This week’s edition of the FIG Top 5 at 5
12 February 2026
On 10 February 2026, the Central Bank of Ireland (“Central Bank”) published a letter (“Letter”) dated 29 January 2026 from Governor Gabriel Makhlouf to the Tánaiste, Mr Simon Harris TD. The Letter sets out the Governor’s views on the macro financial environment, the financial services landscape and the regulatory and supervisory priorities of the Central Bank for 2026.
For the purposes of this update, the focus is on the Central Bank’s regulatory and supervisory priorities, as set out in the Letter.
Overarching priorities
In the context of continuing to focus on its four interrelated and safeguarding outcomes, namely, protection of consumer and investor interests, safety and soundness of regulated entities, integrity of the financial system and financial stability, the Letter also sets out four “overarching priorities” for 2026, as follows:
- maintaining and building resilience to geopolitical risks and macro-financial uncertainties;
- securing consumer and investor interests in a rapidly changing world;
- responding to technology-driven transformations; and
- helping to address environmental and societal transitions underway.
Specific priorities 2026
2026 will see a continued focus on the maintenance of the financial sector’s operational resilience. This will include continuing to strengthen the ability of the sector to manage and respond to severe operational disruptions together with continuity of service for customers.
The maintenance of the financial resilience of the financial sector will be the subject of continuing focus with the Letter highlighting that the Central Bank will carry out a variety of actions such as the assessment of credit, market, liquidity and reserving / provisioning risk exposures. Further, there will be a focus on risk management practices, including risk transfer, across and within relevant sectors.
With the revised Consumer Protection Code (“CPC”) due to come into effect in March 2026, the Letter highlights ensuring firms have implemented the revised CPC as a priority. The Central Bank will also consider the application of the CPC to all credit union regulated activities from 2027.
The access to cash legislation has also been singled out as a 2026 priority, with the Letter affirming the commitment of the Central Bank to delivering its responsibilities under the legislation, for example, publishing regulations setting out ATM service standards relating to the hours of availability together with registration and oversight responsibilities. For more information on the access to cash legislation, see FIG Top 5 at 5 dated 11 December 2025.
2026 will also see the Central Bank focused on enhancing the financial sector’s safeguards against financial crime, including, for example, actions related to raising consumer and investor awareness of frauds and scams and also detecting and punishing unauthorised providers and those engaged in market abuse.
Supervisory work as regards the embedding of climate and other environmental factors into risk management, business models and governance will be a priority for the Central Bank. This will encompass assessing the responses of firms to the increasing frequency and severity of climate related weather events.
The topical area of AI will also be the subject of continued focus across 2026, including further development of the Central Bank’s expectations for firms in this area.
Work will continue in the area on innovation in the financial sector, with the Letter highlighting, amongst other things, a continuing focus on the authorisation and supervision of innovative firms and on the second sandbox programme – for more information on the sandbox programme, see FIG Top 5 at 5 dated 29 January 2026.
Regulating and supervising well
The Letter also make reference to the Central Bank’s commitment to “continuous improvement and more effective and efficient regulation and supervision” – a position that was enunciated in the roadmap published in December 2025 – for more information, see FIG Top 5 at 5 dated 11 December 2025.
Further initiatives highlighted in this area include:
- the further embedding of the new supervisory approach; and
- implementing the recommendations of the OECD’s review of our consumer protection supervision – for more information, see FIG Top 5 at 5 dated 19 December 2024.
Collaboration
The Letter sets out the Central Bank’s commitment to working with the Department of Finance including supporting, in the context of Ireland’s Presidency of the Council of the EU in July, work related to:
- the digital euro;
- the savings and investment union (“SIU”); and
- simplification proposals.
On a domestic front, the Central Bank will also continue to support the National Financial Literacy Strategy.
Governor’s speech
On 10 February 2026, Governor Makhlouf delivered a speech (“Speech”) to EU Heads of Missions where he discussed societal shifts, geoeconomic risks, climate change and rapid innovation and specifically how these changes only seem to be accelerating, citing the need for Europe to adapt and respond.
