FIG Top 5 At 5 - 22/05/2025

1. Central Bank publishes Authorisations and Gatekeeping Report 2024

On 15 May 2025, the Central Bank of Ireland ("Central Bank") published the second edition of its Authorisations and Gatekeeping Report ("Report").

The Report provides a summary of the authorisation and gatekeeping activity across all sectors in 2024 and provides some insights regarding common issues that the Central Bank encounters with applications for authorisation.

The Report sets out that the timeline from initial application to authorisation is strongly influenced by:

• the complexity of the proposed application/business model;
• the quality of the application submission; and
• the applicant's timeliness in responding to the Central Bank's queries.

Deputy Governor, Financial Regulation at the Central Bank, Mary-Elizabeth McMunn, stated that:

"Our experience is that the process is more productive and efficient where firms have fully considered their regulatory obligations in their applications. Applicants with a settled and clear business plan, proper governance and organisational arrangements, who are transparent and proactive in their engagement with us will receive positive outcomes in a more timely manner."

Authorisations Expectations

Chapter 2 of the Report deals with the Central Bank's authorisations expectations. In particular, highlights its November 2024 cross-industry "Guidance on expectations for applicants seeking authorisation from the Central Bank of Ireland to operate as a regulated Firm" ("Guidance"), explaining that the Guidance expands on the existing guidance on the Central Bank's website and gives further details as to how the Central Bank discharges its authorisation mandate. The Report emphasises that the overall aim of the Guidance is provide transparency regarding the authorisation process and to support firms in understanding the Central Bank's requirements and expectations of applicant firms.

The Report notes that the Guidance sets out principles as regards the Central Bank's expectations around the clarity, accuracy and completeness of an application and its emphasis on the need for applicants to be well informed on current sectoral and legal requirements. Additionally, the Report points to the common areas of substantive focus, applicable to all applicants, that are contained in the Guidance, noting that the list contained therein is non exhaustive.

MiCA

The Report addresses the recent introduction of MiCA and particularly, discusses the implementation of MiCA. For more information, see FIG Top 5 at 5 dated 28 November 2024, FIG Top 5 at 5 dated 9 January 2025 and FIG Top 5 at 5 dated 13 March 2025.

The Report highlights the need for applicant firms to show, at application stage, that they can maintain compliance post authorisation. The Report reminds firms that it has developed online information regarding MiCA together with a dedicated contact point and highlights that the Central Bank will continue to engage constructively with applicants before and during application.

Authorisations by Sector

Chapter 4 deals with authorisations by sector together with relevant timelines regarding such authorisations, setting out information relating to:

• authorisation activity for each sector for 2024 together with an explanatory narrative;
• processing times for each sector, including a comparison as to average calendar days in 2023 versus 2024;

A summary table of common challenges experienced during the authorisation process is contained in Appendix 2 of the Report and aligns the factors highlighted in the body of the Report as impacting on the timeline for securing authorisation. In particular, the Central Bank flags that difficulties around proposed business models and firms' clarity around underlying assumptions can prolong assessment by the Central Bank, as can substantial changes to the business plan during the course of the assessment. Other challenges articulated include lack of substantive presence and adequate staffing for both PCF and non-PCF roles in the jurisdiction, along with failure to have local risk frameworks, tailored to the entity that is seeking authorisation.

Fitness and Probity

Chapter 5 of the Report contains an overview of the Central Bank's fitness and probity ("F&P") gatekeeping process, including its operation in 2024, planned enhancements for 2024 and enhancements to the Central Bank's published statistical information. The overview referenced the various initiatives that took place during the year including:

• the Enria review, see FIG Top 5 at 5 dated 18 July 2024;
• implementation report published by the Central Bank in April 2025 as regards the progress made on the implementation of the 12 recommendations made in the Enria report, for more information, see FIG Top 5 at 5 dated 17 April 2025; and
• the publication of CP 160 on proposed simplification of the PCF list and consolidation of guidance for easier navigation, for more information, see FIG Top 5 at 5 dated 17 April 2025.

DORA Spotlight

This year the Report has a "spotlight" on the relevance of DORA to authorisations, describing it as a "key component of the Central Bank's authorisation assessment process". The Report provides guidance on determining the application of DORA to an entity, the key regulatory components of DORA and provides detailed supervisory expectations regarding meeting obligations under DORA. At the heart of the expectations, as with the general authorisation approach, is the principle of proportionality. Although strictly targeted at those seeking authorisation, the details outlined in the "spotlight" will be of general interest to those captured by DORA.

