ARTICLE
7 November 2024

Global Legal Insights FinTech 2024: Ireland Chapter

W
Walkers

Contributor

Walkers is a leading international law firm which advises on the laws of Bermuda, the British Virgin Islands, the Cayman Islands, Guernsey, Ireland and Jersey. From our 10 offices, we provide legal, corporate and fiduciary services to global corporations, financial institutions, capital markets participants and investment fund managers.
The Irish government has been supportive of the development of the financial services sector in Ireland and this extends to fintech. The government's strategy for the development of Ireland's international financial.
Ireland Technology

Approaches and developments

Fintech initiatives in Ireland

This chapter was originally published in Global Legal Insights FinTech 2024.

Ireland is considered a fintech hub and is home to globally recognised technology and financial services firms.

The Irish government has been supportive of the development of the financial services sector in Ireland and this extends to fintech. The government's strategy for the development of Ireland's international financial services sector to 2026, "Ireland for Finance", includes actions to help drive fintech including blockchain technologies. In March 2024, the Update to Ireland for Finance Action Plan 2024 was released, which contains 13 action measures and ancillary work under five interconnected themes of the strategy: Sustainable Finance; Fintech and Digital Finance; Diversity and Talent; Regionalisation and Promotion; and Operating Environment. Previous updates to the Ireland for Finance Action Plan had also included measures to support Fintech.

Since November 2022, the Irish government Fintech Steering Group works with industry stakeholders through the Joint Fintech Group consisting of a number of Steering Group members and industry representatives. The key objective is to provide "strategic guidance on fintech from an expert industry perspective in order to inform the state on skills and education requirements and to act as a forum for the private and public sectors to engage on policy developments at a domestic and European Union ("EU") level".

Furthermore, Ireland's sustainable finance e strategy of the fintech h sector launched in October 2022 (and updated in March 2023), in order to support the development of innovative technology solutions to Environmental, Social and Governance ("ESG") challenges. More recently, the Sustainable Finance Centre of Excellence was established which will lead on the development and launch of innovative financial mechanisms.

According to Ireland's enterprise agencies, the Industrial Development Agency ("IDA") Ireland and Enterprise Ireland, there are now over 430 internationally focused financial services companies operating in Ireland, employing more than 50,000 people between them.

International financial l services companies have set up research and development operations in Ireland focusing on themes such as the utilisation of blockchain, crypto, and AI. BNY Mellon announced the establishment of a new Digital Research and Development Hub in Dublin that will drive innovation in the areas of artificial l intelligence ("AI"), machine learning, and data analytics. Mastercard's European Technology Hub and Citi's Global Innovation Labs are based in Dublin and are investing in emerging areas such as AI, cybersecurity, blockchain and virtual reality.Furthermore, Fidelity Investments' Center for Applied Technology lab has a base in Ireland and provides technology and operational business services to the US in areas such as cloud, cybersecurity, digital assets, AI and the metaverse.There are also indigenous accelerator and incubation programmes.

Central Bank of Ireland approach to Fintech and crypto

The Central Bank of Ireland (the "Central Bank"), as the national regulatory authority of financial services firms established the Innovation Hub in 2018 to provide firms engaged in the Fintech and innovation space, with a point of contact outside of the existing formal engagement processes. The Innovation Hub 2023 Update notes that by the end of 2023, the Central Bank Innovation Hub held 389 engagements across a number of sectors, including Payments, RegTech, Blockchain, Crypto and InsurTech. The Central Bank will soon look to enhance the framework for engagement with the fintech hand innovation sectors through the establishment of an Innovation Sandbox. The Innovation Sandbox Programme will provide regulatory advice and support for innovative projects, with a first call for potential participants to issue in the coming months, and the first programme to commence during Q4 2024. In recent public statements, the Central Bank emphasised their strong focus on technological innovation and being "open and engaged is a key part of their strategy". As part of the Central Bank's Strategy for 2022–2026, being future-focused and adopting a forward-looking approach is one of the central themes in the Central Bank.

The Central Bank confirmed din its Regulatory Supervisory Outlook Report 2024, that while there is clear potential for distributed ledger technology and tokenisation to benefit the functioning of the financial system, given the volatility of crypto there are also risks to consumers and retail investors, and therefore this will be a focus for the Central Bank's key supervisory activities in 2024/2025.

