Welcome to the FIG Top 5 at 5

1. Central Bank of Ireland publishes results of thematic assessment of operational resilience in the MiFID sector

On 12 January 2026, the Central Bank of Ireland (“Central Bank”) published the results (“Results”) of its thematic assessment (“Assessment”) of operational resilience in the MiFID investment firm sector. The Assessment is in line with the Central Bank’s previous assertion, in its 2025 Regulatory and Supervisory Outlook report (“RSO Report”), that enhancing operational resilience across the financial sector is a key priority for 2026 / 2026. For more information on the RSO, see FIG Top 5 at 5 dated 6 March 2025.

The Assessment was comprised of two phases, the first being a maturity assessment survey and a desk-based review and the second being a more in depth targeted assessment. The Assessment was   aimed at ascertaining whether:

• firms have operational resilience frameworks in place that meet the expectations of the Central Bank as per the Cross Industry Guidance on Operational Resilience (“Guidance”); and
• the boards and senior management of firms are accountable for the design and operating effectiveness of operational resilience frameworks and strategy.

The Results set out the key findings of the Assessment and also outline the expectations of the Central Bank as regards next steps that all MiFID investment firms should take on foot of the Results.

Findings

Some of the main findings of the Assessment, as regards positive practices and areas for improvement, are as follows:

Positive practices:

• there has been a maturing of operational resilience frameworks across the MiFID investment sector. It should be noted here that the Central Bank carried out an operational resilience maturity assessment in 2022 to assess the level of preparedness in the financial sector, including several MiFID investment firms, in advance of the Guidance coming into operation in January 2024. This 2022 assessment found that the in scope MiFID firms were in the early stages of developing operational resilience frameworks at that time;
• many firms have operational resilience frameworks in place that are documented in line with the Guidance and that are also broadly in line with the Central Bank’s supervisory expectations;
• in most cases, the boards of firms have ultimate responsibility for operational resilience with delegation to appropriate committees. In addition, functional responsibility for operational resilience was found to be at senior management level; and
• regular management information reporting and challenge at board and senior management level was identified.

Areas for improvement:

• improvements are needed as regards identification by firms of their critical or important business services and mapping of how such services are delivered, with the Results explaining that comprehensive mapping is required to enable a firm to identify vulnerabilities in the chain of delivery of a business service and allow for remediation plans to be designed;
• deficiencies were found regarding the robustness of some firms’ consideration of scenario testing, including the level of detail and the range of scenarios;
• in some cases, operational resilience frameworks were not aligned with existing risk management frameworks; and
• the risk of technological disruption was found to be increased by rising cyber threats and an over reliance on a relatively small number of third parties for ICT services.

DORA

The Results state that the Assessment did not specifically focus on DORA, however, it is highlighted that cyber and digital operational resilience remain key areas of focus for the Central Bank. The Central Bank expects all firms to build on foundations already laid as regards operational resilience more broadly. The Central Bank stated that it will conduct further supervisory work in this area in 2026 and 2027.

Next steps for firms

The Central Bank expects all MiFID investment firms to revisit the Guidance, ensuring compliance and noting the July 2025 update that took account of DORA – for more information, see FIG Top 5 at 5 dated 24 July 2025.

The Results emphasise that “leadership from the top down” should ensure that resilience is built into firms’ strategic decisions and should also allow boards to prioritise activities and target investment towards making critical or important business services more resilient.

While highlighting the importance of firms taking account of each guideline in the Guidance, the Results highlight that particular attention should be paid to the following guidelines:

• guideline 4 – a firm should identify its critical or important business services;
• guideline 7 – a firm should understand and map out how its critical or important business services are delivered; and
• guideline 8 – a firm should capture third party dependencies in the mapping of critical or important business services.

The Results state that the Central Bank wants “to see operationally resilient firms that have established frameworks to enable them to recover their critical or important business services from a significant unplanned disruption, while minimising negative impacts and protecting their customers, and the integrity of the financial system.”

