RegSol Blog


RegSol Blog Posts

Central Bank seeks to end IBAN discrimination
June 2022

The Central Bank of Ireland has written to, among others, all financial services providers in a bid to end IBAN discrimination and remind firms of their obligations under the Single European Payments Area initiative (SEPA).

This is in response to some firms continuing to refuse to accept non-Irish IBANs (international bank account numbers) - the standard identifier for all SEPA bank accounts - for payments.

The issue of IBAN discrimination has come to a head as hundreds of thousands of customers prepare to switch bank accounts, as KBC and Ulster Bank depart the Irish market. This is because some consumers may opt to switch to a bank that doesn't currently offer an Irish IBAN, such as Revolut.


What is IBAN discrimination?

IBAN discrimination is where a firm (or other entity) refuses to accept a consumer’s SEPA IBAN for euro payments or direct debits. An Irish firm cannot insist consumers open or maintain an Irish bank account for euro transfers.

IBAN discrimination is not permitted under the SEPA regulations.

The Central Bank is concerned that IBAN discrimination creates difficulties for Irish and European consumers and raises barriers to the proper functioning of the payment system.


What is SEPA?

SEPA allows consumers to make cashless euro payments such as direct debits and credit transfers to firms and individuals anywhere within the SEPA area using their IBAN.

So for example, an Irish person with an AIB account should be able to make payments quickly and easily in Germany without having to set up a German bank account, and a German with a German account should be able to do likewise here.

SEPA includes all 27 EU countries, the UK, and eight other European countries (Norway, Monaco, Switzerland, etc.).

It was fully implemented in 2014 in the euro area (and by 2016 in non-euro area SEPA countries).


Key takeaways:

  • Regulated firms cannot refuse to accept from consumers non-Irish IBANs from within SEPA.
  • IBAN discrimination is unlikely to impact many of RegSol’s clients. However, clients should be mindful of the Central Bank’s announcement particularly in light of the changing Irish banking scene where consumers will be turning to other banking services that may provide them with non-Irish IBANs. Accordingly, if the payment is legitimate (i.e. from an identified consumer) and within SEPA, the non-Irish IBAN should be accepted by firms.

If you are still in any way concerned as to how IBAN discrimination may affect your business, please feel free to contact us at info@regsol.ie
FSPO ‘Overview of Complaints 2021’
May 2022

The FSPO is an independent and impartial service provided for free to resolve complaints made by consumers in respect of regulated financial service providers and pension providers. Complaints made to the FSPO are resolved either through informal mediation or a formal investigation and adjudication process, which concludes with the issuing of a legally binding decision.

The FSPO recently published its report on the Overview of Complaints 2021 (the Report). The Report details the trends in the 4,658 complaints received by the FSPO and in particular, highlights the increase in complaints made to its office about poor customer service from financial service providers.

The Report notes that 23% of complaints made to the FSPO were complaints about poor customer service from financial services providers and further noted that a more responsive service from these providers could avoid the level of complaints from arising.


Insurance

After the banking sector, the second largest category of complaints related to insurance products. Complaints relating to this sector amounted to 27% of all complaints received by the FSPO in 2021. The Report notes that the two categories of insurance products most complained about in 2021 were Motor Insurance and Health, Accident and Dental insurance policies.

The top 5 insurance conducts complained of were as follows:

  • Claim handling – 26% (down from 27% in 2020)
  • Rejection of Claim – 25% (up from 10% in 2020)
  • Customer Service – 15% (up from 4% in 2020)
  • Maladministration – 8% (the same figure as 2019)
  • Refusal to give product/service – 7%

The Report acknowledged that COVID-19 related business interruption claims were exceptionally difficult for many businesses however the Report also noted that the success of the claim is dependent on the cover provided under the policy. The report highlighted the importance of the wording within each policy as this will be determinative of whether a business would be covered for business interruption claims or not. In some of the complaints received, full indemnity was provided, whereas in others, there was none.


Investments

Complaints in relation to investments were the third largest category of complaint received by the FSPO in 2021. Personal pension products represented the largest portion of these complaint types, at 35%, closely followed by online share dealing at 30% of all investment complaints.

The Report also notes the growing complexity of products (e.g. Crypto currency investments) making it increasingly difficult for some consumers to understand precisely who they are dealing with or who they are agreeing a contract with, when they are purchasing financial services or pension products


Outcome

Firms should ensure that they are meeting the highest levels of consumer protection standards, both in terms potential FSPO engagement and complying with the Central Bank of Ireland Consumer Protection Code 2012.

For any queries on how RegSol can support you in ensuring appropriate consumer protection measures and complaints handling procedures are in place in your entity, please contact us at info@regsol.ie



Useful links:
Overview of Complaints 2021 (fspo.ie)
Insurance Company ordered to pay out claim on home insurance policy
May 2022

On 19th May 2022, Llyod’s Insurance Company SA (Llyod’s) was ordered by the High Court to honour a claim on an insurance policy for damage to the roof of a family home.


FSPO decision

Llyod’s had appealed to the High Court against a decision of the Financial Services Ombudsman (FSPO) to uphold a complaint against it over its refusal to pay out on a couple’s claim.

The FSPO had found it was “unreasonable, unjust and improper” for Lloyd’s not to remediate the damage complained of. It therefore ordered the insurer to pay €20,000 to the couple as compensation for the inconvenience caused.


Facts of case

The complainants’ insurance policy covered against structural defects in the property and when issues arose, including pyrite-related damage and damage to the structure of the roof, Lloyd’s paid out over the pyrite, but it did not accept the damage to the roof trusses was covered by the policy.

The refusal was based on the insurer’s assertion that the trusses, which it accepted were structural, had been deflected due to the positioning of a water tank in the attic area which put pressure on them and led to cracking on ceilings and walls. Lloyd’s maintained this constituted damage caused “to” the structure, rather than “in” the structure, which it said placed it beyond the policy remit.


High Court

The High Court noted the high threshold that must be met to set aside decisions of the FSPO in that the court must be satisfied the FSPO made a “serious and significant error” in reaching its conclusions.

Lloyd’s argued the FSPO was, in fact, guilty of serious and significant error in how it interpreted the word “structure” in the policy.

The FSPO however stood over its decision, saying the defect in the trusses, a load bearing part of the roof, comes within the policy definition of structure. The roofing structure, it said, is intended to hold water tanks and should be designed and constructed to carry out that purpose.

Ultimately, the High Court found there was “ample evidence” to conclude the identified defect came within the insurance policy terms. The court decided that a reasonable person interpreting the contract would expect the roof trusses to have been designed and constructed in a way that rendered them fit to bear a water tank load “or at least [...] the ombudsman was entitled to take this view”.

The court was also satisfied with the level of compensation of €20,000 granted by the FSPO to the couple was reasonable.

You can read the full details of the case here:

Llyod's Insurance Company v FSPO (courts.ie)
GDPR is 4 years old!!
May 2022

25th May 2022 marks the fourth anniversary since the General Data Protection Regulation (EU) 2016/679) (GDPR) became law in Ireland and across Europe. This fundamental piece of legislation has dramatically changed the data protection landscape by applying to all organisations that process personal data to comply with the right to data protection.


Data Protection Commissioner (DPC)

In February 2022, the DPC published their annual report (here). Of note to our SME clients is data subject access requests were the most common category of complaint handled by the DPC.

The DPC noted that individuals when requesting access to their data had communicated with the data controller but either did not receive an acknowledgement/response to their request or was dissatisfied with the response issued and as a result, lodged a complaint with the DPC.

On its investigation of these complaints the DPC found that it often transpires that the data controller has either:

(a) not performed an adequate search for the personal data,

(b) has not advised the individual they are withholding data and the exemption they are relying on for same, or

(c) will not respond within the required timeframe to the access request.