In a May 2024 speech, the Central Bank Director of Financial Regulation, Policy & Risk commented that the Central Bank will focus on the use-case, consumer focused culture, and upfrontedness of innovators when examining their products and services.

Overview of regulatory developments

It is expected that the Central Bank will continue its supervisory focus in the areas of anti- money laundering ("AML"), outsourcing, safeguarding of client funds, governance and operational resilience. Over the past 12 months, regulated financial service providers have been implementing the Central Bank Guidance on Operational Resilience and Outsourcing as well as the recent introduction of the Individual Accountability Framework under the Central Bank (Individual Accountability Framework) Act 2023 and enhancements to the existing Fitness & Probity Regime. In-scope firms are also now preparing for the impact of the EU Digital Operational Resilience Act1 ("DORA").

With regard to the payments and e-money sector specifically the Central Bank has focused its attention on a number of areas where firms operating in the fintech h industry have been found to have deficiencies In a Dear CEO letter addressed to payments and e-money firms sin January 2023, the Central Bank highlighted issues in relation to safeguarding, governance, risk management, conduct and culture, financial and operational resilience and financial crime. In particular, the Central Bank requested that firms carry out an audit of their compliance with safeguarding requirements by the end of October 2023.

The Central Bank issued a Dear CEO letter in February 2024 outlining its key regulation and supervision priorities based on the Regulatory Supervisory Outlook Report 2024. The European Commission's 2020 Digital Finance Package significantly y changed the Fintech and crypto landscape in the EU with the introduction of the Markets in Crypto Assets Regulation2 ("MiCA"), DORA and the distributed ledger technology ("DLT") pilot regime. MiCA, which completed the legislative process in May 2023, implements a legislative framework including rules applicable to the issuance of crypto-assets and the provision of various services in relation to crypto-assets. The provisions regarding the regulation of stablecoin issuers will apply from 30 June 2024 and the remainder of the provisions under MiCA will apply from 30 December 2024. The EU DLT pilot regime commenced in March 2023 which creates a sandbox for the trading and settlement of DLT financial instruments, with the first programme to commence during Q4 2024.

The Instant Payments Regulation entered into force on 8 April 2024 and has a staged implementation timeline ranging from January 2025 to July 2027. It aims to make instant payments fully available in euro to consumers and businesses across the EU by amending existing EU payments regulations.

As part of the Digital Finance Strategy and the Retail Payments Strategy, the European Commission is actively involved in the ongoing review of PSD2. On 28 June 2023, the European Commission put forward proposals for PSD3, a Regulation on payment services, and a Regulation on a framework for financial data access. These proposals are progressing through the legislative process in order for the final texts to be agreed between the EU institutions. Contributing to progressing the review of PSD2 is also part of the Central Bank's key supervisory priorities for 2024. On 9 December 2023, the European Parliament and the Council of the EU reached a provisional agreement on the AI Act, and the final text of the AI Act was approved on 21 May 2024. The AI Act will then enter into force 20 days after its publication in the Official Journal of the EU with transition periods ranging from six to 36 months. The AI Act is a proposal for a regulation laying down harmonised rules on AI. The AI Act proposes to regulate providers placing on the market or putting into service AI systems in the EU as well as users of AI systems located within the EU and ensure that fundamental rights, democracy, the rule of law and environmental sustainability are protected from high-risk AI, while also supporting AI innovation in the EU.

The European Securities and Markets Authority ("ESMA") has released a public statement on the use of AI in the provision of retail investment services, aiming to guide firms utilising or planning to use AI technologies so they can ensure compliance with the key MiFID II requirements, particularly those pertaining to organisational requirements, conduct of business requirements, and the general obligation to act in the best interest of the client.

In the Regulatory and Supervisory Outlook Report 2024, the Central Bank highlighted that it will be undertaking policy work and developing its supervisory expectations of regulated entities related to the use AI in financial services, including preparing for the implementation of the AI Act.The Central Bank will seek to understand how firms are using AI to deliver and support existing financial services, and to consider how AI could be used for new products, services and business models.It will make any necessary changes to its supervisory framework that it identifies based on the deployment of AI in practice, to ensure that it can continue to deliver on its regulatory and supervisory objectives.