The Governor addressed the need to build domestic economic resilience, setting out the priorities that domestic economic policy should focus on.
Governor Makhlouf also identified three priority areas for Europe, as follows:
- trade – highlighting the need to complete the single market and to maintain openness to external trade partnerships;
- deepening and developing the SIU – emphasising the need to prioritise the expansion of European safe assets / mobilising internal capital through greater retail investment and participation; and
- increasing the attractiveness of the EU’s market to external capital and removing barriers to the flow of capital internally.
The Governor also highlighted the need to prioritise productivity through closing Europe’s innovation gap, removing internal barriers and accelerating decarbonisation.
The Governor addressed “Central Banking in times of change”, noting that challenges stemming from geoeconomic fragmentation, digitalisation, climate change and the need to respond, cuts across the entire mandate of the Central Bank, from maintenance of financial stability to regulation and supervision of the financial sector.
The Governor then went on to highlight that the Central Bank will publish its Regulatory and Supervisory priorities over the coming weeks and in that regard, he summarised the contents of the Letter, discussed above, setting out the Central Bank’s overarching priorities together with the more specific priorities for 2026.
Concluding his Speech, the Governor stated that in addition to the need for central banks to change, responding to the external environment also includes:
“…institutional resilience which means adapting and responding to change, while also staying firm and resolutely focused on delivering on our important mandates regardless of the external winds and headwinds. This is why, particularly in these testing times, central banks remain fundamental to ensuring monetary and financial stability, and delivering long term stable growth.”
Between the 29 January and 5 February 2026, the Central Bank of Ireland (“Central Bank”) updated its dedicated DORA communications and publications webpage as follows:
On 29 January 2026, the Central Bank announced that it will open its portal (“Portal”) for the submission of registers of information (“RoI”) under DORA from 1 to 31 March 2026. During that timeframe, financial entities are required to upload the RoI to the Portal, with a reporting date as at 31 December 2025. The Central Bank has advised that the first point of contact for any regulatory queries is the supervisory team and that technical issues / queries should be directed to the online returns team.
The webpage also details that a briefing (“Briefing”) was held on 4 February 2026, where the Central Bank set out its expectations of financial entities who are submitting RoIs. In addition, the Central Bank highlighted the most common mistakes that it observed last year, some of which were as follows:
- issues regarding file structure;
- missing or invalid identifiers;
- referential integrity errors; and
- late submissions.
The Central Bank has advised that there is no change to the core EBA data model. Additionally, there have been no changes made to the overall RoI file structure.
The Central Bank also pointed to improvements it made on foot of feedback received regarding last year’s submission of the RoIs, some of which are as follows:
- the submission window has been extended to four weeks, whereas previously it had been four days;
- there are enhanced portal error messages, with more than one error appearing at a time; and
- clearer validation feedback.
Updated guidance
The Central Bank also highlighted its updated and consolidated guide (“Guidance”) to submitting DORA RoIs on the Portal and advised financial entities to ensure that this latest version of the Guidance is being used. The Guidance consolidates all previous error guidance documents into one document and also contains information on the different error types as well as information regarding the European Banking Authority (“EBA”) feedback file errors. The updated Guidance also contains guidance on updated Portal errors as well as links to the relevant EBA guidance.
Next Steps
The Central Bank has emphasised that firms submitting RoIs should:
- prepare to submit the RoI early – this will allow for any errors on the Portal and in the EBA feedback files to be remediated and the RoI resubmitted;
- validate file structure thoroughly;
- pay particular attention to referential integrity – this caused the highest number of errors in the EBA feedback files last year; and
- use the updated Guidance.
The Central Bank has advised that firms should monitor its dedicated DORA webpage for any further updates.
Finally, the Central Bank has made a recording of the Briefing available – which can be accessed here.
