FIG Top 5 at 5 - 30/03/2023

1. Central Bank of Ireland Guidance for (Re)Insurance Undertakings on Climate Change Risk

On 27 March 2023, the Central Bank of Ireland (“Central Bank”) published its Final Guidance for (Re)Insurance Undertakings on Climate Change Risk (“Guidance”). The Guidance was accompanied by a feedback statement  ("Feedback Statement") setting out the Central Bank’s views on the submissions received in respect of the August 2022 consultation paper (“CP151”) on the draft guidance.

The Guidance is addressed to (re)insurance undertakings authorised by the Central Bank and includes captive (re)insurers and branches of third-country insurance undertakings authorised by the Central Bank. It clarifies the Central Bank’s expectations on how (re)insurers address climate change risks in their business and aims to assist them in developing their governance and risk management frameworks to do this.

The Guidance confirms that it does not introduce new requirements on (re)insurers in relation to climate change risk. Rather, the Central Bank is clarifying its expectations on compliance with the existing Solvency II prudential requirements relevant to climate change risk.

Recognising that individual (re)insurers may be at different stages of maturity in their approach to managing climate change risk, the Guidance is based on a set of overarching principles and sets proportionate expectations dependent on the nature, scale and complexity of the (re)insurer.

Changes and Clarifications

The Guidance remains largely unchanged from the draft guidance. In the Feedback Statement, the Central Bank provides responses to issues raised in the submissions received to CP151, either by clarifying the Central Bank’s intention with respect to some of the provisions or by making minor adjustments to the Guidance. The following is a brief overview of such positions:

• Materiality Assessment: As the materiality assessment cuts across several themes, the Central Bank has grouped these comments thematically:

Baseline Scenario: In response to queries requesting further prescription on the baseline scenario, the Central Bank is proposing to conduct a workshop on the materiality assessment to assist (re)insurers during the implementation phase of the Guidance (please note that no mention of an implementation date is found elsewhere in the Guidance, we have raised this with the Central Bank and will clarify in due course).

The Central Bank also noted that "due to the breadth and diversity of business written by (re)insurers regulated by the Central Bank it would not be appropriate for the Central Bank to specify the climate change scenarios to be considered in the materiality assessment" and directs (re)insurers to the “Application guidance on running climate change materiality assessment and using climate change scenarios in the ORSA” (the "Application Guidance"). For the same reason, the Central Bank notes it would not be appropriate to specify the parameters by which firms carry out financial assessments of the potential impact of material climate change risks in (re)insurers' ORSA.

The Central Bank clarifies that it considers the baseline scenario to be the "(re)insurer’s view of how and at what pace climate change will evolve over the short, medium and long term, rather than a financial projection" and expects that "this view informs the business planning projections rather than being considered as a separate scenario".

• Time Horizon: In response to queries on the time horizons set out in the Guidance, the Central Bank clarifies that:
  

• The time horizons included in the Guidance are aligned with the time horizons for climate change in EIOPA’s “Opinion on the supervision of the use of climate change risk scenarios in the ORSA" ("EIOPA's Opinion").
• As noted in the Application Guidance, the short, medium and long time horizons for the emergence of climate change risk are much longer than the short, medium and long term time horizons for business planning purposes. The Guidance has been updated to clarify that the Central Bank expects (re)insurers to consider the longer term climate change time horizons for the purposes of the materiality assessment.
• The Guidance has also been updated to clarify that the Central Bank expects that the assessment of the financial impact of and material exposure to climate change and actions identified by (re)insurers to manage any material exposures are considered over the business planning horizons.
• The Central Bank accepts that initially, the analysis of longer time horizons may be more exploratory and qualitative in nature but that the scope of analysis and methodologies will develop and improve over time.
• (Re)insurers may consider different approaches, for example, the financial assessment of potential impacts could be undertaken on a “what if” basis rather than on precise parameters. The Central Bank expects (re)insurers to reflect on the outcome of this analysis when considering what action(s) they need to take to mitigate any material long-term risk.
• The Central Bank agrees with the suggestion that the short term climate change risk time horizons should range from 0–10 years instead of 5-10 years
  

