1. Central Bank of Ireland Updates – F&P In-Situ PCFs and MiFID Reporting
Central Bank Fitness and Probity - In-Situ Submission Guidance
On 17 January 2024, the Central Bank of Ireland ("Central Bank") published its guidance on fitness and probity ("F&P") In-Situ submissions ("Guidance"). The Guidance applies to regulated financial service providers ("RFSPs") and relevant holding companies and sets out how to submit information in respect of those in-situ pre-approval controlled function holders ("PCF") via the Central Bank's Portal ("Portal").
The In-Situ PCF rules include:
- PCF-54 Head of Material Business Lines for Insurance Undertakings;
- PCF-55 Head of Material Business Lines for Investment Firms;
- HCPCF1 – the office of the chair of the board of the holding company; and
- HCPCF2 – the officer of director of the holding company.
The Guidance notes that the Central Bank's PCF application form – Individual Questionnaire ("IQ") will be amended to permit new applicants to apply for any new PCF roles via the Portal. However, for those who are performing the new PCF roles at the time of implementation, they will not have to submit an IQ but instead, the In-Situ Returns process applies. The Guidance outlines the step by step approach which must be followed to complete the return.
The Central Bank's website confirms that the In-Situ Returns process opened on the Portal on the 22 January 2024 and will remain open for a six week period, closing on 3 March 2024.
Central Bank updates its Annual Conduct of Business Return Guidance for completion
On 22 January 2024, the Central Bank of Ireland ("Central Bank") published its Annual Conduct of Business Return Version 3 - Guidance for Completion ("Guidance"). The last update to the Guidance was in 2017, and some of the amendments relate to legislative changes that have happened in the interim.
The key amendments are summarised below:
- References throughout the document relating to "S.I, No 60 of 2007 the European Communities (Markets in Financial Instruments) Regulations 2007" are amended to "S.I. No 375 of 2017 the European Union (Markets in Financial Instruments) Regulations 2017"; and
- References to the "FSO" are amended to "FSPO".
- Firms should submit their Annual Conduct of Business Return via the Central Bank Portal, rather than via the Online Reporting System.
- The title of this section has been amended from "Compliance Staff" to "Employees".
- There are no material changes to this section, only layout and formatting changes.
- This section has been presented more clearly. Answers to 1(d) 'Outline if any client detriment has occurred' should be answered yes or no and details provided if 'Yes' is answered.
This is a new section and states that the field:
- "marketing spend" should be completed with the total gross amount in euro spent by the firm relating to marketing and advertising during the reporting year.
- "of which relates to Retail Clients" should be completed with the total gross amount in euro spent by the firm relating to marketing and advertising, on MiFID retail clients, during the reporting year. This must be less than or equal to the total figure provided.
The Central Bank has also updated its Investment Product Template, and Version 2 can be found here.
2. Irish Legislative Updates – Access to Cash/ CCPC Levies
Minister McGrath secures Government approval for Access to Cash legislation
On 23 January 2024, the Minister for Finance, Michael McGrath secured Government approval on the General Scheme of the Access to Cash Bill and published it. As noted in the Top 5 at 5 dated 18 January 2024, the Access to Cash Bill was included as legislation for priority drafting in the Government's Spring 2024 Legislation Programme.
In November 2022, the Retail Banking Review ("Review") emphasised the importance of cash in preventing financial exclusion, and ensuring consumers can efficiently budget as well as ensuring a safety net in circumstances where electronic banking or payments infrastructure are impacted by outages or cyber-attacks. The Review called on officials to ensure that ATM operators were authorised and supervised by the Central Bank of Ireland ("Central Bank") and to give power and responsibility to the Central Bank to protect the resilience of the cash system.
The Minister, on the publication of the General Scheme, noted that despite the decline in cash use, it is vitally important in our society and the future economy. He stated that the Bill gives 'the Central Bank regulation making powers in relation to matters such as reporting, setting service standards, and other matters such as denomination stocking'.
Heads of Bill
There are 37 Heads of Bill outlined in the General Scheme under 4 parts. The following is a high level summary of what is addressed.
Part 1 - General Provisions
Part 2 - Reasonable Access to Cash:
- defines what reasonable access to cash is;
- sets out criteria for the level of access to cash in different geographical regions;
- sets separate criteria for withdrawal and lodgement;
- outlines the review process by the Central Bank;
- addresses local deficiencies;
- sets out how the Central Bank will monitor and enforce the Bill;
- sets out the designated entities; and
- provides that the Minister may make regulations prohibiting or capping access fees.
Part 3 - Registration regime for Cash-In-Transit companies and Independent ATM deployers:
- outlines the scope of the Central Bank's supervision;
- sets out provisions regarding the registration of Cash-in-Transit companies and ATM deployers and the revocation of registration;
- sets out provisions for how the Central Bank may make regulations under this Part;
- sets out prescribed requirements for ATM Operators;
- empowers the Central Bank to give directions and sets provisions on how the Central Bank can apply to the High Court to enforce such directions;
- outlines how the Central Bank can appoint authorised officers and their powers;
- sets out the interaction of the Bill with existing legislation; and
- sets out the details of the cooperation between the Central Bank and the Private Security Authority.
