RegSol Blog


RegSol Blog Posts

Central Bank of Ireland - Review of Differential Pricing in the Private Car and Home Insurance Markets
August 2021

The Central Bank has published its final report into differential pricing in the home and motor insurance markets in Ireland. The report has identified that some pricing practices can lead to unfair outcomes for car and home insurance customers.

There are 3 proposals in the report:

  • A ban on “price walking” - Price walking is where consumers are charged higher premiums, relative to the expected cost, the longer they remain with an insurance provider. This would remove the imposition of ‘loyalty penalties’ on these consumers.
  • A requirement on providers of motor and home insurance to personal consumers to review their pricing policies and processes annually, to make sure providers are following the new provisions and have fair treatment of customers as a top priority.
  • The introduction of a new consumer consent and disclosure requirement. This would ensure the automatic renewal process is more transparent for all personal non-life insurance products.

The full report is available here: 
Review of Differential Pricing in the Car and Home Insurance Markets
Central Bank (Individual Accountability Framework) Bill 2021
August 2021

On the 27th of July, the Department of Finance published the Individual Accountability Framework proposal for 2021.

The framework’s aim is to help firms drive positive behaviour by strengthening organisational culture and to mitigate issues arising from conduct risk.

Two key areas of governance are highlighted in order to achieve effective regulatory framework:

  • Well defined, clear, and transparent responsibilities for all staff
  • Individuals to know what is expected of them in their roles and be held accountable for their actions and behaviour.
Four key components are highlighted further:
  • Responsibilities, decision-making and accountability to be clearly defined for all staff
  • Enforceable Conduct Standards to ensure firms and staff to always act with integrity, due skill, care, and diligence for their customers
  • Enhanced Fitness & Probity (F&P) to ensure required staff are fit and proper to carry out their roles
  • Increased sanctions on individuals for direct accountability as opposed to only if they have participated in a firm’s wrongdoing.
Under the framework’s new proposal is also an enhanced focus on proportionality and fair procedures by the CBI.

Further details available here:

Statement - Central Bank (Individual Accountability Framework) Bill 2021


CP 144 Guidance on the Use of Service Companies for Staffing Purposes in the Insurance Sector
August 2021

The Central Bank of Ireland (CBI) has noticed a tendency for insurance firms to enter into arrangements for the use of separate legal entities for the provision of extensive staffing to the firm. These entities are often referred to as service companies or service providers and may be part of the same group as the firm.

Given the emphasis placed on consumer protection by the CBI the purpose of this guidance is to clearly set out the CBI’s expectations for firms engaging in this practice. “The Central Bank is focused on these staffing arrangements due to their potential, if not effectively managed, to threaten the operational resilience of undertakings regulated by the Central Bank.”

Key matters listed in the paper are:

  • Role of the undertaking,
  • Role of the board,
  • Basis of the staffing arrangement
  • Risk Management – compliance risk, due diligence, conflicts of interest, control risk /risk of undue influence, operational resilience, business continuity planning and resolvability.
  • Fitness and Probity
Anyone wishing to make a submission on the proposed guidance is asked to use the dedicated template and “Consultation on Guidance on Use of Service Companies for Staffing Purposes in the Insurance Sector” as the email subject line. Responses are to be sent to insurancepolicy@centralbank.ie by 6th November 2021.

The submission template and consultation paper are available here: 
CP 144 Consultation Paper

Mandatory gender pay gap reporting becomes law
August 2021

On the 11th of August, the new Gender Pay Gap Information Act 2021 was passed into law.

Fundamentally, the legislation requires that any gender gaps must be published by eligible employers.

The new legislation sets out the following key elements:

  • That the gender pay gap is the difference between what men and women are paid overall and not the concept of simply equal pay for equal work.
  • The legislation will initially apply to employers with 250+ employees, to employers with 150+ employees from August 2023 and to employers with 50+ employees in August 2024.
  • A breakdown of the differences in remuneration including bonuses and BIK paid to both male and female employees as a percentage will be required to be published.
  • Obligations on firms can be enforced by the Workplace Relations Commission (WRC) and the Irish Human Rights and Equality Commission IIHREC) for employees who believe their employers have not acted in accordance with the legislation.
  • Reporting Obligations are expected to commence by 2022 on foot of regulations anticipated by the end of this year.
Relevant Firms are encouraged to be compliant and prepare for the new regulations immediately, by promoting gender diversity, introducing programmes to help women achieve senior roles and having flexibility for all staff regarding parental leave.

The Act is available here: Gender Pay Gap Information Act 2021


By Sean Wallace - Regulatory Consultant
ESMA and EBA Publish Final Guidance on Fit & Proper Requirements
July 2021

In addition to the emphasis the Central Bank has placed on Fitness & Probity (F&P) recently, the matter is also getting attention at a European level. On July 2nd, 2021, the European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA) published their revised final joint Guidelines on the assessment of the suitability of members of the management body and key function holders.

These Guidelines take effect from 31st December 2021 and expand on the amendments introduced in the Capital Requirements Directive (CRD V) and the Investment Firms Directive (IFD).

The key areas of focus relate to:

  • Money Laundering and financing terrorism risks – ensuring that appropriate persons in senior management are fit and proper to carry out their roles, helping to ensure the stability and integrity of the financial system
  • Gender Diversity – that a more gender balanced approach is taken for equal opportunity positions within the management body.
  • Assessment of suitability - for newly acquired members of the management body.

In addition, the new Guidelines outline the new legislative framework for investment firms introduced in 2019.

For further details please refer to the following link:

ESMA & EBA Publish final guidance on Fit & Proper Requirements
Central Bank of Ireland (CBI) Dear CEO Letters on Market Abuse
July 2021

In line with the Market Abuse Regulations (MAR), the Central Bank has issued Dear CEO letters from March 2019 to July 2021. These letters were issued to dozens of companies including Investment firms or persons who engage in the transmission or execution of orders, issuers or persons who act on behalf of issuers, highlighting initial expectations and subsequently breaches of the MAR.

Following initial publication of its findings in 2020, based on supervisory activity from 2019 the CBI highlighted the following failings leading to breaches of the Regulations:

  • Ineffective trade surveillance systems
  • Lack of monitoring and supervision on all outsourced activity
  • No clear lines of responsibility for staff
  • Inadequate reporting of Suspicious Transaction and Order Reports (STOR)
  • Lack of governance around communication to staff on unlawful disclosing of inside information and insider dealing

In its most recent publication and Dear CEO Letter on July 12th, 2021, the CBI expects:
  • Trade surveillance and STOR reporting frameworks must be enhanced to ensure that controls and processes in place are more robust.
  • Enhanced frameworks to ensure that public disclosures of information are made timely
  • Insiders to be reminded of their MAR obligations and the consequences of market abuse
  • Improvements on the quality of insider lists and governance on how they are operated
  • Staff awareness and training to be increased and enhanced.

It is anticipated that work will continue for many firms and individuals well into 2022, where Regulators will enhance their scrutiny on firms to complete these actions as soon as possible.

