ARTICLE
27 March 2025

The Consumer Protection Code Is Modernised

WF
William Fry

Contributor

William Fry logo
William Fry is a leading corporate law firm in Ireland, with over 350 legal and tax professionals and more than 500 staff. The firm's client-focused service combines technical excellence with commercial awareness and a practical, constructive approach to business issues. The firm advices leading domestic and international corporations, financial institutions and government organisations. It regularly acts on complex, multi-jurisdictional transactions and commercial disputes.
Explore Firm Details
On 24 March 2025, the Central Bank of Ireland (Central Bank) published its modernised Consumer Protection Code (Code), following an extensive three-year review.
Ireland Consumer Protection
Shane Kelleher,Louise McNabola,Jane Balfe
+1 Authors
 Your Author LinkedIn Connections

On 24 March 2025, the Central Bank of Ireland (Central Bank) published its modernised Consumer Protection Code (Code), following an extensive three-year review.

The review included a discussion paper, public survey, public consultation and engagement with consumer and industry stakeholders. For further information, please see our articles here and here.

Regulated firms have a year to implement the revised Code, with the provisions applying from 24 March 2026.

Regulations

The two sets of Central Bank Regulations that will give effect to the revised Code, following the 12-month implementation period, are:

  • Central Bank (Supervision and Enforcement) Act 2013 (Section 48) (Consumer Protection) Regulations 2025 (Consumer Protection Regulations); and
  • Central Bank Reform Act 2010 (Section 17A) (Standards for Business) Regulations 2025 (Standards for Business Regulations).

Guidance and other materials

The Central Bank's:

Guidance on Securing Customers' Interests has been enhanced to include changes such as adding an example of securing customers' interests during digital delivery and providing further clarification on the Central Bank's expectations of firms when dealing with customers on an execution-only basis, where customers make poor or unwise decisions, or when providing green or sustainable products and services to customers.

Guidance on Protecting Consumers in Vulnerable Circumstances has been updated to include guidance on training staff on safeguarding adults at risk of financial abuse, harm or exploitation and the use of the word 'harm' in the context of the relationship between a firm and consumers.

General Guidance on the Consumer Protection Code has been developed to support the implementation of the broader requirements of the revised Code. It is intended to assist firms with implementation and provide additional guidance on, for example, unregulated activities, informing effectively, financial abuse, sustainability preferences, disclosure of fees and commissions, digitalisation, advertising, errors and complaints handling and proposed closure, change or merging of bank branches.

The Central Bank website provides a helpful mapping tool and a table of changes made to the regulations since the public consultation. The website also provides links to the feedback statement, regulations, guidance, and related documents.

Feedback Statement

The Central Bank's feedback statement in response to the consultation on the Code and the table of changes provides further insight into the following:

Securing customers' interests

The Central Bank has revised the Guidance on Securing Customers' Interests to provide further clarity on proportionality and the types of steps that firms are expected to take to secure their customers' interests.

In response to requests for greater clarity on how the Guidance on Securing Customers' Interests interacts with the EU MiFID Regulations and the scope of application of the guidance when EU MiFID firms provide financial products and services to consumers in Ireland, and when Irish firms provide financial products and services to customers across the EU the Central Bank states that the guidance does not conflict or overlap with the MiFID Regulations, but rather provides guidance on how the Central Bank expects firms to meet their obligations under the MiFID Regulations. Further, the Central Bank expects MiFID firms and crowdfunding service providers based in other EU countries to consider this guidance when they provide services to consumers in Ireland.

Digitalisation

The digitalisation provisions of the Consumer Protection Regulations have been amended to avoid introducing unnecessary frictions for consumers, while also highlighting the responsibility of firms to ensure that they do not create inappropriate dynamics in online transactions that increase the risk of customers purchasing unsuitable products. The related guidance covers matters including information filtering, scrolling, and hyperlink use. The Central Bank has narrowed the scope of some requirements for online transactions and clarified aspects of other requirements. For example, the proposed requirements on:

  • Online transactions have been changed to avoid requiring firms to introduce unnecessary frictions for consumers, while also highlighting the responsibility of firms to ensure that they do not create inappropriate dynamics in online transactions that increase the risk of customers purchasing unsuitable products.
  • Pause statements have been amended to focus on the need for firms to consider the impact the dynamic of online transactions can have on consumer decision-making and to apply pause statements where the risk is high of consumers entering into transactions that may be unsuitable due to the speed and ease of the online process. This requirement is supported by guidance that provides examples of online transactions where this risk arises.
  • Filtering (i.e. that firms apply appropriate filtering of information where more than three financial products are offered) have been removed, and instead, the General Code Guidance covers how filtering can be used to support consumer decision–making online, providing firms with a greater degree of flexibility to determine how they can effectively use filtering to support their customers.
  • Testing digital platforms have been made less prescriptive in terms of timing.

The Central Bank has also clarified in guidance that a 'durable medium' can include digital formats.

Informing Effectively

The Central Bank's guidance for firms to support their implementation of the requirements includes examples that illustrate the actions and steps that firms can take to ensure that they are informing effectively and provides an overview of important considerations for firms (e.g. customer profile, content, language, display, delivery channel, timing and the use of review) when they are developing and designing communications for customers.

Mortgage Credit and Switching

In response to feedback from the Minister for Finance and recommendations of the Housing for All Expert Group on Conveyancing and Probate, the Central Bank is adding a requirement to the Consumer Protection Regulations that mortgage providers provide title deeds to the borrower (or their representative) within ten working days of the request, subject to certain exceptions.

Firms are also required to include additional signposting to mortgage calculators available on the Competition and Consumer Protection Commission's website.

Other amendments to the revised Code include removing the warning to a lifetime mortgage holder that their home might be at risk if they do not keep up repayments on their loan where repayments are not required under their contract and extending the definition of lifetime mortgage to second properties.