The report highlights the need for our clients to have adequate response procedures in place to be in a position to deal with access requests on a timely basis and avoid complaints of this nature arising in the first instance.


The Office of the Ombudsman (Ombudsman)

As many of you will be aware, the Ombudsman examines complaints from people who feel they have been unfairly treated by certain public bodies, for example, government departments, local authorities, the HSE and publicly funded third level education bodies.

With regard to the Ombudsman’s data protection obligations, the Data Protection Act 2018 (Section 60(6)) (Office of the Ombudsman) Regulations 2022 [S.I. No. 221 of 2022] (the Regulations) have been recently published.

The Regulations provide for restrictions on the rights of data subjects for the purposes of the Ombudsman being able to perform certain functions (e.g. the investigation of a complaint against a public body) while also not prejudicing that data subject’s right to data protection conferred by GDPR that may result from such a restriction.

The Ombudsman however is obliged under the Regulations to ensure that any measure used to restrict the rights of a data subject must be of limited scope and applied in a strictly necessary, proportionate and specific manner.

To keep up to date with all the latest developments in this area, please see our list of upcoming training dates here:

RegSol - Public Training Courses
New Central Bank authorisation requirements for Hire-Purchase, PCP, Consumer Hire and Indirect Credit Providers and Services
May 2022

From 16th May 2022, firms providing hire purchase, PCP, consumer hire, indirect credit (e.g. buy-now-pay-later (BNPL) products and services are required to be authorised by the Central Bank of Ireland (CBI).

Firms providing these services will be required to seek authorisation as a Retail Credit Firm (RCF) or as a Credit Servicing Firm (CSF) as appropriate, though firms already operating in the market will be given time to transition.

The new authorisation framework for RCF/CSF follows the enactment of the Consumer Protection (Regulation of Retail Credit and Credit Servicing Firms) Act 2022 (the Act) which requires:

  • Any person carrying on a business of offering hire purchase products or consumer-hire products to consumers, and any other person providing credit directly or indirectly to consumers, to be authorised by the CBI as a RCF (if not already subject to CBI authorisation); and
  • Any person who services such products to be authorised by the CBI as a CSF.

The Act also introduces an interest rate cap of 23% APR on all credit agreements provided to consumers (other than money lending agreements which have a separate regulatory framework). The Act also ensures that all retail credit firms must comply with Section 149 of the Consumer Credit Act 1995 and notify the CBI if they wish to introduce any new charges or increase any charge that has been previously notified to the CBI.


CBI Codes

The Act also enables the CBI to enhance the new authorisation requirements through new rules contained in the Consumer Protection Code 2012, the Minimum Competency Code 2017, and the Minimum Competency Regulations 2017 to ensure consumers are protected by the CBI’s consumer protection framework.


Changes to Consumer Protection Code 2012 (the “CPC”)

A new addendum amending the CPC requires regulated firms to assess the suitability of the product for the consumer and the ability of the borrower to repay the debt over the duration of the credit agreement, to such firms.

The CPC is also amended to include definitions of “BNPL agreement”, “consumer-hire agreement” and “hire-purchase agreement”, as well as other amendments inserted under the Headings of the CPC’s Scope, General Principles and Advertising rules.

The new changes to the CPC are effective from 16th July 2022.


Changes to Minimum Competency Code 2017 (the “MCC”)

The MCC has also been amended by way of an addendum bringing the newly regulated activities within its scope whereby the CBI expects RCF/CSF firms and their staff to meet the necessary minimum competency standards as soon as possible following commencement of the new Act (but no later than four years post-commencement).

These transitional arrangements are also set out by the insertion of Regulation 16A in the Minimum Competency Regulations 2017 i.e. the Central Bank (Supervision and Enforcement) Act 2013 (Section 48) (Minimum Competency) (Amendment) Regulations 2022 [S.I. No. 234 of 2022].


Transitional Arrangements

RCF/CSF staff are required to meet minimum professional standards (e.g. holding recognised qualifications) and places obligations on the regulated entity, such as agreeing a plan for obtaining a relevant recognised qualification with the person availing of the transitional arrangements and monitoring compliance with those conditions, to ensure all necessary competency standards are met.

For instance, such firms will be required to ensure that a person exercising a controlled function in relation to a new RCF/CSF activity who does not hold a recognised qualification in respect of that function, obtains same by 16th May 2026.


Conclusion

All firms seeking authorisation as a RCF/CSF will be required to demonstrate to the CBI that they are in a position to meet the CBI’s authorisation and standards prior to an authorisation being granted and its supervisory requirements on an on-going basis thereafter.

Do not hesitate to contact RegSol if you are in any doubt whether the activities of your firm fall within the scope of the legislation or compliance with the CBI’s authorisation requirements. Furthermore, we can draft policies and procedures documents to ensure all applicable amendments to the CBI Codes are up-to-date and tailored specifically to your business.

We can be contacted at info@regsol.ie

Useful Links:

Consumer Protection (Regulation of Retail Credit and Credit Servicing Firms) Act 2022 (irishstatutebook.ie)
Consumer Protection Code 2012 Addendum May 2022 (centralbank.ie)
Minimum Competency Code 2017 Addendum May 2022 (centralbank.ie)
Minimum Competency Regulations 2017 (Regulation 16A)

EU Financial Sanctions Regime in Relation to Russia
May 2022

The invasion of Ukraine by Russia has been a human tragedy for the people of Ukraine. It has been shocking and unsettling to see war return to the European continent and brought further uncertainty for the global economy as we exit from the Covid-19 pandemic.

Global developments have brought to the fore the importance of identifying and addressing geopolitical risks for businesses, one of which is restrictive economic measures (“sanctions”) introduced by the EU and other significant trading countries (e.g. US) as an alternative to taking military action.

In the case of the invasion of Ukraine, both the EU and US (and other jurisdictions) have taken significant steps to impose financial sanctions against named individuals and entities connected to Russia.

Financial sanctions are legally binding measures that can be taken against individuals, entities or bodies (the subject), the objective of which is to bring about a change of policy and/or behaviour by the subject. Financial sanctions can emanate from the European Union (through EU Council Regulations and further implemented in Irish Law through statutory instruments) or the United Nations. In general, once a subject has been placed on one of these sanction lists, there is a legal obligation not to transfer funds or to make funds or economic resources available, directly or indirectly, to that subject.

In 2014, the EU originally introduced sanctions in response to Russia’s illegal annexation of Crimea (Council Regulation (EU) No. 833/2014). The regulation has subsequently been amended as significant expansions were made to the sanctions regime since late February when Russia recognised the regions of Donetsk and Luhansk as independent republics and regular additions were made to the list of named Russian individuals and/entities.

While all natural and legal persons in Ireland are obliged to comply with sanctions under EU Regulations as soon as they are adopted, the Central Bank of Ireland (the “CBI”) is responsible for ensuring that regulated entities operating in the financial services sphere in Ireland also comply with financial sanctions.

The CBI also provides frequent financial sanctions updates on its website and this month it communicated EU amendments to the Sanctions Lists on 21st April 2022, 19th April 2022, 13th April 2022 and 8th April 2022.

The CBI also provides guidance to regulated firms regarding international financial sanctions as follows: 
  1. Firms are required to continuously monitor both the European Union Consolidated Financial Sanctions List and the Consolidated UN Security Council Sanctions List to ensure that financial services are not provided to a sanctioned subject.
  2. In the event that a transaction occurs in which there is a breach or suspected breach of sanctions, described as a “hit” by the CBI, a firm must immediately freeze the account(s) and/or stop the transaction(s) and report the "hit" to the CBI using a Sanctions Return Form, available on the CBI website. Before submitting the report to the CBI, firms should take reasonable steps to ensure that the subject identified is the same subject as that listed in the relevant sanctions list.
Due to the unprecedented speed of the issuance of sanctions since the start of the Ukrainian conflict, affected firms should ensure they are aware of the updated position to remain compliant with the continuous developments in this area. Review and/or assurance testing of existing sanctions screening processes is also highly recommended at this point in time.