Director General Financial Conduct, CBI - Derville Rowland, said:

“Misconduct on securities markets undermines transparency and trust among market participants and is detrimental to investor protection. MAR is a critical component in deterring misconduct and identifying market abuse where it occurs. This represents our most comprehensive review of MAR compliance to date, encompassing regulated trading firms, issuers and issuers’ advisors.’’

For further details, please refer to the following link:
Central Bank publishes findings of review into market abuse risks

Seán Wallace

Regulatory Compliance Consultant
Central Bank review of the Consumer Protection Code (CPC), Consumer Protection Outlook Report and the extension of the CPC remit
July 2021

Consumer protection is a key focus of the Central Bank of Ireland (CBI). The Consumer Protection Code (CPC) and the detailed requirements in it will be familiar to our readers. The CPC is currently under review by the Central Bank. Earlier this year, Derville Rowland, Director of Financial Conduct at the CBI addressed Banking Payments Federation of Ireland. In that speech Ms Rowland stated “The Consumer Protection Code is the cornerstone of our consumer protection framework. We are working to finalise our plans for a broad consultation on a substantial update of the Consumer Protection Code.” The public consultation on the proposals should follow later this year.

The Consumer Protection Outlook Report listed the six key areas of focus for the CBI in 2021:
  • Deliver intrusive risk-based supervision
  • Enhance the Consumer Protection framework
  • Drive firms to embed effective consumer-based cultures
  • Influence, shape and deliver key policies for regulation
  • Ensure fair treatment of borrowers in financial distress
  • Enhance our gate keeping process
In the Report, Gráinne McEvoy, Director of Consumer Protection notes “We expect firms to act on this information detailed in the Outlook Report. Consumer protection begins with the financial services firms.”

Another key development is the Consumer Protection (Regulation of Retail Credit and Credit Servicing Firms) Bill 2021. This Bill means that providers of credit, hire-purchase agreements and consumer-hire agreements will have to be authorised by the Central Bank. Firms offering these services will then be subject to the Consumer Protection Code thus giving consumers greater protection. This has been welcomed by both Minister Paschal Donohue and the Competition and Consumer Protection Commission.

Press Release Consumer Protection July 2021

Consumer Protection Outlook Report 2021

CICA – Reminder Provisions commencing September 2021
July 2021

The Consumer Insurance Act 2019 was signed into law in December 2019 and while some provisions came into force in 2020, some were deferred until September 2021. As we are fast approaching that date here is a reminder of the key provisions that are due to come in to force later this year.

Sections 8,9, 12 and 14 (1) to (5) will come into effect from 01.09.2021.

Section 8 focuses on the duty of disclosure. Insurers must ask specific questions to their customer or potential customer, and these must be answered “honestly and with reasonable care”.

Section 9 covers the remedies available in the case of misrepresentation based on whether this was innocent, negligent or fraudulent.

Section 12 places extra duties on insurers at renewal for example for non-life contracts, insurers must provide a schedule of all premiums and claims paid for the preceding 5 years.

Section 14 (1) to (5) covers disclosure duties at renewal.

Links to articles on the new provisions:

Brokers Ireland CICA 2021

AL Goodbody Provisions commencing Sept 2021

Previous Article 2020

Sustainable Finance Disclosure Regulation (SDFR)
July 2021

Recently, the Central Bank of Ireland (CBI) published its first edition of the Intermediary Times for 2021. Several important topics were outlined for financial institutions to develop their business and prioritise the best interests of their customers.

One such topic is the Sustainable Finance Disclosure Regulation (SDFR).

The SDFR sets out disclosure requirements for several financial products. In addition, this regulation applies to all financial participants including, fund managers, pension providers, MiFID investment firms and insurance & investment intermediaries.

The following key requirements were highlighted:

  • How financial product manufacturers and financial advisors should inform end-investors about sustainability risks in addition to the impact of investments on the environment and society as a whole
  • How financial products that are classed as sustainable meet these ambitions

Having come into effect on 10th March 2021, the CBI expects that all firms where applicable to have complied with the SFDR obligations as of this date.

For smaller firms with less than three employees, these requirements will not come into effect until 10th March 2022, in line with EU Regulations.

In line with the SFDR application, Regulatory Technical Standards (RTS) are expected to be drafted and in place by January 2022.

For further details please refer to our previous article on SFDR HERE


By Sean Wallace - Regulatory Consultant


Central Bank publishes Annual Report & Annual Performance Statement for 2020
June 2021

On June 2nd, 2021, the Central Bank has published its Annual Report and Annual Performance Statement for 2020. A financial profit of €829.6m has been reported for the year in addition to a surplus income of €665.7m which was paid to the Exchequer.

One of the key activities prioritised the safeguarding of monetary and financial stability while also continuing to serve the best needs of consumers and the wider economy.

The CBI has adapted and aided the support and recovery of consumers and investors financially impacted by Covid-19 and how best to manage these risks, in addition to Brexit and the UK’s departure from the EU.

On p. 29 of the report, strengthening consumer protection was detailed further. The continued protection of the interests of consumers particularly regarding solutions around stressed debt and insurance policy rebates and claims, in addition to enhanced regulation of firms and markets were the main areas of focus to ensure that there continues to be confidence and trust in the financial system.

Following a review, the Central Bank also plans to publish a consultation paper to update the Consumer Protection Code (CPC) and strengthen regulations due to emerging trends and risks.

In the area of fund management company compliance an additional Consultation Paper (CP) 86 was published following review, and the continued interests and protection of investors was the focus, with the aim to improve governance in this area.

As always, Anti-Money Laundering (AML) and countering the financing of terrorism (CFT) was a key area of focus with the CBI enhancing inspections, engagements, and outreach. Transaction Monitoring continues to be a critical area in this space and was documented in the CBI’s AML Bulletin.

One other key activity was on the emerging financial risks due to Climate Change. In addition to this and the Covid-19 pandemic, the CBI have developed a new strategic plan to tackle and mitigate these risks. It has reminded financial institutions of the need to be aware of ever emerging risks and threats occurring and to other potential risks not highlighted relative to an institution.

For further details on the report as well as an address by the CBI Governor Gabriel Makhlouf please refer to the following links:

Annual Report and Annual Performance Statement

and

Central Bank publishes Annual Report and Annual Performance Statement for 2020

Finally, a Protected Disclosures Annual Report for 2020 has also been published detailing the number of protected disclosures reported by financial institutions to public bodies in the preceding year and actions taken as a result.

This continues to help individuals to report on instances of wrongdoing and be protected against speaking up, while ensuring the increased inspection and supervision of these firms. More details can be found here: 
Protected Disclosures including Whistleblowing and Infringement Reports
AML & CFT – Central Bank of Ireland published updated guidelines
June 2021

Anti-Money Laundering (AML) & Countering the Financing of Terrorism (CFT) - the area is ever evolving and currently very topical.