Fintech offering in your jurisdiction

Recent years have seen an increase in fintech activity in Ireland and in the number of entities operating in the country, reflecting the positive ecosystem that has been developed. Ireland is a popular location for firms seeking an EU base, which has increased further following the UK's withdrawal from the EU, so as to "passport" their Irish authorisations to provide services into other EU Member States.

In a May 2023 speech, the Central Bank Director of Financial Regulation, Policy & Risk commented that data in the Fintech sector indicates that the fintech ecosystem in Ireland comprises approximately 270 indigenous fintechs and 120 international fintech. The Central Bank is struck by the diversity of the applications and solutions, with fintech sector providing solutions in Regtech, Payments, Insurtech, Funds/Trading, and Credit and Lending sectors.This is in addition to the significant growth of the Blockchain and crypto sectors. Examples of firms which have obtained an electronic money institution authorisation or payment institution authorisation include Google, Facebook, Coinbase, Stripe, Gemini Payments, and myPOS.As of June 2024, the Central Bank has approved 14 Virtual Asset Service Provider ("VASP") registrations, including firms such as Coinbase, Gemini, Zodia Custody, and Kraken.

Bigtech and international social media companies such as Google, Facebook, and LinkedIn all have their EMEA headquarters in Ireland. The most active Fintech activity is in the payment and e-money space.In Consultation Paper 156 "Central Bank approach to innovation engagement in financial services" (the "Innovation Hub CP"), the Central Bank noted that the number of authorised payment institutions and electronic money institutions in Ireland has more than tripled in the last six years, with a tenfold increase in safeguarded funds held by this sector. Outside of payments, which has driven the majority of fintech activity, it is notable that the number of registered VASPs and authorised crowdfunding service providers continues to increase.Other areas for innovation include Regtech, insurance, digital identity and asset management. Firms are also looking to incorporate new technology, such as blockchain and AI, into their operations.

Looking forward, the Central Bank has commented that most of the enquiries received by its Innovation Hub remain in the payments, blockchain and crypto sectors.

Domestic regulatory developments to address fintech disruptions

One of the Central Bank's mandates is to ensure consumer protection. In October 2022, the Central Bank commenced its review of its Consumer Protection Code (the "Code"), which includes a themed discussion on Innovation and Disruption. In its discussion paper, the Central Bank has commented that the consequences and impacts of innovation need to be carefully considered, to ensure consumers are appropriately protected, while potential opportunities and benefits for consumers are maximised. The Central Bank published a Consultation Paper in March 2024 setting out specific proposals on how the Code should be updated and improved. The focus is on ensuring firms effectively incorporate customers' interests into their strategy and decision making, and provide clarity for firms son their consumer protection obligations to ensure that consumers remain protected against fraud and other scams, even in the face of advancing technology and a changing financial services landscape. The Central Bank will seek to achieve its goals through the imposition of enhanced conduct of business rules and through helping consumers to identify and avoid fraud. With regards to digital transformation, the Central Bank proposes new requirements requiring all firms that use digital technology to provide services to ensure that the technology is designed and implemented with a customer focus. Where established firms are transitioning from traditional to digital business models they must carefully consider customer impacts and identify appropriate mitigants to address identified issues for customers. The Central Bank notes that they are currently considering how the Code will interact with MiCA and whether there may be gaps in terms of consumer protection, and what steps the Central Bank might need to take to address any potential gaps through the Code or other mechanisms.

In order to address the growing Buy Now Pay Later market in Ireland, the Consumer Protection (Regulation of Retail Credit and Credit Servicing Firms) Act 2022 commenced on 16 May 2022 and widened the scope of the retail credit firm regime to include firms offering "indirect credit" (i.e. the provision of credit to a borrower by paying a retailer on behalf of a consumer for the purchase of a good or service as part of a "buy now, pay later" offering).

