1 Legal framework
1.1 Which legislative and regulatory provisions govern the banking sector in your jurisdiction?
The primary legislation regulating the Irish banking system is:
- the Single Supervisory Mechanism Regulation (SSMR) (Regulation (EU) 1024/2013);
- the Central Bank Acts 1942–2018 (as amended) (the Central Bank Acts); and
- various statutory instruments and regulatory codes issued by the Central Bank of Ireland (CBI).
Under the SSMR, the European Central Bank (ECB) is the lead regulator, with the CBI as the competent authority in Ireland.
Irish banks are also subject to the European Union (Capital Requirements) Regulations 2014 (SI 158/2014) (transposing EU Directive 2013/36 (CRD IV) (the Irish Capital Regulations) and EU Regulation 575/2013 (CRR) (given full effect in Ireland by the European Union (Capital Requirements) (No 2) Regulations 2014 (SI 159/2014)).
EU legislation that is not directly effective is mainly transposed into Irish law by secondary legislation – that is, statutory instruments (eg, the Irish Capital Regulations transposing CRD IV).
The Central Bank Reform Act 2010 (the 2010 Act) modified the regulatory framework in Ireland, including the CBI's supervisory culture and approach. The CBI's enforcement powers were further enhanced through the Central Bank (Supervision and Enforcement) Act 2013 (the 2013 Act).
The Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended) (AML4) is the primary legislation governing anti-money laundering in Ireland and implements the EU Money Laundering Directives. The CBI is the competent authority for monitoring compliance with this legislation by banks and other financial services providers.
The CBI also issues various codes, including the Consumer Protection Code 2012 (the CPC) , which regulate the provision of services and products to bank customers.
1.2 Which bilateral and multilateral instruments on banking have effect in your jurisdiction? How is regulatory cooperation and consolidated supervision assured?
Banks operating in Ireland are subject to all EU regulations and directives applicable to the operation of their business and the provision of their banking services, including those mentioned in question 1.1. Banks also are cognisant of and comply with:
- standards issued by the Basel Committee on Banking Supervision, the Financial Action Task Force, the International Financial Consumer Protection Organisation; and
- international tax conventions such as the Organisation for Economic Co-operation and Development's Common Reporting Standards and The Foreign Account Tax Compliance Act.
Following the introduction of the Single Supervisory Mechanism (SSM) on 4 November 2014, the ECB became the competent authority for authorising and supervising EEA banks operating in Ireland.
Under the SSM, banks designated as ‘significant' are supervised by a joint supervisory team led by the ECB and comprising members from the ECB and the CBI. There are currently six Irish banks designated as significant. Banks designated as ‘less significant' are directly supervised by the CBI in the first instance; but the ECB has the power to issue guidelines or instructions to the CBI and to take over direct supervision of any less significant bank if necessary.
Pursuant to the provisions of the CRR, the CBI is responsible for supervision on a consolidated basis, including when it has authorised a bank and the parent of the bank is one of the following:
- a parent financial holding company in a member state;
- a parent mixed-financial holding company in a member state;
- an EU parent financial holding company; or
- an EU mixed-financial holding company in a member state.
The CBI in its consolidated supervisory role works with the European Banking Authority (the EBA) and competent authorities in other member states to facilitate consistent supervision and application of the applicable provisions of CRD IV.
1.3 Which bodies are responsible for enforcing the applicable laws and regulations? What powers (including sanctions) do they have?
The ECB has the power to issue guidelines or instructions to the CBI and to take over direct supervision of any less significant bank if necessary.
The CBI has broad enforcement powers designed to deter institutions from acting recklessly and to promote behaviours consistent with those expected in the reformed financial system. The 2013 Act introduced an administrative sanctions regime which included increased monetary penalties. The penalties may be imposed on individuals and regulated firms. Relevant individuals are subject to fines of up to €1 million and regulated firms subject to fines of up to the greater of €10 million or 10% of the previous year's turnover.
Irish banks are also subject to the oversight of other regulatory authorities, such as the Data Protection Commission, who is responsible for the enforcement of data protection legislation. The sanctions available to the Data Protection Commission include the imposition of fines and criminal liability.
The Financial Services and Pensions Ombudsman (FSPO) is a statutory officer, which deals independently with consumers regarding their individual dealings with financial services providers, including banks. The FSPO is the arbiter of unresolved disputes and is impartial. Its decisions – which include directions for compensation payments – are final, but can be appealed to the Irish High Court.
The Competition and Consumer Protection Commission (CCPC) is the statutory body responsible for the enforcement of consumer complaints and merger control in Ireland. The CCPC can issue compliance notices in respect of contraventions of consumer protection legislation and can seek civil and/or criminal sanctions for breaches of competition law.
The Irish Takeover Panel is the statutory body responsible for monitoring and supervising takeovers and other relevant transactions in listed companies, including banks.
1.4 What are the current priorities of regulators and how does the regulator engage with the banking sector?
The most pressing priority for Irish regulators relates to the impact and eventual recovery from the fallout after the COVID-19 pandemic. This has and will continue to put significant and unprecedented pressure on the Irish banking system and the economy generally. Dealing with the outbreak will require a collective approach to be taken by Irish banks and regulators to stabilise and support the Irish banking system, and facilitate an orderly and acceptable approach when dealing with customers who have been impacted due to the COVID-19 crisis.
Separately, some of the pre-existing sources of risk to Irish financial stability (some of which will only have increased due to the COVID-19 outbreak) are:
- ongoing Brexit-related risks due to Ireland's close economic links with the United Kingdom;
- mortgage arrears;
- changes in the international trading and tax environment;
- a re-emergence of sovereign debt sustainability concerns in the Eurozone (which will inevitably be put under strain throughout the European Union's attempts to deal with the COVID-19 outbreak via stimulus packages and the pressure Eurozone countries will come under in order to tackle this ongoing global emergency); and
- the potential for elevated risk taking when the profitability of banks and other financial institutions remains below market expectations.
The CBI operates the Probability Risk and Impact System (PRISM), which is designed to determine the risk and potential impact of banks on financial stability and consumers. Under the framework of PRISM, banks are categorised as ‘high impact', ‘medium-high impact', ‘medium-low impact' or ‘low impact'. The category a bank falls into will determine the number of supervisors allocated to that bank and the level of supervisory scrutiny to which it will be subject. Some of the key objectives of the PRISM framework are to:
- operate a supervisory risk assessment framework in line with international best practice;
- ensure that action is taken to mitigate unacceptable risks in firms;
- have a tool for the allocation of resources based on the impact of the firm on the economy and consumers;
- ensure a minimum level of supervisory engagement for different classes of firms; and
- have a tool that requires actions to mitigate risks and tracks progress against these objectives.
In exercising its supervisory role, the CBI:
- monitors compliance with prudential standards, primarily through examining prudential returns (weekly, monthly and annual), financial statements and annual reports, and conducting regular review meetings with the banks, including on-site inspections;
- implements systems and procedures to monitor activities and detect non-compliance with regulatory obligations;
- issues guidance notes to industry participants; and
- assists with the development of domestic legislation and implementing EU regulations and international standards.