On 23rd of June the Central Bank of Ireland (CBI) published their updated guidelines for the financial sector. This 84-page document was produced to assist firms in understanding their AML/CFT obligations. It also sets out the CBI expectations for the factors that firms should take into account as they identify, assess, and manage risks. The guidelines were updated to reflect the transposition of the 5th EU AML Directive into Irish law. We have looked at the key changes previously, see link:
5AMLD Key Changes

Updated Guidelines June 2021

An online search provided results which indicate the number of investigations for money laundering offences are increasing – we found information on at least one case per month over the past 3 months:

02.06.2021 A man was arrested over directing a criminal gang involved in money laundering

17.05.2021 a former Kinahan cartel member received a suspended sentence over laundering crime cash

18.04.2021 A man was arrested by Gardai as part of an investigation into fraud and money laundering

https://www.thejournal.ie/money-laundering/news/

With the new guidelines which factor in the changes brought about by the EU AML Directive and the increased potential for criminal activity created by the Covid 19 pandemic, it is vital that all designated persons are aware of their obligations and have updated their policies and procedures.


By Eilish Larkin - Regulatory Consultant
Central Bank of Ireland issues Fitness and Probity Interview Guide
June 2021

The Fitness and Probity regime was introduced by the Central Bank Reform Act 2010. The purpose of the regime is to ensure that people working in certain key roles and customer facing positions within regulated financial service providers are competent, capable, honest, ethical, and financially sound.

There are 3 keys aspects of the fitness and probity regime:

Ongoing obligations – Regulated firms have on going obligations regarding the regime. Firms should assess whether key personnel satisfy the standards as required on an ongoing basis. Firms should be able to demonstrate how they verified this to the Central Bank if requested to do so. There is also the annual PCF Confirmation return to be completed.

Gatekeeping role – with the monitoring of CF (Controlled functions) and PCF (Pre-approval controlled functions) the Central Bank can ensure that only those candidates that satisfy the required of the fitness and probity regime are in key positions within regulated financial service providers.

Investigations – The Central Bank has the power to conduct an investigation into the fitness and probity of an individual who performs a CF/PCF or who is proposed to be appointed to a CF.

In addition to the detailed information available on the Central Bank’s website these interview guidelines will provide added information to candidates about the types of interviews the Central Bank can conduct and guidance on how to prepare for them.

Central Bank website with details on fitness and probity can be found here: Fitness and Probity

For the guidelines on interviews issued in June see the link here: Fitness & Probity Interview Guide

The Central Bank’s Director General, Financial Conduct, Derville Rowland spoke at a webinar at the Institute of Directors on the 10th of June 2021, where she outlined the relationship of the fitness and probity regime to good culture. Ms Rowland noted ““The F&P regime seeks to ensure that regulated firms and individuals who work in those firms are committed to high standards of competence, integrity and honesty, and are held to account when they fall below these standards. The regime has been instrumental in our work in seeking to ensure that the right people occupy key roles in the firms we regulate”.

Press Release 10th June 2021

By: Eilish Larkin - Regulatory Consultant

Central Bank of Ireland Enforcement Action – Gary McCollum, formerly of INBS, fined €200,000 and disqualified for a period of 15 years by the Central Bank for breaches of financial services law
June 2021

On the 10th of June 2021, the Central Bank reprimanded and fined Mr. McCollum €200,000.00 and disqualified him from being a person concerned in the management of a Central Bank regulated financial service provider for a period of 15 years.

Significant failings regarding commercial lending were identified, these included:

  • A failure to ensure that commercial loan applications were processed in accordance with internal policy;
  • A failure to ensure that commercial loans and variations were approved in accordance with internal policy and that commercial mortgage offers complied with policy;
  • A failure to ensure that security (including personal guarantees) for commercial loans was obtained, that valuation reports were received before all, or part of the loan was advanced and that loan-to-value limits were adhered to in accordance with INBS’s internal policies or otherwise approved as exceptions; and
  • A failure to ensure that commercial lending was effectively monitored in accordance with INBS’s internal policies.

The Central Bank noted the seriousness and impact of the contraventions in addition to the failure by Mr. McCollum to notify them that the breaches had occurred and his failure to take remedial action as aggravation factors in the sanctions placed on Mr. McCollum.

The Central Bank’s Director of Enforcement and Anti-Money Laundering, Seána Cunningham, stated:

The Central Bank has highlighted on many previous occasions the potential risks that may arise for a firm, its customers and the wider financial market, when robust systems of internal control and procedures are not put in place and followed. This case serves to underscore a further fundamental point – robust systems of internal control are only as effective as the individuals implementing them. It falls to senior role holders to lead by example, so that a culture of compliance is the norm.


By: Eilish Larkin - Regulatory Consultant
Enforcement Action: Central Bank issues Prohibition Notice to Mr. James Cumiskey under the Fitness and Probity Regime
May 2021

Effective from July 2020, Mr. Cumiskey is prohibited from carrying out a Controlled Function (CF) or Pre-approval Controlled Function (PCF) in any regulated financial services firm for an indefinite period.

The Central Bank’s investigation discovered that between January 2018 and August 2018, Mr. Cumiskey induced people to give him deposits they had saved for a mortgage on the basis that Mr. Cumiskey required the deposit to process their mortgage applications. 

 Neither Mr Cumiskey nor his firm (European Mortgage Call Centre Limited) were authorised as a mortgage intermediary, yet mortgage services were advertised on the company website. It also emerged as during the investigation that Mr. Cumiskey had outstanding debts and was not managing his own financial affairs in a sound and prudent manner as required by the Fitness and Probity Standards.

This action, in addition to the letters issued by the CBI to all regulated firms in April 2019 and November 2020 highlights the importance of the Fitness and Probity regime and the obligations that it places on firms and their management and staff.

Can you demonstrate to the Central Bank of Ireland how you are complying with these requirements?

See attached for details: CBI Press Release May 2021



By Eilish Larkin
Regulatory Consultant
Enforcement Action: Ulster Bank Ireland DAC
May 2021

The Central Bank of Ireland (CBI) fined Ulster Bank Ireland DAC €37,774,520 for regulatory breaches that affected tracker mortgage customers.

There were 49 separate regulatory breaches of the European Communities (Unfair Terms in Consumer Contracts) Regulations 1995, Code of Practice for Credit Institutions 2001, the Consumer Protection Code 2006, and the Consumer Protection Code 2012.

The CBI highlighted specific failings as below:
  1. Failing to disclose to impacted tracker customers all the consequences of fixing their interest rates,
  2. Devising and implementing a deliberate strategy not to provide certain customers with their correct tracker mortgage entitlement unless they complained,
  3. Failing to adequately implement the TME’s Stop the Harm principles to protect all potentially impacted tracker customers from further detriment,
  4. Failing to ensure that its operational systems and controls were sufficient to ensure that its customers were provided with their correct tracker mortgage entitlements.
Seána Cunningham, Director of Enforcement and Anti-Money Laundering at the CBI stated “At the heart of this enforcement action is the avoidable harm caused by UBID to its tracker customers. Over an extensive period, UBID denied customers their tracker mortgage entitlements in relation to 5,940 mortgage accounts, resulting in significant and widespread overcharging. 

