023 Regulations also detail which authorities may access and search account information on the Central Database and which authorities can request and receive financial information or financial analysis from the State Financial Information Unit and amend the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010.

    Next Steps

    Regulations 4 to 7 of the 2023 Regulations will come into operation on the date of the establishment of the Central Database under the Central Mechanism Regulations.

    The Central Bank's FAQs on its dedicated webpage on the Central Database state that the obligation for credit institutions to provide information to the Central Bank "will commence once formally notified by the Central Bank to do so in Q1 2023. Initial data collection will take place as part of the proposed onboarding of credit institutions in Q1 2023. The onboarding will be done on a phased basis. The Central Bank will provide Credit Institutions with a precise onboarding timeline in Q1 2023".

    EIOPA consults on changes to the minimum amount of professional indemnity insurance cover and financial capacity intermediaries need under IDD

    On 9 February 2023, the European Insurance and Occupational Pensions Authority ("EIOPA") published a consultation on its draft amendments to the Regulatory Technical Standards ("RTS") adapting the base euro amounts for the professional indemnity insurance ("PII") cover and financial capacity of insurance intermediaries under the Insurance Distribution Directive ("IDD").

    EIOPA is required under the IDD to review the minimum amounts for PII and financial capacity every five years. The IDD prescribes that changes to the minimum amounts shall be based on the rate of inflation.

    EIOPA notes that as the Harmonised Index of Consumer Prices rose by 20.32% between 1 January 2018 and 31 December 2022, the proposed new base amounts would be as follows:

    • The base PII amount applying to each claim is to increase from €1,300,380 to €1,564,610;
    • The base aggregate PII amount per year is to increase from €1,924,560 to €,2,315,610; and
    • The base financial capacity amount is to increase from €19,510 to €23,480.

    Ireland

    In relation to Ireland specifically, the consultation paper notes that insurance intermediaries in Ireland are suffering material difficulties to obtain/maintain PII cover due to reduced availability or associated costs. While research suggests, that the estimated increase in PII minimum amounts would not have a material impact in terms of availability of cover/cost of PII cover for insurance intermediaries in most Member States, Ireland is already experiencing problems in terms of availability of cover and associated costs and the projected increase would further aggravate the current situation, hence possibly leading to the withdrawal of smaller insurance intermediaries from the market.

    EIOPA also notes that some consumer protection concerns were also reported by Ireland in relation to the absence of a requirement for an insurance intermediary to hold PII following withdrawal of its registration.

    Next Steps

    The consultation is open for feedback until 6 May 2023.

    EIOPA is required to submit the draft RTS to the European Commission by 30 June 2023.

    CRR and CRD updates

    EBA launches a consultation on amending ITS on supervisory disclosures

    On 8 February 2023, the European Banking Authority ("EBA") published a consultation on its draft Implementing Technical Standards ("ITS") on supervisory disclosures.

    The amendments reflect changes resulting from the legislation adopting the banking package under Directive (EU) 2019/878 ("CRD V") and Regulation (EU) 2019/876 ("CRRII"), in particular those related to supervisory reporting for investment firms.  

    These draft amending ITS specify the format, structure, contents list and annual publication date of the supervisory information to be disclosed by competent authorities.

    The consultation is open for feedback until 9 March 2023. The EBA notes that the consultation period is shorter than usual consultation periods but maintains that this is warranted as the information required of the ITS is already out of date and needs to be updated as soon as possible.

    ECON publishes its reports on proposed CRR III Regulation and CRD VI Directive

    On 9 and 10 February respectively, the European Parliament's Economic and Monetary Affairs Committee ("ECON") published the following reports ( "Reports") on the legislative proposals for:

    a Directive amending the Directive 2013/36/EU ("CRD IV") as regards supervisory powers, sanctions, third-country branches and ESG risks (" CRD VI"); and

    a Regulation amending the Regulation 575/2013 ("CRR") as regards requirements for credit risk, credit valuation adjustment risk, operational risk, market risk and the output floor (" CRR III").

    The Reports, which ECON voted to adopt at its' meeting on 24 January 2023, include suggested amendments to the proposed legislation, details of which can be found in the FIG Top 5 at 5 on 26 January 2023.

    ECON publishes study on recent trends in UK financial sector regulation and identifies potential implications for the EU

    On 9 February 2023, the European Parliament's Committee on Economic and Monetary Affairs ("ECON") published a study on recent trends in the United Kingdom's ("UK") regulation of its financial sector and identifies possible implications for the European Union ("EU"). It also considers, unsurprisingly, the EU's  options regarding equivalence as a result of these trends.