2. Finance (Provision of Access to Cash Infrastructure) Bill passes all stages in the Oireachtas

On 13 May 2025, the Finance (Provision of Access to Cash Infrastructure) Bill 2024 ("Bill") passed all stages in the houses of the Oireachtas.

The Bill is aimed at ensuring continued sufficient and effective access to cash in Ireland.

The Bill requires designated entities, whose share of current accounts and household deposits are in excess of percentages prescribed by the Minister for Finance, to be responsible for maintaining access to cash levels. Initially, the designated entities are the three main retail banks.

The Central Bank of Ireland will be responsible as regards monitoring and enforcement of the legislation and will have the necessary powers to ensure compliance with the provisions of the Bill.

For more information on the Bill, see FIG Top 5 at 5 dated 8 August 2024 .

Welcoming the passage of the Bill, Minister for Finance, Paschal Donohoe stated:

"Cash remains a preferred form of payment and continues to play an important role in our economy. The Finance (Provision of Access to Cash Infrastructure) Bill 2024 will put in place a framework that will ensure sufficient and effective access to cash infrastructure is available in the State, and that any further evolution of the cash infrastructure will be managed in a fair, orderly, transparent and equitable manner for all stakeholders."

Next Steps

The Bill will now be sent to the President of Ireland to be signed into law.

3. Central Bank Documents Updates: (1) Central Bank updates Guidance Note on Completing an Application for authorisation as a PI, EMI, AISP and Small Electronic Money Institution under PSR and / or EMR (as amended) (2) Central Bank updates FAQs dedicated to lenders

1. Central Bank updates Guidance Note on Completing an Application for authorisation as a PI, EMI, AISP and Small Electronic Money Institution under PSR and / or EMR (as amended)

On 12 May 2025, the Central Bank of Ireland ("Central Bank") updated its guidance note ("Guidance") on completing an application for authorisation as a Payment Institution ("PI"), an Electronic Money Institution ("EMI"), an Account Information Service Provider ("AISP") and as a small electronic money institution under the European Union (Payment Services) Regulations 2018 ("PSR") and / or the European Communities (Electronic Money) Regulations 2011 ("EMR") (as amended).

The version of the Guidance supersedes the previous version that was applicable from 11 September 2020 to 11 May 2025.

The following is a summary of the updates:

• Section 3 entitled, "Criteria for Assessing Applicants", has been updated to refer to the Central Bank's Expectations for Authorisation of Payment and Electronic Money Institutions and Registration of Account Information Service Providers guidelines of April 2024. For more information on this, see FIG Top 5 at 5 date 11 April 2024.
• Guideline 4, entitled "Business Plan, has been amended as regards 4.1 (c) d) to now read as follows:

"The Profit and Loss Account must be broken down into monthly periods."

• Guideline 4.1 (d), addressing the requirement of an applicant to describe its means of meeting its initial capital and own funds requirement as at authorisation date, has been amended to include reference to "Common Tier Equity 1".
• Guideline 6.1 (a) has been amended to read as follows:

"Should a firm wish to have a capital contribution recognised as CET1, it should follow the guidance set out in Section 3.8 of the Implementation Notice for Competent Authority discretions in the Capital Requirements Regulation and Capital Requirements Directive."

• Finally, details at the very end of the Guidance as regards queries on the application process have been deleted.

2. Central Bank updates FAQs dedicated to lenders

On 15 May 2025, the Central Bank of Ireland ("Central Bank") updated its frequently asked questions ("FAQs") section dedicated to lenders. The FAQs were last updated on 24 February 2020.

The following is a brief summary of the updates:

• the section entitled "If none of the credit agreements in my portfolio exceed €500, what are my obligations?" has been removed;
• the section entitled "If I have recently sold my loan book and closed my business, what are my obligations?" has been removed;
• the words "at a later stage" in the February 2020 version have been removed under the section entitled "What obligations does the Credit Reporting Act impose on CIPs in terms of communicating with CISs regarding the CCR" and now just refers to "guarantors";
• the section entitled "Do I need to perform an enquiry for all co-borrowers included in a credit agreement or is the main applicant enough?" has been removed;
• some minor wording changes in the section "How do I register for the Lender Area?";
• the sections entitled "What is my Registration Number and Provider Code?" and "How do I obtain a provider code and log in details for the Central Credit Register Lender Area?" have been removed; and
• the information under the section entitled "I have received the approval email but I am still unable to log in to the Lender Area what should I do?" has been modified slightly.