Furthermore, as part of the Central Bank Consumer Protection Outlook Report 2023, the Central Bank noted that it will advance its work to implement the Crowdfunding Regulations and MiCA, thereby enhancing the reach of regulation for consumers of those services. The Central Bank takes an overall cautionary stance towards crypto-assets, particularly crypto-asset which are not backed by real world assets, and has released several warnings over the years on the risks of investing in crypto assets for retail customers.

Regulatory and insurance technology

Regulatory technology

There is a growing ecosystem of Irish firms s that are providing regulatory technology ("Regtech") services.

According to the Central Bank Innovation Hub 2023 Update, RegTech firms made up 23% of all enquiries in 2023, compared to 14% in 2022. RegTech solutions demonstrated to the Innovation Hub included solutions to assist regulated firms meet their AML/CFT obligations, operational resilience requirements, and other regulatory reporting requirements. Many of the Regtech solutions demonstrated implemented A.I. or machine learning techniques into their solutions, showing the growing use of technology in such solutions.

Generally speaking, the provision of Regtech services is less likely to be a regulated activity in Ireland as these will typically involve supporting technical services rather than regulated financial services. However, this analysis should be carried out on a case-by- case basis examining the specific Regtech service in question and the nature of the entity to which such services are provided to. A Regtech service may fall within the legal and regulatory requirements governing outsourcing which will in turn impact the contractual provisions and obligations required.

Particularly in the Fintech space, the Central Bank has dedicated much of its attention to the issue of outsourcing.The Central Bank has published Cross-Industry Guidance on Outsourcing which imposes similar contractual requirements to the European Banking Authority ("EBA") Outsourcing Guidelines. The EBA Outsourcing Guidelines apply directly to credit institutions, certain investment firms s and payments/e-money institutions. Additionally, ESMA's Cloud Guidelines and the European Insurance and Occupational Pensions Authority ("EIOPA") Cloud Guidelines may also be relevant to applicable entities where services are provided on a cloud basis. For ICT service providers, the implementation of DORA is also an important development.

Insurance technology

According to the Central Bank Innovation Hub 2023 Update, eight of the overall enquiries in 2023 came from firms s engaged in the insurance technology ("Insurtech") sector. InsTech.ie is aiming to make Ireland a leading European Insurtech hub, where industry incumbents and start-ups can come together to collaborate and create the next generation of insurance solutions.

From a regulatory perspective, the EU's Solvency II regime (as implemented in Ireland), which sets out detailed capital, governance and risk management requirements for Irish and EU authorised (re)insurance undertakings, applies to the majority of Irish (re) insurance undertakings. Such undertakings must obtain an authorisation under the European Union (Insurance and Reinsurance) Regulations 2015, to carry on either life insurance business, non-life insurance business, or both.

Regulatory bodies

The Central Bank is the financial services regulator in Ireland which is responsible for the authorisation and supervision of financial l services providers. The Central Bank supervises Irish firms from both a prudential and conduct of business perspective. For EEA passporting firms the Central Bank will generally have a level of competence in relation to conduct of business requirements, rather than prudential requirements. The European Central Bank is the competent licensing authority for new Irish credit institutions (banks) and it supervises significant t credit institutions directly under the Single Supervisory Mechanism.

The Central Bank will be the national competent authority for the authorisation and supervision of entities that will be subject to MiCA. The EBA will have supervisory responsibilities and powers with respect to issuers of significant asset-referenced tokens and significant e-money tokens under MiCA. The Data Protection Commission is the Irish supervisory authority for the GDPR. The Irish DSA designates Coimisiún na Meán as the designated Digital Services Co-ordinator in Ireland, implementing and enforcing the DSA in Ireland. The Competition and Consumer Protection Commission is also designated as a competent authority under the Irish DSA in relation to certain matters relating to online marketplaces.

Key regulations and regulatory approaches

Fintech firms must look to the existing regulatory regimes that may be applicable to their business model on a case-by-case basis, as well as any new Fintech-specific legislation, such as MiCA and the Crowdfunding Regulation.

In addition to the key regulatory frameworks, outlined below, Fintech firms may also need to comply with data privacy laws, consumer protection legislation, and Central Bank conduct of business rules.

