ARTICLE
27 May 2026

MiFID Compliance – CBI Findings And Practical Implications For Firms

AC
Arthur Cox

Contributor

Arthur Cox logo
Arthur Cox is one of Ireland’s leading law firms. For almost 100 years, we have been at the forefront of developments in the legal profession in Ireland. Our practice encompasses all aspects of corporate and business law. The firm has offices in Dublin, Belfast, London, New York and Silicon Valley.
Explore Firm Details
The Central Bank of Ireland has published findings from its thematic assessment of compliance functions within MiFID investment firms, revealing both strengths and critical gaps in how firms manage regulatory obligations. The assessment examined firms' adherence to compliance requirements, monitoring processes, and board reporting practices, identifying specific areas where improvements are urgently needed. Firms are now expected to conduct self-assessments and address identified deficiencies promptly.
Ireland Finance and Banking
Sarah Thompson,Robert Cain,Katherine Quirke
+2 Authors
 Your Author LinkedIn Connections
Arthur Cox are most popular:
  • within Law Department Performance and Antitrust/Competition Law topic(s)

The Central Bank of Ireland (CBI) has published a Thematic Assessment of the Compliance Function in the MiFID Investment Firm Sector (the Report).

The CBI’s Regulatory & Supervisory Outlook publications for 2025 and 2026 (as to which see our insights posts here and here) identified weaknesses in culture, governance and risk management as key risks for the MiFID investment firm sector. This has led to an increased supervisory focus on MiFID investment firm’s compliance functions in light of their key role in reducing firms’ compliance risk, and supporting firms in securing customers’ interests. The CBI’s recent thematic assessment of the compliance function, which was carried out with a cohort of MiFID investment firms, is the latest output of this supervisory work.

Objectives of the assessment

The CBI’s assessment was carried out in two phases. Phase one involved a questionnaire and desk-based review, and phase 2 involved in-depth assessments and in-person sessions with Heads of Compliance at a selected subset of firms. The key objective of the thematic assessment was to assess firms’ adherence to the compliance function requirements set out in Article 22 of Commission Delegated Regulation (EU) 2017/565 of 25 April 2016 (the MiFID II Delegated Regulation) and the related ESMA Guidelines, with the CBI examining three core requirements:

  • the adequacy of the compliance function and related compliance framework;
  • the effectiveness of the compliance planning, monitoring and testing process; and
  • the quality of compliance reporting to the board / sub-committee(s).

The Report aims to outline the key findings from the assessment, remind firms of their regulatory obligations, and highlight the CBI’s expectations for firms and boards in respect of their compliance functions.

Identified good practices

  • Resourcing and strategic integration: Firms generally had a good understanding of their obligations, and well established compliance functions with appropriate resources considering the nature, scale and complexity of their business. Furthermore, the compliance function was actively involved in strategic initiatives and decision-making.
  • Risk-based monitoring: Most firms had established risk-based compliance monitoring programmes with calibrated tools, methodologies, scope and frequency. Some firms had extended their monitoring activity to include on-site inspections, providing a more meaningful verification of how policies and procedures operate in practice. The CBI also highlighted a positive example of one firm linking compliance monitoring findings directly to training needs, before conducting follow-up monitoring to assess whether the training had been effective.
  • Board reporting and horizon scanning: All firms were found to regularly provide mandatory compliance reports to boards and sub-committees, with those reports generally robust in content. On horizon scanning, most firms demonstrated that they recognise its importance in enabling the compliance function and fulfilling regulatory obligations.

Areas for improvement

  • Succession and contingency planning: Several firms could not show that responsibility for compliance would be effectively maintained in the event of key personnel absence or departure.
  • Compliance-led training: While training was generally being provided, the CBI was concerned by the absence in some firms of training designed and delivered directly by the compliance function, which it views as a visible indicator of compliance culture and senior management commitment.
  • Monitoring and board reporting: Some firms’ compliance risk assessments and monitoring plans lacked sufficient rigour and detail to allow boards to meaningfully scrutinise compliance activities. The CBI also found that board minutes were often failing to evidence the substantive discussion and challenge that should be taking place at board level.

Regulatory expectations and next steps

The CBI is clear on what it expects firms to do in response to the Report. In summary:

  • Self-assessment: Conduct a thorough review of the compliance function against the Report’s findings and the requirements of the MiFID II Delegated Regulation and ESMA Guidelines. Gaps should be identified and addressed promptly.
  • Board engagement and documentation: The Report must be tabled at the next board meeting, and the discussion must be recorded in the board minutes. Going forward, firms should ensure that board and committee minutes accurately capture the discussions and challenges raised at meetings in relation to the compliance function.
  • Training: The compliance function should be actively involved in designing and delivering compliance training across firms, embedding an appropriate compliance culture at all organisational levels.
  • Horizon scanning: Firms should treat horizon scanning as a priority, enabling the compliance function to get ahead of regulatory change and keep the board and senior management appropriately informed. Arthur Cox’s monthly Horizon Scanner is a useful, practical resource for tracking upcoming legal and regulatory developments in financial services.
  • Consumer protection: Firms should consider the revised Consumer Protection Code and related Guidance on Securing Customers’ Interests and the Protection of Consumers in Vulnerable Circumstances (see our insights post here), and how the compliance function can support embedding these standards across the business.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Sarah Thompson
Sarah Thompson
Photo of Robert Cain
Robert Cain
Photo of Denise Murray
Denise Murray
Photo of Katherine Quirke
Katherine Quirke
Photo of Sinead Cantillon
Sinead Cantillon
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More