Empty Link Skip to Content

FIG Top 5 at 5 - 16/11/2023

DATE: 16/11/2023

1. Two recent speeches by Governor Makhlouf and Deputy Governor Donnery of the Central Bank of Ireland

Governor Makhlouf gives remarks on 'The changing landscape for financial services'

On 11 November 2023, the Governor of the Central Bank of Ireland ("Central Bank"), Gabriel Makhlouf, gave remarks entitled 'The Changing landscape for financial services' at the Irish League Credit Unions Conference. Governor Makhlouf's speech focused on the changing landscape, innovation, competition, credit unions and climate change. Some of these themes were recently discussed at the Central Bank of Ireland's Financial System Conference. For more details on the Conference, please see Matheson Insight: The Central Bank of Ireland's Recent Conference on Financial Systems.

Changing landscape

Governor Makhlouf noted that the pace of change and the significance of the changes that are currently being seen make present change feel very different from past change. The Russian war, energy crisis, inflation and global warming are creating an 'enhanced sense of uncertainty, unpredictability and anxiety'.

Change in the financial sector is seen in how customers are demanding app-based and online delivery of financial services. In response to this, Governor Makhlouf noted that the Central Bank is observing how innovative, technology based business models are emerging and those firms are offering 'niche products to niche consumer groups'. Open-banking, cloud and block chain based technologies, and data analytics are all being used to target consumers. While for the most part Governor Makhlouf welcomes this, he cautions that it also raises serious concerns about sustainability and investor protection.


Ireland is largely seen an attractive location for financial services due to its EU membership, skilled workforce, open economy, and transparent regulatory environment. The growth in the sector, amplified by Brexit, has resulted in a larger, more complex financial sector.

In the retail banking sector, there was a 221% growth in the number of payment firms authorised between 2018-2022, and there are over 20 payment firms currently seeking Central Bank authorisation. There is a large variety of models including fast, cheap multi-currency, cross border payments and initiatives which enable customers of multiple banks to have a consolidated view of their finances. BigTech is also seeking to provide in-house payments and e-money wallets which enable consumers to pay for their purchases. Governor Makhlouf commented that it is expected that FinTech and BigTech will expand their financial services offerings and gain market share, which will challenge and disrupt existing market participants.


Competition ensures variety of products and availability for consumers, and enables markets to function properly. Governor Makhlouf noted that the Central Bank's approach to regulation and its ability to adapt to market developments has the potential to impact competition if it is not managed appropriately. The Central Bank is committed to providing an open and transparent authorisation process which enables firms who meet the requisite standard to obtain 'seamless, timely and predictable access to our market'. Governor Makhlouf stressed that regulation must be proportionate and risks creating distortion if it goes further than is necessary.

Governor Makhlouf noted that the Central Bank will use the feedback it receives from its consultation on innovation, and its Innovation Hub to foster an 'innovative, resilient and customer-focused banking services sector in Ireland'. Both firms and sectors as a whole need to make difficult decisions to ensure that their product can generate sufficient income to cover the costs of this significant period of change, and to build sufficient reserves for future investments and risks. He stressed that regulatory reserves are minimum standards, not targets and Boards and management must be diligent in managing both existing and emerging operational and credit risks.

Credit Unions

Governor Makhlouf commented that credit unions are in a good position to navigate the current disruption and thrive. He cautioned against believing that because the Irish financial sector navigated the pandemic unscathed, it would be able to emerge from the expected future turbulence in the same manner. The pandemic was exceptional, and the measures which were introduced to deal with it were also exceptional. The current geopolitical and financial system disruption is not a once off event, and Governor Makhlouf cautioned that this may be the new norm, with the speed of change potentially accelerating even further by artificial intelligence, crypto capability and other technological innovations. He stressed that, moving forward, fiscal and regulatory responses cannot be as accommodative as they were during the pandemic.

Governor Makhlouf noted that the Credit Union Amendment Bill provided a significant opportunity for the credit union sector to transform into a community based provider of universal retail banking products and services. However, this requires real change on the part of the sector, such as 'implementing the significant business model changes needed to deliver scale efficiencies, leverage the necessary expertise in a cost effective manner, and to develop greater standardisation across their product range'.

Restructuring has transformed the asset profile of the sector and enabled certain credit unions to deliver future transformation. This has seen financial benefits, as well as operational and governance benefits from diversity of views, experience and expertise. The Central Bank urges credit unions of all sizes to consider restructuring in order to achieve greater efficiency, resilience and scale. The Bill offers smaller credit unions who wish to remain standalone, the opportunity to collaborate and refer business to other credit unions. This ensure all credit union members can have seamless access to a broader range of services which are provided within the sector.