2. Governor of the Central Bank of Ireland discusses importance of resilience in final blog of 2025

On 19 December 2025, the Governor of the Central Bank, Gabriel Makhlouf, published a blog (“Blog”) on the Central Bank’s website entitled “The Year That Was and Will Be”.

The Blog focused on Ireland and the euro area’s economic performance in 2025 and also looked ahead to 2026, taking into account the Central Bank’s quarterly bulletin number four of 2025 and eurosystem macroeconomic projections published on 18 December 2025.

However, for the purposes of this update, the focus is on the Governor’s comments as regards the importance of building resilience.

Operational resilience

The Governor made the point that building resilience to events that seemed “previously unimaginable” must now be a core part of economic planning and policy. He highlighted that considerations as to security are an important part of resilience that cannot be ignored, emphasising that this is one of the reasons why a core part of the work of the Central Bank is focused on the operational resilience of the financial system.

Single market

In terms of building resilience in Europe, the Governor pointed to the untapped potential in realising the benefits of the single market, citing the Draghi and Letta reports. He stated that addressing barriers to the completion of the single market and the building of a “vibrant capital market” will leverage potential in the European economy and mobilise the potential of its savings. The Governor also highlighted that channelling European savings to investment, which will drive innovation, is key to the growth of productivity.

Forward-looking

The Governor concluded his Blog by stating that his “main “work-on” is a forward-looking one: continue to build resilience that will allow us to withstand the “known unknowns” and “unknown unknowns” that will inevitably come our way in the future.”

1. Central Bank publishes 2025 NCID annual employers’ liability, public liability and commercial property insurance report

On 16 December 2025, the Central Bank of Ireland (“Central Bank”) published its  2025 annual report (“Report“) on employers’ liability (“EL“), public liability (“PL“)  and commercial property (“CP“)  insurance of the National Claims Information Database (“NCID”).  The Report, which aims to improve transparency in the insurance claims environment, relates to the time period up to 31 December 2024.

The Report consists of six parts and appendices.

Some of the key findings are outlined below.

Part 1 – Premiums

• 87% of EL, PL and CP insurance policies earned in 2024 were taken out as part of a package policy, rather than standalone;
• the average premium for package policies increased by 4% in 2024;
• 7% of package policies were for a premium of less than €1,000, 90% had a premium less than €5,000 while 98% were for a premium of less than €25,000; and
• the average premium increased by 23% between 2020 and 2024, to €3,043.

Part 2 – Claims

• the total ultimate claims costs for the 2024 accident year are expected to be €608 million across 30,593 claims;
• the average expected cost of EL and PL claims increased by 6%, and 7% respectively compared to 2023;
• the cost of CP claims remained stable in 2024; and
• the expected loss ratio across all EL, PL and CP policies was 50% for the 2024 accident year.

Part 3 – Income and Expenditure

• after tax, insurers saw an operating profit of 10% of total income across EL, PL and CP for the 2024 financial year;
• the combined operating ratio for 2024 was 73% gross of reinsurance and 78% net; and
• across all years, from 2010 to 2024, insurers’ operating profit (after tax) was 2.1% of total income.

Part 4 – Claims Settlements

As regards injury settlements in 2024:

• 11% settled directly before the Injuries Board, 12% settled through the Injuries Board and 6% settled directly after the Injuries Board; and
• 68% settled through litigation before a court award, and 3% settled through litigation with a court award.

For EL and PL injury claims that settled with a total cost less than €150,000 in 2024, the average cost by channel and cost type was:

• direct: compensation of €19,295 and legal costs of €3,688;
• Injuries Board: compensation of €25,484 and legal costs of €694; and
• litigated: compensation of €25,935 and legal costs of €25,055.

For all EL and PL injury claims settled in 2024, the average cost by channel and cost type was:

• direct: compensation of €20,800 and legal costs of €3,836;
• Injuries Board: compensation of €27,538 and legal costs of €709; and
• litigated: compensation of €43,361 and legal costs of €33,550.