• Materiality and Other Points: In response to a number of questions on materiality, the Central Bank clarified that the definition of materiality included in the Guidance is that definition outlined in EIOPA’s Opinion. The Central Bank highlighted its expectation that the feasibility of any material reliance on future management actions and other mitigating factors, be assessed. With regard to the assessment of the feasibility of assumptions used to justify such management actions, the Central Bank has provided some examples of the types of assumptions that might be used in the Guidance.
  • As to whether the materiality assessment should be documented or included in the ORSA, the Central Bank noted that this is a matter for each (re)insurer, as it is dependent on the specificities of their business. (Re)insurers could consider including this within the business planning process
• Double Materiality: In relation to double materiality, the Central Bank recognises the voluntary efforts of the (re)insurance sector in supporting the transition to a carbon neutral world and notes that the Guidance "does not seek to mandate (re)insurers to adopt net zero strategies or to require the development of sustainable products". However, the Central Bank cautions that (re)insurers should be aware of the potential reputational risk that may arise if they fail to meet any sustainability related public commitments or do not develop sustainable products. With regard to the interaction with the Corporate Sustainability Reporting Directive, the Central Bank notes that (re)insurers may take sustainability reports into account when considering their own underwriting and investment strategies.

• Cost/Benefit Considerations: Some respondents noted that while the Guidance does not create additional regulatory requirements, effort and resources would need to be allocated to fulfil the Central Bank's expectations. The Central Bank notes that, in considering the level of resources and effort, the Guidance explicitly allows for proportionate approaches taking account of the materiality of the (re)insurer’s exposure to climate change risk and the size and complexity of the (re)insurer. Additionally, it states that the Guidance "may alleviate potential future costs which may be incurred by (re)insurers through inaction or a delay in taking action to appropriately consider and address the impact of climate change risks on the business".

• Infographic: In response to feedback on the infographic, the Central Bank clarified that the infographic is intended to "help (re)insurers to visualise the interlinkages between the different elements of the Guidance. It is not intended to fully replicate all of the optionality in the Guidance".

• Consistency: The Central Bank has taken on board comments in relation to consistency within the Guidance and areas which appear to go beyond regulatory requirements. The Central Bank has reviewed the Guidance and in particular, has revised the wording related to the Board responsibilities and remuneration to "remove any over-prescription".

• Autonomy: Responding to a comment that (re)insurers should be able to decide what risks are key for them without an expectation that climate change be a key risk for all, the Central Bank clarified that it "is not the intention of the Central Bank to specify that climate change is a key risk for an individual (re)insurer". The Guidance requires that where a (re)insurer concludes that climate change risk is not a material risk for them, this conclusion, together with its justification, are well documented.

• Data and Expertise: The Central Bank recognises that climate data is not perfect, however, it expects (re)insurers to consider the various sources, which are available, or use proxies and estimations where data is not yet available, to build as clear a picture as possible of how climate change risks may affect their business. On the issue of the availability of expertise, the Central Bank notes that (re)insurers have a responsibility to "ensure that they have access to the appropriate level of skills and resources to appropriately manage the risks they face".

• Role of the board: Responding to a comment that the expectations set out for the board are "too prescriptive and that the involvement of the board should be part of the overall governance" the Central Bank clarified that it considers the expectations set out in the Guidance to be appropriate as the board is "ultimately responsible for the proper monitoring and oversight of all activities of (re)insurers".

• Further clarity: The submissions included some clarification requests which the Central Bank has responded to below:

• Level of validation: the Central Bank expects that the validation referenced in the reserving and capital section satisfies the Solvency II requirements relating to validation.

• Level of disclosure required: From a prudential perspective, the Central Bank does not set expectations related to disclosure requirements.

• Embedding climate change: The Central Bank considers that the Guidance provides helpful support for (re)insurers to embed climate change within the (re)insurer. It went on to explain that it will continue to monitor emerging practices and will use this information to consider whether further guidance is required.

• Transition Plan: Although transition plans are not currently required under legislation, they may be a useful tool for (re)insurers to consider their transition to a climate neutral society. However, where (re)insurers have made climate related public commitments, the Central Bank expects them to have a transition plan that guides their actions in achieving those commitments.

Next Steps

Given that the Guidance confirms that it does not introduce new requirements on (re)insurers in relation to climate change risk but instead is clarifying the Central Bank's expectations on compliance with the existing Solvency II prudential requirements relevant to climate change risk, no implementation timeline is relevant.