Key regulatory frameworks

Payment and electronic money services

The provision of payment services is regulated by the primary rules to be considered which are the European Union (Payment Services) Regulations 2018 (the "PSRs") which transpose Directive 2015/2366/EU (PSD 2) into Irish law. The issuance of electronic money is regulated by the European Communities (Electronic Money) Regulations 2011 (the "EMRs") which transpose Directive 2009/110/EC (the "Electronic Money Directive") into Irish law. The domestic Irish regime governing money transmission businesses under the Central Bank Act, 1997 ("CBA 1997") may be relevant to a money transmission service falling outside the PSRs.

Challenger banks seeking to undertake "banking business" (i.e. any business that consists of or includes receiving money on own account from members of the public either on deposit or as repayable funds, and the granting of credits on own account) require a bank licence under the Central Bank Act, 1971 ("CBA 1971") and will be subject to the Irish implementation of the EU Capital Requirements Directive (Directive 2013/36/EU) (as amended) and the directly applicable EU Capital Requirements Regulation (Regulation 575/2013/EU).

Investment services

Depending on the services provided, a fintech firm providing investment services or asset management solutions may be subject to regulation. For example, if the activities constitute "investment services" in respect of "financial instruments" for the purposes of European Union (Markets in Financial Instruments) Regulations 2017 (the "MiFID Regulations"), an investment firm authorisation will be required, unless an exemption applies. The MiFID Regulations implement Directive 2014/65/EU (MiFID II) into Irish law.

A key consideration for firms providing services in relation to crypto assets will be whether the particular asset falls within the definition of a financial instrument under the MiFID Regulations as, for example, operating a multilateral trading facility, placing, receiving and transmitting orders, executing client orders or providing investment advice in relation to those investment instruments will require authorisation unless an exemption applies.In broad terms, pure cryptocurrencies (e.g. bitcoin) are unlikely to be classified das financial

instruments under the MiFID Regulations.ESMA has released draft Guidelines on the conditions and criteria for the qualification of crypto-assets as financial instruments and expects to publish a final report in Q4 2024. Investment business services, including depository or administration services, would require authorisation under, for example, the Investment Intermediaries Act 1995 (the "IIA").

Investment funds

Irish regulated investment funds are either authorised as undertakings for collective investment in transferable securities ("UCITS") or as alternative investment funds ("AIFs"). The Central Bank has taken the stance that currently it is highly unlikely that it will approve a UCITS or an AIF marketed to retail investors proposing any exposure (either direct or indirect) to digital assets.

In April 2023, the Central Bank updated its AIFMD Q&A to increase the investment limits for qualifying investor alternative investment funds ("QIAIFs") seeking exposure to digital assets. In Ireland, QIAIFs may now hold indirect exposures to digital assets of up to 20% for open-ended funds and up to 50% for funds that are closed ended or offer limited liquidity. The Central Bank's pre-submission process will apply in the event a QIAIF proposes to invest indirectly in digital-assets in excess of these thresholds or to make any direct investment in digital assets. Direct holding in digital assets continues to be prohibited at this time pending demonstration that a depositary can meet its obligations under AIFMD to provide custody or safekeeping services to digital assets. The Central Bank's approach in relation to funds investing in digital assets will be kept under review, will continue to be informed by European regulatory discussions on the topic and may change should new information or developments emerge in the future. Most recently, the Central Bank have been engaging with ESMA on its technical advice to the Commission on a review of the Eligible Assets Directive, which will consider digital assets in the context of UCITS.

Crowdfunding

The EU Crowdfunding Regulation3 creates a designated regulatory framework for equity and peer-to-peer lending-based crowdfunding within the EU and allows operators of crowdfunding platforms to obtain authorisation as a crowdfunding service provider ("CSP"), which can be passported across the EU.The Crowdfunding Regulation came into force on 10 November 2021 with the transitional period ending on 10 November 2023 for existing providers who have sought authorisation.

