21 March 2024

CBI Publishes Consultation Paper On Consumer Protection Code Revision

William Fry


William Fry is a leading full-service Irish law firm with over 310 legal and tax professionals and 460 staff. The firm's client-focused service combines technical excellence with commercial awareness and a practical, constructive approach to business issues. The firm advices leading domestic and international corporations, financial institutions and government organisations. It regularly acts on complex, multi-jurisdictional transactions and commercial disputes.
Annexed to CP158 are two sets of draft Regulations which will ultimately replace the Code and two sets of draft Guidance. The period for submissions ends on 7 June 2024.
European Union Consumer Protection
To print this article, all you need is to be registered or login on

On 7 March 2024, the Central Bank of Ireland launched a Consultation Paper (CP158) on its proposals to revise the Consumer Protection Code 2012 (as amended) (the Code).

Annexed to CP158 are two sets of draft Regulations which will ultimately replace the Code and two sets of draft Guidance. The period for submissions ends on 7 June 2024.


The Central Bank acknowledges that the financial services landscape is rapidly evolving. Over the next decade, it expects to see ongoing transformation, driven by innovation and technology, climate change and the evolving expectations and needs of consumers and businesses.

Publication of the Consultation Paper is the second of three steps the Central Bank is taking to modernise, clarify and integrate the Code and enhance its accessibility. For further information on the first phase of the three-stage review of the Code dealing with the Central Bank's discussion paper on the topic of consumer protection in financial services, please see here.

The revision of the Code aligns with the Central Bank's regulatory approach which seeks to underpin a resilient and trustworthy system where sustainably profitable, resilient, well-run regulated financial service providers (RFSPs) operate in a well-functioning market and meet the needs of the economy and consumers.

In putting together its proposals for the Consultation the Central Bank has considered ongoing feedback, its own supervisory experience and been guided by international best practice.

The General Principles and Requirements of the existing Code will continue to be the backbone of any revised Code. Moreover, the Central Bank wants to build on the existing protections within the framework on a proportionate and effective basis and to deliver a modernised Code for consumers. The revised Code aims to reflect the provision of financial services in a digital world and to enhance clarity and predictability for firms on their consumer protection obligations. As well as consolidating several consumer protection rules, the revised Code will expand the principles, scope and detail of the Code.

Quick Guide to new regulations and guidance

Short name Description Reference In scope Link
Standards for Business Regulations

These regulations will set out Standards for Business (under the Individual Accountability Framework), complemented by more granular Supporting Standards for Business (which will replace the existing General Principles of the Code).

They include standards relating to governance, resources and risk management, and firm conduct standards.

Draft Central Bank Reform Act 2010 (Section 17A) (Standards for Business) Regulations 20[ ] All RFSPs other than those providing MiFID services, crowdfunding services and credit union activities (other than when acting as insurance intermediaries). Standards for Business Regulations
Conduct of Business Regulations

These regulations will set out General Requirements, including new protections, and existing requirements and protections set out on a cross-sectoral and sector-specific basis.

The Regulations will also consolidate the Code of Conduct on Mortgage Arrears (CCMA), Regulations on High-Cost Credit Providers*, and Insurance Regulations in one place**.

Draft Central Bank (Supervision and Enforcement) Act 2013 (Section 48) (Conduct of Business) Regulations 20[ ]

All RSFPs except reinsurance business, firms providing MiFID services, and credit union activities (other than when acting as insurance intermediaries).

There are circumstances in which the Regulations are applied on a restricted basis (e.g. there is a restricted application to insurance distributors and insurance-based investment products, and to packaged retail and insurance-based investment products).

The Regulations do not apply to services provided by RSFPs to persons outside the State.

Conduct of Business Regulations
Guidance on Securing Customers' Interests

This guidance will set out the Central Bank's expectations of firms in meeting their obligations under the Standards for Business to secure customers' interests. It is intended to help firms to effectively implement their consumer protection obligations.

This guidance must be read in conjunction with the Central Bank's Guide to Consumer Protection Risk Assessment (March 2017).

