Introduction

Ireland's fintech sector is continuing to mature and evolve. This article sets out some of the key trends in the sector which we have observed in our financial regulation practice in recent times.

Change in Approach to Regulation of E-money Institutions and Payment Institutions

The second half of 2021 saw a significant change in how the Central Bank of Ireland (CBI) supervises regulated payment institutions and e-money institutions in Ireland. Both the authorisations team (which licenses new firms) and the supervision team (which supervises firms following initial authorisation) were reconstituted within the Credit Institutions Supervisions Directorate of the CBI, which is comprised of personnel who are experienced in supervising banks and complex investment firms.

The shift in approach can be traced to the fact that the number of regulated fintech firms in Ireland has grown significantly in recent years and now stands at around 40 or so. In December 2021, the CBI published a “Dear CEO letter” addressed to the payments and e-money industry in Ireland to remind fintech firms of the supervisory expectations that are to be applied to this sector going forward.

Although the CBI has positioned this re-structure as an evolution of its existing supervisory approach, it appears that the internal management restructure has led to a noticeable shift in terms of how the CBI engages with the regulated fintech sector in Ireland. It is the authors' view, based on experience to date, that the regulatory expectations and supervisory norms being applied to firms are different now than in the past. There is now quite clearly a supervisory focus on ensuring that firm's control environments continue to evolve and mature as the scale and size of their businesses continue to grow.

While it is understandable that the CBI wants to ensure the sector is well regulated, the degree of supervision needs to be commensurate with the scale, nature and complexity of each firm's business model, and both firms and supervisors alike are grappling with this challenge at the moment.

It must be remembered that the EU regulatory frameworks for payment institutions and e-money institutions consciously set out prudential requirements proportionate to the operational and financial risks faced by such firms in the course of their business. The requirements reflect the fact that fintechs engage in more specialised and limited activities, thus generating risks that are narrower and easier to monitor and control than those that arise across the broader spectrum of activities of credit institutions. They are also prohibited from accepting deposits from users and are only permitted to use funds received from users to render payment services or issue e-money. It will be interesting to see in 2022 if the re-calibrated supervisory approach of the CBI remains consistent with those policy aims which have been set at EU level.

The Irish Authorisation Process for Fintechs

While a record number of fintech firms have started the authorisation process with the CBI in recent years, it is important to note that the Irish regulatory authorisation process for fintechs is a robust one. Firms must have real substance and “mind and management” located in Ireland before an authorisation will be granted. Furthermore, in an update to its webpage on the authorisation process, the CBI has also advised new applicants that it expects engagement on any authorisation application to be led by the proposed local management team (rather than group representatives) in order to make progress.

In the authors' experience, firms need to prepare a well-developed target operating model for their new Irish subsidiary and this is perhaps the most challenging part of any authorisation project, regardless of the size, maturity or complexity of the applicant's existing business model (be it regulated or unregulated) in Ireland or other jurisdictions. They also need to assemble a local management team that will run and oversee the Irish subsidiary in the months leading up to authorisation, and undoubtedly this requires a significant fixed overhead for many applicants looking to set up in Ireland for the first time.

However, any applicant that commits a level of resources commensurate with the scale and complexity of the applicant's proposed operating model will almost certainly be successful in obtaining authorisation from the CBI. This has been the basis on which many firms with a wide range of operating models, licence permissions and staffing allocations have successfully achieved authorisation in recent years.

From dealings with the CBI, it is also evident that it has a strong staffing allocation dedicated to the authorisation of payment institutions and e-money institutions. The CBI maintains its service level commitment in terms of finalising its decision on a completed authorisation application within 90 working days.

While outsourcing (particularly intra-group outsourcing) is a common feature of practically every application for authorisation in Ireland, these outsourcing arrangements do need to be properly documented and the specific operational risks that could arise for the Irish business must be considered by any firm prior to application. During 2021, subtle shifts in the regulator's focus on certain topics during the authorisation process were visible. It is clear that topics like the design of an end-to-end safeguarding process, consumer protection considerations, and wind-down planning are now all things which the CBI expects firms to have considered prior to authorisation.

Successfully completing the authorisation process undoubtedly has the benefit of making each applicant's compliance framework stronger than before and many clients embrace the authorisation process as a means of developing their operational resilience.

Certainly, being able to say that the CBI has authorised their business model is a very valuable calling card and, once secured, it certainly enhances the reputation and credibility of each firm with other regulators located in Europe and the wider world.