The average duration of an injury claim from reporting to settlement in 2024 was 1.8 years for claims in the direct channel, 2.1 years in the Injuries Resolution Board channel and 5.7 years in the litigated channel.

Damage claims settled in 0.6 years on average.

Part 5 – Personal Injuries Guidelines

The Report highlights that claim settlement data was collected identifying claims that settled with reference to the Personal Injuries Guidelines (“Guidelines“) following their introduction in April 2021.

The average cost of claims that settled under the Guidelines in 2024 compared to claims that settled in the same channel under the Book of Quantum in 2020 were:

For EL claims:

• 8% lower for claims that settled directly before the Injuries Resolution Board (“Board”);
• 9% lower for claims settling through Board; and
• 17% lower for claims settling directly after the Board.

For PL claims:

• 25% lower for claims that settled directly before the Board;
• 17% lower for claims settling through Board; and
• 15% lower for claims settling directly after the Board.

37% of litigated claims settled under the Personal Injuries Guidelines in H2 2024.

Part 6 – Claims Development

This section discusses how estimates of ultimate claims costs have changed from 2019 to 2024. It also provides insight into the underlying claims development patterns, some of the main findings are as follows:

• in 2024, insurers’ best estimate of total claims costs for EL, PL and CP decreased by approximately €124 million across the accident years 2010 to 2023. This made a significant contribution to the industry’s profit;
• as at 31 December 2024, 13% of the expected ultimate claims costs for the accident year 2024 are paid, 37% are claim reserve estimates and 50% are estimates of the cost for claims that have not yet been reported; and
• the development of claims costs varies significantly by policy type, with CP claims developing and being paid faster than EL or PL claims. This is driven by CP primarily covering damage claims which tend to be reported and settled much faster than injury claims.

2. Central Bank publishes 2026 submission dates for Solvency II quantitative reporting

On 16 December 2025, the Central Bank of Ireland (“Central Bank”) published its Solvency II quantitative reporting 2026 submission dates (“Document“).

The Document contains details as to the Solvency II quantitative reporting 2026 submission dates for:

• undertakings with a 31 December year-end, further detailing the relevant dates for annual and quarterly returns for both solo and group undertakings; and
• submission deadline dates for quarterly and annual returns, for both sole and group undertakings with non-standard year-end dates.

On 18 December 2025, the Anti-Money Laundering Authority (“AMLA”) published a press release (“Press Release“) announcing that it had taken a “major step toward harmonised EU AML/CFT supervision”.

As of 2028, the AMLA will be responsible for the direct supervision of 40 of the most complex high-risk financial institutions or groups in the EU.

The Press Release highlighted the publication of a number of instruments as follows:

• draft regulatory technical standards (“RTS”) on risk assessments – specifying data points and criteria that national supervisors will use to assess the entities that they supervise. These draft RTS introduce a risk-based methodology that, the AMLA explains, is fully harmonised. Once the draft RTS are applicable, the methodology set out will inform individual supervisors’ supervisory strategies and inspection plans and also create a common understanding of the impact that different risk factors have on obliged entities’ overall risk exposure; and
• draft RTS on selection – applying the same data points and criteria referred to above, these draft RTS set out how the AMLA will assess risks for the purposes of selecting entities for direct supervision. Based on the methodology set out in these draft RTS, the AMLA will select the most complex, high-risk entities with a significant EU presence to deliver a coordinated and consistent approach to cross border AML / CFT supervision.

This harmonised approach is aimed at achieving a common understanding of risks for both the AMLA and national supervisors, ultimately leading to more consistent and robust AML / CFT supervision in Europe.

Consultation

The AMLA also launched a consultation (“Consultation“) on draft implementing technical standards (“ITS”) on cooperation within the AML / CFT supervisory system for the purposes of direct supervision under Article 15(3) of regulation (EU) 2024/1620 (“AMLA Regulation”). The draft ITS consider how the AMLA and national financial supervisors will cooperate during the selection process and when transferring supervisory powers for institutions or groups that will be directly supervised by the AMLA.