2 Form and structure
2.1 What types of banks are typically found in your jurisdiction?
Irish law does not distinguish between different types of banks in terms of authorisation or regulation. A bank is permitted to engage only in the activities which have been approved by the CBI subject to the conditions of its authorisation. The grant of a banking licence allows a bank to pursue a wide range of activities which would otherwise require individual authorisation. As well as banking business, a licensed bank can carry out, among other things, the activities specified in Annex 1 of CRD IV, including:
- payment services, as set out in Directive 2015/2366/EU; and
- investment services, as set out in Directive 2014/65/EU on markets in financial instruments and the accompanying MiFID II regulation.
Banking licence holders must comply with legislation covering the conduct of business and prudential matters, as well as codes of practice which cover a varied range of services and issues. If a bank wishes to engage in an activity which did not form part of its application for authorisation, it must submit an application to the CBI to extend its authorisation.
There are a number of Irish authorised banks focusing on the corporate or institutional markets, or operations designed to meet the needs of non-Irish consumers. These include subsidiaries and branches of European and US-based parents.
There are no ‘global systemically important institutions' authorised in Ireland. The CBI has determined that six Irish authorised banks are considered to be ‘other systemically important institutions'. As of 2020, these are AIB Group plc, Bank of Ireland Group plc, Citibank Holdings Ireland Limited, Bank of America Merrill Lynch International DAC, Barclays Bank Ireland plc and Ulster Bank Ireland DAC.
2.2 How are these banks typically structured?
The majority of banks in Ireland are established as limited liability companies. If a bank is not a limited company, this must be explained to the CBI as part of the application for authorisation process. The ‘heart and mind' of the bank must be present in Ireland (ie, the day-to-day operations of the bank must be managed from Ireland).
The Irish domestic banks are typically owned by a publicly listed holding company, being the owner of the general banking entity that provides the banking services. The shares in banks that are not wholly owned subsidiaries of broader banking groups are generally held by a mix of institutional investors (including investment funds and pension funds) and a large number of retail investors.
Where a bank operating in Ireland is foreign owned, it is typically owned or controlled by an entity within a foreign banking group. These can be European Economic Area (EEA) or non-EEA banking groups.
Following the financial crisis in 2008, the Irish state acquired and continues to hold material interests in a number of the domestic Irish banks. Following the introduction of the EU/International Monetary Fund Programme of Support for Ireland in November 2010, the Irish banking system was radically restructured and the Irish government became a substantial shareholder in AIB, Bank of Ireland and Permanent TSB. As of April 2020, the Irish government owns 71% of AIB, 14% of Bank of Ireland and 74.92% of Permanent TSB. After AIB and Bank of Ireland, Ulster Bank is the third largest Irish retail bank and is a wholly owned subsidiary of the Royal Bank of Scotland group.
2.3 Are there any restrictions on foreign ownership of banks?
There are no restrictions on the foreign ownership of Irish banks. Investors from jurisdictions outside of Ireland, whether based in other EU countries or otherwise, have the same rights and obligations as domestic investors as a matter of Irish law. If a foreign entity is establishing an Irish credit institution, it will be subject to the same application criteria as domestic investors. In particular:
- the day-to-day management and operation of an Irish credit institution must be conducted within Ireland; and
- the other criteria regarding regulatory capital, risk management and so on must be satisfied prior to the CBI authorising a credit institution, whether or not foreign owned.
The acquisition of a stake in a credit institution may be subject to prior approval from the CBI. Investors seeking to acquire a shareholding or other interest that would either give them a ‘qualifying holding' in a credit institution (authorised or licensed in Ireland), or increase their control above certain levels (20%, 33% or 50%), must first obtain the approval of the CBI. A ‘qualifying holding' is defined as a direct or indirect holding that:
- represents 10% or more of the capital of, or voting rights in, a target entity;
- confers a right to appoint and remove members of the board of directors or management; or
- otherwise allows that person to exercise a ‘significant influence' over the direction or management of the target entity.
2.4 Can banks with a foreign headquarters operate in your jurisdiction on the basis of their foreign licence?
Entities licensed as credit institutions in other EU member states can passport into Ireland without establishing a subsidiary in Ireland. Subject to notification requirements in a credit institution's home state and in Ireland, passporting into Ireland can be affected through either the establishment of a branch (subject to notifying the CBI) or the provision of services (ie, no physical presence is established in Ireland), subject to the notification requirement provided in Articles 35 and 39 of CRD IV.
There are a number of passporting regimes; for credit institutions within the SSM wishing to establish a branch or provide services within the SSM, the ECB will be the home authority for significant banks and the CBI will be the home authority for less significant banks. The notification forms used by the CBI are based on Commission Implementing Regulation (EU) 926/2014 with regard to standard forms, templates and procedures for notifications relating to the exercise of the right of establishment and the freedom to provide services.
For non-EEA foreign headquartered and licensed credit institutions, should they wish to operate a branch in Ireland, they must obtain authorisation under Section 9A of the Central Bank Act, 1971 (as amended) (the 1971 Act). The considerations on which the CBI's decision will be predicated include:
- the equivalency of regulatory and supervisory oversight in the home state to Ireland;
- the nature of the activities by the branch; and
- the systemic impact on the Irish financial system and the Irish economy if the branch became insolvent.
3.1 What licences are required to provide banking services in your jurisdiction? What activities do they cover?
Banks operating in Ireland must be authorised as a credit institution. Licences for credit institutions are granted pursuant to Section 9 of the 1971 Act. An authorisation confers the ability to provide banking services, including the taking of deposits, and potentially to provide a full range of regulated financial services, in Ireland. In addition, the activities which can be carried out by a bank licensed in Ireland include the activities set out in Annex I of CRD IV.
The principal areas considered in evaluating banking licence applications include the following:
- overview of the parent/group to which the applicant belongs;
- consolidated supervision of parent/group entities;
- ownership structure;
- the applicant's objectives and proposed operations;
- the legal structure;
- the organisation of the applicant (eg, corporate governance arrangements, fitness and probity of key personnel);
- risk oversight;
- capital, funding and solvency projections;
- financial information and projections; and
- business continuity.
The CBI's precise requirements in relation to each of these headings are contained in the application checklist produced by the CBI for the purpose of the licence application.
Applications for authorisation of banks in Ireland are submitted to the CBI. If the application is satisfactory, the CBI will submit the application to the ECB with a recommendation that it be approved. The final authority to grant or refuse the application rests with the ECB.
The authorisation of branches of banks from outside the European Union is dealt with by the CBI pursuant to domestic legislation. Banks from EU member states are permitted to operate in Ireland with or without establishing a branch in Ireland, pursuant to the EU ‘passporting' procedure. This requires notification to the bank's home state regulator and compliance with Irish conduct-of-business rules.
Banks are not permitted to engage in any lines of business which have not been approved by the CBI/ECB during the authorisation process
3.2 What requirements must be satisfied to obtain a licence?
The key matters to be considered when making an application to be authorised as a credit institution in Ireland are as follows:
- The central control and management must be located in Ireland. While outsourcing is permitted, it must be appropriately documented and cannot be in respect of core risk and management functions.