For further information on international financial sanctions and updates to the EU restrictive measures (sanctions) and UN sanctions lists, see link below to the CBI website:

International Financial Sanctions | Central Bank of Ireland
Data Protection Commission publishes Annual Report for 2021
May 2022

On 24th February, the Data Protection Commission(the “DPC”) published their annual report (here). It details the activities completed in 2021 together with information on the DPC’s Regulatory Strategy for 2022-2027. As with prior reports, there is detailed information on the number of issues they dealt with and details of specific case studies.

In that regard, the PDC noted the most frequent complaints received by individuals included:

Access requests: The DPC noted individual had communicated with the data controller but either did not receive an acknowledgement/response to their request or was dissatisfied with the response issued and as a result lodge a complaint with the DPC.

The DPC found that on investigating these complaints, it often transpires that the data controller has either (a) not performed an adequate search for the personal data (b) has not advised the individual they are withholding data and the exemption they are relying on for same, or (c) will not respond within the required timeframe to the access request.

Cookies Investigations: throughout 2021 the DPC carried out cookies investigations, examining a significant number of websites to assess compliance with the relevant legislation where consent must be obtained for placing any information on a user’s device, or accessing information already stored on their device.

Issues highlighted by the DPC on foot of their investigations included the setting of tracking and advertising cookies without consent, the use of cookie banners that obscured the text of the cookies and privacy notices on websites, and the use of pre-ticked boxes or toggles to signal consent for cookies.

Such continued complaints emphasise the need by intermediaries as Data Controllers to comply with the data protection legislation in a competent and timely manner, particularly in circumstances where individuals are alive to their rights and will seek to enforce them.

Furthermore, the DPC confirmed that investigations and enforcement will continue to be a key element of its activities in 2022 and in the coming years. The DPC however intends to publish more guidance including more regular case studies of issues it has decided and work to support Data Protection Officers in their critical on-the-ground roles within organisations

The DPC also referred to pending pieces of legislation at an EU level, the NIS2 Directive, the Digital Markets Act, the Digital Services Act, the E-Privacy Regulation, the Artificial intelligence Act, and the Data Governance Act, highlighting the ever-evolving nature of data protection.

To keep up to speed with all the latest developments in this area, our Data Protection Full Day webinar takes places on Thursday 26th May 2022. To sign up, please go to the link below:

Data Protection Full Day (2 Half Day Sessions) Tickets, Thu 26 May 2022 at 09:30 | Eventbrite
Insure4Less Teoranta t/a Kerry Insurance Group reprimanded and fined €8,400 by the Central Bank of Ireland for breaches of fitness and probity pre-approval requirements
May 2022

On 1st March 2022, Central Bank reprimanded and imposed a fine of €8,400 on the retail intermediary Insure4Less Teoranta t/a Kerry Insurance Group for breaches of fitness and probity pre-approval requirements.

The firm had breached three of its obligations when it failed to get pre-approval from the CBI for three directors who were appointed in January of 2018. Applications for the approvals were, in fact, only submitted in February of the following year. The CBI only discovered that the appointments had taken place in January of 2020, on foot of its own enquiries. the CBI found that the firm in question failed to obtain the CBI’s prior approval before appointing three individuals to pre-approval controlled function (“PCF”) roles.

The CBI has since approved three individuals for roles in the firm and the CBI confirmed it had now remediated the failings.

For further details of the action, see RegSol article:

Central Bank of Ireland Enforcement Action – Insure4Less Teoranta t/a Kerry Insurance Group fined €8,400.00 and reprimanded for breaches of fitness and probity (“F&P”)
BNY Mellon Fund Services (Ireland) DAC fined €10,780,000 and reprimanded by the Central Bank of Ireland for regulatory breaches relating to outsourcing
May 2022

On 22nd March the Central Bank of Ireland (the “CBI”) imposed one of its largest financial penalties to date fining BNY Mellon Fund Services (Ireland) DAC €10.78m for 16 regulatory breaches relating to the outsourcing of its fund administration activities.

An aggravating factor that led to the large fine was BNY Mellon’s failure to remediate these conduct breaches after they were identified ultimately leading to the CBI imposing a higher penalty.

The case highlights the importance of early engagement with the CBI and taking remedial action as soon as possible after the discovery of a breach. At the outset, firms should fully co-operate with the CBI’s investigations and ensure procedures are in place to minimise the likelihood of re-occurrence. Such active engagement should assist in reducing a firm’s exposure to a fine or sanction being imposed by the CBI and limiting any reputational damage caused.

For full details of the case, see RegSol article:

Central Bank of Ireland Enforcement Action – BNY Mellon Fund Services (Ireland) DAC fined €10,780,000 and reprimanded for breaches relating to outsourcing

New Regulations regarding Pre-Approved Control Functions (PCFs)
May 2022

On 5th April, the Central Bank of Ireland (the “CBI”) published the Central Bank Reform Act 2010 (Sections 20 and 22) (Amendment) Regulations 2022 amending its list of PCFs by creating, removing and reclassifying certain roles on the list.

One change that is likely to be of interest to our clients is the separation of PCF-2 role into PCF-2A and PCF-2B.

The change involves splitting the PCF-2 role into two roles, (i) PCF-2A for the role of non-executive director and (ii) PCF-2B introducing the newly specified role of independent non-executive director (“INED”).

All individuals currently performing the PCF-2 role will automatically be re-designated as a PCF-2A.

Where an individual performing the PCF-2 role is considered independent, the firm will be required to notify the CBI of the designation as PCF-2B by 3rd June 2022.

For those individuals who were in-situ in the PCF2B role as at 5th April 2022, according to a recently published Guidance (Guidance on PCF In-Situ Return 2022 (centralbank.ie)), firms can notify the CBI via the ‘PCF In-Situ Return – 2022 Regulations’ return (the PCF In-Situ Return) by 30th June 2022 as follows:
  • Complete a “PCF In-Situ Return File”, which has been provided by the Central Bank;
  • Upload the file to the Central Bank’s Online Reporting (ONR) System under the ‘PCF In-Situ Return – 2022 Regulations’ option;
  • Provide confirmation that the information is correct selecting the tick box and stating the necessary due diligence has been performed; and
  • Submit the file and confirmation to the CBI via the ONR System.
For more information regarding the changes to the other PCF roles, see the link below to RegSol’s article:

New Regulations regarding Pre-Approved Control Functions (PCFs)
Central Bank Differential Pricing Regulations
May 2022

The Central Bank’s (the “CBI”) ban on differential pricing in the home and private motor insurance will take effect with the implementation of the Central Bank (Supervision and Enforcement) Act 2013 (Section 48(1)) (Insurance Requirements) Regulations 2022 (the Regulations), on 1st July 2022.