Regulated financial services firms in other sectors should note that while the Guidance has been developed initially for the (re)insurance sector, the Central Bank stated in its press release on the publication of CP151 that in it will consider adapting the Guidance for other sectors in due course.

2. Regulatory Service Standards Performance Report: July – December 2022

On 24 March 2023, the Central Bank of Ireland (the "Central Bank") published its Regulatory Service Standards Performance Report for H2 2022 (the "Report").

The Report sets out the Central Bank’s performance against service standards that it has committed to in respect of authorisations, pre-approval controlled function ("PCF") applications and contact management and gives an indicative guide as to the timelines firms can expect for such applications.

As a result of consultations with industry, the Central Bank has included an enhanced narrative in the Report as compared to previous years to aid understanding.

Below is a summary of the key statistics in the Report:

Investment Firms

• The Central Bank processed 100% of MiFID applications within 6 months.
• The pipeline of applicant firms in the MiFID Investment Firm sector remained elevated in H1 2022, but stabilised over the course of H2 2022.
• The impact of Brexit was still apparent, with a significant number of applicants exploring authorisation in Ireland as a jurisdiction for their European operations.
• The most efficiently processed applications are generally due to a stable business proposal, appropriate levels of governance and resourcing, and a high level of engagement by applicant firms during the process.
• Eight authorisations were granted, compared to six in 2021. Four to new applicants and four for existing firms seeking an extension to their authorisation.

The Central Bank highlights that an application is only deemed complete when all PCF information questionnaires ("IQs") have been submitted and any delays in submitting IQs will increase the time taken to complete the review of a firm’s application for authorisation.

Insurance/Reinsurance Undertakings

• All service standards for applications received were met for Insurance/Reinsurance Undertakings in H2 2022 (i.e. to process 100% of complete applications for authorisation within 6 months of becoming complete and 75% of complete applications for authorisation within 3 months of becoming complete; and to return incomplete applications for authorisation within 2 weeks of receipt).
• The volume of applications was generally in line with H1 2022.

Retail Intermediaries & Debt Management Firms

• All service standards were met in H2 2022 for Retail Intermediaries & Debt Management Firms (i.e. to acknowledge receipt of 95% of applications within 3 business days; to complete 95% of key information checks within 10 business days; to complete the assessment phase for 90% of applicants and notify them of the outcome within 90 business days of commencement of assessment phase; and to complete the notification of decision phase for 90% firms and notify them of outcome within 10 business days of receipt of satisfactory response to issues set out in notification of outcome of assessment phase.)
• The average turnaround time for applications authorised in the period was six months from the commencement of the assessment phase. However, where comprehensive applications were submitted with minimal follow-up engagement required, this was reduced to three months.
• 91 applications were returned to firms due to failing the key information check.
• 23 applications were withdrawn or became dormant after entering the assessment phase. The most common reasons for this was applicants being unable to demonstrate that proposed PCFs met the Fitness & Probity ("F&P") requirements and applicants not responding to information requests from the Central Bank.

High Cost Credit Providers, Retail Credit Firms & Home Reversion Firms Authorisation

• In H2 2022, all Service Standards for applications received were met for High Cost Credit Providers, Retail Credit Firms & Home Reversion Firms Authorisation (i.e. to complete acknowledgement of receipt of 95% of applications within 3 business days of receipt; to complete 95% of key information checks within 10 business days of receipt of application; to complete the assessment phase and notify applicant of outcome for 90% of firms within 90 business days of commencement of assessment phase; to complete the notification of decision phase and notify applicant of outcome for 90% of firms within 10 business days of receipt of satisfactory response to issues set out in notification of outcome of assessment phase;  and to process 100% of complete renewals of high cost credit provider licences prior to expiry of existing licence).
• 22 high cost credit provider licences were renewed in H2 2022, following 10 renewals in H1 2022.
• The Central Bank commenced issuing licences to the sector with a longer term of five years, upon expiry of existing one year licences, towards the end of 2022. This change was as a result of the enactment of the Consumer Credit (Amendment) Act 2022. The Central Bank has updated the licence renewal process to reflect the new licence period.