- The fitness and probity of individuals in key positions must be validated.
- A detailed description must be provided of all products and services that will be offered by the applicant.
- Applicable procedures and policies for the applicant must be developed that will be implemented once authorised.
- A minimum capital requirement of €5 million must be satisfied, with CRD IV considerations potentially requiring more than the initial minimum capital.
- Following authorisation, the bank must perform an internal capital adequacy assessment process on an ongoing basis, and meet extensive reporting requirements and corporate governance for credit institutions.
Any new applicant should be aware of the administrative sanctions that may be imposed for failure to comply with regulatory and supervisory requirements.
In relation to applications for authorisation by relevant credit institutions headquartered in a non-EEA country or territory, referred to as ‘third-country branches', the CBI is the competent authority for granting such authorisations pursuant to Section 9A of the 1971 Act.
An applicant for a licence must complete a checklist of information which is available on the CBI's website. The checklist is divided into 21 separate sections, some of which are summarised in question 3.1. In terms of ownership, it is key for the application process that the applicant has access to additional capital if required, and that the applicant is independent of dominant interests.
In reviewing applications, there is a particular focus on corporate governance and oversight arrangements, risk management, internal controls, the business plan and capital and financial projections. In this regard, all applicants must operate in accordance with the information provided in support of the application for a banking licence.
3.3 What is the procedure for obtaining a licence? How long does this typically take?
The principal stages for authorisation applications are as follows.
- Exploratory phase: During this phase, the potential applicant must first determine whether it requires an Irish banking licence. It then engages in discussions with the CBI, following which it submits a proposal (containing the same level of detail as a bank licence application) to the CBI. The CBI will undertake (in conjunction with the ECB in certain circumstances) a detailed review of the proposal and issue comments or request additional information required in relation to the proposal. The purpose of the review is to determine whether the proposal will meet the required standard for authorisation.
- Formal application: Should the proposal meet the required standard for authorisation, the applicant will submit an application for authorisation. Both the CBI and the ECB will complete their assessment of the application, which may involve further clarification being sought from the applicant.
- Final decision: A decision on whether to grant a banking licence is issued.
There is no specific timeframe for the assessment of applications. The total time spent in obtaining a licence will depend upon:
- the time taken by the applicant to respond to comments issued on each draft of the proposal and application;
- the quality of the responses received and whether they address all issues raised;
- any changes made by the applicant during the authorisation process; and
- the time taken by any relevant third parties to respond to queries in relation to the application.
4 Regulatory capital and liquidity
4.1 How are banks typically funded in your jurisdiction?
Following the financial crisis in 2008, all of the main Irish banks were recapitalised by the Irish state. A number of Irish banks are still subject to a significant level of state ownership. The Irish banks are funded through a number of different sources. The nature of the funding provided to the Irish banks is contingent on the capital requirements promulgated by the CBI. Funding is provided through a mixture of:
- equity share capital;
- debt instruments comprising both senior and subordinated bonds meeting the requirements of the CRR and CRD IV;
- derivative financial instruments;
- disposals of non-performing loan books; and
- corporate and personal deposit accounts.
The types of capital that qualify for capital adequacy purposes are:
- common equity tier 1, comprising ordinary share capital and reserves;
- additional tier 1, comprising perpetual subordinated debt instruments which contain certain specified features, including restrictions on redemption and automatic triggers for write-down of the debt or conversion of the debt into equity; and
- tier 2, comprising subordinated debt with an original maturity of at least five years.
4.2 What minimum capital requirements apply to banks in your jurisdiction?
Irish banks must maintain financial resources equal to or greater than a percentage of their risk weighted assets (RWA).
The own funds of an institution must at all times be in excess of the initial capital amount (currently €5 million) required at the time of its authorisation. Irish banks are subject to the following capital requirements:
- The Pillar 1 requirement relates to a regulatory minimum amount of capital which the banks must hold. This is a total capital ratio of 8% of RWA. A minimum of 4.5% of RWA must be common equity tier 1 and at least 6% of RWA comprising tier 1 capital.
- The Pillar 2 requirement is an additional capital requirement that applies on a case-by-case basis, specifically tailored to a bank's individual business model and risk profile.
- The CBI also applies individual buffers, being:
- the capital conservation buffer, fixed at 2.5% of a bank's total RWA; and
- the global/other systemically important institution (GSII/OSII) buffer. The six banks regulated by the CBI are subject to the OSII buffer, ranging from 0% to 1.5%. The OSII buffer in Ireland is subject to a phase-in period to be completed by July 2021;
- the counter-cyclical capital buffer which is currently at 1% in Ireland (but reduced to zero as a result of COVID-19); and
- the systemic risk buffer (SRB), which is designed to mitigate long-term, non-cyclical risk that may have serious adverse consequences for the economy. The SRB has not yet been implemented in Ireland.
4.3 What legal reserve requirements apply to banks in your jurisdiction?
The amount of reserves to be held by each Irish banking institution is determined by its reserve base, comprising deposits and issued debt securities, and is calculated on the basis of the bank's balance sheet prior to the start of the relevant maintenance period. Interbank liabilities to credit institutions subject to the Eurosystem's minimum reserve requirements and liabilities to the ECB and euro area national central banks are excluded from the reserve base.
All credit institutions resident in Ireland must submit a minimum reserve calculation based on their balance-sheet data as at the last working day of each month. This calculation, which must be submitted to the statistics division of the CBI by the tenth working day of the end of the month, determines an institution's reserve requirement for the following maintenance period. Reserve holdings that exceed the required minimum reserve shall be remunerated at 0% or the deposit facility rate, whichever is lower. Compliance with these requirements is determined on the basis of institutions' average daily holdings of reserves over the maintenance period, which is usually around six weeks The legal framework for the determination of minimum reserves is provided in Regulation (EC) 1745/2003 on the application on minimum reserves.
5 Supervision of banking groups
5.1 What requirements apply with regard to the supervision of banking groups in your jurisdiction?
The CBI is responsible for supervision on a consolidated basis in a number of circumstances as set out in the CRR. For example, the CBI will act as consolidated supervisor where it has authorised a bank which is a parent bank in Ireland or an EU parent bank. The CBI is also responsible for supervision on a consolidated basis when it has authorised a bank and the parent of the bank is one of the following:
- a parent financial holding company in a member state;
- a parent mixed-financial holding company in a member state;
- an EU parent financial holding company; or
- an EU mixed-financial holding company in a member state.
Each bank supervised by the CBI must have in place adequate risk management processes and internal control mechanisms, including robust reporting and accounting procedures to identify, monitor, measure and control transactions with its parent mixed-activity holding company and its subsidiaries, as appropriate. Banks must also report significant transactions to the CBI.
The CBI, as part of its supervisory role, carries out the following functions:
- processing applications from financial services providers for authorisation in Ireland;
- monitoring compliance with prudential standards, primarily through examining prudential returns (weekly, monthly and annual), financial statements and annual reports, and conducting regular review meetings and on-site inspections;
- developing systems and procedures to monitor activities and detect non-compliance by banks;
- issuing guidance notes to enhance its supervisory oversight due to continued growth and changes in financial markets; and
- supporting the development of domestic legislation and implementing EU regulations and international standards.
