1. Fintech Market
1.1 Evolution of the Fintech Market
Ireland is home to well-developed and globally recognised technology and financial services sectors, and is one of the leading European jurisdictions for fintech activity. The Central Bank of Ireland (Central Bank) has recognised that the fintech sector is of increasing importance to both the Irish and EU financial services landscape, and that the industry has seen significant growth in recent years.
Key Trends Over the Past 12 Months
Fintech activity continues to be particularly prevalent in the payments sector, although it is not limited to this area. The 2023 update published by the Central Bank's Innovation Hub notes that, by the end of 2023, it had held 389 engagements across a number of sectors, including payments, regtech, blockchain, crypto and insurtech.
Four new e-money or payment institutions were authorised by the Central Bank in 2024. Significant growth has appeared in the virtual asset service provider (VASP) sector, with 22 VASPs registered with the Central Bank since the regime came into effect in April 2021.
Regulatory Developments
Fintech developments in Ireland are expected to continue to focus on the payments sector, regtech, AI and blockchain over the next 12 months, among other areas. The Markets in Crypto-Assets Regulation (MiCAR) came into application at the end of 2024 and is expected to generate market activity with existing Irishregistered VASPs and new entrants alike choosing Ireland as their EU base and seeking authorisation as a crypto-asset service provider (CASP) under MiCAR in Ireland.
Crypto-assets
On 30 December 2024, MiCAR became applicable to CASPs as well as offerors and persons seeking admission to trading of crypto-assets in the EU. Stablecoin issuers have been subject to MiCAR since 30 June 2024.
Entities providing certain crypto-asset services within the EU are required to be authorised as CASPs. CASPs authorised under MiCAR will be subject to a range of obligations, including the prudential and conduct of business requirements under MiCAR as well as other requirements, such as in relation to anti-money laundering.
VASPs that were registered with the Central Bank and operating in Ireland as a VASP by 30 December 2024 may avail of a transitional period of 12 months or until they are granted a CASP authorisation, whichever is sooner. These entities can continue to provide services in Ireland during the transitional period.
Offerors and persons seeking admission to trading of a crypto-asset in the EU are now subject to obligations under MiCAR.
A person cannot make an offer to the public or seek admission to trading of an asset-referenced token (ART) or an electronic money token (EMT) unless that person is the issuer and:
" in the case of an ART, that issuer is established in the EU and authorised under MiCAR, or alternatively is authorised as a credit institution; or
" in the case of an EMT, the issuer is authorised as a credit institution or an e-money institution, unless an exemption applies.
Digital Operational Resilience Act
Of broader application is the EU Digital Operational Resilience Act (DORA), which entered into force in January 2023 and became applicable from 17 January 2025. DORA applies to certain financial services firms with the objective of ensuring that entities operating in the EU financial services industry can withstand, respond to and recover from all types of disruptions and threats relating to information and communication technology (ICT). DORA also applies to critical ICT third-party service providers to the financial services industry, and provides a framework for the oversight of such entities by the European Supervisory Authorities (ESAs) – ie, the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA) and the European Securities and Markets Authority (ESMA).
Payments
In response to the advancements in payments and financial services technologies and the increasing challenges faced by the industry with instances of fraud and financial crime, the European Commission evaluated the Payment Services Directive (PSD2) and found a number of positives and some shortcomings. The review culminated in the publication of proposals for an updated Payment Services Directive (PSD3) and Payment Services Regulation (EU PSR). The proposed amendments include:
" the strengthening of measures to combat payment
fraud;
" improving the functioning of open banking;
" reinforcing the enforcement powers;
" further improving consumer information and rights;
and
" merging the legal frameworks applicable to electronic money
and payment services.
The PSD3 and EU PSR are expected to take effect by the end of 2026, although the timeline is not yet clear.
The Instant Payments Regulation entered into force on 8 April 2024, with a phased implementation schedule extending from January 2025 to July 2027. It aims to ensure that instant euro payments are accessible to both consumers and businesses throughout the EU by amending existing EU payments regulations.
Artificial intelligence
On 9 December 2023, the European Parliament and the Council of the EU reached a provisional agreement on the AI Act, which was subsequently approved in its final form on 21 May 2024. The AI Act entered into force on 1 August 2024, with most of its provisions set to apply two years after this date, although certain exceptions apply. The ban on prohibited AI systems applies from 2 February 2025. The AI Act establishes a regulatory framework aimed at harmonising rules for AI across the EU. It seeks to regulate providers who market or deploy AI systems within the EU, as well as users of these systems.
2. Fintech Business Models and Regulation in General
2.1 Predominant Business Models
The Central Bank has commented that there was a greater than four-fold growth in the number of payment firms authorised in Ireland between 2018 and 2022.
Outside of payments business, which has driven the majority of fintech activity, it is notable that the number of registered VASPs and authorised crowdfunding service providers has increased. Existing VASPs and new entrants are expected
to be interested in seeking authorisation in Ireland as a CASP under MiCAR.