    The study opens by setting the scene as of the date of withdrawal, explaining that the Trade and Cooperation Agreement agreed in December 2020 between the UK and the EU included " a very thin financial sector chapter, with eight out of 783 articles directly covering this sector." It then goes on to explain that the Memorandum of Understanding to establish EU-UK structured regulatory cooperation on financial services has still not been signed. It is against this background that the study provides its findings.

    The study focuses on:

    • recent trends in financial sector legislation and regulation in the UK;
    • divergence between the EU and the UK and threats posed to the EU from this divergence; and
    • the equivalence policy and strategy of the EU towards the UK and options to deepen regulatory cooperation.

    The study notes that the UK has replicated a number of trade agreements between the EU and third countries. It has also concluded and is currently negotiating several new agreements.

    The study explains that there are several areas where the UK has already taken initiatives that could result in regulatory divergence, in particular from the EU Single Rulebook in Banking and Financial Regulation including proposals for the implementation of the final Basel III reforms as well as  in the reform of the Solvency II regulatory framework relevant to insurance regulation.

    The UK's aim to be become a global centre for FinTech and cryptoassets, through a number of regulatory and supervisory initiatives is also flagged as is the UK government's objective to be the ‘world’s first net zero-aligned financial centre’, but that no details regarding same have yet been published.

    The study discusses three possible scenarios of divergence:

    • Low divergence:  Adjustments to some UK regulations and other initiatives but there will not be major divergence, especially in areas with international standards.
    • Medium divergence: More significant divergence and fewer attempts to converge on new rules. Divergence will be more likely in areas where international standards are less important and where the UK has not inherited any EU regulations.
    • High divergence: An aggressive legislative and regulatory drive in the UK to diverge from EU rules. Replacing existing EU rules with new regulation and adopting divergent rules where such rules were not inherited, especially in areas where UK authorities see growth opportunities.

    The study notes that "which scenario will materialise is almost impossible to predict, but will to a large extent depend on the resolution of the current stand-off between the EU and the UK over the Northern Ireland Protocol".

    The study also elaborates on the types of equivalence (in general) that could be granted to the UK by the EU (while acknowledging that there are specific equivalence exclusions in some EU financial services legislation):

    (i)   scope-limited and time-bound equivalence;

    (ii)  scope-limited, also called partial equivalence,

    (iii) conditional equivalence, and

    (iv) provisional equivalence.

    The ECON considers the granting of equivalence to the UK "likely and feasible for only few financial sector segments and critically dependent on the broader political relationship between the EU and the UK".

    ECB sanctions Landesbank Hessen-Thüringen Girozentrale for misreporting capital needs

    On 10 February 2023, the European Central Bank ("ECB") imposed an administrative penalty of €6,825,000 on Landesbank Hessen-Thüringen Girozentrale ("Helaba") for a breach of Article 430(1)(a)2 of Regulation (EU) No 575/2013 ("CRR") .

    The breach involved reporting inaccurate information on risk-weighted assets and capital ratios in the quarterly individual reporting on own funds and own funds requirements for three consecutive reporting periods from 31 March 2020 to 30 September 2020.

    The ECB press release notes when using its internal models to determine its risk-weighted assets for market risk, Helaba "consciously decided to disregard the increased volatility observed in financial markets at the outbreak of the coronavirus (COVID-19) pandemic" and "knowingly reported wrongly calculated figures to the ECB".

    Helaba went beyond the parameters of the ECB’s temporary relief measures for capital requirements on market risk at the time.

    The ECB noted that by underestimating its risk-weighted Helaba did not calculate its capital needs properly and reported a higher Common Equity Tier 1 ("CET1") ratio, which is "a key indicator of a bank’s capital strength and its ability to absorb losses".

    When deciding on the amount of a penalty to sanction Helaba, the ECB used its Guide to the method of setting administrative pecuniary penalties and took into account all the relevant circumstances of the case, in particular the high degree of the misconduct of Helaba, the impact of the breach, the size of the entity and the mitigating factors such as Helaba's cooperation with the ECB  and the remedial actions taken.

    Helaba may challenge the ECB’s decision before the Court of Justice of the European Union.

    HoldingImage_558x245_Blue HoldingImage_450x200_Red
    Authors :
    Co Authors
    Services :
    Related Insights

    The Latest Financial Regulation Developments

    Read the Full Report