Payment Firms & Bureaux de Change Authorisations

• In H2 2022, all Service Standards for applications received were met for Payment Firms (Payment Institutions, Electronic Money Institutions ("EMIs"), Small EMIs & Money Transmission Businesses) & Bureaux de Change Authorisations (i.e. To acknowledge receipt of 95% of applications within 3 business days of receipt; to complete 95% of key information checks within 10 business days of receipt; to complete the assessment phase and notify applicant of outcome within 90 business days of commencement of assessment phase for 90% of firms; and to complete the notification of decision phase and notify applicant of outcome for 90% of firms within 10 business days of receipt of satisfactory response to issues set out in notification of outcome of assessment phase).
• Six licences were granted to Payments and E-Money firms in 2022, an increase of 100% versus 2021.
• While improvements have been seen in the quality of some applications since the introduction of the Innovation Hub, the Central Bank continues to see firms challenged in meeting authorisation expectations.
• The Central Bank emphasises the Central Bank website as a key source of information regarding its expectations of applicant firms.

F&P PCF Applications

• In H2 2022, all Service Standards for PCF applications received were met (i.e to provide a response to 85% of submitting entities where an IQ is incomplete within 5 business days; to assess 85% of IQs for QIAIFs within 5 business days; to assess 85% of IQs for individual previously approved by Central Bank or EEA Financial Services Regulator of applications within 12 business days; and to assess “standard” IQs within 15 business days).
• There were 1,801 PCF applications submitted in H2 2022 an increase of 2% compared to H2 2021.
• There were 410 PCF applications assessed that were part of a firm authorisation, a 5% increase compared to H2 2021.
• There were 358 PCF applications where service standards did not apply, a 6% increase compared to H2 2021. Such instances can include information being sought from external sources; a PCF candidate being interviewed; the application is part of an acquiring transaction; the ECB is the decision maker; or a derogation is sought under corporate governance requirements.
• 7% of applications were withdrawn by firms in H2 2022, mostly linked to authorisations that did not proceed, funds that did not launch and/or where individuals decided not to continue with their application.
• 18% of applications subject to an F&P interview were withdrawn following the interview in 2022.
• 6% of applications were returned as incomplete. Such errors included failure to upload necessary documentation; insufficient due diligence performed; lack of disclosure of a probity matter in the IQ; application for wrong PCF role; and inability to answer queries on key aspects of the applicant’s F&P.

Contact Management Service Standards

All contact management Service Standards for applications received were met in H2 2022. The Central Bank is keen to ensure that all communication with its external industry stakeholders is "handled as efficiently and effectively as possible" and highlights the support for the submission of Regulatory and Statistical returns as particularly important.

Central Bank Portal Enhancement

As noted in the Top 5 at 5 on 9 March 2023, the Central Bank Portal is being updated to facilitate the submission of PCF applications. These changes will go-live in April 2023. In advance of this, the Central Bank will issue a communication to all regulated entities advising as to the preparations required to use the new system. This will include a confirmation of the Go Live Date, an outline of the transition plans, guidance on registering for the Portal and publication of the new IQ (planned for Q1 2023). These communications will be published on the Central Bank's website.

3. FSPO publishes Overview of 2022 Complaints

On 24 March 2023, the Financial Services and Pensions Ombudsman ("FSPO") published its Overview of Complaints for 2022 (the "Overview").

The Overview details the manner in which complaints received in 2022 were closed and the outcome of those complaints. In accordance with the FSPO’s governing legislation, the Overview identifies any financial service providers against which three or more complaints were upheld, substantially upheld, or partially upheld. The Overview also contains a number of case studies under the categories of customer operations and information management, dispute resolution services, investigation services and legal services.

The following is a high level note of the key statistics from the Overview:

General

• 4,781 complaints were received by the FSPO in 2022, a slight increase from 4,658 in 2021.
• 4,647 complaints were closed in 2022.
• 28% of complaints concerned customer service issues.
• 80% of complaints were made by complainants in the Republic of Ireland, with one in five complaints reflecting the cross-border nature of financial services markets.

Insurance

• 24% of complaints received were related to the insurance sector.
• Insurance complaints decreased by 10% in comparison to 2021.
• 35% of insurance complaints received concerned claims handling, with customer service and rejection of a claim also giving rise to complaints.
• 27% of insurance complaints concerned motor insurance and 23% concerned health, accident or other insurance.