5.2 How are systemically important banks supervised in your jurisdiction?
‘Other systemically important institutions' are identified by the CBI on the basis of the following criteria:
- importance to the economy of the European Union or the state;
- significance of cross-border activities; and
- interconnectedness of the institution or group with the financial system.
The EBA Guidelines, applied by the CBI, establish a scoring process for assessing the systemic importance of an institution based on the above criteria. With respect to size, the total assets of an institution are taken into consideration. Importance is considered from a domestic and European perspective, taking into account the substitutability of the activities of the institution with respect to its role in the payments system, the provision of loans to, and the taking of deposits from, the private sector. Cross-jurisdictional activities are used to assess significance and complexity of the institutions activities; while the interconnectedness of an institution or group is reviewed considering intra-financial system assets and liabilities.
The ECB directly supervises the significant institutions in Ireland through joint supervisory teams formed under the SSM. These teams comprise staff from the ECB and the CBI, and are responsible for the day-to-day supervision of these institutions. The SSM takes a risk-based approach to supervision, which is based on both qualitative and quantitative approaches, and involves judgement and forward-looking critical assessments.
Among other duties, these teams are responsible for:
- the ongoing assessment of an institution's risk profile, solvency, liquidity and recovery planning; and
- the preparation of draft decisions to be presented to the supervisory board of the SSM.
Significant institutions are subject to in-depth onsite inspections of individual risk areas, risk controls and governance.
As a member of the SSM, decisions of the CBI relating to the application of the ‘other systemically important institution' buffers are made in conjunction with the ECB.
5.3 What is the role of the central bank?
The CBI has an express statutory mandate to maintain and promote a healthy financial system in Ireland, the CBI has the following roles:
- subject to the requirements of the SSM, authorising and supervising banks operating in Ireland;
- contributing to eurosystem effectiveness and price stability through its participation on the governing counsel of the ECB;
- monitoring the macro-prudential policy framework by developing a suite of indicators to assess risks, this includes the operation of the Central Credit Register, which is a register of loans to individuals and businesses;
- ensuring that the best interests of consumers are being protected through the issue of various codes and by encouraging a more consumer-focused culture within banks;
- carrying out enforcement or administrative sanctions for prescribed contraventions of legislation or regulatory rules;
- providing economic advice and financial statistics for the purpose of the development of economic policy by the Irish government and other; and
- developing and overseeing resolution regimes to facilitate the orderly resolution of distressed banks and other financial institutions. This includes banks having recovery plans in place detailing the measures that they would adopt in a financial distress scenario.
In addition to the above, the CBI is a member of the European System of Central Banks (ESCB). The ESCB comprises the ECB and the national central banks of each EU member state. The role of the ESCB includes:
- conducting foreign exchange operations;
- managing official currency reserves within each member state; and
- promoting the smooth operation of financial institutions.
The governor of the CBI is also a member of the ECB Governing Council. The ECB Governing Council is the body with responsibility for setting EU monetary policy that maintains price stability and to maintain inflation at or below 2%.
6.1 What specific regulations apply to the following banking activities in your jurisdiction: (a) Mortgage lending? (b) Consumer credit? (c) Investment services? and (d) Payment services and e-money?
A broad array of legislation affects the provision of credit and the provision of investment services by Irish banks. The responses to the following questions do not address provisions of the Central Bank Acts 1942 to 2018, the Companies Act 2014 (as amended), the Land and Conveyancing Law Reform Act 2009 (as amended), the Bankruptcy Act 1988 (as amended), the Personal Insolvency Act 2012 (as amended), the Taxes Consolidation Act 1997 (as amended) and other legislation that must be considered when providing credit in the Irish market. The responses focus solely on codes and legislation that narrowly apply to the below queries from a financial regulatory perspective.
(a) Mortgage lending?
- The Consumer Credit Act 1995 (CCA);
- The Credit Reporting Act 2013 (CRA);
- The European Communities (Consumer Credit Agreement) Regulations 2010;
- The European Communities (Unfair Terms in Consumer Contracts) Regulations 1995 (as amended) (ECUTR);
- The European Communities (Distance Marketing of Consumer Financial Services) Regulations 2004 (ECDMR);
- The Central Bank (Supervision and Enforcement) Act 2013 (Section 48) (Lending to Small and Medium-Sized Enterprises) Regulations 2015;
- The European Union (Consumer Mortgage Credit Agreements) Regulations 2016;
- The CPC; and
- The Code of Conduct on Mortgage Arrears.
(b) Consumer credit?
- The CAA;
- The CRA:
- The ECUTR;
- The ECDMR;
- The European Communities (Consumer Credit Agreement) Regulations 2010;
- The European Union (Consumer Information, Cancellation and Other Rights) Regulations 2013;
- The CPC; and
- The Consumer Protection Code for Licensed Moneylenders.
(c) Investment services?
- The CCR;
- EU Directive 2013/36;
- The Investment Intermediaries Act 1995 (as amended);
- The European Union (Markets in Financial Instruments) Regulations 2017;
- The ECDMR;
- Regulation (EU) No 600/2014 on markets in financial instruments and the Markets in Financial Instruments Transaction Reporting Directive; and
- The CPC.
(d) Payment services and e-money?
- The Payment Services Directive (EU 2015/2366), which was transposed into Irish law by way of the European Union (Payment Services) Regulations 2018;
- The European Communities (Electronic Money) Regulations 2011;
- The ECUTR;
- The ECDMR, and
- The CPC.
7 Reporting, organisational requirements, governance and risk management
7.1 What key reporting and disclosure requirements apply to banks in your jurisdiction?
Banks authorised by the CBI are required to comply the prudential reporting requirements set out under the CRR and Implementing Technical Standard 680/2014 on supervisory reporting (as amended). The data collected under these reports relates to own funds, financial information, losses from property collateralised lending, large exposures, leverage ratio, liquidity ratios, asset encumbrance, additional liquidity monitoring metrics, supervisory benchmarking and funding plans.
The Central Credit Register is a secure system for collecting personal and credit information on loans of €500 or more. It is operated by the CBI under the CRA. This obliges all lenders in scope to submit personal and credit information on applicable loans to the Central Credit Register.
Banks must submit details on new customers (or the resignation of existing customers) in the context of monitoring large exposures. This reporting is to ensure that risks arising from large exposures to individual clients or groups of connected clients are kept to an acceptable level as part of the CBI's prudential supervision.
Pursuant to the Code of Practice on Lending to Related Parties 2013 (the RP Code), banks must also submit reports regarding related-party lending to the CBI. This reporting must, among other things, ensure that the limits provided in the RP Code are adhered to.
In addition to the above, banks must report on:
- exposures to various industry sectors, including agriculture, manufacturing, utilities, construction, retail, hospitality, education, private households and public administration and defence; and
- details of the amount of non-performing loans held by a bank.
7.2 What key organisational and governance requirements apply to banks in your jurisdiction?
The registered office and head office of Irish banks must be located within the jurisdiction. The minimum initial capital is €5 million. The management and ‘decision-making unit' of the bank must be located in Ireland. The minimum key functions that must be located in Ireland include chief executive officer, chief financial officer, financial control, risk, credit, treasury and compliance.