At the most serious end of the detriment caused to UBID’s customers, 43 properties were lost, 29 of which were family homes, as a direct consequence of UBID’s actions.”

The Settlement Agreement notice is lengthy, and the CBI highlighted a number of aggravating factors in the case – very notable is Ulster Bank Ireland DAC has been subject to 4 previous Enforcement Actions.

Central Bank of Ireland's Enforcement Action on Ulster Bank DAC




By Eilish Larkin
Regulatory Consultant



April 2021 - Commencement of the Criminal Justice (Money Laundering and Terrorist Financing) Amendment Act 2021
May 2021

The long-awaited Commencement Order (S.I. No. 188 of 2021) was signed, and the provision of the Criminal Justice (Money Laundering and Terrorist Financing) Amendment Act 2021 are now in force. This transposed the requirement of the 5th EU Anti-Money Laundering Directive into Irish law.

We have covered the key provisions in previous Regsol articles – please see the link below.

5 AMLD Legislation Progressing through the Seanad




By Eilish Larkin
Regulatory Consultant
Brexit and the Impact on Brokers
April 2021

Insurance intermediaries in the EU including Ireland must only use insurance and re insurance services of other EU registered firms.

Under the Withdrawal of the United Kingdom from the European Union (Consequential Provisions) Act 2019, UK insurers and intermediaries that do not wish to be established in Ireland or other EU member state, will be provided with a run-off regime. This will allow them to continue to fulfil contractual obligations to their Irish customers for a three-year timeframe after the transition period ends. After this, they will not be able to write new insurance contracts or renew existing ones.

For Irish intermediaries that have UK clients, the intermediaries need to have registered with the Financial Conduct Authority’s (FCA) UK Temporary Permissions regime (TPR) while they proceed with a full application to the FCA. If Irish intermediaries do not wish to get authorised by the FCA they are subject to the Financial Service Contracts Regime (FSCR). This regime allows that contracts written pre 31.12.2020 can continue to be serviced but no new business can be written.

It is vital that all intermediaries ensure that they deal with insurance undertakings and firms that have the correct authorisations on place to cover risks for their policyholders wherever they are based.

Brokers Ireland: Dealing with UK Clients Post Brexit

Brokers Ireland: Impact of Brexit on Irish Brokers with Clients Based in the UK  



By Eilish Larkin - Regulatory Consultant



EBA (European Banking Authority) issues documents on AML
March 2021

1. Opinion of the EBA on the risks of money laundering and terrorist financing affecting the European Union’s financial sector.

Article 6(5) of Directive (EU) 2015/8491 requires the EBA to issue an Opinion on the risks of money laundering and terrorist financing (ML/TF) affecting the European Union’s financial sector every two years. This document is the is the third Opinion on these risks issued so far. The European Securities and Markets Authority (ESMA) and European Insurance and Occupational Pensions Authority (EIOPA) were closely involved in the process.

The risks highlighted are listed below:
  • Risks associated with virtual currencies.
  • Risks associated with the provision of financial products and services through FinTech firms.
  • Risks arising from weaknesses in CFT systems and controls.
  • Risks arising from de-risking.
  • Risks arising from supervisory divergence.
  • Risks associated with crowdfunding platforms.
  • Risks arising from divergent approaches to tackling tax-related crimes.
  • Risks arising from the COVID-19 pandemic.

In addition to these, sector specific analysis is provided.

EBA Document: Opinion of the European Banking Authority


2. Guidelines on customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions.

The ML/TF Risk Factors Guidelines are issued as per Articles 17 and 18(4) of Directive (EU) 2015/849.

The guidelines were created to support firms’ AML/CFT compliance efforts and enhance the ability of the EU’s financial sector effectively to deter and detect ML/TF. The most recent version (dated 1st March 2021) has been updated as regards:

  • business-wide and individual ML/TF risk assessments;
  • customer due diligence measures including on the beneficial owner;
  • terrorist financing risk factors; and
  • new guidance on emerging risks, such as the use of innovative solutions for CDD purposes.

As with previous versions the Guidelines are divided into two parts:

Title I is generic and applies to all firms.

“It is designed to equip firms with the tools they need to make informed, risk-based decisions when identifying, assessing and managing ML/TF risk associated with individual business relationships or occasional transactions.”

Title II is sector-specific and complements the generic guidelines in Title I.

“It sets out risk factors that are of particular importance in certain of those sectors and provides guidance on the risk-sensitive application of Customer Due Diligence measures by firms in those sectors.”

The anti-money laundering and counter terrorist financing area is one that is ever evolving. The pace of change must keep up with the new and varied methods that criminals devise to infiltrate the financial services system. These EBA publications give information and insight that will be of use to designated persons/relevant regulated financial services providers.

EBA Document: Final Report



AnneMarie Whlen
Regulatory Consultant
"Credit union sustainability: the role of risk management, in sector restructuring and business model change" Registrar of Credit Unions Patrick Casey
March 2021

The Registrar of Credit Unions, Patrick Casey addressed the Credit Union Managers Association’s Spring Conference. In his speech Mr Casey covered key aspects of 2020 and then outlined the Central Bank’s vision for the Credit Union sector in 2021.

It was stated “Our vision for the sector remains: “Strong Credit Unions in Safe Hands”, where we see:
  • ‘Strong Credit Unions’ as being financially strong and resilient, enabled by sustainable, member-focussed business models, underpinned by effective governance, risk management and operational frameworks, and where they can be resolved when they get into difficulty; and
  • Credit unions are ‘in Safe Hands’ when they are effectively governed, professionally managed and staffed by competent, capable people, who take ownership of and prudently manage current and emerging risks.”

The vision for the sector will be implemented by the adoptions of four strategic priorities. These are:

A. Effective and Proportionate Supervision – The Central Bank expects credit unions to have core prudential foundations including strong governance and robust risk management.
 
B. Managing disruptive change – Business model innovation, restructuring, climate change and the advances in technology were considered here.
 
C. Tailored and Proportionate Regulation – the focus here will be on the effective implementation of recent regulatory framework enhancements.
 
D. Sector Engagement - In 2021, there will be continued extensive two-way communication and engagement with individual credit unions and sector stakeholders.

It is clear the Central Bank is focused on having a strong, viable and vibrant Credit Union sector. The vision as outlined will provide challenges and opportunities for the sector. As Credit Unions won the Best Customer Experience Award for the sixth consecutive year in 2020 as per the CXi Report, no doubt they will rise to these challenges.

For the full address click HERE


AnneMarie Whelan
Regulatory Consultant
AML: UK Financial Conduct Authority (FCA) commences proceedings against NatWest.
March 2021

The Financial Conduct Authority, (FCA), has started proceedings against the state-owned NatWest for allegedly failing to prevent money laundering. This is the first criminal prosecution taken by the Regulator under the Money Laundering Regulations 2007 and also the first prosecution under these regulations against a bank.

Under the regulations firms are required to determine, conduct, and demonstrate risk sensitive due diligence and ongoing monitoring of its relationships with its customers for the purposes of preventing money laundering.

