Consumer Protection Code 2025 - What (Re)Insurers And Intermediaries Need To Know

On 24 March 2025, the Central Bank of Ireland (Central Bank) published its revised Consumer Protection Code (Revised Code), marking the culmination of a three-year overhaul of the consumer protection framework.

This is a significant regulatory development with wide-reaching implications for (re)insurers and (re)insurance intermediaries. For a broader overview of the regime changes, see our Financial Regulation Unit's full analysis here. This article focuses on the key changes and challenges specific to (re)insurers and intermediaries.

While a detailed analysis of the Revised Code is beyond the scope of this article, several points merit reiteration:

• The content of the Revised Code will be familiar to those in the scope of the existing Consumer Protection Code. The core duty to act in the best interests of customers remains, but it is now reinforced by a new, express obligation to 'secure customers' interests'.
• The structure of the Revised Code has changed significantly. The previous format – general requirements followed by sector-specific chapters – has been replaced by two statutory instruments, supported by three guidance documents:
  • Central Bank Reform Act 2010 (Section 17A) (Standards for Business) Regulations 2025 (Standards for Business Regulations);
  • Central Bank (Supervision and Enforcement) Act 2013 (Section 48) (Consumer Protection) Regulations 2025 (Consumer Protection Regulations);
  • General Guidance on the Consumer Protection Code;
  • Guidance on Securing Customers' Interests; and
  • Guidance on Protecting Consumers in Vulnerable Circumstances.
• The Standards for Business Regulations extend beyond consumer-facing activities. They establish core and supporting standards of conduct expected of all regulated firms across both business-to-business and business-to-consumer engagements.
• The Consumer Protection Regulations contain the detailed, cross-sectoral and sector-specific rules, including those applicable to (re)insurers and intermediaries. These are organised into individual Parts, with Part 4 dedicated to insurance.

The interaction between these regulations and guidance documents introduces a new level of complexity. Firms will need to carefully map the requirements to their business models to ensure full and effective implementation. Firms will have less than one year to implement the new processes, with provisions applying from 24 March 2026.

Standards for Business Regulations

Not Just "Consumer" Business

The definition of "Consumer" under the Revised Code remains unchanged, apart from an increase in turnover from €3 million to €5 million for incorporated entities. Therefore, a "Consumer" now includes "a customer that is –

• a natural person,
• a group of natural persons, including a partnership, club, charity, trust or other unincorporated body, or
• an incorporated body, that is not –
  • an incorporated body that had an annual turnover in excess of €5 million in the previous financial year, or
  • an incorporated body that is a member of a group of companies having a combined turnover greater than € 5 million".

This uplift will require (re)insurers and intermediaries to reconsider whether they are counterparties to activities with 'consumers' as well as 'customers'.

Whilst titled the "Consumer Protection Code", certain provisions have broader application than just consumers. The Standards for Business Regulations impact, with certain exceptions, all forms of (re)insurer and intermediary. When dealing with a B2B or B2C customer, the Standards for Business Regulations require firms to 'act in the interests of customers and treat them fairly and professionally'. What this means for B2B will be especially interesting to see as the area evolves.

The Central Bank considered William Fry's feedback to CP158 and amended the Standards for Business Regulations to carve out reinsurance business explicitly. This is an important change for any (re)insurer conducting reinsurance business in Ireland. Notwithstanding the explicit carve out of reinsurance business, the Central Bank's Feedback Statement indicates that (re)insurers will, nevertheless, be subject to the 'prudential' Standards for Business Regulations that relate to systems and controls, adequacy of financial resources and engagement and cooperation with the Central Bank.

The duty to 'secure customers' interests' and the duty to 'control and manage a regulated firm's affairs and systems to counter the risks of financial abuse to customers' only apply to consumers. Therefore, when dealing with consumers, firms will now have both the existing 'acting in the best interests' obligation and the separate duty of 'securing customers' interests'. Regulation 5 provides a non-exhaustive list of what positive actions the Central Bank expects regulated firms to take to secure customers' interests (this includes "delivering fair outcomes for customers"). It looks very similar to the UK's adoption of the 'consumer duty' obligation. It is a material change and means, therefore, for those conducting consumer business, that likely outcomes for customers must always be carefully assessed.

"Reasonable Steps"

The Standards for Business Regulations will have a familiar feel because they mirror the requirements of the Conduct Standards and Additional Conduct Standards applied to PCFs and CFs since the end of 2023 (i.e., to individuals working in firms). The Standards for Business Regulations complement these and apply at the level of the firm itself.