Virtual Asset Service Providers in Ireland

Following the 2021 transposition of the EU's Fifth Money Laundering Directive (5MLD) into Irish law, a new domestic anti-money laundering/countering the financing of terrorism (AML/ CFT) registration regime has started for all firms acting as virtual asset service providers (VASPs) in Ireland. The definition of what is considered to be a “virtual asset” is in line with the latest recommendations of the Financial Action Task Force in this area and is technologically neutral. Irish firms who wish to offer some kind of virtual asset-based product or service have registered, regardless of whether they hold a regulatory authorisation from the CBI under other legislation, although it still remains unclear whether firms that service Irish customers from abroad on a cross-border basis actually need to register with the CBI.

To date, the Irish registration process run by the CBI has been very focused on AML/CFT compliance and less so on other areas that are undoubtedly important considerations for any firm operating in the virtual assets industry, such as information security arrangements and business continuity planning. Undoubtedly, the regulatory focus will broaden in time once the AML/CFT registration regime is replaced with the more comprehensive Markets in CryptoAsset Regulation (“MiCA”) legislative proposal that is under negotiation at EU level and likely to become law during 2023. The CBI has a good depth of knowledge about virtual asset firms and expects firms to have well-developed AML/CFT compliance programmes that are aligned with the risk-based approach that is central to the EU's AML legislation.

In recent times, there has been a rush to unveil new regulations to better regulate virtual asset advertising to retail customers and to curb misleading advertising in the UK and several EU member states. Ireland's own advertising standards watchdog says it is monitoring developments in other countries but has yet to formally regulate the sector. Furthermore, the CBI is only empowered to regulate the advertising of regulated financial products and services, so advertising by the sector remains essentially unregulated as a result. However, given the continued growth in the popularity of virtual assets, it may only be a matter of time before such advertising rules are introduced in Ireland and this could happen during 2022.

The Opportunity for Fintechs to Dislodge the Main Retail Banks in Ireland

Last year saw the announcement by two major retail banks (Ulster Bank and KBC Ireland) that they were quitting the Irish market for good and intended to close down all customer accounts during 2022. Furthermore, many of the remaining retail banks are continuing to scale down the number of branches they have located around Ireland.

This shift in the Irish banking sector represents perhaps the single biggest opportunity for fintechs to grow and win a significant number of new Irish customers (both consumers and businesses) in the coming years, particularly since the COVID-19 pandemic brought about a huge jump in the number of Irish people using mobile apps and contactless payments instead of cash and cheques. Strong customer authentication has also been successfully rolled out across the Irish market.

With all of this in mind, a number of major EEA fintechs are eyeing up the Irish market with a view to making the most of the competitive opportunity that will arise there during 2022.

The Continued Growth of Buy Now, Pay Later Products

One of the other trends in terms of market practice among Irish fintechs has been the continued growth in the roll-out of “buy now, pay later” payment options. The Irish government is now belatedly starting to play catch-up with this sector and in the second half of 2021 published its proposals for changes to the Irish retail credit and credit servicing regimes in Part V of the Central Bank Act 1997 in order to better regulate the sector. Although the legislation was expected to be passed quite quickly, progress has stalled and it may be the end of 2022 before this legislation is finalised. The intent of the legislation is to regulate all forms of direct and indirect consumer credit and to ensure that providers of such credit conduct suitability and affordability checks on each consumer when offering them deferred payment options. 

The authors are advising a number of fintech clients on how best to structure their buy now, pay later offerings for the Irish market and to take account of bespoke local requirements in Irish consumer credit law. One thing is certain: the growth of credit offerings is set to remain a big feature of the fintech and payments landscape in Ireland and across Europe in the years to come.

The Rise of Open Banking

The final trend that the authors predict in the Irish market is the ongoing rise of open banking. While open banking has been in existence under the PSD 2 for the best part of four years, the reality is that these services have yet to take off on a big scale in the Irish market. However, the COVID-19 pandemic has also driven growth in this area and this is partly due to the increased use of neo-banking apps that tend to combine open banking services with slick user experiences for their customers.

The second reason why the growth in open banking is expected to continue is due to the aforementioned trend in buy now, pay later credit offerings. Increasingly, a lot of fintechs offering credit products are seeking to have these permissions so that they can quickly check if an individual consumer has the cash flow and creditworthiness required to be able to repay any funds advanced through their buy now, pay later offerings. This is yet another growth area in the Irish market and it is one that the authors think will become increasingly prevalent as Irish consumers become more accustomed to these kinds of services.

Originally published by Chamber's Guide "FinTech 2022"

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.