Every bank authorised by the CBI must have comprehensive strategies, policies and processes to assess and maintain the amounts, types and distribution of internal capital required to cover the risk exposure of the bank. Banks' governance arrangements must also include:
- a clear organisational structure with well-defined, transparent and consistent lines of responsibility;
- effective processes to identify, manage, monitor and report the risks to which they are, or might be, exposed; and
- adequate internal control mechanisms, including:
- sound administration and accounting procedures; and
- remuneration policies and practices that are consistent with and promote sound and effective risk management.
The CBI's Corporate Governance Requirements for Credit Institutions 2015 (the Governance Requirements)set out minimum governance standards for all banks authorised by the CBI and include augmented requirements for institutions that may be deemed high impact by the CBI. The governance arrangements must be sufficiently sophisticated to ensure effective oversight of the activities of the bank taking into account the nature, scale and complexity of the bank's business.
The board of a bank must be of sufficient size and expertise to oversee the operations of the bank and must have a minimum of five directors, with a majority of the board being independent non-executive directors (‘ineds'). For banks that are subsidiaries, there must be at least two ineds.
The Governance Requirements also provide that directors must have sufficient time to devote to the role and cannot be a director of more than five other banks or insurance undertakings. The Governance Requirements further set out the requirements and roles of the chairperson, the chief executive officer, the ineds, the chief risk officer (CRO), the board generally and board committees.
In addition, the CBI's Fitness and Probity Standards set out minimum standards of competence and knowledge/experience (fitness) and good character and financial soundness (probity) that must be met by anyone who performs a controlled function (CF) role. There are also approximately 41 senior positions designated as pre-approval controlled functions (PCFs). A PCF/CF must be competent and capable, honest and ethical; must act with integrity; and must be financially sound. A person must have a level of fitness and probity appropriate to the performance of his or her particular function. CFs and PCFs must agree to abide by the minimum standards.
7.3 What key risk management requirements apply to banks in your jurisdiction?
Banks must have a risk committee and a designated CRO. The risk management must operate on a solo and a consolidated basis and promote an appropriate risk culture at all levels of the bank, subject to regular internal review. Banks must have a clear policy and organisational chart in place to have clear responsibilities, lines of reporting and persons accountable for respective areas.
A bank must have procedures and guidelines which identify, measure, monitor, control and mitigate each area of risk (in relation to each of its business lines). A bank's risk management systems must be commensurate with the nature, scale and complexity of its activities, and associated risks must be enforced and in place – whether through ongoing monitoring and controlling of risk, reliable information systems or effective audit and control procedures.
The CRO is responsible for the risk management function and for maintaining and monitoring the bank's risk management system. If a bank is not designated as high impact and its operations do not justify a dedicated CRO function, another PCF may fulfil that role. The CRO must have relevant expertise, qualifications and background, or undertake relevant and timely training. The responsibilities of the CRO are set out in detail in the Governance Requirements.
In addition to the CRO, banks must have a separate risk committee of at least three members with relevant expertise with responsibility for risk oversight and advice to the board, and the strategy for addressing such risks.
7.4 What are the requirements for internal and external audit in your jurisdiction?
A bank must have an appropriate and properly staffed internal audit function in place, which has direct access to the board of directors, or an appropriate sub-committee of the board that reports to the board. The bank's internal audit team should report and present quarterly reports to the board. A bank must submit to the CBI, on the internal audit team's behalf, its internal audit charter, risk assessment methodology, internal audit plan, organisational chart of risk functions and the profile of the head of internal risk.
The Companies Act 2014 specifies certain requirements regarding persons that can be appointed as auditors which oblige companies (including banks) to appoint an external auditor. External auditors provide the annual financial statements. Auditors have a duty to submit a written report to the CBI within one month of the date of the auditor's report on the bank's financial statements. This report is sent directly to the CBI and is a statement to the CBI that there is no matter, not already reported in writing to the CBI by the auditor, that has come to the attention of the auditor during the ordinary course of the audit that gives rise to a duty to report to the CBI. Where matters have already been reported to the CBI, such matters should be referred to in the statutory duty confirmation.
Under Section 47 of the Central Bank Act 1989 (as amended), a bank's auditor must notify the CBI without delay of any matters going to the financial soundness of the bank being audited and any material deficiencies in the financial reporting and accounting systems and controls within the bank; it must also notify the CBI without delay if it decides to resign as the bank's auditor.
8 Senior management
8.1 What requirements apply with regard to the management structure of banks in your jurisdiction?
The management structure and staff should have the adequate experience, skills and knowledge to carry out their jobs effectively. The majority of the directors shall be independent directors. The board must include a CFO, a CRO and a chief outsourcing officer.
The CBI introduced the Fitness and Probity Regime under the 2010 Act. This regime applies to persons in senior positions as controlled functions (CFs) and pre-approval controlled functions (PCFs) within banks. The core function of the fitness and probity regime is to ensure that persons in senior positions within a bank are competent, capable, honest and ethical; have integrity; and are financially sound. The CBI has also published a statutory code (the Fitness and Probity Standards) and guidance documents to assist institutions, including banks and individuals performing CF and PCF roles, in complying with their fitness and probity obligations.
In addition to the fitness and probity requirements, individuals who are to be appointed to a PCF role must first be approved by the CBI. The individual must complete an online questionnaire which is approved by the proposing bank and then submitted to the CBI.
In a report issued in July 2018 entitled "Behaviour and Culture of the Irish Retail Banks", the CBI recommended reforms to establish a new ‘Individual Accountability Framework'. The proposed new framework will consist of four distinct but complementary elements:
- new conduct standards;
- a Senior Executive Accountability Regime (SEAR);
- enhancements to the existing Fitness and Probity Regime; and
- changes to the CBI's enforcement process.
8.2 How are directors and senior executives appointed and removed? What selection criteria apply in this regard?
The appointment and removal of directors of banks that are incorporated under or subject to the Companies Act 2014 are governed by the provisions of Irish company and employment law. The appointment and removal of directors and senior executives must be conducted in accordance with the Governance Requirements and, in the case of appointment to CF and PCF positions, in accordance with the Fitness and Probity Regime discussed in question 8.1.
Directors and senior executives are typically proposed to the board for consideration when being appointed after a selection process. As noted in question 8.1, the board must take into consideration the candidates' past experience, skill set and industry knowledge when deciding to appoint a new director or executive.
Directors may be removed by ordinary resolution of the members of the company. A director can be deemed to have vacated his or her office if various circumstances arise such as the following:
- The director resigns;
- The director becomes bankrupt or makes any compromise or arrangement with his or her creditors generally;
- The director is absent from board meetings for a specified period (typically six months);
- The director is subject to a disqualification order or a restriction under Irish company law; or
- The director's appointment exceeds the maximum permitted number of directorships.
Senior executives can be replaced in the normal manner by the board (where appropriate based on the position and role of the party), in a manner based on the business's interests. Any removal of a senior executive will be subject to the provisions of Irish employment law.