Part 4 - Miscellaneous
- proposes to introduce a statutory requirement for the Central Bank to carry out and publish a cost-benefit analysis of regulations.
The Bill will be debated in the Houses of the Oireachtas and amendments may be made during that process. We will monitor the progress of the Bill throughout the legislative process and update clients accordingly.
Consumer Protection Act 2007 (Competition and Consumer Protection Commission) Levy Regulations 2024 [S.I. No. 14 of 2024] is published in Iris Oifigiúil
On 23 January 2024, Consumer Protection Act 2007 (Competition and Consumer Protection Commission) Levy Regulations 2024 [ S.I. No. 14 of 2024] was published in Iris Oifigúil. The S.I. sets out the levies to be paid by various undertakings for the period commencing 1 January 2024 to 31 December 2024.
- a levy of €0.30738 per retail consumer as at 31 December 2022 will apply, with a minimum levy of €500 payable by each credit institution.
- Life assurance undertakings: a levy of €0.001748% of its total net premium income on Irish risk business for the year ending 31 December 2022 will apply, with a minimum levy of €500 payable by each life assurance undertaking; and
- Non-life assurance undertakings (other than captive insurers): a levy of €0.018366% of its total net premium income on Irish risk business for the year ending 31 December 2022 will apply, with a minimum levy of €500 payable by each non-life assurance undertaking.
- Investment firms regulated by MiFID II and including entities engaged in the receipt and transmission of orders, and/or provision of investment advice; entities engaged in portfolio management and execution of orders; entities engaged in own account trading and underwriting on a firm commitment basis: a levy of €1.04 per retail client as at 31 December 2022, with a minimum levy of €50 payable by each entity in these categories.
- a levy of 0.0022082% of its total assets as at September 2022, or if those asset figures are not available in the most recent year available as supplied to the Commission by the Central Bank, with a minimum levy of €50 payable by each credit union.
High Cost Credit Providers
- a levy of €986 is payable in respect of its liability for the year ending 31 December 2022.
Retail Credit Firms and Home Reversion Firms
- a levy of 0.0008598% of the value of outstanding loans at 31 December 2023, with a minimum levy of €50 payable by each credit firm and home reversion firm.
As set out in S.I. No. 560/2011, the Competition and Consumer Protection Commission ("CCPC") may transmit, or may arrange the transmission of, a levy notice in writing to a regulated entity indicating the required levy contribution payable by that regulated entity for the levy period and the payment date for submission of payment of the levy contribution. Each regulated entity shall then pay to the CCPC a levy contribution of the amount specified for that particular regulated entity no later than 28 days from the date on the levy notice.
3. Joint Committee of ESAs publish final reports on the first set of RTS and ITS under DORA
On 17 January 2024, the Joint Committee of the European Supervisory Authorities ("ESAs") published their final reports on the first set of draft regulatory technical standards ("RTS") and implementing technical standards ("ITS") under DORA.
Final Report on draft RTS to further harmonise information and communication technology ("ICT") risk management tools, methods, processes and policies
In light of the comments received, the ESAs have introduced changes to the draft RTS. These changes include:
- the introduction of further proportionality and a risk-based approach;
- removal of the article on governance and information security awareness from the general regime requirements;
- clarification of provisions, particularly relating to network security, encryption, access control and business continuity aspects; and
- the draft RTS will remain technology neutral and will not identify specific products or technologies.
Final Report on draft RTS specifying the criteria for the classification of ICT related incidents, materiality thresholds for major incidents and significant cyber threats
In light of the comments received, the ESAs have introduced changes to the draft RTS. These changes include:
- amending criteria on how financial entities classify incidents as major incidents;
- clarification on the classification and thresholds of the criteria 'clients, financial counterparts and transactions affected' and 'data losses'; and
- amending the approach to classifying recurring events.
Final Report on draft RTS to specify the detailed content of the policy in relation to the contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers
The draft RTS set out the requirements for the policy of financial entities on their use of ICT third party service providers, and specify the governance arrangements, risk management and internal control framework that financial entities should have in place. It also sets out the risk assessment and due diligence procedures that financial entities should carry out before entering into contractual arrangements with ICT third party service providers.
Final Report on draft ITS on the standard templates for the purposes of the register of information in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers
The draft ITS include templates for the purpose of the register of information and the templates and the requirements of their data points were developed from a data management and reporting perspective to ensure consistency and harmonisation, and avoid burdensome reprocessing of data for reporting purposes. Financial entities must maintain and update these templates regarding their contractual arrangements with ICT third-party service providers.