The FCA alleges that NatWest did not monitor and properly scrutinise transactions on a corporate customer account which was collecting large cash deposits. Between November 2011 and October 2016, it is believed that £365m was paid into the account, including £264m in cash.

If NatWest is found guilty of breaching the anti-money laundering rules it could face unlimited fines.

NatWest is due to appear in court on the 14th of April 2021 to respond to the charges.

For the full article click HERE


AnneMarie Whelan
Regulatory Consultant
The Central Bank sets out its priorities for Consumer and Investor Protection in 2021
March 2021

Director General, Financial Conduct, Derville Rowland, outlined the Central Bank’s priorities regarding consumer and investor protection. Topics listed were:
  • the review of the Consumer Protection Code;
  •  insurance issues focused on differential pricing and business interruption;
  • distressed debt;
  • managing liquidity risk in funds during periods of market volatility;
  • strengthening policy in capital markets union and sustainable finance; and
  • enforcement and anti-money laundering priorities.

 

As part of their efforts to assist consumers who find themselves in financial difficulty, the CBI has issued a Consultation Paper on the Standard Financial Statement.   This form is a key part of many lenders Mortgage Arrears Resolution Process (MARP) and is used to gather information on the borrower’s financial situation.  The Consultation Paper is split in to two parts and interested parties are required to give their feedback on the proposed changes and questions posed in the paper by 20th April 2021.

The CBI continues to pursue cases against individuals and firms as part of the Administrative Sanctions Procedure and the Fitness and Probity regime.  The importance of protecting customers is very clear: 

“Time and time again, I and colleagues in the Central Bank have told senior leaders in firms: consumer and investor protection begins with the firms themselves. Firms are responsible for selling their customers products that meet their needs both now and into the future. Firms must have effective cultures and set the right standards.”

For the full speech click HERE


AnneMarie Whelan
Regulatory Consultant
CP138 - Consultation on Cross-Industry Guidance on Outsourcing
March 2021

The Central Bank of Ireland’s, (CBI), Strategic Plan 2019-2021 sets out its mission, vison, and mandate. The mission of the CBI is to serve the public interest by safeguarding monetary and financial stability. The CBI works to ensure that the financial system operates in the best interests of consumers and the wider economy. Managing outsourcing risk is seen as essential by the CBI from both a prudential and conduct perspective. 

When companies outsource activities, they create a dependency on a third party. This dependency could influence operational activities and the quality of products or services delivered to consumers. Both national and European regulators and supervisors have examined this area and there have been numerous publications on the topic, sample listed below:

  • European Insurance and Occupational Pensions Authority (EIOPA) Guidelines on Outsourcing to Cloud Service Providers (EIOPA-BoS-20-002);
  • European Securities and Markets Authority ESMA 50-157-2403 Guidelines on Outsourcing to Cloud Service Providers (Final - December 2020); and
  • Financial Stability Board (FSB) Discussion Paper - Regulatory and Supervisory Issues Relating to Outsourcing and Third-Party Relationships.

The CBI recognises that many firms rely on outsourced service providers both intragroup entities and third-party ones. The purpose of the guidance is to “assist regulated firms in developing their outsourcing risk management frameworks so as to effectively, identify, monitor and manage their outsourcing risks.”

The deadline for providing comments to the CBI is 26th July 2021.

For the Consultation Paper and link to the Guidance please see: Consultation Paper CP138


AnneMarie Whelan
Regulatory Consultant


Central Bank of Ireland Enforcement Action – J&E Davy fined €4,130,000 and reprimanded for regulatory breaches arising from personal account dealing.
March 2021

On the 1st of March 2021, the Central Bank reprimanded and fined J&E Davy €4,130,000.00 for four breaches of the European Communities (Markets in Financial Instruments) Regulations 2007 (the MiFID Regulations) that occurred between July 2014 and May 2016.

The Central Bank’s investigation centred on a transaction which was concluded by a group of 16 Davy employees in a personal capacity with a Davy client. Among the 16 Davy employees was a group of senior executives. In permitting the transaction Davy prioritised the opportunity for its employees to make a personal financial gain ahead of their regulatory obligations in the areas of conflicts of interest and personal account dealing.

Failings were found in the following areas:

  1. Conflict of Interest identification and management.
  2. Personal account dealing framework.
  3. Ensuring the compliance function can discharge its role properly.

The Central Bank’s Director of Enforcement and Anti-Money Laundering, Seána Cunningham said: “This case serves as an important reminder that conflicts of interest are an inherent risk to all regulated entities. When not properly managed, they pose a risk to investors and diminish market integrity. Where investment firms permit employees to engage in personal account dealing - i.e., to trade for themselves rather than for a client – the risk of conflicts of interest arising is heightened.”

The National Treasury Management Agency, (NTMA), revoked the appointment of Davy Stockbrokers as a primary dealer in government bonds.

On the 9th of March, Director General, Financial Conduct, Derville Rowland addressed the Joint Oireachtas Committee on Finance, Public Expenditure and Reform. In her speech Ms. Rowland made reference to a number of issues including Covid 19, business interruption insurance and the Davy reprimand and fine and said “Robust enforcement action is a critical component of our work to protect consumers and investors. It is a key part of the regulatory and supervisory toolkit. Enforcement action supports and runs alongside other supervisory interventions to help drive the remediation of risks and issues in the governance, risk management and control frameworks of the firms we supervise.”

Given this enforcement action is against the regulated entity, but the actions involved were clearly perpetrated by individual staff members, a lot of people will be wondering if there will be any personal accountability. Derville Rowland did confirm to the Oireachtas Finance Committee her office had had "tentative engagement" with An Garda Socháina and the Office of the Director of Corporate Enforcement (ODCE) over its Davy investigation but it remains to be seen if further action will be taken by any enforcement body. What has become clear is that the full capabilities of the CBI’s regulatory ‘toolkit’ are being tested and delays on introducing a SEAR type regime may be hindering their efforts.

The fallout:

Following the enforcement action, 3 senior members of the Davy management team have resigned their positions - CEO Brian McKiernan, deputy chairman Kyran McLoughlin and head of bonds Barry Nangle.

The firm was placed up for sale on the 11th March with speculation that Bank of Ireland could be set to reacquire the firm – AIB having just confirmed on 2nd March that it had agreed to buy Goodbody. The whole case has raised further questions around implications for the entire stockbroking market in Ireland.

Most recently an international professional services firm, Alvarez & Marsal, has been appointed by Davy to examine staff trading over the past seven years as part of a review of matters arising from the Central Bank action.

There is no doubt that the effects of the settlement action and the ongoing investigations will be felt for some time to come. The events that gave rise to the enforcement action will remind many of actions taken during the last financial crises. The Central Bank in its action has reiterated the importance of regulated financial service providers putting customers interests before their own.


AnneMarie Whelan
Regulatory Consultant
Central Bank of Ireland Enforcement Action – Keystone Insurance Limited
February 2021

On the 26th January 2021, the Central Bank reprimanded and fined Keystone Insurance Limited €41,385 for six breaches of the Consumer Protection Code from 2012 to 2017.