The removal from office of the head of a control function shall be subject to prior board approval. Any decision to remove the head of a control function shall be reported within five working days to the CBI with clear rationale for the underlying rationale for the removal.
8.3 What are the legal duties of bank directors and senior executives?
Directors are ultimately responsible for managing the company on behalf of its shareholders. Under Irish law, directors have certain fiduciary duties, such as the following:
- acting in good faith in the interests of the company;
- acting honestly and responsibly in their conduct of the company's affairs;
- acting in accordance with the company's constitution and the law;
- not using property or information gathered from their role for their own benefit, or that of a third party;
- avoiding any conflict of interest;
- having regard to the interests of the shareholders and employees; and
- exercising the skill, care and diligence that would be expected by a reasonable person with the knowledge and experience in that industry and the knowledge and experience which the respective director already has.
These duties are owed to the company; and if there is a breach thereof, the director may be found liable to account to the company for any gain which he or she made directly or indirectly. Any director who is entering into a contract with the company must declare his or her interests.
The Fitness and Probity Standards require that senior executives be competent and capable, honest and ethical; act with integrity; and be financially sound. In addition, senior executives require the qualifications, experience, competence and capacity appropriate for their particular role.
In addition, SEAR will be introduced by the CBI, which will augment the current Fitness and Probity Regime.
8.4 How is executive compensation in the banking sector regulated in your jurisdiction?
In Ireland, the remuneration practices of credit institutions are regulated by the CBI. Regulation is based on CRD IV which contains rules on the remuneration policies of credit institutions and the EBA's guidelines on sound remuneration policies in Articles 74(3) and 75(2) of CRD IV. The objective of these rules is to ensure that credit institutions develop risk-based remuneration policies and practices that are aligned with the long-term interests of the institution and avoid short-term incentives that can lead to excessive risk-taking.
The Irish Department of Finance separately, among other things, carries out reviews of the remuneration policies in place for Irish banks and proposes changes to the remuneration policies in place. The final decision lies with the CBI to accept and implement these changes. Currently, there is a total compensation limit of €500,000 that applies to senior executive positions in Irish banks.
A bank's remuneration policy must promote sound and effective risk management and must not encourage risk taking that exceeds the bank's level of tolerated risk. The policy must apply to all staff whose professional activities have a material impact on the risk profile of the bank, including senior management, risk takers, staff engaged in control functions and any employees whose total remuneration takes them into the same pay bracket as senior management and risk takers.
9 Change of control and transfers of banking business
9.1 How are the assets and liabilities of banks typically transferred in your jurisdiction?
The assets and liabilities of banks are typically transferred by way of a share sale, the sale of a business unit of the bank, or the sale of all or part of the assets and liabilities of the bank. In recent years most transfers have occurred by way of asset sales rather than share sales.
Sellers and purchasers of banking entities must consult with the CBI where there is a transaction involving the change of ownership of shares or voting rights of the bank. An entity proposing to acquire a bank must provide an Acquiring Transaction Notification Form for Credit Institutions (ATNF) to the CBI with prior notification of a proposed acquisition or disposal. This gives the CBI an opportunity to review the proposed transaction based on prudential grounds.
An ATNF notification to the CBI must be made where a direct or indirect holding in a bank will increase or decrease past 10% of the capital or voting rights of the bank.
A notification will also be necessary:
- Ii respect of a direct or indirect holding of the capital or voting rights of less than 10% which allows the proposed acquirer to exercise a ‘significant influence' over the management of the bank;
- where a holding increases or decreases past subsequent notifiable thresholds of 20%, 33% or 50%; or
- in the case of a person that is a company or other body corporate, where the bank would either become or cease to be that person's subsidiary.
The CBI must acknowledge receipt of the ATNF within two working days and notify the ECB within a further five working days. The ECB will be involved where the bank is subject to the SSM, irrespective of whether the bank is ‘significant' or ‘less significant'.
When acknowledging receipt, the CBI must inform the proposed acquirer of when the assessment period will end (the assessment must be completed within 60 working days). The assessment period may be extended by up to 20 working days (for EEA-based acquirers) and 30 working days (for non-EEA-based acquirers) if additional information is requested by the CBI.
The application is then considered by the ECB, the CBI and any other relevant regulatory authority. The CBI will propose a draft decision to the ECB as to whether to approve the proposed acquisition. The final decision rests with the ECB. The proposed acquirer will be notified by the ECB, rather than the CBI, of the outcome.
Where merger control requirements are applicable, it may be necessary to seek the approval of the Competition and Consumer Protection Commission. Approval of the Irish Takeover Panel may also be required.
9.2 What requirements must be met in the event of a change of control?
In assessing any acquisition, the Joint Guidelines on the Prudential Assessment of Acquisitions and Increases of Qualifying Holdings in the Financial Sector, published by the European Supervisory Authorities, must be considered. The CBI will also consider:
- the ownership of the proposed acquirer;
- the rationale for the proposed acquisition;
- how the acquisition will be financed; and
- the impact of the proposed acquisition on the day-to-day operations of the target bank.
The proposed buyer or acquirer must submit an ATNF as detailed in question 9.1. Supporting documentation must be included with the ATNF, including:
- organisational charts detailing the current ownership, the proposed post acquisition structure, the capital and voting rights (in percentage terms), and highlighting where significant influence exists;
- detailed corporate information about each acquirer and its directors or controllers;
- where the proposed acquisition will involve a change in control, a business plan, including:
- a strategic development plan setting out the reasons for the proposed acquisition, the medium-term financial goals, any changes that the proposed acquirer plans to introduce within the target bank and details of how the target will be integrated within the group structure of the acquirer;
- estimated financial statements for the target bank, on both a solo basis and a consolidated basis, for a three-year period; and
- details of the corporate governance and general organisational structure of the target bank, with a particular focus on its board and committees, its administrative and accounting procedure and internal controls, its information technology systems, and its policies on subcontracting and outsourcing; and
- where the proposed acquisition will not involve a change in control, a strategy document, whose content will vary depending on whether the holding to be acquired is less than 20%, or between 20% and 50%.
10 Consumer protection
10.1 What requirements must banks comply with to protect consumers in your jurisdiction?
The CBI has a dedicated Consumer Protection Directorate (CPD) which develops, implements and supervises the conduct of business by banks. As part of its role the CPD develops guidance to ensure that consumers' interests are protected and banks are treating their customers in a fair and transparent way. The CPC sets out the requirements that regulated firms must comply with when dealing with consumers in order to ensure a similar level of protection for consumers, regardless of the type of financial services provider.
The CPC provides the umbrella framework within which banks must operate when dealing with consumer customers. A consumer for the purpose of the CPC includes individuals and incorporated bodies with an annual turnover of not more than €3 million.
The CPC sets out requirements regarding the suitability of products, arrears, content of advertising, errors and complaints resolution and records and compliance requirements The CPC sets out a set of 12 general principles that banks must comply with when dealing with consumers. These principles include a requirement:
- to act honestly, fairly and professionally in the best interests of its customers and the integrity of the market;
- to act with due skill, care and diligence in the best interests of its customers; and
- not to recklessly, negligently or deliberately mislead a customer as to the real or perceived advantages or disadvantages of any product or service.