Unlike the Conduct Standards, no provision is made for firms evidencing the taking of "reasonable steps". In its Feedback, the Central Bank concluded that reasonable steps were intentionally not replicated in the Standards for Business because the Conduct Standards apply to individuals. This was distinguishable from obligations imposed on firms themselves and reflects the range of resources available to firms and the Central Bank's expectations on how these should be effectively deployed in a way that secures customers' interests.

Digitalisation

The modernisation of the financial services industry, including trends in digitalisation, the increasing reliance on tech, AI and outsourcing in business models, as well as changes in customer patterns and behaviours since Covid, are all acknowledged in the Revised Code. The theme of digitalisation is embedded throughout the Revised Code (no longer confined to a dedicated section). The revised Code aims to align consumer protection with the realities of a digital-first financial landscape. (Re)insurers and intermediaries need to consider their architecture choice, utilisation of AI and employment of effective disclosures when selling financial services to ensure safe online decision making in an increasingly tech-driven environment.

Consumer Protection Regulations

Beyond the Standards for Business Regulations, the insurance sector requirements outlined in Part 4 of the Consumer Protection Regulations repeat many existing features of the current Consumer Protection Code. This will include, with minor updates, areas such as providing information identifying a regulated party connected to the financial product, the obligation to provide receipts, premium handling, and client premium account requirements.

A new section on differential pricing and automatic renewals incorporates separate requirements introduced in this area in 2022. New provisions also include requiring regulated firms to provide customers with clear definitions and details when providing quotations on certain insurance products identified in the Consumer Protection Regulations. That includes, for example, products relating to permanent health insurance or serious or critical illness insurance.

Some other noteworthy points specific to (re)insurers and intermediaries under Part 4 are as follows:

• Auto-renewals: Under the Revised Code, for travel, dental, pet and gadget insurance, the consumer will have to opt in to automatic renewal of these policies expressly. In the Feedback Statement, respondents noted the risk of lapses in coverage. However, the Central Bank maintains the benefits of the opt-in requirement, noting that such policies are often sold as add-ons, and that there is an increased risk that the covered risk is no longer owned by the consumer or covered by another policy.
• Warranties and endorsements on policies: These must now be included in sufficient clarity, e.g. in the insurance quotation in the same font size as all other details provided.
• Pre-contract / renewals: The consumer must be informed of the premium quotation details in the written pre-contract quotation and the renewal notification. This includes explaining any difference in cost between paying the premium in a lump sum or in instalments.
• Quotes via digital means: Where an insurance quote is provided to a consumer on a digital platform or website, the insurance undertaking or intermediary cannot follow up with a telephone call with the consumer to discuss the quote unless the consumer has provided explicit consent.
• Insurance switching: Non-life insurance contracts' current minimum renewal notice period is 20 working days. The Revised Code will require insurers to issue an additional 'pre-renewal' notification to consumers a further 20 working days prior to the issuance of the standard 20 working days (i.e. 40 days minimum now in aggregate). The Central Bank has provided sample wording of this notification, acknowledging the risk raised by respondents to the consultation that such a notification could result in the prompt seeking of quotes only to find that the quote expires by the renewal date.
• Health Insurance: The Revised Code includes an additional change to health insurance coverage. Currently, any individual covered under a health insurance policy who is not the policyholder might not be notified in the event of the policy's cancellation. Recognising that such a scenario could present considerable risks for the consumer, the Central Bank has introduced a requirement for health insurance providers to notify all affected adults of a cancellation of cover.
• Claims Queries: An insurance firm must be available to discuss aspects of a claim with a claimant during normal working hours, which is defined as 09.00 – 17.00. The ability to agree on hours outside of normal working hours is removed.
• Claim settlements: The introduction of a non-exhaustive list of factors to be considered to ensure that a claim settlement offer is the best estimate.
• Appeals: A new obligation on insurance undertakings to publish details of appeals mechanisms on their websites.
• The Central Bank decided not to proceed with the proposals to:
  • Change the requirement on firms to provide at least 2 months' notice to affected consumers where they intend to cease operating, merge with or transfer regulated activities to another entity by increasing it to at least six months' notice.
  • Reduce the notice period requirement on firms to notify a claimant about a development affecting the outcome of their insurance claim within 10 days to 5 days. The existing 10-day timeframe has been reinstated.

Contributed by Caitlin Lenihan

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.