Differential pricing is the practice of charging customers different premiums for reasons other than risk and cost of service. After a comprehensive review conducted by the CBI into the practice, the Regulations introduce key requirements for insurance undertakings and insurance intermediaries when selling motor and home insurance policies to consumers as follows:

  • Price walking: a ban on the practice known as “price walking” in motor and home insurance is effective from 1st July 2022. From that date, insurance undertakings and insurance intermediaries will not be permitted to charge consumers, who are on their second or subsequent renewal of a home or motor insurance policy, a premium higher than they would charge equivalent year one renewal consumers. However, it should be noted that to support competition and switching, new customer discounts will be allowed.
  • Pricing practices and processes: insurance undertakings and insurance intermediaries must carry out an annual review of their home and motor insurance pricing policies and processes to ensure sound practices. Such reviews should confirm that they do not systematically discriminate against consumers based on tenure or systematically exceed the price charged to first time renewal consumers in respect of renewals for longer tenure consumers. A written record of the review is to be maintained and actions taken to review any deficiencies identified.
  • Auto-renewal: from 1st October 2022, insurance undertakings and insurance intermediaries must allow consumers to cancel auto-renewals of non-life insurance policies free of charge at any time during the duration of the policy and inform consumers of that right. This includes written consumer consent for the automatic renewal of insurance contracts.
The CBI also intends to address specific additional problems in relation to complaints resolution, vulnerable customers and customer transparency as part of the overall review of the Consumer Protection Code (“CPC”) due to concerns that firms are not classifying, categorising and recording complaints appropriately. A consultation on the CPC review is expected to be launched in Q4 of this year.

Firms impacted by the above requirements should ensure they familiarise themselves with the Regulations to ensure non-life policy documentation provided to it by an insurance undertaking or intermediary accurately reflects the new position.

Feel free to contact RegSol at info@regsol.ie to discuss any aspect of the Regulations which may impact your firm’s practices and processes.
Central Bank issues Consumer Protection Outlook Report 2022
May 2022

On 14 March 2022, the Central Bank of Ireland (the “CBI”) published its Consumer Protection Outlook Report (HERE). 

This report highlighted five Key Cross Sectoral Risks facing consumers of financial services as follows:

  1. Poor business practices and weak business processes;
  2. Ineffective disclosures to consumers;
  3. The changing operational landscape;
  4. Technology-driven risks to consumer protection; and
  5. The impact of shifting business models.
To mitigate those risks, the CBI expects regulated firms to:

  • Put in place robust product governance and oversight arrangements covering the design, sale and delivery of the product
Firms should be mindful that poor business practices can result in the sale of products with features, charges and risks that do not suit the needs of the consumers who purchase them. For example, the CBI has banned the widespread use of differential pricing in the motor and home insurance markets which led to consumers being charged for their loyalty thereby not necessarily representing the best long-term value for the consumer.
See our article on the New Differential Pricing Regulations HERE.
  • Provide clear information in a timely manner to consumers, disclosing the key information upfront (i.e. risks and benefits, fees and costs)
Firms should ensure that statements of suitability and other disclosures to financial products provided to consumers, both in digital formats and by more traditional communications, are fully compliant with legislative requirements to ensure that consumers are supported in making good decisions about the products.
  • Actively identify and address risks to consumers that may potentially emerge from changes in the landscape within which the firm and/or its consumers are operating
Due to the current low deposit interest rate environment, consumers seeking higher returns on their investments are being offered increasingly complex products, the level of capital protection and risk associated of which may not be fully understood by them. This may make it more difficult for consumers to identify what services and products are, and are not, regulated and who is ultimately providing the financial service in question. The CBI therefore expects firms to clearly define for the consumer between regulated and unregulated products, especially products carrying special risks such as virtual assets.
  • Have comprehensive IT & cybersecurity risk management frameworks to achieve resilience and protect the interests of consumers
Firms must ensure consumers’ needs and interests are to the fore in its considerations when designing and providing financial products digitally and that the product will only be provided to consumers for whom it is suitable. Have effective measures to mitigate the risk of fraud and scams.
  • Proactively assess the risks and consumer impact a commercial decision may pose to new and existing customers, and develop comprehensive action plans to mitigate these risks whilst ensuring that customers understand what changes mean for them.
Although, now more than ever, financial services are being delivered digitally thereby reducing in-person customer service, it is important that consumers can access timely and customer-focused service, including where a consumer needs, or is best served, by an in-person (or virtual) engagement with the firm.
If you require any further information or advice as to how the Report may impact your consumer practices and procedures, do not hesitate to contact us at info@regsol.ie
Implementation of Central Bank’s Outsourcing Guidance
May 2022

In December 2021, the Central Bank of Ireland (the “CBI”) published its Cross Industry Guidance on Outsourcing (the “Guidance”). The Guidance applies on 17th December 2021 to all regulated firms which use outsourcing as part of their business model.

It is accompanied by the CBI’s Feedback Statement providing commentary on industry views and explaining changes made to the Guidance. The Guidance is being introduced to supplement existing sectoral legislation, regulations and guidelines on outsourcing, by setting out the CBI’s expectations of good practice for the effective management of outsourcing risk

The Guidance is intended to assist regulated firms in developing their outsourcing risk management framework to effectively identify, monitor and manage their outsourcing risks. It is applicable proportionately, based on the nature, scale and complexity of each firm's business model and degree to which it engages in outsourcing.

The extent of measures applied should also be informed by the regulated firm’s assessment of whether the outsourced service or activity is deemed critical or important, except where it is highlighted that the requirements should take account of all outsourcing arrangements.

The CBI acknowledges that all measures of the Guidance may not be appropriate for smaller, less complex regulated firms to adopt in full. In those instances, the CBI confirms such firms may decide to adopt different practices to those covered in the Guidance although they must still ensure compliance with the relevant sectoral legislation, regulation and guidelines. Such firms are also expected to be in a position to explain the reason, upon request, for proceeding as they have done to the CBI. The firms must be able to clearly evidence the rationale for their approach and that the approach has been considered and approved by the board or equivalent.

The following are some of the key factors which should be considered when developing frameworks to manage outsourcing risks:

  • Principle of Proportionality: Firms will need to assess and analyse the Guidance with a view to implementing same within their outsourcing frameworks in a proportionate manner.
  • Strategy & Policy for Outsourcing: Firms should document their outsourcing policy in its business strategy, business model, risk appetite and risk management framework.
  • Sensitive Data Risk: To prevent data breaches or unauthorised disclosure of customer, employee or commercially sensitive data, firms need to implement appropriate measures for the storage, management, retention and destruction of this data and to set out these measures in the firm’s outsourcing policy and agreements governing outsourcing arrangements.
  • Sub-outsourcing: Firms must be aware of and have appropriate governance and risk management arrangements in place in respect of sub-outsourcing, especially if same are spread across different physical and geographical locations. Firms should determine their appetite for sub-outsourcing as part of their outsourcing policy and actively manage the associated risks via their contractual arrangements and monitoring and oversight mechanisms.
  • Board Oversight: The responsibility and accountability for effective oversight for all outsourced regulated activities ultimately rests with the board and senior management.
The Guidance also outlines other key aspects such as Disaster Recovery, Business Continuity Management & Exit Strategies, Audit and Access Rights and Concentration Risk, which firms should consider when it comes to their outsourcing activities.

The CBI intends that all firms whose PRISM Impact Rating is Medium Low or above will submit their outsourcing register via a new Online Return on an annual basis. The timing of the first submission is planned for Q2 2022. Low Impact firms may also be asked to submit their outsourcing register on a case-by-case basis by their supervisor.

Outsourcing is a key strategic area of focus for the CBI therefore firms must be aware of and implement the requirements of the Guidance on a proportionate basis when engaging with OSPs. A failure to have effect governance and risk management processes in relation to outsourcing has resulted in a recent CBI enforcement action and a large fine being imposed – see BYN Mellon article below.

BNY Mellon Enforcement Action

If you have any questions on the Guidance and how it impacts your business, please get in touch with us at info@regsol.ie
EU Financial Sanctions Regime in Relation to Russia
April 2022

The invasion of Ukraine by Russia has been a human tragedy for the people of Ukraine. It has been shocking and unsettling to see war return to the European continent and brought further uncertainty for the global economy as we exit from the Covid-19 pandemic.