Virtual Asset Service Providers

The Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended ("CJA 2010") implements European AML rules into Irish law. The CJA 2010 was amended in 2021 to implement the EU's Fifth AML Directive to include a registration requirement for VASPs, which include persons engaging in exchange services between virtual assets and/or virtual assets and fiat t currencies, transfers of virtual assets, the provision of custodian wallet services and/or participation in, and provision of, financial services related to an issuer's offer or sale of virtual assets. It should be noted that the VASP registration requirement is not an authorisation by the Central Bank but merely a registration for AML/CFT purposes. The Central Bank has published an update on their website setting out the impact if MiCA on VASPs. Registered VASPs will be permitted, post 30 December 2024, to avail of a transitional period enabling them to continue to operate for up to 12 months or until their Crypto-Asset Service Provider ("CASP") authorisation is granted or refused, whichever is sooner. The Central Bank recommends, for firms that are not registered VASPs, to focus their efforts on preparing for a CASP application rather than seeking a VASP registration, as MiCA will apply to those entities from 30 December 2024.

Offerors/issuers of crypto-assets and Crypto-Asset Service Providers

MiCA introduces a dedicated and harmonised legislative framework for crypto-assets and related activities and services.MiCA applies to natural and legal persons and other undertakings that are engaged in the issuance, offer to the public and admission to trading of crypto-assets, including stablecoin issuers, or that provide services related to crypto- assets in the EU (the latter being referred to as CASPs).

MiCA creates a harmonised definition of "crypto-asset" (i.e. "a digital representations of value or rights which may be transferred and stored electronically, using distributed ledger technology or similar technology") and divides in-scope tokens into three categorised: Electronic Money Tokens; Asset-Referenced Tokens; and all other crypto-assets which includes utility tokens. Crypto-assets which fall within existing financial l services legislation are not regulated under MiCA.

The provisions regarding the regulation of stablecoin issuers will apply from 30 June 2024 and the remainder of the provisions under MiCA will apply from 30 December 2024.On 12 July 2023, ESMA published the first consultation package under MiCA which includes, inter alia, technical standards on the content of the application for authorisation for CASPs.The second consultation package was published on 5 October 2023 covering those remaining mandates with a 12-month deadline.Two consultation papers on draft guidelines relating to the qualification of crypto-assets as financial instruments and reverse solicitation under MiCA were published on 29 January 2024, respectively.Lastly, the third consultation package was published on 25 March 2024 covering those remaining mandates with an 18-month deadline.

Key regulatory approaches/trends

Regulatory sandbox

The Central Bank has established an Innovation Hub in 2018 to provide firms engaged in the Fintech and innovation space, with a point of contact outside of the existing formal engagement processes. In November 2023, the Central Bank published a consultation paper outlining the enhancements it is seeking to introduce to improve the current Innovation Hub, and detailing its proposal to introduce a new Innovation Sandbox to allow innovative firms to engage with the relevant Central Bank experts rather than provide firms with a waiver from regulatory requirements.The Innovation Sandbox Programme will provide regulatory advice and support for innovative projects, with a first call for potential participants to issue in the coming months, and the first programme to commence during Q4 2024.

As part of the Digital Package, the EU DLT pilot regime commenced in March 2023 which creates a sandbox for successful applicant operators of market infrastructures to conduct the trading and settlement of DLT financial instruments. ESMA published a letter to the European Commission, providing an update on the uptake of the DLT pilot regime and notes that as of April 2024, four official applications have been submitted, with eight further applications to be expected to be submitted during 2024.ESMA notes that the novelty of the regime in combination with certain challenges may explain the slow uptake.

Anti-money laundering

The EBA published Guidelines on the use of remote customer onboarding solutions for credit and financial l institutions which includes the steps such institutions should take when adopting or reviewing solutions to comply with their CDD obligations when onboarding customers remotely. The Regulation on Information accompanying transfers of funds and certain crypto-assets ("TFR") has been adopted by the European Parliament and Council and will apply from 30 December 2024. The TFR requires CASPs, as obliged entities under the current AML regime, to collect, verify and submit certain information about the originator (i.e. a person that holds a crypto-asset account or address) and the beneficiary (i.e. a person that is the intended recipient of the transfer of crypto-assets) of crypto-asset transfers (the so-called

"travel rule").

On 16 January 2024, the EBA released its updated Guidelines on customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions.The updates cover the risks associated with CASPs and the steps CASPs and other credit and financial institutions should take to manage these risks.