The draft ITS aim to provide a clear and adaptable framework for the selection and supervision of obliged entities.

The Consultation is open for feedback until 27 January 2026.

On 18 December 2025, the European Parliament (“Parliament”) and the European Council (“Council”) reached political agreement (“Agreement“) on the retail investment strategy (“RIS”).

The Agreement reached introduces measures aimed at strengthening the confidence of retail investors and improving the way they interact with financial markets. Some of the measures include:

• strengthening the rules around product design to ensure that products that do not offer value for money are not offered or sold to retail investors;
• providing retail investors with clear, standardised information about investment products, updating disclosure rules for the digital age;
• promoting the use of standard terminology and presentation for costs to make them transparent and comparable, helping investors assess product value;
• facilitating retail investors access to non-complex, broadly diversified and cost-efficient products;
• guaranteeing that all retail clients receive a yearly summary of their portfolio’s investment performance;
• mitigating potential conflicts of interest in the distribution of investment products by introducing stricter safeguards and transparency where inducements are allowed;
• protecting retail investors from misleading marketing by ensuring that financial intermediaries are fully responsible for marketing communication, including those disseminated via social media, celebrities or other third parties they remunerate or incentivise;
• reducing administrative burdens and improving the accessibility of products and services for sophisticated retail investors, by making the eligibility criteria to become a professional investor more proportionate; and
• enhancing supervisory cooperation among EU and national authorities, allowing proper and effective application of the rules across the EU and addressing fight fraud and malpractices.

Welcoming the Agreement, Morten Bødskov, Danish Minister for Industry, Business and Financial Affairs, stated:

“It should be easy and safe for everyone to get more out of their savings. With this new agreement, we are taking an important step towards removing unnecessary obstacles and making investments more transparent for citizens. Now, Europeans will have much better opportunities to make good choices with their money, fewer costs, and get more out of their investments. In this way, investments can strengthen both personal finances and the overall economy in the EU.”

Next Steps

The Agreement is now subject to formal adoption by both Parliament and the Council. Following such adoption, the rules will be published in the official journal of the European Union. Member states will be required to transpose the new rules 24 months following such publication, with the rules becoming applicable 30 months after publication, except for the new rules under the packaged retail and insurance-based investment products regulation (“PRIIPs”) which will apply 18 months following their publication.

1. EBA publishes final report on RTS on third-country branch booking arrangements CRD IV

On 9 January 2025, the European Banking Authority (“EBA”) published a final draft report (“Report”) on draft regulatory technical standards (“RTS”) specifying the booking arrangements that third-country branches are to apply for the purposes of Article 48h of the capital requirements directive (“CRD”).

The EBA consulted on the RTS in July 2025 – for more information, see FIG Top 5 at 5 dated 17 July 2025. On foot of feedback received, the RTS were amended as regards the treatment of risk transfer to third parties and also the use of group processes, systems or procedures.

The RTS aim to ensure convergence of third-country branches’ practices regarding the implementation of booking arrangements and the maintenance of the registry book.

The RTS specify the bookkeeping system that third-country branches should have in place to timely and accurately identify their transactions and record any assets and liabilities booked or originated, as well as off-balance sheet items. The RTS also set out the minimum set of information to be maintained in the registry book with reference to such assets, liabilities, and off-balance sheet items, as well as the information to be provided regarding their associated risk.

Next Steps

The RTS will be submitted to the European Commission for endorsement, following which the European Parliament and the European Council will scrutinise the RTS before their eventual publication in the official journal of the European Union.

2. EBA publishes final report on RTS on cooperation and colleges of supervisors for third-country branches under CRD IV

On 9 January 2025, the European Banking Authority (“EBA”) published a final draft report (“Report”) on draft regulatory technical standards (“RTS”) on cooperation and colleges of supervisors for third-country branches under Article 48p(7) of the capital requirements directive (“CRD”).