Other areas for innovation include regtech, insurance, digital identity and asset management. Firms are also looking to incorporate new technology such as blockchain and AI into their operations.
2.2 Regulatory Regime
Fintech firms must look to the existing regulatory regimes that may be applicable to their business model on a case-by-case basis.
Payments
In relation to the provision of payment services or the issuance of electronic money, the primary rules to be considered are:
" the European Union (Payment Services) Regulations 2018
(PSR), which transpose PSD2 into Irish law; and
" the European Communities (Electronic Money) Regulations
2011 (EMR), which transpose Directive 2009/110/EC (the
"Electronic Money Directive") into Irish law.
The domestic Irish regime governing money transmission businesses under the Central Bank Act, 1997 (CBA 1997) may be relevant to a money transmission service falling outside the PSR.
Banking
Challenger banks seeking to undertake "banking business" or accept deposits from the public require a bank licence under the Central Bank Act, 1971 (CBA 1971) and will be subject to the Irish implementation of the EU Capital Requirements Directive (Directive 2013/36/EU) (as amended) and the directly applicable EU Capital Requirements Regulation (Regulation 575/2013/ EU).
Credit institutions authorised in other European Economic Area (EEA) jurisdictions may passport their authorisation into Ireland, which requires notification to their regulator in the first instance. All companies that are not licensed banks (or passported credit institutions) must avoid including "bank" or similar in their name or advertising and certain other materials.
Investment Services/Asset Management
Depending on the services provided, a fintech firm providing investment services or asset management solutions may be subject to regulation. For example, if the activities constitute "investment services" in respect of "financial instruments" for the purposes of the European Union (Markets in Financial Instruments) Regulations 2017 (the "MiFID Regulations"), an investment firm authorisation will be required, unless an exemption applies. The MiFID Regulations implement Directive 2014/65/EU (MiFID II) into Irish law. Investment services include:
" the provision of investment advice;
" the receipt and transmission of orders;
" the execution of orders on behalf of clients; and
" the provision of portfolio management services
Firms appointed to manage a collective investment undertaking (such as a UCITS fund or an alternative investment fund) will require authorisation under the European Communities (Undertakings for Collective Investment in Transferable Securities) Regulations 2011 or the European Union (Alternative Investment Fund Managers) Regulations 2013, as appropriate, unless an exemption applies.
Crowdfunding
The operation of a loan or investment-based crowdfunding platform is a regulated activity under Regulation (EU) 2020/1503 (the "Crowdfunding Regulation").
Blockchain and Crypto-Assets
In relation to the application of MiCAR to CASPs, stablecoin issuers and offerors/person seeking admission to trading of crypto-assets, please see 1.1 Evolution of the Fintech Market.
Anti-Money Laundering (AML)
The applicability of AML rules, including customer due diligence and ongoing monitoring requirements, will depend primarily on whether a fintech company falls within the categories of "designated persons" under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended (CJA 2010). Designated persons include a wide range of financial services companies as well as certain other entities – eg, casinos, or persons trading or acting as an intermediary in the trade of works of art.
The Transfer of Funds Regulation (Regulation (EU) 2023/1113) (TFR) became applicable on 30 December 2024 and extends the obligation to include information about the originator and beneficiary (the so-called "travel rule") to CASPs. The TFR also subjects CASPs to the same AML/ CFT requirements and AML/CFT supervision as credit and financial institutions.
Security Requirements
Fintech firms will also need to be aware of and comply with specific security requirements introduced under PSD2 (eg, strong customer authentication) if they provide payment services, and, more broadly, cross-industry and industryspecific guidance from the Central Bank and EU regulators in relation to ICT and cyber-risks.
DORA and the Central Bank's Guidance on Outsourcing and on Operational Resilience also set out specific requirements for certain financial institutions in the context of the security of network and information systems. Other cybersecurity and criminal legislation or guidance may also be relevant.
Furthermore, the technical, operational and organisational cybersecurity measures contained in Directive (EU) 2022/255 (NIS2), once transposed, will be applicable to in-scope essential and important entities, which include cloud computing service providers.
Data Privacy
Fintech firms will need to comply with data privacy laws, including the European Union General Data Protection Regulation (Regulation (EU) 2016/679 – GDPR), in respect of any processing of personal data. The GDPR is broad in application, such that the vast majority of companies are impacted regardless of their regulatory status or the services being provided.
Fitness and Probity (F&P) Regime
The Central Bank's F&P Regime was established under the Central Bank Reform Act 2010 and applies to persons performing certain roles in regulated financial service providers (RFSPs). It applies to persons performing certain prescribed "controlled functions" (CFs) and "pre-approval controlled functions" (PCFs). PCFs include directors, chairs of the board and committees, the chief executive and heads of certain internal control functions, amongst other functions. A regulated firm must not permit a person to perform a CF or PCF unless it is satisfied on reasonable grounds that the person complies with the Central Bank's Standards of Fitness and Probity.
To view the full pdf please click here.
Originally published by
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