Operational resilience and security risk

There has been a notable focus by EU bodies and the Central Bank on the operational and technical resilience of regulated firms Assessing and managing risks to the operational resilience of firms sis one of the Central Bank's key regulatory and supervisory priorities for2024.Fintech firms swill need to be aware of the Central Bank's Guidance on Operational Resilience and the Cross-Industry Guidance in respect of Information Technology and Cybersecurity Risks, as well as the EBA revised Guidelines on ICT and security risk management.

DORA entered into force in January 2023 and will apply from January 2025 to certain financial services firms with the objective of ensuring that entities operating in the EU financial l services industry can withstand, respond to and recover from all types of ICT-related disruptions and threats.DORA also applies to critical ICT third-party service providers to the financial services industry, and provides for an oversight framework for such entities by the European Supervisory Authorities.

Furthermore, the technical, operational and organisational cybersecurity measures contained in Directive (EU) 2022/255 ("NIS 2") updates the NIS Directive (EU Directive on the Security of Network, and Information Systems) and sets out requirements in relation to cybersecurity and incident reporting of operators of essential services and digital services providers, which includes cloud computing service providers. EU Member States are required to transpose its measures into national law by 17 October 2024.

Restrictions

The Central Bank uses its product intervention powers to prohibit or restrict the sale of certain financial products. In 2019, the Central Bank introduced the Binary Options Intervention Measure to prohibit the marketing, distribution or sale of binary options to retail investors.With regards to contracts for difference ("CFDs") with cryptocurrencies as underlying, the Central Bank has put in place the Central Bank CFD Measure in 2019, to restrict the sale, marketing and distribution of CFDs to retail clients in or from Ireland. The Central Bank CFD Measure relates to CFDs that are cash settled derivative contracts and does not relate to options, futures, swaps, and forward-rate agreements.Fintech firms will have to assess on a case-by-case basis whether their activities or services bring them within the scope of existing regulatory frameworks or any new regulatory regimes, such as MiCA or the Crowdfunding Regulation. Based on this assessment, Fintech firms may be required to be authorised by the Central Bank.

Ireland does not have a general financial l promotions regime (i.e. restricting certain invitations or inducements to engage in investment activities). However, in line with the Central Bank's consumer protection mandate, the Central Bank has released several warnings on the risks of investing in crypto-assets for retail customers. Specifically with regard to crypto-assets which are not backed by real-world assets, the Central Bank remains concerned at the potential for consumer harm and, in particular, discourages the marketing of crypto to the public. ESMA has released a statement highlighting the risks arising from the provision of unregulated products and/or services by investment firms such as crypto-asset services (pending applicability of MiCA).ESMA recommends that investment firms stake all necessary measures to ensure that clients are fully aware of the regulatory status of the product/ service they are receiving, and clearly disclose to clients when regulatory protections do not apply to the product or service provided. In addition, ESMA recommends investment firms stake into consideration the impact that their unregulated activities may have on their business activity as a whole as part of their risk management systems and policies.

Cross-border business

Ireland is a globally recognised technology and financial services centre and is continuing to grow its fintech h and crypto hub. According to IDA Ireland and Enterprise Ireland, there are now over 430 internationally focused financial services companies operating in Ireland, employing more than 50,000 people between them. Ireland is a popular location for firms seeking an EU base, which has increased further following the UK's withdrawal from the EU.The passporting regime under the various legislative frameworks relevant to Fintech firms s allows firms s to passport their Irish authorisations to provide services into other EU Member States.Cross-border business is particularly prevalent in the payments and e-money space. Ireland is well positioned to establish itself as a MiCA hub for firms seeking access to the European market.

Footnotes

1 Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) 1060/2009, (EU) 648/2012, (EU) 600/2014, (EU) 909/2014 and (EU) 2016/1011, OJ L 333.

2 Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) 1093/2010 and (EU) 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937, OJ L 150.

3 Regulation (EU) 2020/1503 of the European Parliament and of the Council of 7 October 2020 on European crowdfunding service providers for business, and amending Regulation (EU) 2017/1129 and Directive (EU) 2019/1937, OJ L 347

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Find out more and explore further thought leadership around Technology Law and Digital Law

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More