Global developments have brought to the fore the importance of identifying and addressing geopolitical risks for businesses, one of which is restrictive economic measures (“sanctions”) introduced by the EU and other significant trading countries (e.g. US) as an alternative to taking military action.

In the case of the invasion of Ukraine, both the EU and US (and other jurisdictions) have taken significant steps to impose financial sanctions against named individuals and entities connected to Russia.

Financial sanctions are legally binding measures that can be taken against individuals, entities or bodies (the subject), the objective of which is to bring about a change of policy and/or behaviour by the subject. Financial sanctions can emanate from the European Union (through EU Council Regulations and further implemented in Irish Law through statutory instruments) or the United Nations. In general, once a subject has been placed on one of these sanction lists, there is a legal obligation not to transfer funds or to make funds or economic resources available, directly or indirectly, to that subject.

In 2014, the EU originally introduced sanctions in response to Russia’s illegal annexation of Crimea (Council Regulation (EU) No. 833/2014). The regulation has subsequently been amended as significant expansions were made to the sanctions regime since late February when Russia recognised the regions of Donetsk and Luhansk as independent republics and regular additions were made to the list of named Russian individuals and/entities.

While all natural and legal persons in Ireland are obliged to comply with sanctions under EU Regulations as soon as they are adopted, the Central Bank of Ireland (the “CBI”) is responsible for ensuring that regulated entities operating in the financial services sphere in Ireland also comply with financial sanctions.

The CBI also provides frequent financial sanctions updates on its website and this month it communicated EU amendments to the Sanctions Lists on 21st April 2022, 19th April 2022, 13th April 2022 and 8th April 2022.

The CBI also provides guidance to regulated firms regarding international financial sanctions as follows:

  1. Firms are required to continuously monitor both the European Union Consolidated Financial Sanctions List and the Consolidated UN Security Council Sanctions List to ensure that financial services are not provided to a sanctioned subject.
  2. In the event that a transaction occurs in which there is a breach or suspected breach of sanctions, described as a “hit” by the CBI, a firm must immediately freeze the account(s) and/or stop the transaction(s) and report the "hit" to the CBI using a Sanctions Return Form, available on the CBI website. Before submitting the report to the CBI, firms should take reasonable steps to ensure that the subject identified is the same subject as that listed in the relevant sanctions list.
Due to the unprecedented speed of the issuance of sanctions since the start of the Ukrainian conflict, affected firms should ensure they are aware of the updated position to remain compliant with the continuous developments in this area. Review and/or assurance testing of existing sanctions screening processes is also highly recommended at this point in time.

For further information on international financial sanctions and updates to the EU restrictive measures (sanctions) and UN sanctions lists, see link below to the CBI website:

International Financial Sanctions | Central Bank of Ireland

Data Protection Commission – Conference for SMEs
April 2022

As mentioned in our January newsletter the Data Protection Commission (DPC) is hosting a series of workshops for SMEs in May this year. “Guest speakers will lead bespoke sessions focusing on Breach Mitigation and Risk Assessment; Legal Bases for Personal Data Processing, and meeting the Accountability Obligation with a focus on providing practical, scalable examples of GDPR compliance that will help delegates in their day-to-day work.”

The event will be in Croke Park. SMEs can register for this free event by emailing DPONetwork@dataprotection.ie, with the subject line “ARC Conference Registration” and include their name and the name of their business or organisation.

Data Protection Commission Event Post LinkedIn
New Regulations regarding Pre-Approved Control Functions (PCFs)
April 2022

In September 2021, the Central Bank of Ireland (the “CBI”) issued a Notice of Intention to amend its list of PCFs intending to create, remove and reclassify certain PCF roles. Having invited feedback from industry, on 5th April 2022 the CBI published its Feedback Statement along with the Central Bank Reform Act 2010 (Sections 20 and 22) (Amendment) Regulations 2022 with the list of PCFs revised as follows:

  1. Introduction of PCF-2A – Non-Executive Director;
  2. Introduction of PCF-2B – Independent Non-Executive Director;
  3. Removal of PCF-15 - Head of Compliance with responsibility for AML/CTF legislation;
  4. Introduction of PCF-52 – Head of Anti-Money Laundering and Counter Terrorist Financing (“AML/CTF”);
  5. Expansion of PCF-16 – Branch managers of branches established outside the State (to include managers of non-EEA branches (including the UK));
  6. Removal of PCF-31 – Head of Investment.

Key Takeaways from New Regulations:

Separation of PCF-2 role: PCF-2A and PCF-2B 
The PCF-2 role is separated into two roles, (i) PCF-2A for the role of non-executive director and (ii) PCF-2B introducing the newly specified role of independent non-executive director (“INED”).

All individuals currently performing the PCF-2 role will automatically be re-designated as a PCF-2A.

Where an individual performing the PCF-2 role is considered independent, the regulated financial service provider (“RFSP”) will be required to notify the CBI of the designation as PCF-2B by 3rd June 2022.

Removal of PCF-15 and introduction of PCF-52
The PCF-15 role (Head of Compliance with responsibility for AML/CTF legislation) is removed and a new PCF-52 role is introduced.

There is no obligation to appoint separate individuals to PCF-12 (Head of Compliance) and PCF-52 roles, the same individual can be identified as discharging both functions.

Each RFSP is required to review its functions to determine if a role meets the substance of PCF-52. For a person currently performing PCF-15, the RFSP will be required to notify the CBI as to how that person’s role should now be designated as a PCF-12, PCF-52 or both by 3rd June 2022.

Where an RFSP decides that a PCF-52 role exists, the RFSP must carry out an assessment in accordance with Section 21 of the Central Bank Reform Act 2010 (the “2010 Act”) and submit confirmation of such an assessment to the CBI by 3rd June 2022.

Expansion of PCF-16 
This role is expanded to include managers of non-EEA branches (including the UK) of RFSPs. Affected RFSPs must assess any person currently performing the PCF-16 role in accordance with Section 21 of the 2010 Act and submit confirmation of that assessment to the CBI by 3rd June 2022.

Removal of PCF-31 (Head of Investment)
The role of Head of Investment, PCF-31, is removed as the CBI found there was a duplication of roles where RFSPs were selecting PCF-30 for an individual performing this role. PCF-31 roles will be automatically re-designated as PCF-30 therefore, no further action is required by RFSPs.

For more information see the link below to the CBI website for a copy of the feedback statement and the regulations:

Central Bank of Ireland Announcements

Feedback Statement: Amendments to the List of Pre-Approved Controlled Functions (PCFs)

Amending Regulations 2022 (SI No 169 of 2022)

Central Bank of Ireland issues Insurance Newsletter March 2022
April 2022

This edition of the newsletter spans 12 pages, topics covered include:
  • Crisis in Ukraine – The Central Bank of Ireland’s expectations of firms, Sanctions & Cyber Risk
  • Insurance Insights – Review of Digital Maturity, Use of EAIIs in the Insurance Sector, IMF FSAP Update.

There is also a reminder of the Insurance Arrangements Regulations 2022 which come into effect in July 2022.

As always this is a detailed publication and essential reading for entities in the insurance industry. 

For the full newsletter please see the link below. 

Central Bank of Ireland Insurance Newsletter March 2022
Central Bank Dear CEO letter – MiFID Structured Retail Product Review
April 2022

On 22nd April 2022, the Central Bank of Ireland (the “CBI”) issued a “Dear CEO” letter which outlined its findings of a review identifying issues in the marketing of complex investment products - Structured Retail Products (SRPs) - manufactured and distributed by MiFID investment firms.