Governor Makhlouf disagreed with propositions that the Central Bank lending limits impede credit union growth. He noted that there was significant capacity within the limits for house and business lending, and that out of the 67 larger credit unions, only 12 had applied for increased lending limits. He urged credit unions to utilise their capital and loan limits in order to grow their loan books. 

Climate Change

Governor Makhlouf noted managing the impact of climate change must be considered when assessing resilience. In terms of credit unions, the Climate-Related and Environmental Risks Survey found that in general credit unions are considering climate and environmental risks and the impact of these on their business. However, he also stressed that despite the level of awareness, more needs to be done to manage and mitigate these risks to ensure that credit unions remain resilient. He stated that the Central Bank will be writing to credit unions regarding their observations from the survey and their supervisory expectations.

“Maintaining stability in the face of volatility – financial regulation in a rapidly changing world” - Remarks by Deputy Governor Sharon Donnery at The Compliance Institute annual conference

On 14 November 2023, the Deputy Governor of the Central Bank of Ireland, Sharon Donnery, gave a speech at the Compliance Institute Annual Conference titled 'Maintaining stability in the face of volatility – financial regulation in a rapidly changing world'. She focused on the current challenges of the macro-economic environment, the imminent risks for the financial sector and how these risks will impact compliance and regulation professionals.

Current challenges and the macro-economic environment

With uncertainty comes a need for policy responses explained the Deputy Governor and the world has seen a tightening of interest rates by monetary authorities in the last 18 months. The financial sector itself has experienced a lot of change, including growth in the fintech sector and an overhaul in customer expectations leading to the development of a more digital approach.

Risks to the financial industry

The financial industry is ever changing and these changes can bring risks particularly regarding climate change and digitalisation. Deputy Governor Donnery stated that AI, if developed and implemented correctly, can bring about a 'disruption like no other'. She also noted that humanitarian crisis such as the war in the middle east have the potential to lead to 'zonification' of global trade which would cause more challenges to financial institutions. Ireland would be significantly impacted by this as we have a highly globalised financial sector and economy.

Compliance and regulation professionals

It is essential that financial services professionals recognise the challenging situation the world is in, and adapt to this by the acquisition and development of new skills, building greater resilience in planning and looking at risks in a new light. Also it is essential that these professionals remain 'anchored to one's mission and purpose'. The Central Bank will work to ensure that the financial system operates with the best interest of consumers and the wider economy. However, firms and boards are ultimately responsible for identifying and managing the risks that they are exposed to.


As the non-banking sector becomes integral part of our financial system there has been efforts made to address structural vulnerabilities in this sector by the Financial Stability Board. Recommendations for these institutions will also be published by the Open Ended Funds Working Group at the end of the year. The Deputy Governor explained that the Central Bank supervision of Payment and E-Money institutions has identified significant weaknesses such as risk management and control framework. This has caused heightened supervision for these institutions. Crypto assets also raise concerns, and there is a constant concern over the pricing of such speculative assets. MiCA is an important step in addressing the regulation gap, but it will not provide the same level of protection as other areas in the financial sector, and will not prevent people from losing money.

Regulation, Supervision and Compliance in the age of AI

In terms of AI there are many benefits to the financial sector but there are risks. The construction of AI is not transparent particularly with regard to their training data. This causes a concern for a risk of bias, unfairness and customer harm resulting from opaque and unexplainable decisions by AI. It also raises the issue of trust which is essential in financial institutions. If it is not understood how the models work then trust can easily be lost.  There is also concerns for misinformation and market manipulation risks. Furthermore there are concerns around the common data sets leading to highly correlate output predictions or herding behaviour which can have implications for financial stability.

  • Deputy Governor Donnery stated that the Central Bank's approach to supervising AI would be to:
  • take a risk based and proportionate approach, where more tolerance would be shown to low cost errors; and
  • boards, senior management, and management bodies will be responsible for all activities undertaken by the regulated firm.

2. Chair of the ECB considers the regulation of crypto-finance

On 14 November 2023, Andrea Enria, Chair of the Supervisory Board of the European Central Bank ("ECB") gave a speech at the Conference on MiCA and its coordination with EU financial markets legislation organised by Banca d’Italia. The European Union ("EU") is the first major jurisdiction to introduce a regulatory framework for crypto, and Mr Enria's speech focused on the need to regulate crypto, some problematic areas relating to crypto and how decentralised finance ("DeFi") poses a fundamental challenge to financial regulation and supervision. Finally, Mr Enria discussed the basic elements needed for a 'regulatory and supervisory framework which sets the boundaries and polices interactions between the crypto industry and the banking sector.'