4. AI Updates: (1) ECON publishes draft report on impact of AI on the financial sector (2) EIOPA launches survey on the use of generative AI

1. ECON publishes draft report on impact of AI on the financial sector

On 14 May 2025, the European Parliament's ("Parliament") committee on economic and monetary affairs ("ECON") published a draft report ("Report") on the impact of AI on the financial sector.

The Report was prepared by rapporteur, Arba Kokalari, and considers the use and impact of AI in the financial services sector and the regulatory landscape.

The Report analyses the use of AI in the financial services sector, noting the following:

• the majority of AI use cases are aimed at cutting costs by streamlining operations, rather than creating new revenue streams;
• most use cases represent "low-hanging fruit rather than high-risk innovation", with the Report concluding, as a result, that deployment of AI in the financial sector has been prudent; and
• the financial system is not being run by, nor is it not heavily dependent on, auto pilot AI models that would threaten financial stability and place consumers at risk. In fact, the Report notes that quite the opposite is the case – in such a heavily regulated sector, as financial services, most AI use cases are low risk and also include a human expert.

The Report goes on to note that such findings do not take away from the potential benefits associated with AI such as:

• improvements in efficiency;
• the enhancement of consumer services;
• the strengthening of competitiveness of EU firms; and
• effective anti-money laundering and fraud detection.

Allied to such benefits, are risks, some which are identified by the Report as being those associated with data quality, explainability and transparency of AI. However, the Report goes on to emphasise that the financial services sector is well equipped to deal with such risks owing to the systems that are already in place on foot of EU financial services legislation.

Some of the recommendations made in the Report, as regards ensuring the responsible use of AI in financial services, are as follows:

• that the European Commission ("Commission") should ensure clarity and guidance on how existing financial services regulations apply to the use of AI in financial services;
• consistent definitions and the simplification of the regulatory framework to avoid duplicated requirements, including risk assessment reporting requirements;
• the avoidance of new sectoral legislation governing AI, as there are already established sectoral rules that cover AI deployment;
• advises the Commission and member states to coordinate so as to avoid "gold-plating relevant legislation" and to prevent the creation of new barriers in cross-border markets;
• supervisory efforts should prioritise tangible, operational risks where identified, rather than abstract or theoretical concerns;
• significant changes in the use of AI will require appropriate skills and talent, considering that the use of AI is dependent on human capabilities; and
• more clarity with regard to the AI Act's requirements for financial institutions to comply with AI literacy requirements.

The Commission consulted on the application and impact of AI in financial services in June 2024, for more information, see FIG Top 5 at 5 dated 20 June 2024. To date, there has been no further communications from the Commission on the outcome of the consultation or its proposals.

Next Steps

The Report instructs the President of the Parliament to forward the Report to the European Council and the Commission.

2. EIOPA launches survey on the use of generative AI

On 15 May 2025, the European Insurance and Occupational Pensions Authority ("EIOPA") published a survey ("Survey") on the use of generative AI in the insurance sector in the EU.

EIOPA stated that is has decided to focus on generative AI, rather than on AI more broadly, to simplify the approach and also to take account of generative AI's "unique characteristics."

With the launch of the Survey, EIOPA aims to keep pace with the rapid technological developments that can have a major impact on the insurance industry. The Survey will ensure that the relevant regulatory and supervisory frameworks account for the opportunities and risks that come with AI.

EIOPA has highlighted the main goals of the Survey as being:

• to develop a deeper understanding of the current and expected use of generative AI systems in insurance;
• to identify how the implementation of generative AI differs from traditional AI systems; and
• identification of the governance and risk management measures that insurance undertakings are developing as regards responsible use of generative AI.

With this collection of data via the Survey, EIOPA hopes that it will be able to take an evidence based approach to the supervision of the use of modern technologies in the EU's insurance sector.