The Central Bank has developed criteria and expectations on Appropriate and Sustainable Alternative Repayment Arrangements (ARAs) to support firms in implementing the existing requirements for ARAs in the Code and made specific drafting amendments to the regulations based on suggestions provided in feedback.

Unregulated Activities

The Central Bank has clarified the scope of the new Supporting Standard for Business and provided additional guidance on its expectations of firms in meeting their obligations in this regard. For instance, the Guidance on Securing Customers' Interests includes guidance to firms on the appropriate use of branding when providing unregulated products and services.

Frauds & Scams

The Central Bank has limited the scope of requirements relating to financial abuse to existing customers (rather than existing and potential customers) by amending the Standard for Business Regulations to clarify that it applies only to consumers to whom the regulated financial service provider is providing services. It has also provided further clarity in guidance on financial abuse. There is also a requirement that firms must ensure that front-line staff can bring such concerns to the attention of someone within the firm who is sufficiently expert, senior and authorised, to take whatever actions can be taken by the firm to seek to prevent detriment or harm to the customer.

The Central Bank has provided guidance on the notification of fraud requirements on the topic of proportionality. Generally, the communication needs to be proportionate to the harm and the risk to the consumer.

Protecting Consumers in Vulnerable Circumstances

The Central Bank has refined the definition of consumers in vulnerable circumstances in the regulations to better reflect the dynamic nature of vulnerability. It has also amended the proposed requirement for firms to record information on consumers in vulnerable circumstances to give firms more flexibility in addressing the different ways in which vulnerability may present.

The Trusted Contact Person requirements are also amended to avoid any overlap with the functions of decision-making representatives appointed under the Assisted Decision-Making (Capacity) Act, 2015 (ADMA). The Central Bank has also clarified that if a firm is aware that a decision-making representative has been appointed in respect of a customer under the ADMA, then they should defer to those arrangements instead of contacting any Trusted Contact Person that had been nominated by that customer.

Climate Risk

The revised Code's requirements seek to ensure customers are protected from 'greenwashing' and that firms consider customers' sustainability preferences when providing financial products and services. The Central Bank has developed guidance for firms on how to implement the sustainability preferences requirement.

Consumer Credit

The Central Bank has changed the finalised Consumer Protection Regulations so that the existing Code provisions relating to unsolicited contact and personal visits are not applied to Consumer Hire and HP firms under the revised Code.

Insurance

The Central Bank has introduced a new requirement for health insurance providers to notify all affected adults, not just the policy holder, of cessation of cover. It is not proceeding with the proposal to reduce the timeframe to notify consumers of an issue affecting their insurance claim from ten days to five.

Reinsurance

We are pleased to see that the Central Bank has taken on board William Fry's feedback to CP158 and amended the Standards for Business Regulations to explicitly carve out reinsurance business from the scope of the conduct regulations. This is an important change for any (re)insurer conducting reinsurance business in Ireland. Notwithstanding the explicit carve out of reinsurance business in the conduct regulations, the table in Annex 1 of the Central Bank's Feedback Statement indicates that reinsurance firms will, nevertheless, be subject to the 'prudential' Standards for Business introduced under regulations, dealing with:

a. systems and controls;
b. adequacy of financial resources; and
c. engagement and cooperation with the Central Bank.

From our review of the conduct regulations, we find this statement open to interpretation considering that the regulations state 'reinsurance business' is out of scope. We are considering further how the Central Bank reached this conclusion and are evaluating the potential implications for reinsurance firms.

Handling of errors and complaints

The frequency of complaints analysis will remain at six months; however, the principle of proportionality applies in terms of the approach. The General Code Guidance provides more clarity as to what might constitute a 'significant error'. In relation to the proposed requirement for an immediate acknowledgement of complaints submitted via web forms, the regulations have been amended to make the position clearer, and the requirement is also now covered in General Code Guidance.

Instructions to be acknowledged and processed

The Central Bank has not proceeded with the proposal to require firms to acknowledge instructions within three days of receipt and will instead retain the current requirement on firms to process instructions properly and promptly.

Requirements on ceasing to operate, merging business or transferring regulated activities

The regulations have been amended to impose the increased notice period from two months to six months only on credit institutions, and not to other regulated entities. Furthermore, the requirement for six months' notice will apply to credit institutions only if they leave the Irish market.

Material changes to banking services

The Central Bank has developed guidance for firms on how to implement the requirements and clarified matters including that the required board-approved assessments should focus on the impact of closures, mergers or significant changes to services (and does not require the inclusion of commercially sensitive information). The required publication in local media need only include notice that a report has been prepared and published and information on accessing the report. The requirements do not apply for closures of a temporary nature. Where banks intend to significantly amend the financial services that are provided in a particular branch, the requirements will apply.

Written consent

The Central Bank has reviewed where the revised Code requires written consent and removed a number of these. The guidance also clarifies that where written consent is required, it can be provided via digital channels, including e-mail. Where the revised Code only requires consent, 'consent' can be given verbally or in writing. However, where the revised Code requires 'written consent,' it must be in writing.

Retaining records

The regulations have been amended to require the consumer's consent to retain records for 12 months and reflect that the requirement to retain records for 12 months when a consumer engages with a firm but does not proceed to become a customer will only apply to records created after the regulations commence.

Warning statements

Where the Central Bank is introducing text changes in warning statements, firms will not be expected to change all their warnings at the commencement of the Revised Code, however, they should make such changes as part of the next scheduled update.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Shane Kelleher
Shane Kelleher
Photo of Louise McNabola
Louise McNabola
Photo of Eoin Caulfield
Eoin Caulfield
Photo of Jane Balfe
Jane Balfe
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More