10.2 How are deposits protected in your jurisdiction?
The Deposit Guarantee Scheme (DGS) is part of the CBI's strategy to ensure that the best interests of consumers of financial services are protected. The legislation governing the DGS is the European Union (Deposit Guarantee Schemes) Regulations 2015 and the Financial Services (Deposit Guarantee Scheme) Act 2009 (as amended).
The DGS is administered by the CBI and is funded by the credit institutions covered by the scheme. The DGS protects eligible depositors in the event of a bank authorised by the CBI being unable to pay deposits. Deposits of up to €100,000 per person per institution are covered by the DGS.
The following is a non-exhaustive list of deposit types that may be considered eligible for protection under the DGS:
- current accounts;
- demand deposit accounts;
- fixed-term deposit accounts; and
- credit balances on credit cards issued by credit institutions.
Individuals, sole traders, partnerships, clubs, associations, charities, self-administered pensions and funds held in trust in client accounts by solicitors and other professionals will have their deposits protected. The residency of the depositor is not a factor in determining the eligibility of the DGS. A depositor need not be resident in Ireland or be an Irish citizen to be eligible for DGS compensation.
11 Data security and cybersecurity
11.1 What is the applicable data protection regime in your jurisdiction and what specific implications does this have for banks?
The General Data Protection Regulation (GDPR) provides the governing framework for data protection in Ireland.
The implications of GDPR apply to breaches, complaints, any failures to comply with data subject access requests and excessive data collection for example. Additionally, banks are required under anti-money laundering laws to comply with know-your-customer guidelines, which require them to collect substantive amounts of personal data in a bid to safeguard against money laundering.
Personal data should be regularly monitored and erased where it is no longer necessary for the original purpose. GDPR has furthermore given bank customers more access to their collected by their bank. This places additional obligations on banks to produce documents and information when requested. Where a bank's various IT systems do not ‘talk' to each other, it can be very time consuming and costly for a bank to meet its obligations under the GDPR. While compliance has undoubtedly been costly for bank, non-compliance will likely be costlier still. Banks in breach of their GDPR obligations could receive fines up to €20 million or 4% of their global turnover.
Banks doing business in Ireland should ensure that they have documented a lawful basis for processing an individual's data only for a specific legal purpose. The data subject must be told:
- what data the bank will be collecting;
- what it is being used for;
- how long it will be retained; and
- whether it will be shared with any third parties.
Banks must have a data protection officer to oversee compliance with the GDPR. Most banks operating in Ireland have detailed information on their websites regarding how data is collected, used and held, and the rights of customers in respect of their personal data.
11.2 What is the applicable cybersecurity regime in your jurisdiction and what specific implications does this have for banks?
The CBI published a Cross Industry Guidance in respect of Information Technology and Cybersecurity Risks in September 2016. The CBI notes that the risks associated with IT and cybersecurity are a key concern, given their potential to have serious implications for the Irish banking system. The CBI expects that the boards and senior management of banks recognise their responsibilities in relation to IT and cybersecurity governance and risk management. This includes having cybersecurity as a standing agenda item at board meetings Given the development of technological innovations in the provision of banking services, the interconnectivity of firms, systems and outsourcing service providers creates an increased exposure to the risk of cyberattacks.
Irish banks must:
- have comprehensive, up-to-date IT systems that are fit for purpose;
- have appropriate firewalls and other security features; and
- ensure that staff are appropriately trained and that any IT related outsourcing is subject to thorough due diligence.
The implementation of new or upgraded systems has had substantial cost implications for banks operating in Ireland.
Additional management time is required to ensure the implementation of an IT strategy, an IT risk management framework and a disaster recovery framework, and that an IT security risk conscious culture is developed and advocated within the bank. The CBI also requires banks to have robust governance structures in place to manage IT risk.
The Criminal Justice (Offences Relating to Information Systems) Act 2017 introduces a range of offences relating to cybercrime. The primary purpose of the act was to give effect to the provisions of EU Directive 2013/40/EU on attacks against information system.
12 Financial crime and banking secrecy
12.1 What provisions govern money laundering and other forms of financial crime in your jurisdiction and what specific implications do these have for banks?
Ireland has implemented the Fourth EU Money Laundering Directive (2015/849/EU). The Fifth EU Money Laundering Directive (2018/843/EU) is expected to be fully implemented shortly (the deadline for implementation was 10 January 2020). This will be followed by implementation of the Sixth EU Money Laundering Directive ((EU) 2018/1973) which is due to be implemented by December 2020. As required by Article 30(1) of the Fourth Directive, a central register of beneficial ownership of corporate entities has been established. A central register of beneficial ownership of trusts is expected to be established soon. The CBI has been particular active in are of anti-money laundering (AML) enforcement and has issued six-figure fines to a number of banks in recent years.
In terms of specific implications for banks operating in Ireland are:
- to ensure that it has implemented robust systems in place for detecting AML and terrorist financing activity. Employee training programmes, internal guidance and monitoring systems should all be up to date on the latest risks;
- to regularly review its approach to risk assessment in light of any legal or operation changes that may increase or change the potential risk of an AML breach; and
- have well documented investigation procedures and outcomes with thorough records of any decision to freeze funds and file a report with the relevant authorities. If no report is filed, it is essential that the reasons for this be fully documented.
The implementation of the above requires time spent training staff, producing policies and procedures, employing designated AML officers and ensuring that the bank's IT systems are sufficiently up to date and compliant with the General Data Protection Regulation to properly identify AML risks and store the AML documents required to be held in accordance with the banks policies and procedures.
12.2 Does banking secrecy apply in your jurisdiction?
There are no specific bank secrecy laws in Ireland. Irish banks have a common law obligation to keep customer information confidential. Irish common law implies a duty of confidentiality on a bank in its relationship with its customer, unless the terms of the contract with the customer provide otherwise or the bank is compelled by law to disclose.
The Irish courts have recently reconfirmed that it is an implied term of any contract between a banker and its customer that the banker will not divulge to third parties, without the customer's express or implied consent:
- the state of the customer's account or the amount of his or her balance;
- securities offered and held;
- the extent and frequency of transactions; or
- any information acquired by the bank during or by reason of its relationship with the customer.
This duty is not absolute, however – it is qualified in the following circumstances:
- Disclosure was under compulsion of law (eg, to tax authorities or for legal proceedings);
- There was a duty to the public to disclose (eg, reporting criminal activity);
- The interests of the bank required disclosure; and
- The disclosure was made with the express or implied consent of the customer.
13.1 What specific challenges or concerns does the banking sector present from a competition perspective? Are there any pro-competition measures that are targeted specifically at banks?
The Competition and Consumer Protection Commission (CCPC) has highlighted that Irish banks do not compete aggressively for customers and as a result, consumers and small businesses lose out on interest rate reductions and pay higher charges than they would if there were more choice in the market.
The introduction of new online players and payment processors to the Irish market has contributed to increased competition for market share. The possible fast-tracking of licence applications by financial institutions such as these may help create new opportunities for related markets in the near future.