Draft Guidance on Securing Customers' Interests (March 2024) Although certain services (e.g. MiFID services and crowdfunding services) are outside the scope of the Standards for Business Regulations, the Central Bank expects firms providing these services to take the guidance into account in the context of their obligations to "act honestly, fairly and professionally in accordance with the best interests of its clients" under the Irish MiFID Regulations*** and the EU Crowdfunding Regulation****. Guidance on Securing Customers' Intersts
Guidance on Vulnerable Customers This guidance will set out the Central Bank's expectations of firms in meeting their obligations to vulnerable consumers. It explains the background to the definition of and approach to vulnerability under the revised Code. Draft Guidance on Protecting Consumers in Vulnerable Circumstances (March 2024)   Guidance on Protecting Consumers in Vulnerable Circumstances

* Regulations on High Cost Credit Providers means the Central Bank (Supervision and Enforcement) Act 2013 (Section 48) (Licensed Moneylenders) Regulations 2020;
** Insurance Regulations means the Central Bank (Supervision and Enforcement) Act 2013 (Section 48(1)) (Insurance Requirements) Regulations 2022;
*** Irish MiFID Regulations means the European Union (Markets in Financial Instruments) Regulations 2017; and
**** EU Crowdfunding Regulation means Regulation (EU) 2020/1503.


Other guidance referenced in but not appended to the Consultation Paper includes:

  • Consumers' Guide to the Code.
  • Guidance on the use of branding.
  • Guidance on "appropriate and sustainable" in the context of repayment arrangements.
  • Guide to Consumer Protection Risk Assessment (March 2017).

Enhancing Accessibility – Digital tools, explainers and guides

To enhance accessibility and help firms and consumers navigate new and existing requirements under the Code, the Central Bank plans to make available new digital tools, explainers and guides.

Principal policy proposals

Securing customers' interests – The Central Bank acknowledges that firms must pursue their commercial objectives. However, it considers that commercial objectives should not be considered in isolation from an overarching duty to secure the customers' (including potential customers) interests. Therefore, the Central Bank proposes to include a new obligation on regulated firms to secure their customers' interests. The revised Code will continue to reflect the existing obligation on firms "to act in the best interests of their customers".

In addition, the Central Bank wants firms to effectively incorporate customers' interests into their overall business model and commercial decision-making, through securing customers' interests. The Central Bank intends to provide firms and their customers with increased clarity and predictability on already existing requirements. To that end, the draft guidance aims to help firms implement their consumer protection obligations.

Digitalisation – A key objective of the Central Bank is to modernise the Code to reflect how most consumers are accessing financial services today. Consequently, the Central Bank plans to introduce new digitalisation requirements to ensure incumbent firms and new entrants deploy a customer focus in the design and implementation of digital services and delivery channels and make digital platforms easier to use.

Informing effectively – Customers should be put in an informed position so that they can make decisions in their interests. The Central Bank proposes to roll out new requirements to ensure that firms communicate with customers effectively in this context.

Mortgage credit and switching – The Central Bank is proposing several new and enhanced requirements, including disclosure requirements on mortgage switching options and the cost of incentives, to ensure consumers are supported to make informed decisions about mortgage credit. The consolidation of the CCMA into the Code along with other enhancements to existing CCMA requirements is also planned.

Firms will also be required to consider an appropriate and sustainable range of alternative repayment arrangements which are broad enough to meet the needs of impacted borrowers. The Central Bank plans to issue updated guidance on "appropriate and sustainable".

Unregulated activities – The Central Bank wants regulated firms providing any unregulated products or services to make it clear which type of product or service the consumer is buying. Regulated firms that also engage in unregulated activities will be obliged to ensure that their customers can have no impression or misunderstanding that they are buying regulated products and services where that is not the case. The Central Bank will issue guidance to firms on the use of branding, noting that the use of branding should not contribute to confusion on the regulatory status of products and services including in the case of similarly branded sister companies.

Frauds and scams – The Central Bank plans to enhance fraud and scam monitoring and communications by firms, especially in a digital context.