The draft RTS will be submitted to the Commission for adoption, and if adopted will be subject to scrutiny by the Parliament and the Council. It is expected that the ITS will align with the date of application of DORA, 17 January 2025.
4. Political agreement reached on proposed AML Regulation and MLD6
On 18 January 2024, the European Parliament ("Parliament") and the Council of the European Union ("Council") published a press release announcing that they had reached a political agreement on the proposed Regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing ("AML Regulation") and the proposed Directive on the mechanisms to be put in place by the member states for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849 ("MLD6").
The following are some of the key aspects of the AML Regulation which should be noted:
- Obliged Entities
the list of obliged entities is expanded in the provisional agreement. From a financial services perspective the main change is the inclusion of the crypto asset sector which requires crypto-asset service providers ("CASPs") to conduct due diligence on their customers for transactions amounting to €1000 or more.
- Enhanced Due Diligence
The Council and the Parliament introduce specific enhanced due diligence measures for cross-border correspondent relationships for CASPs. Credit and financial institutions must carry out enhanced due diligence where business relationships with very wealthy (high net-worth) individuals involve handling large amounts of assets. Under the sanctioning regime, failure to do so would be considered an aggravating factor.
- Cash Payments
There will be a European Union ("EU")-wide maximum limit of €10,000 for cash payments, and Member States may impose a lower maximum limit if they wish. Obliged entities must also verify the identity of a person who carries out an occasional transaction in cash between €3,000 and €10,000.
- Beneficial Ownership
The rules on beneficial ownership will be more harmonised and transparent. The agreement clarifies that beneficial ownership is based on ownership and control and needs to be analysed to identify the beneficial owners including non-EU entities, and sets the beneficial ownership threshold at 25%. It also provides for the 'registration of the beneficial ownership of all foreign entities that own real estate with retroactivity until 1 January 2014'.
- High-risk third countries
Obliged entities will be required to apply enhanced due diligence measures to occasional transactions and business relationships involving high-risk third countries whose shortcomings in national AML or counter-terrorism regimes mean they are a threat to the integrity of the EU's internal market. The European Commission ("Commission") will assess the risk and a high level of risk will justify the application of specific EU or national countermeasures.
The following are some of the key aspects of the proposed MLD6 which should be noted:
- Beneficial ownership registers
Under the provisional agreement, the information submitted to the central register must be verified, and entities associated with persons or entities subject to targeted financial sanctions must be flagged. As well as supervisory and public authorities and obliged entities, persons of the public with legitimate interest may access the registers.
- Responsibilities of FIUs
Financial intelligence units ("FIUs") will have immediate and direct access to financial, administrative and law enforcement information under the agreement. They will continue to disseminate information to competent authorities tasked with combating money laundering/terrorist financing ("ML/TF") In cross-border cases, FIUs will cooperate more closely with counterparts in Member States concerned with the suspicious report. An integral part of the FIU's work is taking fundamental rights into consideration when making decisions. The agreement also sets out a solid framework for FIUs to suspend or withhold consent to a transaction.
Each Member State will ensure that all obliged entities established in its territory are subject to adequate and effective supervision, and supervisors will adopt a risk-based approach. New supervisory measures for the non-financial sector are introduced, similar to the Anti Money Laundering Authority Regulation.
- Risk Assessment
National and EU risk assessments will remain an important tool. The Commission will conduct an assessment of the risks of ML/FT at an EU level and provide recommendations to Member States on measures they should follow.
The Commission welcomed the agreement and Mairead McGuinness, Commissioner for Financial Services, Financial Stability and Capital Market Unions, noted that the agreement is "an important milestone in the fight against dirty money in the EU".
The texts will be finalised and presented to Member States' representatives in the Committee of Permanent Representatives and the Parliament for approval. Once formally adopted, the texts will be published in the Official Journal of the European Union.
5. EBA consults on management of ESG risks guidelines under CRD IV Directive
On 18 January 2024, the European Banking Authority ("EBA") published a consultation paper which sets out draft guidelines on the management of ESG risks. Under Article 87a(5) of the Capital Requirements Directive IV ("CRD") as amended by the proposed CRD VI Directive, the EBA is mandated to issue guidelines on minimum standards and reference methodologies for the identification, measurements, management and monitoring of ESG risks by institutions.
The draft guidelines:
- specify the requirements for the internal processes and ESG risks management arrangements that institutions should have in place;
- aim to monitor and address the financial risk that stems from ESG factors such as achieving climate neutrality by outlining the principles for the development and content of institutions' plans in accordance with the proposed CRD VI; and
- address qualitative and quantitative criteria for assessing the impact of ESG risks on the risk profile and solvency of institutions in the short, medium and long term.
The consultation paper will close to comments on 18 April 2024. The EBA plans to finalise the guidelines by the end of 2024, and have them apply at the same time as the proposed CRD VI Directive.