In the aftermath of the banking crisis of 2008, which resulted in a substantial injection of state funds to support the banking system, Ireland committed to implement a package of measures to restore competition in the Irish banking market. This package has facilitated the entry by new competitors and enhanced the consumer protection. The package includes a number of initiatives to facilitate entry:
- To incentivise electronic banking which has a lower cost of entry than establishing a traditional retail banking franchise, Section 45 of the CCA was amended to recognise electronic communications relating to credit agreements in the same way as written and allow the use of electronic signatures with respect to credit agreements.
- The Central Credit Register was established under the supervision of the CBI to provide a centralised comprehensive database of credit information on all individuals and businesses. This is aimed at addressing the information asymmetry faced by new lenders.
- The CPC was revised to provide more detail on switching current accounts and the rules around bundling of products.
- The CCPC was required to provide a page to show consumers banking cost comparisons and to provide better comparative information on banking products.
Pursuant to Sections 149 of the CCA, banks operating in Ireland must notify the CBI if they wish to impose new charges or increase existing charges for the provision of the following services:
- making and receiving payments;
- providing foreign exchange facilities;
- providing and granting credit; and
- maintaining and administrating transaction accounts.
New entrants are exempt from Section 149 of the CCA for the first three years of operation in the market, after which time they must also notify their charges to the CBI.
A credit institution cannot impose a new charge or an increase to an existing charge without the prior approval of the CBI. These charges are assessed by the CBI in accordance with the following criteria:
- the promotion of fair competition;
- the commercial justification submitted in respect of the proposal;
- the impact that new charges or increases in existing charges will have on customers; and
- whether costs are passed on to customers.
14 Recovery, resolution and liquidation
14.1 What options are available where banks are failing in your jurisdiction?
The CBI is designated as the national resolution authority for credit institutions under the European Union (Bank Recovery and Resolution) Regulations 2015, which transposed the EU Bank Recovery and Resolution Directive into Irish law, and for the purposes of the Single Resolution Mechanism Regulation within the context of the Single Resolution Mechanism.
In accordance with the provisions of the Companies Act 2014, the options for failing banks are liquidation or, if the bank has a chance of survival, examinership.
Resolution tools will generally be used where, for example, the failure of an institution could cause financial instability or could disrupt critical functions. In these situations, placing an institution into liquidation would be sub-optimal.
The resolution tools are as follows:
- Bail-in: This allows for the write-down and/or conversion into equity of the bank's liabilities;
- Sale of the business: This provides for the sale (whether through a share or asset sale) of all of part of the bank's business without shareholder consent;
- Bridge institution: This provides for the sale of the shares of the bank or some of its assets and liabilities to a special purpose, limited life bridge institution controlled by the CBI; and
- Asset separation: This provides for the transfer of the assets and liabilities of the bank to a separate asset management entity which would be fully or partially owned by the State.
The use of resolution tools or liquidation is a final resort for dealing with a failing institution.
14.2 What insolvency and liquidation regime applies to banks in your jurisdiction?
The Companies Act 2014 (as amended by the Central Bank and Credit Institutions (Resolution) Act 2011) governs the liquidation of banks in Ireland.
The CBI may apply to the Irish High Court for an order to liquidate a bank in a number of circumstances, including where:
- the CBI believes that liquidation would be in the public interest;
- the bank has failed to comply with a direction of the CBI;
- the bank's licence or authorisation has been revoked; or
- the CBI considers that it is in the interest of deposit holders that it be wound up.
No person other than the CBI may apply to have a bank wound up without giving the CBI 10 days' notice and receiving the approval of the CBI. Only a liquidator approved by the Central Bank may wind up a bank. As soon as practicable after the court makes a winding-up order, the Central Bank will appoint a liquidation committee to oversee the winding up of the bank.
The liquidator of a bank has two objectives:
- to facilitate the CBI in ensuring that each eligible depositor receives the prescribed amount payable under the deposit guarantee scheme; and
- to wind up the bank in a manner to achieve the best results for the creditors of that bank as a whole.
15 Trends and predictions
15.1 How would you describe the current banking landscape and prevailing trends in your jurisdiction? Are any new developments anticipated in the next 12 months, including any proposed legislative reforms?
At the time of writing, Ireland is attempting to manage the global COVID-19 pandemic. As in other countries, the pandemic has put the Irish banking sector, among many others sectors, under enormous strain. Thousands have lost their jobs across almost all industries and the inevitable knock-on effect that the pandemic will have on the banking industry is difficult to predict in the medium term.
The Irish government has introduced emergency legislation in an attempt to tackle the COVID-19 outbreak. The legislation deals with numerous issues, such as a nationwide rent freeze, a ban on evictions and temporary income support schemes by way of government contributions to wage costs, allowing employers to continue paying their employees. Managing the spillover effects of the COVID-19 epidemic will likely take centre stage for any government considerations until at least Q2 2021.
15.2 Does your jurisdiction regulate cryptocurrencies? Are there any legislative developments with respect to cryptocurrencies or fintech in general?
There is no specific cryptocurrency regulation in Ireland; nor is there any specific prohibition on any activities related to cryptocurrency, save for the usual anti-money laundering financial sanctions and proceeds of crimes prohibitions. The CBI is the competent authority to regulate financial services including electronic money, payment services and securities law in Ireland.
In Ireland, cryptocurrencies are not regarded as money or currency and are not therefore considered legal tender by the CBI. However, they may be subject to regulation as securities, possibly pursuant to the European Union Markets in Financial Instruments Directive 2014.
The main source of regulation for fintechs in Ireland currently is generally the Payment Services Directive (PSD), but this will understandably depend on the business sector of that respective fintech. Therefore, ancillary services provided in connection with cryptocurrency could be subject to regulation under the PSD.
We expect that some EU guidance or regulations will be introduced in relation to the regulation of cryptocurrencies. The Irish government intends to legislate and provide a clear framework for the fintech environment as soon as possible, in order to promote start-ups and hold onto existing businesses located in the jurisdiction. However, this will likely be done in the context of broader European developments to ensure a harmonised approach with other member states.
16 Tips and traps
16.1 What are your top tips for banking entities operating in your jurisdiction and what potential issues would you highlight?
Creating a good working relationship with the CBI will stand to the benefit of any bank established in Ireland. We would advise the implementation of an effective governance framework that meets the standards set by the CBI and that is responsive and quick to act when remedying same. The CBI has increased its use of sanctions recently and will not hesitate to investigate and audit entities within the scope of its current agenda for review.
In order to achieve and maintain a high level of corporate governance within a bank, it must meet its requirements for hiring staff with the necessary skillset and implement an internal framework of auditing and reporting on areas such as risk and stress testing for example.
Banks must continue to meet their obligations and responsibilities under not just primary and secondary legislation, but also the codes published by the CBI which have been designed to ensure the fair treatment of customers. Any queries over a bank's non-compliance with the various codes will be investigated by the CBI and could lead to broad and disruptive investigations for banks. It is far better in these circumstances to have an effective governance framework in place which reduces potential future issues, rather than dealing with CBI investigations and opening up the business to further instances of non-compliance falling foul of sanctions.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.