In its annual Regulatory and Supervisory Outlook Report (the "Annual Report") and at the Payment and Electronic Money Institutions Engagement event held in February 2024, the Central Bank of Ireland (the "Central Bank") set out its key supervisory priorities.
In this update, we examine the Central Bank's areas of focus highlighted in the Annual Report, as well as the Central Bank's safeguarding expectations for Fintech firms as highlighted at the Payment and Electronic Money Institutions Engagement Event.
Central Bank Regulatory and Supervisory Outlook
In the Annual Report, the Central Bank identified six key areas of supervisory focus for 2024 which Fintech firms should be aware of.
1. Risk management and consumer-centric leadership
Risk management and consumer-centric leadership of firms is a key supervisory priority. The Central Bank wants to see leadership of firms take a more proactive and forward-looking approach to managing the risks and uncertainties facing their organisations, customers and other stakeholders.
In particular, the Central Bank expects a firm's leadership to take greater responsibility for the governance and risk management of their organisation, and to ensure that their approach is developing in line with the scale and complexity of the firm's business model and changing operating environments.
It also expects a firm's leadership to be proactive in assessing and addressing emerging risks and uncertainties, and to be able to demonstrate that they are actively considering consumer and investors' interests when evolving their business models, business practices and processes.
2. Resilience to the challenging macro environment
As was the case in 2023, the Central Bank continues to highlight firms' resilience as a key area of supervisory focus in 2024.
The Central Bank expects firms to be resilient and well-prepared in the face of risks in the macro environment, including the impact of the further pass-through of interest rate rises, economic uncertainty and the potential for further deterioration in asset values.
3. Addressing operating framework deficiencies
The Central Bank expects deficiencies in the operating frameworks of many firms identified through previous supervisory work, to be addressed in 2024. For example, firms should identify and address deficiencies in their governance, risk management and control frameworks to ensure they are effective, both currently and into the future.
4. Management of Change
The Central Bank expects firms to keep pace with changes in the financial system and consumer needs and expectations through well-managed evolution of their business strategies.
Adapting to new technologies will be crucial for firms in meeting these expectations. The adequacy of firms' investment in, and their ability to adapt to, rapidly developing technology will have consequences for their business models, their interaction with consumers and their operational resilience. Operational resilience will remain a key focus as firms implement the Digital Operational Resilience Act (see our previous update) and the Central Bank's Cross-Industry Guidance on Operational Resilience (see our previous update). The Central Bank has highlighted cyber security, data security and the maintenance of customer trust as particular areas of focus.
Firms must be able to demonstrate how their digital and business plans support and deliver transformation that is fully aligned with their business strategy and minimises risk to financial stability; to have considered market disruptors and the impact they may have on the firm's business model and strategy; and to be preparing for and implementing changes in their system which reflect the evolving regulatory framework and operational environment.
5. Climate change and Net Zero transition
As part of the broader focus on climate change, firms are expected to improve their response to climate change and enhance their role in the move to a Net Zero economy, including enhancing and adapting their risk management practices for physical and transition risk and the part they play in supporting sustainable finance.
In particular, the Central Bank expects firms to:
- integrate climate change and sustainability considerations into their business planning and strategy;
- adequately assess the materiality of their climate risk exposures (including the firm's exposure to physical and transitional risk); and
- mitigate any potential risks of potential consumer or investor detriment from greenwashing.
6. Central Bank regulation and supervision
The Central Bank intends to enhance how it regulates and supervises the financial sector in Ireland. In particular, it aims to:
- enhance its authorisation processes to ensure greater clarity, predictability and transparency for firms;
- develop a more tailored, responsive and proportionate regulatory framework and enhance the overall supervisory framework in line with its risk-based supervisory approach;
- continue implementing the new Individual Accountability Framework;
- complete its review of the Consumer Protection Code to reflect new developments and to enhance clarity and predictability on firms' consumer protection obligations; and
- be more open and engaged with stakeholders, including regulated entities and financial service innovators.
Safeguarding
At its recent Payment and Electronic Money Institutions Engagement Event, the Central Bank highlighted the importance of safeguarding by Fintech firms to facilitate trust and confidence, protect the interests of customers and support sustainable business models. In particular, the Central Bank discussed the outcome of the audit opinions required to be submitted by Fintech firms in 2023 regarding their compliance with the safeguarding requirements under the Payment Services Regulations and the Electronic Money Regulations.
The Central Bank emphasised that firms must take action to address the issues identified by the audits. In particular, firms and boards must take ownership of managing safeguarding risk and should ensure that an individual within the firm has been designated as being accountable for safeguarding. Firms must also ensure they have an effective "three lines of defence" framework in place and that a consumer-centric approach is taken when implementing the firm's safeguarding framework.
The Central Bank intends to engage with firms where issues have been identified and will be seeking assurances from boards that issues identified in the audits have been remediated. Onsite inspections of safeguarding are also planned for 2024 and it is therefore crucial that firms are proactive in identifying and remediating safeguarding issues within their business.
How We Can Help
Our dedicated Financial Services Regulatory team supports Fintechs and other clients across all regulated sectors in managing regulatory change, drafting policies, procedures and customer documentation, negotiating outsourcing arrangements, assessing corporate governance structures and guiding clients through engagements with the Central Bank from authorisation applications to supervisory and PRISM engagements (including RMPs and interview preparation) and more contentious enforcement issues.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.