Regulating crypto-asset activities

Mr Enria observed that at first he supported the segregation of crypto-assets from the regulated financial sector, in the hope that prohibiting financial institutions from dealing with crypto-assets would prevent the danger of contagion to the regulated financial sector; and dispel any public perception that speculative crypto-assets would enjoy the same level of protection as investments in more traditional financial assets. Instead he advocated for them to be covered by anti-money laundering and countering the financing of terrorism regulation and supervision.

The recent turbulence in the crypto market, saw 'unsustainable business models and egregious fraud', indicating that there is a need for a tougher regulatory approach. Mr Enria used the example of TerraUSD, whose demise highlighted 3 very concerning features:

  • highly vulnerable lending protocols;
  • extensive interconnections between crypto-asset players; and
  • the unreliability of algorithmic stabilisation mechanism.

Mr Enria concedes that this approach is no longer tenable due to the growth of crypto-asset activities, interest in blending the provision of traditional and crypto financial services, the damage to consumers as a result of fraud, and the failure of risk management in the crypto asset world. While the sector remains small at the moment, further growth may result in wider financial stability concerns as seen in the recent US banking events. He also cautioned that there were significant risks of money laundering and terrorism financing if crypto remains unregulated.

Financial regulation and the crypto industry

Mr Enria noted that MiCA's strength comes from its harmonised framework and its direct effect on Member States. Mr Enria stressed that it was for 'structural' reasons that MiCA excludes fully centralised finance and native crypto currencies due to the lack of addressees of the regulatory measures and the absence of an issuer. He confirmed that bitcoin will be captured by the rules on provisions of crypto asset services, but the issuance of bitcoin is not within the scope of MiCA.

Mr Enria also observed that 'deterritorialisation' of financial services has made it increasingly difficult to identify the provider's jurisdiction. This has created a novel challenge for supervisors that is the 'disconnection of the provision of financial services from a natural or legal person physically located in a specific place'. To ensure financial stability, authorities must develop a 'holistic view'  of crypto asset players. Challenges are seen with DeFi due to the need to aggregate exposures and financial interconnectedness between entities, which are difficult to identify from in regulatory terms. Mr Enria noted that regardless of the names that market players use, it is imperative that connected entities are subject to accounting consolidation and consolidated supervision.

Crypto finance and the banking sector: setting boundaries and policing interactions

It is vital that prudential supervisors draw clear rules on the relationship between crypto asset players and traditional financial intermediaries, particularly, credit institutions. Mr Enria identifies 3 key elements in regulating the interactions between them:

  • policing the banking sector perimeter;
  • upgrading the prudential assessment of applications for initial authorisation to take into account the provision of crypto-asset services and crypto-assets issuances by banking intermediaries; and
  • prudentially regulating financial interconnections between banks and the crypto assets world.

Policing the perimeter of authorised banking activities

Mr Enria stated that the principle of 'same activity, same risks, same regulation' will apply to crypto firms who engage in banking activities and will require a banking licence and must meet the requisite requirements. The challenge comes in determining when crypto asset activities actually cross that threshold, and what financial services are provided for, due to the lack of a harmonised regulatory framework. He observed that there are significant differences in how MiFID rules on the definition of financial instruments have been implemented in different Member States. A thorough analysis of the financial services provided in DeFi and how they fit into the existing definitions of financial services, particularly banking, is key.

Stablecoins, Mr Enria noted, may be seen as a form of private money as they share some similarities with bank demand deposits, but without the public safeguards, and are prone to runs. A US Report on Stablecoins recommended that they only be issued by depository institutions, although this has yet to be implemented. MiCA takes a similar approach by only allowing issuance by credit institutions or e-money institutions.

Initial authorisations of banks carrying out crypto business

The EU adopted a universal banking model to activities permitted under a banking licence, whereby, credit institutions are permitted to provide financial services over and beyond core banking services, excluding insurance services. Similarly, under MiCA, credit institutions do not need specific authorisation to issue tokens or provide crypto asset services, and are subject to sector specific supervision.

Mr Enria observed that an assessment of an application for initial authorisation of a credit institution whose business model has significant crypto-asset activities will have distinctive elements. Following experience gained in large part from German credit institutions, the ECB published supervisory criteria used for licencing banks engaging in crypto-asset activities.

Prudential regulation of linkages between the banking sector and crypto finance

Mr Enria noted that there are 2 elements to supervising these linkages – the liabilities side of banks' balance sheet; and the assets side of banks' balance sheets.

In terms of liability, systemic risk arises from the high correlation between deposits held by various crypto companies at the same bank or different banks, and crypto asset issuers' deposits may show volatility leading to coordinated runs. In circumstances where such deposits account for a material share of the bank's funding, it may impair its resolution strategy of require extraordinary measures to prevent contagion.