Keystone is a retail intermediary that operates in the commercial insurance market and is regulated under the European Union (Insurance Distribution) Regulations 2018.

The breaches included:

  • Overcharging: Customers were charged for placing insurance, processing mid-term adjustments and processing cancellations of insurance policies, in excess of the maximum fees allowed to be charged under Keystone’s Terms of Business.  62 customers were overcharged a total of €9,964.36 over a five-year period. These customers have been fully reimbursed by Keystone. 
  • Provision of unclear communications to customers: Out of 265 invoices reviewed, the Central Bank found that communication of applicable fees in 190 cases was unclear, in that the firm failed to bring fees to the attention of the customers. The information was on the invoices in small print at the bottom of the invoices.
  • Failure to have adequate systems and controls: There were inadequate systems and controls in place to facilitate Keystone meeting its regulatory obligations on communications.  

An aggravating factor in the investigation was that Keystone provided the Central Bank with incomplete and unclear responses to requests for information.  

Seána Cunningham, The Central Bank’s Director of Enforcement and Anti-Money Laundering said:

“The Central Bank expects that all regulated firms should have adequate processes, systems and controls in place to ensure compliance with the Code, ensure staff are trained on the Code’s provisions, regularly check that they are in compliance with the Code and ensure that any failures that may occur are identified and rectified early”. 

Click HERE to view the notice.


By Eilish Larkin
Compliance Consultant
SFDR – The three European Supervisory Authorities publish Final Report and Draft Regulatory Technical Standards (RTS) on the disclosures required.
February 2021

The Sustainable Finance Disclosure Regulation (SFDR) comes into effect on 10th March 2021. It aims to provide greater transparency on sustainability related disclosures.

In our January newsletter we noted that the Department of Finance was seeking submissions from interested parties in relation to the exercise of the national discretion in Article 17 of Regulation (EU) 2019/2088. Member States are given discretion as to whether to exempt financial advisers which employ fewer than three persons or to apply the Regulation to these entities.

The regulation applies to financial products listed below and extends to their product manufacturers and their financial advisers who are located in the EU:
  • Portfolio managed by credit institutions or investment firms.
  • Alternative investment funds (AIFs) and UCITs
  • Insurance-based investment products (IBIPs)
  • Pension products, Workplace pensions products regulated under the IORP directive and PEPP.

The final report and draft RTS will provide welcome guidance to many in advance of next week’s deadline.

See HERE for more information.


Eilish Larkin
Compliance Consultant
CP136 Consultation on Enhancing our Engagement with Stakeholders
February 2021

This paper invites submissions from parties by 11th of May 2021 in relation to how the Central Bank of Ireland can enhance the methods by which it engages with its stakeholders.

The Central Bank would like to increase their transparency with stakeholders and to build a listening organisation. The paper notes “COVID-19 has created some new opportunities to reach out to business and community representatives across the country, to meet the Central Bank’s stated aim of ensuring its relevance to and engagement with individuals and organisations based throughout Ireland.”

Who are the stakeholders? They include: the government, other state agencies, the European Supervisory authorities, civil society, consumer representatives, regulated firms, industry representative groups and business representatives.

The are 4 proposals in the paper:
  1. To build on existing arrangements (Civil Society Roundtable and Consumer Advisory Group) and improve engagement with consumers and users of financial services.
  2. Formalise the existing industry roundtables by hosting a senior level, cross-sectoral industry stakeholder forum.
  3. Provide an opportunity for the Central Bank to engage with industry, civil society, consumer, and business representatives at the same time, it is proposed that the Central Bank will host a public Financial System Conference in 2022.
  4. To enhance our engagement with business and “real economy” representatives.
Each proposal together with a list of questions and details on how to make a submission can be found by clicking HERE.


By Eilish Larkin
Compliance Consultant
Swedish Privacy Authority finds Police unlawfully used facial recognition app.
February 2021

The Swedish Authority for Privacy Protection (IMY) launched an investigation when reports appeared in the media that the Swedish Police Authority had used a facial recognition app.

A fine of SEK 2,500,000 (Approx. €250,000.00) was imposed and the police must conduct further training and education of employees to ensure that personal data is not processed in breach of data protection rules and regulations.

The IMY found that the police had not satisfied its obligations as a data controller with regards to the use of Clearview AI and that they failed to demonstrate that the processing of data was in line with the Criminal Data Act.

Click HERE to read the full article.



By Eilish Larkin
Compliance Consultant
Anti-Money Laundering Compliance Unit (AMLCU) Department of Justice - Annual report published on 9th February 2021.
February 2021

The 2019 annual report was prepared by the Anti-Money Laundering Compliance Unit (AMLCU) of the Department of Justice under section 65 of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 as amended. 

The AMLCU is responsible for supervising those designated persons that are not subject to supervision by another competent authority. The AMLCU supervises:

  • Dealers in High Value Goods,
  • Trust or Company Service Providers (TCSPs) not otherwise supervised by the Central Bank or prescribed accounting bodies;
  • Notaries,
  • Tax Advisors and External Accountants (not within the remit of prescribed accountancy bodies),
  • Private Members’ Clubs and
  • Gambling service providers (Tote, online gambling, retail gambling)
474 onsite inspections were carried out in 2019 by the AMLCU.

The AMLCU can issue directions to comply to Designated Persons and they can make Competent Authority Reports (CARs) to the Financial Intelligence Unit within An Garda Síochána and to the Revenue Commissioners. In 2019 the AMLCU issued 22 directions to High Value Goods Dealers and submitted 321 CARs to FIU Ireland on GoAML (online reporting system) and copied them to Revenue.

The report provides detailed information on the approach the Department of Justice takes and, on their efforts, to engage with the relevant Designated Persons.

Click HERE for the full report.



By Eilish Larkin
Compliance Consultant
5AMLD Legislation progressing through the Seanad. Transposition imminent.
February 2021

5th EU Directive key changes:

  • Crypto currencies/virtual currencies and Letting Agents obliged entities
  • Traders in art (galleries and auction houses) obliged entities for transactions over €10,000
  • Greater powers for Financial Intelligence Units: transparency of financial transactions
  • Centralised Beneficial Ownership Registers interconnected
  • Clarification of PEPs: Member states to produce official lists

For more information on the changes the transposing bill will bring please click HERE to see previous articles from RegSol.


By Eilish Larkin
Regulatory Consultant


European Securities and Markets Authority issued a reminder to firms on the MiFID II reverse solicitation rules
January 2021

ESMA issued the reminder on discovering some attempts by firms to avoid the MiFID rules and the protections they offer. As per Article 42 of MiFID II, where a retail client or professional client, established or situated in the Union initiates at its own exclusive initiative the provision of an investment service or activity by a third-country firm, the third country firm is not subject to the requirements under Article 39 of MiFID II.

ESMA has previously provided guidance to firms on the application of the MiFID II in these situations and outlined how the concept of a client initiating “at its own exclusive initiative the provision of an investment service or activity by a third-country firm” included in Article 42 of MiFID II should be applied.