Further, EIOPA has stated that the results of the Survey will enable it to identify potential obstacles as regards the ability of stakeholders to harness the benefits of generative AI systems. Ultimately, EIOPA hopes that this will create better outcomes for consumers and a higher level of consumer protection in the EU.

Recent Consultation

While no specific reference is made to EIOPA's recent consultation ("Consultation") on its opinion on artificial intelligence governance and risk management in the Survey, it is worth noting that the Consultation did mention that it expects that it will, into the future, develop more detailed analysis on specific AI use cases or issues arising from the use of AI systems in insurance and provide further guidance, as relevant. It is likely that the Survey is further supporting that work. For more information on the Consultation, see FIG Top 5 at 5 dated 13 February 2025.

Next Steps

EIOPA has stated that the Survey will be distributed to insurance companies via their national competent authorities. However, the Survey is also open to any undertaking that may wish to take part. The Survey is open for submissions until 15 July 2025.

5. European Update: (1) Corrigendum to delegated regulation on DORA risk management framework published in OJEU (2) EIOPA publishes study on household NatCat coverage and consumer information

1. Corrigendum to delegated regulation on DORA risk management framework published in OJEU

On 15 May 2025, a corrigendum ("Corrigendum") to Commission Delegated Regulation (EU) 2024/1774 ("Delegated Regulation") of 13 March 2024 supplementing DORA with regard to regulatory technical standards ("RTS") specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework, was published in the official journal of the European Union ("OJEU").

The Corrigendum amends article 22 of the Delegated Regulation by replacing a reference to article 15 of the Delegated Regulation with a reference to article 8 of the Delegated Regulation. Article 22 deals with ICT-related incident management policy.

2. EIOPA publishes study on household NatCat coverage and consumer information

On 19 May 2025, the European Insurance and Occupational Pensions Authority ("EIOPA") published the results of a study ("Study") it carried out on the clarity of NatCat coverage in household insurance product information documents ("IPIDs").

EIOPA conducted the study with the aim of identifying positive examples, together with possible issues to be addressed, regarding the overall clarity of coverage and exclusions in NatCat insurance. On a more macro level, the Study is aimed at addressing the NatCat protection gap, with EIOPA noting that if the severity and intensity of NatCat events continues to increase, the gap will also increase.

The Study covered eight participating member states, 29 insurance undertakings, 45 IPIDs and 22 terms and conditions. Overall, the Study found both good examples, where insurance undertakings have ensured consumers are given sufficient and accurate information, without overloading them, and areas needing improvement. The Study also included examples as to how insurance undertakings can improve disclosures.

Some of the main findings highlighted in the Study are as follows:

• the wording used by insurance undertakings, in some of the IPIDs analysed was found to be sometimes unclear, vague or inconsistent, with some using terms such as "atmospheric events", "weather events", and "natural disasters", under the "what is insured" section;
• a number of IPIDs often referred to terms and conditions and / or other external documents without providing relevant information in those external documents;
• many undertakings define NatCat events in different ways, which EIOPA has stated, limits consumers' ability to compare products;
• although add-on NatCat coverage is often available, the way in which information regarding add-on coverage is provided, varies significantly;
• the names used for the main household insurance coverage can often mislead consumers as to whether they need add-on coverage or not. Some insurance undertakings use product names such as "total insurance", but then do not cover certain high-risk perils. The Study found that some insurance undertaking took steps to address this issue by changing wording and using terms such as "the most comprehensive";
• although coverage limitations are a necessity for insurance undertakings, it is important that they are clearly presented to facilitate consumers' understanding with the Study highlighting that, at times, coverage limitations are not clearly presented to consumers;

The Study emphasises that insurance undertakings can help prevent situations where consumers mistakenly assume they are covered for certain NatCat events, only to discover that that is not the case when filing a claim.

Some, matters identified by the Study, that could help ensure that consumers better understand whether or not they are covered for NatCat events, include:

• the use of chatbots to help consumers understand their coverage; and
• proactively reaching out to consumers in order to limit damages in case of NatCat events, by using automated tools to facilitate claims management or by providing advice on the implementation of mitigation measures

Next Steps

EIOPA has stated that it will continue to monitor market trends and developments and will use the findings of the Study to inform its future work and priorities. Additionally, EIOPA stated that it is working on an awareness tool that can be used by all Europeans to better understand the potential impacts of NatCat on their properties, contributing to the financial resilience of consumers.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.