Banking

• Banking complaints represented 55% of all complaints received.
• The conducts most complained of were customer service, disputed transactions and maladministration.
• The banking products most complained about in 2022, were accounts (44%) and mortgages (31%).

Investments

• There was a 4% increase in the number of investment complaints received.
• Investment complaints comprised 8% of all complaints received in 2022.
• The conducts most complained of within the investment category were maladministration and customer service, each accounting for approximately a third of complaints in this sector.

COVID-19

• 2022 saw a significant reduction in the number of new COVID-19 related complaints made to the FSPO. There were 37 COVID-19 related complaints from the insurance sector, 9 of which were business interruption complaints. There were 32 COVID-19 related complaints from the banking sector, 7 of which were payment break requests.
• During the pandemic the FSPO prioritised complaints concerning business interruption insurance, in recognition of the importance to policyholders of achieving a swift understanding as to whether they were entitled to benefits or payments.
• At the end of 2022, the FSPO had 132 COVID-19 related complaints on hand, some of which were on hold until October 2022 pending the outcome of a statutory appeal to the High Court.

Market exit complaints

• 99 complaints were received relating to “market exit” issues, 61 of which had been concluded by year end.
• The complaints received related mainly to customer service and maladministration issues.

Tracker mortgages

• 139 new tracker mortgage interest rate complaints were received in 2022, with the FSPO having over 1,000 tracker complaints on hand at the end of 2022.

On publishing the Overview the FSPO, Liam Sloyan commented:

Market exits: “It is notable that by the end of 2022, the FSPO had received less than 100 complaints identified as relating to market exit. The FSPO collaboratively engaged with stakeholders, including the providers leaving the market, sharing information and making every effort to progress these complaints as quickly as possible, within our resources. It is very positive that, to date, for the vast majority of impacted consumers, the departure of two major banks has not given rise to issues leading to a complaint being made to this Office".

Customer Service: “Customer service remains the highest proportion of complaints in 2022, accounting for 28% of complaints. This is a disappointing increase from what was already a significant volume in 2021, at 23% of complaints. ……..Many of the consumers making complaints to the FSPO could have had their complaints addressed by their provider, at an earlier point in time. I encourage all providers of financial services and pension products, to adopt an approach of seeking, where possible, to resolve complaints quickly with their customers.”

4. Gerry Cross, Chair of the European Supervisory Authorities' Joint Sub-Committee on DORA Implementation - Speech at a DORA event hosted by European Fintech Association & Insurance Ireland

On 28 March 2023, Mr Gerry Cross Director of Financial Regulation, Policy & Risk at the Central Bank of Ireland, gave a speech at a Digital Operational Resilience Act ("DORA") event hosted by European Fintech Association & Insurance Ireland. Mr Cross is also the Chair of the European Supervisory Authorities' ("ESAs") Joint Sub-Committee on DORA Implementation ("JC"). The ESAs are tasked with jointly delivering the regulatory standards implementing the new DORA framework. The Joint Committee of the three ESAs has established the JC to deliver those standards.

In his speech Mr Cross noted that DORA is a cross-sector regulation, applying to all regulated financial firms which "aims to mitigate technology and cyber risk by enhancing firms’ technology and cyber risk management and resilience" and from a regulatory perspective presents a "challenging task" as it will come into effect "a mere 21 months from now". From an industry perspective, he believes that the challenge for firms of adapting their approaches for DORA "is an important one requiring commitment, resourcing, prioritisation and as much clarity and certainty as possible".

The following is a brief outline of the areas covered by Mr Cross in his speech:

Timelines

Mr Cross stressed that the tight deadlines are not "arbitrary ones chosen on a whim" but rather a direct function of the "importance and urgency of the issue that they are designed to address". Regarding the timelines which the JC is working towards the following was flagged:

• first package of proposals for consultation will be issued in the summer. This includes the risk management framework, the criteria for the classification of ICT-related incidents, the register of information on outsourcing that firms’ must keep, rules on outsourcing policies, amongst others.
• second package of measures for consultation will be issued towards the latter part of this year. This includes the criteria for the classification of IT incidents as “major”; the reporting arrangements and requirements for such incidents; the framework around threat led penetration testing; and aspects of the oversight arrangements for Critical Third Party Providers ("CTPP"); amongst others.
• a separate consultation paper will be issued this summer in response to the recent Call for Advice to the ESA's from the European Commission which asks for the ESAs’ advice on the criteria that should apply for designating a CTPP as critical and also how fees should be calculated for the oversight of such entities. The deadline for this advice is September this year.