The statement noted in particular:
  • “the provision of investment services in the EU without proper authorisation in accordance with the EU and the national law applicable in Member States exposes service providers to the risk of administrative or criminal proceedings, for the application of relevant sanctions,
  • when using the services of investment service providers which are not properly authorised in accordance with EU and Member States’ law, investors may lose protections granted to them under EU relevant rules, including coverage under the investor compensation schemes in accordance with Directive 97/9/EC.”

For the full statement see:

ESMA Reminds Firms of the MiFID II rules on Reverse Solicitation

(europa.eu)




By: Eilish Larkin
CP135 – Consultation on Competent Authority Discretions in the Investment Firms Directive and the Investment Firms Regulation
January 2021

The consultation paper outlines the proposed approach the Central Bank of Ireland will take regarding provisions contained within the Investment Firms Directive (IFD) and the Investment Firms Regulation, in situations where the competent authority can or must exercise its discretion. This will apply to MiFID investment firms following the entry into force of the IFD/ IFR. The IFD and IFR were adopted by the Council of the EU on 23 October 2019 and were published in the Official Journal of the European Union on 5 December 2019 and entered into force on 25 December 2019. The IFD and the IFR are applicable from 26 June 2021.

As outlined in the consultation the aims of the new legislation are to:

  • ensure more proportionate rules and better supervision for all investment firms across capital, liquidity and other risk management requirements.
  • ensure a level-playing field between large and systemic financial institutions: investment firms that carry out bank-like activities and pose similar risks to credit institutions will be subject to the same rules and supervision as credit institutions.

Deadline for submissions is March 2021. For more information including a link to the full consultation paper see:

CP135 - Consultation on Competent Authority Discretions in the Investment Firms Directive and the Investment Firms Regulation




By: Eilish Larkin
Sustainability Related Disclosures and National Discretion regarding Article 17 of Regulation (EU) 2019/2088
January 2021

Should financial advisers who employ less than 3 people be exempt from these? Have your say by 29th of Jan 2021.

In December 2019 the Introduction Regulation (EU) 2019/2088 on Sustainability-related Disclosures in the Financial Sector (“SFDR” or “SF Disclosures Regulation”), came into force. It was amended by the Regulation on the establishment of a framework to facilitate sustainable investment (Taxonomy Regulation). The SFDR will apply generally from 10 March 2021, with certain obligations taking effect later.

The scope of the SFDR is extremely broad. It covers a large range of financial products and “financial market participants” (FMPs). It applies to FMPs across all sectors – fund managers, pension providers, insurance-based investment product providers, MiFID investment firms and credit institutions.

The Regulation also applies to “financial advisers”, including certain insurance intermediaries and providers of investment advice. The SFDR introduces additional disclosure requirements and creates sustainability disclosure obligations for manufacturers of financial products and financial advisers toward end-investors.

The Department of Finance has invited interested parties to make submissions in relation to the exercise of the national discretion in Article 17 of Regulation (EU) 2019/2088. Member States are given discretion as to whether to exempt financial advisers which employ fewer than three persons or to apply the Regulation to these entities.

The consultation period will run to 5pm, 29th January 2021.

Public Consultation on the exercise of the national discretion in Article 17 of Regulation (EU) 2019/2088




By: Elish Larkin
Dear CEO Letter from CBI regarding low level of compliance with Anti-Money Laundering and Terrorist Financing obligations addressed to Schedule 2 firms
January 2021

On the 16th Dec 2020, the CBI published the results of their supervisory engagements with Schedule 2 firms regarding their obligations under the Criminal Justice Act 2010 as amended.

The results show an overall lack of compliance across all areas of the AML/CFT control framework. Poor understanding of the requirements from Board and senior management levels, including at those firms who outsourced their AML/CFT and FS activities to third parties were also noted.

A number of failings across Schedule 2 Firms, were identified:
  • Board Oversight and Governance - failure to demonstrate Boards had taken responsibility for the implementation and ongoing oversight of AML/CFT and FS in a number of firms.
  • Money Laundering/Terrorist Financing Risk Assessment - lack of ongoing and comprehensive assessment and documentation of ML/TF risks that are specific to each firm’s consumers and business activities.
  • Anti-Money Laundering/Counter Financing of Terrorism Policies and Procedures - failure to put in place and implement firm-specific AML/CFT and FS policies and procedures, and failure to review and update these on an ongoing basis.

Director of Enforcement & Anti-Money Laundering, Seána Cunningham said: “The Central Bank expects all firms to be alert to the risks that money laundering and criminal financial activities may pose to their customers and business, and the wider integrity of the Irish financial system.

This requires CEOs and Boards to have in-depth knowledge and understanding of their Anti-Money Laundering and Counter Financing of Terrorism obligations. It is also essential to have the necessary control framework in place to ensure protection of their business and customers.”

Schedule 2 firms were required to register with the Central Bank of Ireland under s.106 of the Criminal Justice (Money Laundering & Terrorist Financing) Act 2010 with effect from November 2018 in line with the transposition of the 4th EU AML Directive. It is noted that the current process of transposing the 5th EU AML Directive includes a similar requirement for Virtual Asset Service providers (virtual currency wallet holders, etc.) to register with the CBI so these firms should also take note.

Central Bank publishes “Dear CEO” letter to Schedule 2 firms on low level of compliance with Anti-Money Laundering and Counter Financing of Terrorism obligations




By: Judy de Castro
Anti-Money Laundering: Couple sentenced over Money Laundering
January 2021

A couple last month was sentenced at the Special Criminal Court for laundering almost €500,000 through five bank accounts over five years for the Kinahan Organised crime group.

A convicted drug dealer used two of his own bank accounts and three accounts belonging to his partner and the mother of his child. Through a search financial documentation showing the lodgements over a 5-year period indicated that 52 k was spent on airline tickets in three years. 

Both parties were in receipt of employment income or social welfare but lodged over 342k more than their legitimate income. 

This illustrates how vital obtaining information on the source of funds and wealth and undertaking transaction monitoring is for uncovering suspicious activity.

Couple sentenced over money laundering for Kinahans (rte.ie)


By: Judy de Castro
Data Protection Commission (DPC) Guidance on Transfers of Personal Data from Ireland to the UK at the end of the Transition Period (11pm 31st December 2020)
January 2021

The Data Protection Commission in Ireland issued the below update regarding the transfer of personal data from Ireland to the UK once Brexit came into effect.

In short, the transfers may continue for now. For the full text of the update see link below:

Guidance on Transfers of Personal Data from Ireland to the UK at the end of the Transition Period (11pm on 31 December 2020) | Data Protection Commissioner

By: Elish Larkin
Data Protection Commission (DPC) calls for submissions regarding data processing for children, deadline for submissions is 31.03.2021
January 2021

The Data Protection Commission (DPC) has drafted The Fundamentals for a Child-Oriented Approach to Data Processing. These have been drawn up to ensure there are improvements in standards of data processing regarding children’s data and introduce child-specific data protection interpretative principles.

There are also recommended measures that are designed to improve the level of protection afforded to children against the data processing risks. The Fundamentals have been informed by the output of the two-streamed public consultation which the DPC ran during the first half of 2019.