The letter comes on foot of the CBI’s Consumer Protection Outlook Report 2022 in which it highlighted a number of risks for consumers including ineffective disclosures on investment products and what it expects regulated firms to do to mitigate those risks.

Due to the current low deposit interest rate environment, retail clients seeking higher returns on their investments are turning to increasingly complex structured products, with intricate features and characteristics that oftentimes they may not fully understand the product or how the return is generated and may misinterpret the level of capital protection and risk associated with their investment.

The subsequent “Dear CEO” letter requires regulated firms to take action to identify a sufficiently granular target market for SRPs and to make improvements in the quality and transparency of disclosures to retail clients of the risks investing in such products.

The letter refers to a number of poor practices and weaknesses identified in firms’ SRP arrangements and controls including examples where firms have failed to:

  1. Identify a sufficiently granular target market.
  2. Adequately consider the use of highly complex features in SRPs being manufactured and distributed to retail clients, which may be difficult for these clients to understand.
  3. Present fair and balanced past performance (back-testing) information, supported by appropriate context and narrative.
  4. Display capital at risk warnings in prominent positions for products where the client’s capital is at risk.
  5. Ensure consistent levels of clarity and comprehensiveness in disclosures.
  6. Disclose adequately the risk and potential impact of restructuring to clients prior to sale.

For relevant MiFID investment firms, due consideration should be given to the contents of the letter and ensure they are continually evaluating the effectiveness of their arrangements and controls in the manufacture and distribution of SRPs to ensure that they are meeting the highest standards of investor protection, which the CBI will have due regard to as part of future supervisory engagements.

You can access the Consumer Protection Outlook Report 2022, press release and Dear CEO letter by clicking the below links:

Consumer Protection Outlook Report 2022 (centralbank.ie)

Central Bank reviews identify issues in marketing of complex investment products

Dear CEO letter - MiFID Structured Retail Product Review (centralbank.ie)


















Revenue Commissioners updates the Beneficial Ownership FAQs
March 2022

As discussed in our February newsletter, beneficial ownership is proving to be a complicated topic. Many regulations have been issued, the most recent ones being in 2021 for the beneficial ownership of trusts. The Revenue Commissioners hold the Central Register of Beneficial Ownership of Trusts.

There is a positive obligation on designated persons to screen against the relevant register and report any discrepancy between the information provided to them (in the course of identifying a customer) and what they obtain from the register. 

This month the Revenue Commissioners updated the register FAQs which you can access here:
Central Register of Beneficial Ownership of Trusts



By: Eilish Larkin - Regulatory Consultant
Central Bank of Ireland issues Consumer Protection Outlook Report 2022
March 2022

In this report the Central Bank of Ireland, (CBI) has highlighted five Key Cross Sectoral Risks:

· Poor business practices and weak business processes.

  • Ineffective disclosures to consumers.
  • The changing operational landscape.
  • Technology-driven risks to consumer protection.
  • The impact of shifting business models.

The report illustrates how the CBI delivered for consumers in 2021 and looks at each of the cross sectoral risks in detail, including listing expectations the CBI has of firms in each area of risk. The CBI is very clear stating “Through this work, we will hold boards and executives of firms to account to demonstrate a proactive and appropriate understanding, ownership and oversight of business performance, business model evolution and key risks”. 

 This report is essential reading for regulated financial service providers.

To read the report and the linked press release see links below:
Consumer Protection Outlook 2022

Press Release: 
Poor business practices, ineffective disclosure and changes in financial services present risks for consumers of financial services – Consumer Protection Outlook Report



By: Eilish Larkin - Regulatory Consultant
Central Bank of Ireland Feedback Statement – Consultation Paper 143: Differential Pricing
March 2022

This month saw the publication of the Central Bank of Ireland’s feedback statement on differential pricing. Not only was the feedback statement published but regulations giving effect to the proposals were passed.

Three core proposals were consulted on:
  1. Banning price walking in the motor and home insurance markets for personal consumers from 1 July 2022
  2. Requiring providers of motor and home insurance to personal consumers to review their pricing policies and processes annually
  3. Introducing new consumer consent and disclosure requirements to ensure the automatic renewal process is more transparent for all personal non-life insurance products.

The CBI outlined it would publish a Q&A document to aid firms with the implementation of the ban on price walking for consumers. The definition of consumers will be as per the Consumer Protection Code 2012.

Annual review and recording keeping were also addressed in the feedback statement with the CBI noting “It should be noted that this is not a requirement to review practices and processes more broadly. However, the Central Bank expects the Annual Review to be meaningful, that it is signed off at an appropriate level and that records are kept and available for review, if required.”

The Central Bank (Supervision and Enforcement) Act 2013 (Section 48(1)) (Insurance Requirements) Regulations 2022, were also published this month with a commencement date of 1st July 2022.

You can access the regulations here:
Central Bank of Ireland S.I. No. 126 of 2022

you can access the feedback statement here:
Feedback Statement - Consultation Paper 143



By: Eilish Larkin - Regulatory Consultant
Central Bank of Ireland Enforcement Action – Insure4Less Teoranta t/a Kerry Insurance Group fined €8,400.00 and reprimanded for breaches of fitness and probity (“F&P”)
March 2022

The Central Bank of Ireland (CBI), fined Insure4Less Teoranta t/a Kerry Insurance Group €8,400 for three breaches of fitness and probity (“F&P”) obligations under the Central Bank Reform Act 2010.

The breaches related to three appointments made to Pre-Approval Controlled Function roles without the CBIs approval of these appointments.

Seána Cunningham, Director of Enforcement and Anti-Money Laundering said “The F&P regime is central to the Central Bank’s role as a gatekeeper for the financial system, and in ensuring that we can assess whether the most senior people working in the financial services industry are competent and capable, honest, ethical and of integrity and also financially sound. 

This is a critical element of protecting consumers and investors and ensuring that there is public trust and confidence in the financial system.”

Details of the enforcement can be found through the link below:
Enforcement Action Central Bank of Ireland and Insure4less Teoranta t/a Kerry Insurance Group



By: Eilish Larkin - Regulatory Consultant


Central Bank of Ireland Enforcement Action – BNY Mellon Fund Services (Ireland) DAC fined €10,780,000 and reprimanded for breaches relating to outsourcing
March 2022

On 22nd of March 2022, the Central Bank of Ireland, reprimanded and fined BNY Mellon Fund Services (Ireland) DAC (‘BNY’) €10,780,000 for 16 regulatory breaches relating to the outsourcing of fund administration activities.

The breaches took place between July 2013 and December 2019 with durations ranging from 26 days to 6 years. The CBI identified issues with BNY’s outsourcing framework which were not resolved despite risk mitigation programmes being issued to BNY.

Breaches in relation to Outsourcing
  1. Repeatedly failing to notify the Central Bank and obtain its approval prior to the commencement of new outsourcing arrangements
  2. Repeatedly failing to monitor and assess the financial performance of outsourcing service providers
  3. Repeatedly failing to submit correct annual outsourcing returns 5
  4. Repeatedly failing to ensure that a senior member of staff completed, signed and dated a review of the check and release of the Final NAV prior to its release, and
  5. Failing to notify clients prior to the commencement of an outsourcing arrangement
This enforcement action is a timely reminder of the importance of having adequate outsourcing arrangements in place following on from the Cross Industry Guidance on outsourcing which was issued in December 2021.