Update on TLPT
Separately, on 30 January 2026, the Central Bank provided an update regarding advanced threat-led penetration testing (“TLPT”), stating that it engages directly with firms in scope of TLPT. Further, it was stated that the Central Bank carries out an identification exercise on an annual basis and any additional firms that are identified will be engaged with in a timely manner.
In December 2025, the Central Bank of Ireland (“Central Bank”) published the first edition of its Financial Crime Bulletin (“Bulletin”). The Bulletin, which will be a twice yearly publication, aims to provide an update on key regulatory developments as regards anti-money laundering (“AML”), combatting the financing of terrorism (“CFT”), financial sanctions (“FS”) and fraud.
Some of the areas covered in the bulletin are as follows:
Risk assessment
The Bulletin highlights that Ireland’s national risk assessment is currently being updated and is targeted at ensuring that the public and private sectors understand the main money laundering (“ML”), terrorist financing (“TF”) and proliferation financing (“PF”) threats.
The Bulletin summarises the way in which the Central Bank identifies and assesses ML, TF and PF risks across all sectors and firms coming within its AML / CFT remit, explaining that, ultimately, each sector and firm receives an individual score which determines the level and extent of supervisory activity in a given sector or firm.
In terms of data collection, the Bulletin highlights that the Central Bank is introducing an updated AML / CFT risk evaluation questionnaire (“REQ”), going on to explain that the current general REQ will be replaced by sector specific REQs. Two of these sector specific REQs were published in June 2025 – for more information, see FIG Top 5 at 5 dated 3 July 2025. Further REQs will be published between now and early 2027, with the Bulletin emphasising that firms will be contacted individually about submission obligations.
This section also addresses exemptions to being treated as a designated person for ALM / CFT reasons, for example an exemption applies if the annual turnover of the person’s business attributable to operating as a credit or financial institution is €70,000 or less and that the annual turnover of the business attributable to operating as a credit or financial institution does not exceed five per cent of the business’s total annual turnover. However, the Bulletin does state that persons who qualify for an exemption will have relationships with larger firms who are designated persons, noting that such firms are required to carry out a business risk assessment that identifies and assesses the ML / TF risk involved in the conduct of their own business activities.
Finally, the Bulletin emphasises the need for firms to have an up to date understanding of a customer’s business and professional activities, with significant changes prompting a review to ensure all threats and risks are captured and understood. If required, additional customer due diligence should be carried out.
Crypto and payments
Some of the matters addressed under this heading are as follows:
- an update on the licensing of firms under MiCA, with six firms having been authorised as crypto asset service providers (“CASPs”) to date;
- a reminder that the recast funds transfer regulation (“FTR”), which has been in force since December 2024, applies to the transfer of certain crypto assets;
- as regards travel rule guidelines, it is highlighted that payment service providers (“PSPs”) and CASPs must take steps to ensure that missing or incomplete information that accompanies a transfer of funds or crypto assets is detected and must also have procedures in place to manage a transfer of funds or a transfer of crypto assets lacking the required information;
- the update, by the European Banking Authority (“EBA”), of its guidelines on ML / TF risk factors, particularly regarding factors that may indicate a CASP’s exposure to higher or lower ML / TF risk and explain how CASPs should adjust their customer due diligence in line with those risks. The Bulletin also highlights that the EBA’s risk based supervision guidelines have been updated to include CASPs within scope;
- the Anti-Money Laundering Authority’s (“AMLA”) spotlight on the crypto sector, which the Bulletin states, emphasises the need for firms engaging in crypto asset activities to have strong protections against ML / TF in place; and
- the fact that the AMLA has emphasised the need for licensing and supervisory authorities to ensure that CASPs have effective AML / CFT systems in place from day one of their authorisation.
Frauds and scams
The Bulletin summarises the work of the Central Bank when it comes to preventing frauds and scams, highlighting such work as a priority for the Central Bank, specifically pointing to a recent speech by Deputy Governor for Consumer and Investor Protection, Colm Kincaid – for more information, see FIG Top 5 at 5 dated 9 October 2025.