Vulnerable customers – The Central Bank is proposing a new framework to support people in vulnerable circumstances. Firms will be required to facilitate customers who wish to provide the name and contact information of a trusted contact with whom the firm may communicate where there is difficulty supporting a customer, or where financial abuse, including fraud, is suspected. Firms must take reasonable steps to support such customers and to implement training, reporting, and the recognition of Trusted Contact Persons. The package also includes proposals on a new definition of "financial abuse".

Climate risk – Firms must communicate fairly and clearly on product sustainability features to avoid the risk of "greenwashing".

Additional policy proposals

Consumer Credit

As part of the Code review, Regulations on High Cost Credit Providers will be consolidated within the revised Code to bring domestic protections together in one place. The Standards for Business and the Supporting Standards for Business will be applied to High Cost Credit Providers. The updated approach to vulnerable consumers will also be applied to High Cost Credit Providers.

SME Proposals

The Central Bank plans to consolidate the SME Regulations into the revised Code and to update the threshold in the definition of 'consumer' under the revised Code to apply the General Requirements to small businesses, to include incorporated bodies with annual turnover of less than €5m per annum (the current threshold is €3m per annum).


  • Automatic renewal: Following further consideration and assessment of the risks and implications for consumers of 'opt-in' automatic renewal versus 'opt-out', it is now proposed that explicit opt-in for automatic renewal will apply in respect of gadget insurance, travel insurance, dental insurance and pet insurance policies. In the case of motor, home, and health insurance, there will be no change in the revised Code to automatic renewal arrangements. In all cases, consumers can choose to opt-out of automatic renewal at any time.
  • Insurance switching: In addition to the "renewal notice" currently issued to holders of non-life insurance policies 20 days in advance of their renewal date, an additional "pre-renewal" notification will now be required for consumers a further 20 days before the issuance of the "renewal notice". The Central Bank intends to consider whether research is required into the barriers to health insurance switching with the aim of identifying potential measures to enhance switching in the market.

Investments and pensions

The Central Bank is proposing to strengthen existing requirements in the revised Code, so that firms inform their customers of the importance of considering the ongoing suitability of investment and pensions products for their needs at the point of sale and in annual statements. Where the firm does not provide ongoing suitability assessments, firms must explain to the customer the reasons for this.

Miscellaneous proposals

  • Error and complaints handling: Amendments are proposed in the revised Code to enhance governance obligations on firms over the handling of errors and complaints. A new requirement is proposed whereby firms must have a system to track and manage complaints. Firms must analyse errors and complaints regularly (and at least once every six months) to identify and address trends or other potential issues promptly.
  • Complaints procedures: Firms must display complaints procedures on any digital platform they operate.
  • Reporting significant errors: There will be supervisory reporting obligations on firms to notify the Central Bank of significant errors. The requirement for firms to notify the Central Bank of any error which affects consumers, and remains unresolved after 40 days, will be removed from the Code.
  • Ombudsman/Alternative Dispute Resolution service: There will be a requirement for firms to provide information on the relevant Ombudsman/Alternative Dispute Resolution service as part of the information provided at the pre–contractual stage and at the commencement of the complaints process.
  • Record keeping: The record-keeping requirements that apply to firms in cases where a consumer engages with a firm but does not proceed to become a customer (e.g. when seeking an insurance quote or applying for a mortgage) will apply for 12 months (reduced from six years).
  • Future work: The Central Bank will consider further changes to the revised Code arising from ongoing policy developments at a domestic and European level. For example, anticipated changes under domestic and EU legislation relating to access to basic services such as access to cash, the Retail Investment Strategy, the Markets in Crypto Assets (MiCA) Regulation and the evolution of the EU Payment Services Framework. For further information, please see our recent articles on MiCA here and the third Payment Services Directive (PSD3) / Payment Services Regulation (PSR) here. The Central Bank has also indicated that it will undertake further work to include credit unions within the scope of the Code.


The new Regulations are expected to be finalised in early 2025, following which there will be a 12-month transition period. This means that the new framework will likely apply from early 2026.

Contributed by Jane Balfe

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More