Details of the press release on this enforcement action can be found through the link below:
BNY Mellon Fund Services (Ireland) DAC fined €10,780,000 and reprimanded by the Central Bank of Ireland for regulatory breaches relating to outsourcing



By: Eilish Larkin - Regulatory Consultant
Data Protection Commission publishes Annual Report for 2021
February 2022

The Data Protection Commission published their annual report on 24th February. It details the activities completed in 2021 together with information on the Regulatory Strategy for 2022-2027. As with prior reports there is detailed information on the number of issues they dealt with and details of specific case studies. Some statistics highlighted are as follows:

From 1 January 2021 to 31 December 2021:

The DPC received in excess of 23,930 electronic contacts, 13,663 phone calls and 1,594 postal

contacts;

The DPC received 10,888 queries and complaints from individuals in 2021 (an increase of 7% on 2020 figures) of which 8,017 had been concluded to by year end;

The DPC received 3,419 complaints last year and concluded 3,564 complaints, including

1,884 complaints received prior to 2021;

For the full report, click here:
Data Protection Commission AR 2021


By Eilish Larkin - Regulatory Consultant
Central Bank Requires Improvements to Retail Banks’ Customer Support Phone Lines
February 2022

In June of 2021, the Central Bank of Ireland, CBI, wrote to the sector to highlight their customer protection expectations. This letter was a timely reminder given all the changes happening in the sector including the planned exits of Ulster Bank and KBC from the Irish market. The CBI subsequently carried out a review of call waiting times on the customer support phone lines in the main retail banks. The review assessed call wait times, call abandonment rates and resourcing levels across the retail banks.

Main Findings:

  • Average call wait times on some customer support phone lines were excessive
  • Some banks experienced unexpected spikes/demand on customer support phone lines that contributed to some of the excess call wait times.
  • The longest call wait times in some of the retail banks was unacceptably high, with customers waiting over two hours in some cases.
  • Resourcing levels varied considerably across the retail banks, and it is clear in some cases that resourcing for customer support phone lines was insufficient.
  • The number of customers abandoning calls was high – one phone line had an abandonment rate over 50%.
There is a clear need for action to be taken by the sector and the CBI “will expect firms to report to it on the implementation of these measures over the course of the year.”

For the full press release and link to the June 2021 letter, click here:
Central Bank requires improvements to retail banks’ customer support phone lines


By Eilish Larkin - Regulatory Consultant
CCPC Consultations on Policies and Guidelines for Exercising New Competition Law Powers
February 2022

The Competition and Consumer Protection Commission (CCPC) has announced a series of public consultations on how it intends to use the expanded competition law enforcement powers contained in the Competition (Amendment) Bill 2022, which is expected to come into force later this year.

Jeremy Godfrey, Chairperson of the CCPC, said “We intend to adopt a number of policies and guidelines to provide transparency about how we will use these new powers……. Before we finalise these policies and guidelines, we will consult with stakeholders so that the transition to our new regime can be as effective as possible. We are particularly keen to hear from the business community, legal advisers, experts in economics and from consumer advocacy groups.”

The first consultation is on the CCPC’s new administrative leniency policy for cartels and on how the CCPC intends to approach decisions on whether to choose the administrative or criminal enforcement regime for suspected breaches of competition law. 

This consultation opened on 14th February 2022. For the full schedule of consultations and time frames please see links below:

CCPC consultations on policies and guidelines for exercising new competition law powers opening on 14 February

Competition law developments in 2022


By Eilish Larkin - Regulatory Consultant
Protected Disclosures Amendment Bill Published
February 2022

On the 9th of February, the Minister for Public Expenditure and Reform Michael McGrath TD, published the Protected Disclosures Amendment Bill. This bill will transpose the EU Whistleblowing Directive and will extend the scope of the legislation by providing protection for volunteers, shareholders, board members and job applicants for the first time.

Main changes brought in by the Bill:
  • Scope of the legislation extended
  • Greater clarity for whistle-blowers and employers
  • New Office of the Protected Disclosures Commissioner
The Minister said "…. a number of high profile cases show that we can never be complacent about protecting those who are reporting wrongdoing by both public and private sector organisations. I believe it is important that we take this opportunity now to improve our legislative framework for dealing with Protected Disclosures.”

For the full press release see link below:


By Eilish Larkin - Regulatory Consultant


European Union (Anti-Money Laundering: Central Mechanism for Information on Safe-Deposit Boxes and Bank and Payment Accounts) Regulations 2022
February 2022

Regulations to establish a central database of information on safe-deposit boxes and payment accounts have been published. The Regulations permit the Central Bank of Ireland (the CBI) to create and maintain a central register of information on safe-deposit boxes and bank and payment accounts, as required under the Anti-Money Laundering Directives.

The 4th EU AMLD required Member States to put in place "centralised automated mechanisms” that would allow the holders of payment accounts or safe-deposit boxes to be identified.

The Regulations apply to credit institutions, including branches, which are established in the State (whether their head office is situated within the EU or in a third country).

The Regulations detail what information a credit institution may have to provide for example name, address and the different requirements depending on whether the account or safe deposit box holder is a natural or legal person.

For a copy of the regulations see link below:
European Union (Anti-Money Laundering: Central Mechanism for Information on Safe-Deposit Boxes and Bank and Payment Accounts) Regulations 2022


By Eilish Larkin - Regulatory Consultant
Central Bank of Ireland updates the Beneficial Ownership FAQs
February 2022

Beneficial ownership is proving to be a complicated topic. There have been numerous regulations issued, the most recent ones being in 2021 for the beneficial ownership of trusts. Designated persons are obliged identify the beneficial owners of a range of commercial entities. The CBI holds the register for Certain Financial Vehicles (CFV) as follows:

  • ICAVs
  • Credit Unions
  • Unit Trusts
  • Investment Limited Partnerships and
  • Common Contractual Funds

There is a positive obligation on designated persons to screen against the relevant register and report any discrepancy between the information provided to them (in the course of identifying a customer) and what they obtain from the register.

This month the CBI updated the register FAQs which you can access here:
Beneficial Ownership FAQs

Note:

The Revenue Commissioners holds the Central Register of Beneficial Ownership of Trusts (CRBOT) – link below for ease of reference:
Central Register of Beneficial Ownership of Trusts (CRBOT)

The Companies Registration Office holds the Registrar of Beneficial Ownership of Companies and Industrial & Provident Societies – link below for ease of reference:
CRO Beneficial Ownership


By Eilish Larkin - Regulatory Consultant
Department of Justice officials to have New Financial Penalty Powers for Anti-Money Laundering Offences
February 2022

The Department of Justice is the competent authority for a number of designated persons under Irish AML legislation:

  • tax advisers/external accountants
  • high value goods dealers
  • private members clubs
  • trust and company service providers,
  • book makers
  • art dealers

The Minister for Justice requested that the regulatory enforcement powers of the department’s Anti-Money Laundering Compliance Unit (AMCLU) would be expanded. A working group was formed to look at the issue and it recommended that the unit be granted the legal right to issue fines for administrative offences relating to the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 as amended.

At present the only option open to the AMCLU is criminal prosecution.

It remains to be seen when the new legislation required to give effect to these powers will be drafted and when precisely it will take effect.

To read more please see below link:
Department of Justice officials to have power to issue fines for minor money laundering


By Eilish Larkin - Regulatory Consultant


Data Protection Commission Upcoming Workshops for SMEs
January 2022

A reminder to all our readers that the Data Protection Commission is planning a series of workshops. The DPC is inviting people to register their interest in upcoming #SME Workshops.

Send an email to DPONetwork@dataprotection.ie, subject line ‘SME Workshops’, giving your name & business/sector for further information on available dates. The workshops will be online & free of charge.

Solicitors Regulation Authority fines Mishcon de Reya £232,500 over AML failings
January 2022

The Solicitors Regulation Authority has imposed of the largest fines to date on a London based law firms for its failings regarding the anti-money laundering regulations. The failures related to not securing adequate due diligence on four related clients and misplacing the evidence of diligence it had carried out. In addition, there was issue about the adequacy of training provided to a partner who was relied on to comply with anti-money laundering regulations.