The topic of financial abuse is also dealt with under this heading with the Bulletin stating that the Central Bank will assess and supervise fraud risk in the system and mitigation measures by firms. This, the Bulletin highlights, will be underpinned by the measures as regards the prevention of financial abuse in the revised Consumer Protection Code. Effective from March 2026, these measures require firms to control and manage their affairs and systems to counter the risks to customers of financial abuse. For more information, see FIG Top 5 at 5 dated 27 March 2025.
Financial sanctions
The Bulletin provides an update as to regulatory and supervisory developments as regards FS. Some of the matters highlighted are as follows:
- the amendment of the FTR, which now requires PSPs and CASPs to have preventative measures frameworks in place to comply with EU restrictive measures;
- a summary of the guidelines issued by the EBA on internal policies, procedures and controls to ensure the implementation of EU and national restrictive measures. The Bulletin highlights that such guidelines have been adopted by the Central Bank and are effective as of 30 December 2025 – firms are advised to familiarise themselves with the guidelines and to ensure compliance;
- a summary of the key findings of a Central Bank thematic review of FS screening systems that took place in 2024. The Bulletin advises that firms should identify and assess which areas of their business are particularly vulnerable or exposed to restrictive measures and to potential circumvention of restrictive measures. On foot of such assessment, up-to-date policies, procedures and controls should be implemented and maintained to ensure compliance with restrictive measures regimes; and
- an update on international card schemes with the Bulletin explaining that a potential sanction risk for Irish banks, PSPs, ATM operators and merchants services relates to the use of non-EU cards for transactions and withdrawals at EU ATMs. The Bulletin highlights that institution-specific controls and due diligence are essential to ensure that no funds or financial services are provided, directly or indirectly, to designated persons or entities.
EU AML developments
This section of the Bulletin provides an overview of the work of the AMLA to date, some of the matters highlighted are as follows:
- firms should familiarise themselves with the anti-money laundering regulation (“AMLR”) to ensure they are in a position to successfully implement the required changes once the AMLR becomes applicable; and
- a summary of the mandates that the AMLA has prioritised in terms of the necessary regulatory technical standards, implementing standards and guidelines. The Bulletin highlights that the AMLA has noted that the outcome of the dialogue between the European Parliament, the Council and the Commission on the simplification process could potentially lead to certain mandates being postponed.
On 9 February 2026, the Anti-Money Laundering Authority (“AMLA”) launched three consultations on draft regulatory technical standards (“RTS”), for the financial and non-financial sector, under directive (EU) 2024/1640 (“AMLD6”) and regulation (EU) 2024/1624 (“AML Regulation”).
The consultations are as follows:
Consultation on draft RTS on pecuniary sanctions, administrative measures and periodic penalty payments under article 53(10) of AMLD6
These draft RTS are aimed at ensuring that the same AML / CFT breach is assessed in the same way by all national supervisors and that any enforcement measures are proportionate, effective and dissuasive. The approach proposed by the AMLA is made up of a number of steps as follows:
- firstly, supervisors will assess the level of gravity of a breach. The draft RTS set out a list of indicators that all supervisors will take into account to ensure a consistent approach;
- next, it is proposed that supervisors will classify the level of gravity of a breach in one of four categories by order of severity. The RTS set out how breaches should be classified into each of those categories; and
- finally, supervisors determine the level of pecuniary sanctions or administrative measures, with the RTS listing the criteria supervisors will apply in this regard.
The draft RTS also contain provisions dealing with natural persons who are not obliged entities. Additionally, the draft RTS address procedural aspects for the imposition of periodic penalty payments (“PePP”), such as the right to be heard, a limitation period for the collection of PePPs, and the minimum content of the decision whereby a PePP is imposed.
The consultation document explains that the European Banking Authority (“EBA”) previously consulted on a version of the draft RTS. Given that the EBA’s remit is in relation the financial sector only, the AMLA goes on to state that it is consulting on the draft RTS so that the views of the non-financial sector are fully captured.
Next Steps
This consultation is open for feedback until 9 March 2026.