Risk Management

Mr Cross explained that in developing the regulations, the JC is considering its outputs under the three headings: (1) ICT Risk Management; (2) Incident Reporting; and (3) Oversight of Critical Third Party Providers.

1. ICT risk management.

 This requires firms to have a good understanding of their ICT assets. Mr Cross explains that from the ESAs' supervisory work they know that this is not always the case and while a challenge, DORA will require regulated financial firms to identify, classify and adequately document all ICT supported business functions and to identify, classify and adequately document all the information assets and ICT assets supporting these functions. He explains that the bottom line remains: "You need to know what you have in order to identify the risk it may cause."

Mr Cross then went on to discuss how DORA sets out expectations on how to protect ICT assets,  how to prevent incidents, how to test ICT resilience and how to conduct ICT risk assessment when outsourcing ICT services to third-party providers. In addition, he flagged the requirement to have registers of information for all contractual arrangements with regard to ICT services provided by third-party providers. He spoke to the achievability of this by referencing the successful work which Irish firms have undertaken in the context of outsourcing templates for all outsourced services.

2. ICT Incident Management and Reporting

Mr Cross explains that DORA aims to harmonise existing incident reporting requirements and sets expectations for firms to record all their ICT incidents as well as their significant cyber threats. A key aspect of this will be the criteria that the JC will consult on over the summer for determining what should be considered “major” incidents. Its approach to this will be informed by an outcomes focus. He also remarked that the incident reporting requirements of DORA sit within a range of other such reporting requirements, including those under the NISD2 framework and that it will be important that these regimes fit and work well together.

3. Oversight of Critical Third Party Providers

Mr Cross explained that CTPPs will not be subject to regulation or to formal supervision but to oversight. A number of components are being developed that will, together, provide the full content of this oversight framework including:

• the registers of outsourced services that financial entities will be required to maintain;
• the establishment of criteria for determining which third party providers are in fact critical; and
• the putting in place of the operational arrangements that will be needed to implement the new oversight arrangements.

5. ESMA Final Report on Guidelines on MiFID II product governance requirements

On 27 March 2023, the European Securities and Markets Authority ("ESMA") published a Final Report on the Guidelines on MiFID II product governance requirements (the "Final Report"), following its July 2022 public consultation on the subject.

The Final Report explains that it builds on the text of the 2017 ESMA guidelines which were reviewed taking into account recent regulatory and supervisory developments such as the European Commission’s Capital Markets Recovery Package, the sustainability-related amendments to the MiFID II Delegated Directive, the recommendations on the product governance guidelines by ESMA’s Advisory Committee on Proportionality; and the findings of ESMA’s 2021 Common Supervisory Action on product governance.

The Final Report contains a feedback statement that summarises the responses received and highlights the amendments and clarifications introduced in the final guidelines, in light of the feedback received.

The main amendments to the guidelines include:

• the specification of any sustainability-related objectives a product is compatible with;
• the practice of identifying a target market per cluster of products instead of per individual product (“clustering approach”);
• the determination of a compatible distribution strategy where a distributor considers that a more complex product can be distributed under non-advised sales; and
• the periodic review of products, including the application of the proportionality principle.

The Final Report also includes a section on "Good Practices", these are based on NCAs’ supervisory experiences with firms’ compliance with the product governance requirements. These, the Final Report explains will be most helpful for firms in complying with the product governance requirements.

The concluding message in the Final Report is that "the guidelines will make sure that the objectives of MiFID II can be efficiently achieved. ESMA believes that the implementation of these guidelines will strengthen investor protection, which is a key objective for ESMA."

Next steps

The Guidelines will be translated into the official languages of the EU and published on ESMA’s website. The publication of the translations will trigger a two-month period during which national competent authorities must notify ESMA whether they comply or intend to comply with the Guidelines.

The Guidelines will apply two months after the date of the publication on ESMA’s website in all EU official languages.