It was noted “The SRA accepted there was no evidence of lasting harm and a low risk of repetition but noted that the conduct had the potential to facilitate money laundering and any sanction had to act as a deterrent to others. Mishcon de Reya also agreed to pay the SRA’s £50,000 costs.” It remains to be seen if the Law Society of Ireland will take a similar approach.

The Law Society Gazette: Mishcon de Reya Fines £232,500 over numerous AML failings



By: Eilish Larkin - Regulatory Consultant
Central Bank of Ireland – Consultation Paper 146: Mortgage Measures Framework Review
January 2022

This consultation paper is open and the deadline for submissions is 16th of March 2022.

For more details including a video, the proposed timelines, details of Public & Stakeholder Feedback and the Public Consultation & Next Steps please see the link below:

Central Bank of Ireland: Mortgage Measures Framework Review



By: Eilish Larkin - Regulatory Consultant
Central Bank of Ireland Feedback Statement – Consultation Paper 141: Crowd Funding Marketing Regulations
January 2022

Regulation (EU) 2020/1503 (the Regulation) was published in the Official Journal of the European Union on 20 October 2020. This Regulation established an EU regulatory regime for Crowdfunding Service Providers (CSPs) which applies from November 2021. The Central Bank of Ireland is the competent authority in Ireland in respect of the Regulation. 

This feedback Statement details the main changes to be made to the Consumer Protection Code regarding advertisements, warning notices and regulatory disclosure statements. The Central Bank has produced an Addendum to the Code to give effect to the amendments outlined in this Feedback Statement. These amendments will apply from 13 January 2022.

For the full feedback statement see the link below:

Central Bank of Ireland: Crowd Funding Marketing Regulations

Feedback Statement - Consultation Paper 141: Crowd Funding Marketing Requirements

By: Eilish Larkin - Regulatory Consultant
Central Bank of Ireland Feedback Statement – Consultation Paper 138: Cross-Industry Guidance on Outsourcing
January 2022

On the 17th of December 2021, the Central Bank issued the above statement. They received feedback from 21 respondents on the paper. The Central Bank looked at each response in detail. 

The topics listed below were identified as items where feedback, amendment or further clarification is warranted:
  • Alignment with existing guidance from the European Supervisory Authorities (ESAs)
  • The Principal of Proportionality
  • Application of the Guidance to branches and the funds sector
  • Intragroup Arrangements
  • Sub-Outsourcing
  • Contractual Arrangements and SLAs
  • Disaster Recovery, Business Continuity Management & Exit Strategies
  • Audit and Access Rights
  • Concentration Risk
  • Offshoring
  • Board Oversight

Each of the points above has further comment from the Central Bank in the statement. It should also be noted also that the Central Bank states ‘Where existing relevant sectoral legislation, regulations or guidance is less prescriptive or is silent on certain matters, it is the Central Bank’s expectation that regulated firms refer to the supervisory expectations set out in this Guidance, which is deemed good practice in the governance and management of outsourcing risk.’

The feedback statement and related guidance are essential reading for regulated financial service providers that outsource any activities. Have you got systems and controls in place in your firm?

Central Bank of Ireland: Cross Industry Guidance on Outsourcing

Feedback Statement - Consultation Paper 138: Cross-Industry Guidance on Outsourcing


By: Eilish Larkin - Regulatory Consultant
Central Bank of Ireland Feedback Statement – Consultation Paper 140: Cross-Industry Guidance on Operational Resilience.
January 2022

On 1st of December 2021, the Central Bank published their feedback statement. In the original guidance document, it stated “The objective of this Guidance is to communicate to industry how to prepare for, respond to, recover and learn from an operational disruption that affects the delivery of critical or important business services. The guidance looks at the concept of Operational Resilience and the Value of Operational Resilience. It focuses on three pillars:

  • Identify and prepare;
  • Respond and adapt;
  • Recover and learn.

Extract below from the paper with a diagram of the three pillars of Operational Resilience and the guidelines within each pillar.


The three pillar approach supports “a holistic approach to the management of operational resilience and related risks and create a feedback loop that fosters the perpetual embedding of lessons learned into a firm’s preparation for operational disruptions.

Following on from the consultation process while the guidance is largely unchanged extra context has been added as follows:

  • Guideline 2 to more accurately reflect the need for alignment between the Operational Risk and Operational Resilience Frameworks rather than incorporating frameworks into each other;
  • Guideline 4 to confirm that that the number of critical or important business services should be proportionate to a firm’s business model and not solely determined by the size of the firm;
  • Guideline 5 & 6 to clarify that impact tolerance metrics can be both qualitative and quantitative and that firms may leverage appropriate existing approved processes as part of the development of impact tolerances; and
  • Guideline 8 to further align the expectations of this Guidance with those of the Cross Industry Guidance on Outsourcing.
For the consultation paper and feedback document see the links below:
Central Bank of Ireland: Cross Industry Guidance on Operational Resilience  

Feedback Statement - Consultation Paper 140: Cross Industry Guidance on Operational Resilience


By: Eilish Larkin - Regulatory Consultant
NatWest fined £264.8 Million for Anti-Money Laundering Failures
December 2021

On 13th of December 2021, NatWest was fined £264.8 million for failures regarding anti-money laundering rules. This is the first time the Financial Conduct Authority used its criminal prosecution powers. The case highlighted the importance of having adequate policies and procedures in place and ensuring that any red flags were acted upon.

Mark Steward, Executive Director of Enforcement and Market Oversight at the FCA, said:

“NatWest is responsible for a catalogue of failures in the way it monitored and scrutinised transactions that were self-evidently suspicious. Combined with serious systems failures, like the treatment of cash deposits as cheques, these failures created an open door for money laundering.”

For more details please see: 
NatWest fined £264.8 million for anti-money laundering failures


By: Eilish Larkin - Regulatory Consultant
Central Bank of Ireland - Update on the Financial Condition of the Credit Union Sector
December 2021

On 14th December 2021, the Central Bank of Ireland published its eight edition of the Financial Conditions of Credit Unions Report. “The report provides an update on the financial performance and position of credit unions, to inform credit unions and provide input for boards as they undertake their own strategic analysis and decision-making.”

For the press release and a copy of the full report please see attached:

Central Bank provides update on the financial condition of the Credit Union sector


By: Eilish Larkin - Regulatory Consultant
Central Bank of Ireland Update – New Appointment to Director of Securities & Markets Supervision
December 2021

On the 8th of December 2021, the Central Bank announced the appointment of Patricia Dunne as the new Director of Securities and Markets Supervision. The appointment will take effect from 13 December 2021. Patricia replaces Colm Kincaid, who was appointed Director of Consumer Protection in October 2021.

For details of the announcement see link below:

Statement: Central Bank announces Director appointment in Securities and Markets Supervision


By: Eilish Larkin - Regulatory Consultant
Central Bank Dear CEO letter - Supervisory Expectations for Payment and Electronic Money (E-Money) Firms
December 2021

On 9th of December 2021, the Central Bank issued a Dear CEO letter which sets out the Central Bank’s expectations for all Payment and E-Money firms, including the actions it expects the Boards and senior management of these firms to undertake. Specifically, each of the below items were included:
  • Governance and Risk Management
  • Conduct and Culture
  • Safeguarding
  • Business Model and Financial Resilience
  • Operational Resilience
  • Financial Crime
  • Resolution and Wind-Up
For the full letter please see:

Supervisory Expectations for Payment and Electronic Money (E-Money) Firms


By: Eilish Larkin - Regulatory Consultant