Consultation on draft RTS on customer due diligence under article 28(1) of the AML Regulation
The draft RTS in this consultation set out, in more detail, how the directly applicable requirements under the AML Regulation on customer due diligence (“CDD”) requirements should be applied, including the information and documents to be collected.
The AMLA explains that the draft RTS contain proportionate, risk-based CDD measures that are targeted at harmonising the way in which AML / CFT requirements are applied in the EU. Further, the AMLA has stated that the draft RTS are flexible enough to ensure applicability across the range of products and services offered by obliged entities in both the financial and non-financial sector. The draft RTS have been drafted with simplification in mind and are also aimed at enabling obliged entities to determine the most effective and proportionate measures to be applied.
The EBA published a version of the draft RTS in October 2025 in response to the European Commission’s call for advice of March 2024 – for more information, see FIG Top 5 at 5 dated 6 November 2025. The AMLA has also published a tracked changes version of the draft RTS highlighting the amendments it has made.
Next Steps
This consultation is open for feedback until 8 May 2026.
Consultation on draft RTS on criteria for identifying business relationships, occasional and linked transactions and lower thresholds under article 19(9) of the AML Regulation
These draft RTS specify:
- the criteria for identifying business relationships, occasional transactions and linked transactions; and
- high-risk obliged entities, sectors or transactions to which a lower threshold for CDD measures should apply.
The AMLA explains that the criteria in the draft RTS apply to all obliged entities across both the financial and non-financial sectors, further stating that while some criteria are universal, others are tailored to specific categories of obliged entities.
The AMLA has an option under the AML Regulation to set additional lower CDD thresholds for occasional transactions, but explains that, at this point in time, it has decided not to exercise that option.
Next Steps
This consultation is open for feedback until 8 May 2026.
On 4 February 2026, the European Insurance and Occupational Pensions Authority (“EIOPA”) launched a consultation (“Consultation”) on the assessment of the prudential treatment of adaptation measures in natural catastrophe (“NatCat”) insurance under Solvency II. The Consultation aims to assess the interplay between risk mitigation and capital requirements for NatCat insurance.
Protection gap
The Consultation document acknowledges the crucial role played by insurance when it comes to the protection of households, businesses and governments from the effects of natural-related events. However, the protection gap that exists in Europe is highlighted, with EIOPA stating that only around a quarter of losses from extreme events have been insured in the past.
Adaptation measures
The frequency and intensity of natural-related events is expected to increase and in this regard, the Consultation document highlights that adaptation measures, for example, reinforced walls for flooding, can help to reduce risk exposure and insured losses for policyholders. Additionally, it is explained that adaptation measures can also play a key role in the maintenance of the future supply of non-life insurance products, covering climate related risks, at prices that are affordable. This would also have the effect of helping to reduce future losses in Europe.
Impact underwriting
The Consultation outlines the key role of the (re)insurance sector in terms of contributing to climate change adaptation through the concept of impact underwriting, with EIOPA explaining that the concept encourages insurers to use their data, expertise and risk assessment capabilities to incentivise policyholders to adopt adaptation measures.
The Consultation document highlights progress in this area, however, it is noted that the European insurance sector is still at the early stages of integrating micro adaptation measures into insurance products.
Consultation
The Consultation aims to assess whether a dedicated treatment under Solvency II is justified so as to better reflect adaptation measures in the NatCat standard formula (“SF”) module beyond the regular calibration of the SF parameters. The Consultation sets out key areas of focus in this regard, some of which are as follows:
- risk sensitivity – involving an assessment as to whether the current framework acts as an obstacle to impact underwriting;
- materiality – involving an evaluation of the impact of adaptation measures from an SF perspective; and
- proportionality – ensuring that the SF strikes a balance between being risk sensitive and complexity.
The Consultation also details options for a dedicated prudential treatment and also provides a quantitative assessment on adaptation measures on the SF parameters.
Next Steps
The Consultation is open for feedback until 17 April 2026.