MiCA requires that at least 60% of reserves for significant Asset-Reference Tokens to be held in bank deposits, which may result in unintended consequences from a financial stability perspective. Banks may specialise in banking with issuers of stablecoin, and it is imperative that they monitor the diversification of their deposit base in terms of individual counterparties and sectors, while also not relying on volatile deposits, beyond their risk tolerance level. It is vital that the relevant MiCA delegated technical standards include a 'prudential calibration of the single-name concentration limit and that issuers are required to define a credit risk tolerance level for their banking counterparties.'

In terms of assets, the treatment of a credit institution's direct exposures to credit and market risk is more familiar to supervisors, and the response has been to impose capital requirements and exposure limits. Mr Enria highlighted that the ECB expects the capital requirements set by the BCBS, although not due to be transposed until 1 January 2025, will be considered by banks in their business and capital planning. 

Mr Enria raised concerns over the possibility of circumvention of the regulatory framework, as if Crypto Asset Service Providers ("CASPs") controlled by banks are not within the scope of prudential consolidation, both the BCBS standard and exposure limits may be ineffective. He noted that it is difficult to include a subsidiary of a credit institution which is established as a CASP within the scope of prudential consolidation, because of the definition of financial institutions under the CRR. He emphasised that modifying the definition of financial institutions must be done urgently to include CASPs within the scope of prudential consolidation of banking groups.

3. EBA consults on Guidelines on complaints handling by credit servicers

On 9 November 2023, the European Banking Authority ("EBA") launched a public consultation on its draft Guidelines on complaints handling by credit servicers under the Credit Servicers Directive ("CSD").

CSD requires Member States to ensure that effective and transparent procedures for the handling of complaints from borrowers are established and maintained by credit servicers. Member States are required to adopt and publish the national measures to transpose the provisions of CSD by 29 December 2023.

In its consultation, the EBA is proposing to extend the application of the existing Joint Committee Guidelines on complaints handling to credit servicers. The existing guidelines were introduced in 2014 by the European Supervisory Authorities and apply uniformly to the banking, insurance and investment sectors.

Next Steps

The consultation will close to comments on 9 February 2024.

4. ESMA updates Union Strategic Supervisory Priorities to include cyber risk

On 9 November 2023, the European Securities and Markets Authorities ("ESMA") in a press release changed its Union Strategic Supervisory Priorities ("USSPs") to focus on cyber risk and digital resilience, aswell as ESG disclosures.

Cyber Risk

The new USSP will come into force at the same time as DORA in 2025 in order to give supervisors and firms enough time to prepare. The aim of making cyber risk a priority is to:

  • keep pace with market and technological developments; and
  • to monitor possible contagion effects of attacks and disruption in the market.

To achieve this, European Union ("EU") supervisors will place more emphasis on reinforcing information and communication technology risks management within firms.


ESG will remain ESMA's second priority. ESMA and the national competent authorities aim to:

  • combat greenwashing;
  • increase investor understanding; and
  • embed sustainable requirements into firms' advice to investors.

ESG disclosures will remain the key focus across the sustainable finance value chain throughout 2024.

Market Data Quality

Cyber risk replaces the USSP on market data quality. Many steps have been taken to ensure long lasting improvements in this area, and ensuring data quality remains a primary duty of supervised entities. Data quality is also essential to achieving a data-driven approach to supervision, which is a key strategic objective in the ESMA Strategy.

5. European Parliament adopts proposals for a European Single Access Point

On 9 November 2023, the European Parliament ("Parliament") adopted, with amendments, a regulation establishing a European single access point ("ESAP") providing centralised access to publically available information of relevance to financial services, capital markets and sustainability. It also adopted a regulation and a directive to amend existing European legislation in financial services, capital markets and sustainability to enable the functioning of ESAP ("Omnibus Regulation and Omnibus Directive").

Some of the key amendments to the proposals are outlined below:

  • ESMA must establish and operate ESAP within 42 months of the ESAP Regulation entering into force, not by 31 December 2024 as initially proposed;
  • MiCA and the European Green Bond Regulation are in scope;
  • Taxonomy and CSDR are not within scope;
  • historical information should also be included on ESAP;
  • responsibilities of entities regarding submitted information including where mandatory information is rejected or removed, and the completeness and accuracy of the information and related metadata; and
  • revised application dates under the Omnibus Regulation and Directive for when specified EU legislation and related disclosures obligations begin to fall into scope.

Next Steps

The Council of the European Union is expected to adopt the proposals at first reading. Once this is done, the proposed legislation will be published in the Official Journal of the EU and will enter into force 20 days after its publication. The Omnibus Directive must be transposed by Member States within 2 years, apart from Article 3 which must be transposed within 18 months.