The EBA consulted on the RTS in July 2025 – for more information, see FIG Top 5 at 5 dated 17 July 2025. The Report notes that, overall, feedback received was supportive of the aim of enhancing cooperation while underlining that the existing joint supervisory frameworks should be leveraged as much as possible to ensure the most effective and efficient model of cooperation. However, the EBA did make some changes to the RTS as a result of the feedback, for example, article 14 on the information to be exchanged on the supervisory review and evaluation process, was streamlined to take account of concerns around flexibility and potential over prescriptiveness.

The RTS set out the means of cooperation and the conditions for the functioning of colleges of supervisors for competent authorities supervising third-country branches and subsidiary institutions of the same third-country group. In that regard, the RTS aim to ensure more efficient, effective and comprehensive supervision of third-country groups in the EU.

The Report sets out that the RTS are built on the experience of the colleges of supervisors of credit institutions over the years. The RTS also take account of the specificities of the supervision of branches and subsidiaries of a third-country group.

Next Steps

The RTS will be submitted to the European Commission for endorsement, following which the European Parliament and the European Council will scrutinise the RTS before their eventual publication in the official journal of the European Union.

3. EBA publishes report on prudential consolidation and guidelines on ancillary services undertakings under CRR

On 9 January 2026, the European Banking Authority (“EBA”) published the following:

• a report (“Report”) on prudential consolidation; and
• final guidelines (“Guidelines”) on ancillary services undertakings (“ASUs”) under the capital requirements regulation (“CRR”).

The EBA explains that both publications are aimed at improving the efficiency and proportionality of the prudential consolidation framework, promoting a level playing field and fostering the convergence of supervisory practices.

Report on prudential consolidation

The Report sets out that the prudential consolidation framework is a key pillar of the EU banking regulatory regime, determining the perimeter within which risks are identified, measured and managed across banking groups. This, the Report states, allows competent authorities to assess the financial soundness and risk profile of banking groups in a holistic and comprehensive manner, mitigating opportunities for regulatory arbitrage.

Overall, the Report concludes that the prudential consolidation framework is robust and fit for purpose but did identify a number of targeted areas for clarification, harmonisation or where legislative refinements may be needed. In that regard, the Report makes a number of recommendations to further strengthen the prudential consolidation framework and its implementation among institutions, some of which are as follows:

• simplification of sub-consolidation requirements, to reduce complexity for groups with multiple consolidation layers;
• refinement of the definition of control, to ensure consistent interpretation and convergence across jurisdictions; and
• further clarity on how to determine the perimeter of prudential consolidation, particularly when an insurance undertaking within a bank-led financial conglomerate acquires a financial institution and the so-called “Danish compromise” (article 49 of the CRR) is applied by the parent institution.

Final guidelines on ASUs

The EBA consulted on the draft guidelines on ASUs in July 2025 – for more information, see FIG  Top 5 at 5 dated 10 July 2025.

The Guidelines aim to promote a level playing field, foster convergence of supervisory practices among institutions and competent authorities, and enhance comparability of prudential requirements across the EU.

The EBA has made some changes on foot of feedback received to the July consultation, specifically, two proposed criteria for identifying activities considered a “direct extension of banking” have been removed to ensure a more proportionate application of the Guidelines.

The Guidelines are designed to help institutions and competent authorities identify undertakings performing relevant activities (such as operational leasing, ownership or management of property, or data processing services) as ASUs. The EBA explains that this assessment is important for determining the scope of prudential consolidation and the application of prudential requirements.

The Guidelines also consider innovative and digital business models, including fintech and technology driven services that may introduce new forms of ancillary risks in banking groups.

Next Steps

The Guidelines will be translated into the official EU languages and published on the EBA’s website, with competent authorities having two months after such publication to report whether they comply with the Guidelines.