All interested parties have until 31st of March 2021 to make their submissions. Submissions may be made via email or post.

For full details see link:

Children Front and Centre: Fundamentals for a Child-Oriented Approach to Data Processing




By: Eilish Larkin
DPC’s €450K Fine on Twitter: Too little?
December 2020

The Data Protection Commission (DPC) has today announced a conclusion to a GDPR investigation it conducted into Twitter International Company. This decision put an end to an investigation dating back from January 2019 following the identification of a bug that meant that some private messages on twitter from android phone users could be publicly viewed. 

The DPC’s draft decision was the first to go through the GDPR’s dispute resolution process under Article 60 and the first Draft Decision in a big tech case on which all EU supervisory authorities were consulted. In accordance with Article 65(6), where a number of other European Supervisory authorities raise objections in relation to the Irish DPC’s draft decision, and the Irish DPC is of the opinion the objections are not relevant, the matter is referred to the European Data Protection Board (EDPB)’s consistency mechanism. 

The DPC’s final decision is then based on the EDPB’s and must be adopted without undue delay and at the latest by one month after the EDPB has notified its Decision to the DPC.

Background

Stemming from a breach notification from Twitter last year, the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC (within 72 hours) and a failure to adequately document the breach. The DPC has imposed an administrative fine of €450,000 on Twitter as “an effective, proportionate and dissuasive measure.”

Putting this into context, Twitter has 187 million daily users with a 6.48% share of the European Social Media market. Users document their thoughts in “tweets”, which at the time of writing, are limited to 280 characters in the English language. Twitter was recently found to be the 45th most visited website in the world. In terms of the Breach, Twitter informed the Commission that, as far as they can identify, between 5 September 2017 and 11 January 2019, 88,726 EU and EEA users were affected by this bug. 

Twitter confirmed that it dates the bug to 4 November 2014, but it also confirmed that they can only identify users affected from 5 September 2017. In this regard, it is possible that more users were impacted by the Breach. As such, the German, Austrian and Italian Supervisory Authorities would have expected the fine to be greater up to €22 million.

GDPR, which came into effect in May 2018, allows the DPC to fine companies up to 4% of their global turnover of the previous year or €20 million, whichever is greater, for contraventions of these regulations. Due regard is to be given to the nature, gravity and duration of the infringement.


Perhaps Max Schrems, a privacy activist who recently tweeted in response to Twitter’s fine, puts it best: “0.016% of their revenue, in other words, they need 1.5 hours to make that amount in revenue and pay the fine.” As for being a dissuasive and proportionate measure, the extent of this fine may certainly not act as a deterrent.

More information is available here: The European Data Protection Board has published the Article 65 decision and the final decision on its website HERE.

The DPC has published details on twitter available HERE

By Judy de Castro
CP133 - Consultation Paper on Enhancements to the Central Bank Client Asset Requirements as Contained in the Central Bank Investment Firms Regulations
December 2020

On the 3rd December 2020, the CBI opened a consultation and invited electronic submissions by email to INVFIRMSpolicy@centralbank.ie by 10 March 2021.

The key elements of the proposals include:

  • Extending the scope and application of the CAR to include credit institutions undertaking MiFID investment business;
  • Introducing new requirements regarding client disclosure and consent, including enhancements applicable to investment firms that have obtained client consent to the use of client financial instruments and investment firms providing prime brokerage services;
  • Introducing new CAR guidance to clarify the Central Bank’s expectations as to how client funds should be segregated;
  • Introducing new requirements, and placing some existing CAR guidance on a legislative footing, in relation to the performance of reconciliations and the treatment of client asset discrepancies and reconciliation differences, and shortfalls and excesses; and
  • Introducing new requirements and CAR guidance on the contents of the Client Asset Management Plan (the CAMP).

The proposed amended rues are fully set out and a 12 month implementation period is envisaged post-publication of any new rules.

The full Consultation Paper is available HERE.


By Judy de Castro
“Dear CEO letter” on Fitness and Probity
December 2020

A recent Central Bank review has found weaknesses regarding compliance with the Fitness and Probity regime (F&P Regime).

The F&P regime was introduced under the Central Bank Reform Act 2010. The regime protects consumers by requiring that persons who occupy senior functions within regulated firms meet the Central Bank of Ireland’s Fitness and Probity Standards. Under these standards people in senior positions are required to be competent and capable, ethical, act with integrity and be financially sound.

Some of the issues discovered include:

  • Level of awareness by Board members of their fitness and probity obligations was poor
  • Lack of due diligence being conducted regarding the outsourcing of Pre-Approval Controlled Functions/Controlled Functions
  • Lack of registers being kept of employees performing PCF or CF roles.

Deputy Governor Ed Sibley said: “The F&P Regime is a cornerstone of the regulatory framework in Ireland. The Central Bank will not authorise firms, and will not approve persons to perform senior functions in regulated firms, where they do not meet our Fitness and Probity Standards and further noted “It is wholly unacceptable that such shortcomings continue to exist in circumstances where the F&P Regime was introduced almost ten years ago. The Central Bank will continue to engage with firms to assess the robustness of their application of the F&P Regime and will initiate necessary supervisory responses to any weaknesses identified.”

For the full text of the CBI press release (which has a link to the Dear CEO letter) – see below:

Central Bank inspection finds weaknesses in firms’ compliance with Fitness & Probity Regime


By Judy de Castro
International Transfers of Personal Data to Third Countries: What to do
December 2020

The European Court of Justice had struck down the US Privacy Shield earlier this year, thereby making personal data transfers to the US and Non EEA countries under this agreement unlawful. This left another option open to transfer data internationally- the European Commission- Standard Contractual Clauses (“SCCs”). SCCs are standard sets of contractual terms and conditions which the sender and the receiver of the personal data both sign up to. They include contractual obligations which help to protect personal data when it leaves the EEA and the protection of GDPR. However, the ECJ ruled that use of the SCCs alone did not automatically ensure an adequate level of data protection for GDPR purposes and that “supplementary measures” may be required. This was a significant change and one that created confusion and concern for many companies, large and small. On November 10, 2020, the European Data Protection Board released its Recommendations to help manage the situation and we’ve outlined key points to help you navigate the document, a link is attached below:

  • First and foremost, identify whether you make international transfers of data, including any onward transfers. Records of processing (Article 30 GDPR records) can be useful to tracking where your data goes from automated storage and cloud providers to marketing tools.
  • Check where the data transfers go to. Check if there are third countries that you may send data to that are not deemed adequate by the European Commission and then identify the transfer mechanisms you are relying on to allow data to be transferred (SCCs or Binding Corporate Rules for example).
  • Assess whether the protections in place to transfer data internationally is effective. Companies must consider whether the controls they have in place provide an effective level of protection for personal data in practice, by establishing a level of protection in the third country that is essentially equivalent to that guaranteed in the EEA.
  • Adopt Supplementary Measures, where necessary. These measures can be contractual, technical or organizational in nature.

European Data Protection Board Recommendations Document


By: Judy de Castro