ARTICLE
18 March 2025

FIG Top 5 At 5 - 06/03/2025

M
Matheson

Contributor

Matheson logo
Established in 1825 in Dublin, Ireland and with offices in Cork, London, New York, Palo Alto and San Francisco, more than 700 people work across Matheson’s six offices, including 96 partners and tax principals and over 470 legal and tax professionals. Matheson services the legal needs of internationally focused companies and financial institutions doing business in and from Ireland. Our clients include over half of the world’s 50 largest banks, 6 of the world’s 10 largest asset managers, 7 of the top 10 global technology brands and we have advised the majority of the Fortune 100.
Explore Firm Details
On 28 February 2025, the Central Bank of Ireland ("Central Bank") published its Regulatory and Supervisory Outlook Report ("Report"). The Report sets out the Central Bank's assessment of the key trends and risks...
Ireland Finance and Banking
Darren Maher,Joe Beashel,Elaine Long
+5 Authors
 Your Author LinkedIn Connections

1. Central Bank publishes its Regulatory and Supervisory Outlook Report – Risks and Cross-Sectoral Supervisory Priorities

On 28 February 2025, the Central Bank of Ireland ("Central Bank") published its Regulatory and Supervisory Outlook Report ("Report"). The Report sets out the Central Bank's assessment of the key trends and risks that are shaping the financial sector. On foot of such assessment, the Report also details the Central Bank's regulatory and supervisory priorities for the next two years.

Additionally, the Report restates the Central Bank's expectations of regulated firms, together with the firms' responsibility to identify, mitigate and manage the risks specific to their business and customers.

Importantly, the Report emphasises the need for senior executives and key decision makers to incorporate the content of the Report, together with other communications such as 'Dear CEO' letters, into ongoing work and decision making.

The Report is comprised of a number of sections as follows:

  • section 1 is focused on the global macro environment and the main trends and drivers of risk;
  • section 2 sets out the Central Bank's assessment of risks facing regulated entities, investors and consumers. It also has two "Spotlights" on specific topics as follow:
    • safeguarding consumer interests; and
    • balancing opportunities and risks as regards AI.
  • section 3 sets out the Central Bank's cross – sectoral supervisory priorities as regards its desired key supervisory outcomes. This section also has a "Spotlight" addressing geopolitical risks, with a framework for navigating heightened uncertainty;
  • section 4 is comprised of a sectoral focus, including the key areas of supervisory focus for 2025 – 2026, addressing: banking and payments; insurers and reinsurers; and capital markets and funds.

Risks

The Report identifies three main drivers of risk as follows:

  1. macroeconomic and geopolitical environment – risk areas identified under this category include: inflation and interest rate risks / asset valuation and market risks / liquidity and leverage risks / credit and counterparty risks.
  2. the way in which regulated entities are responding to today's changing world – a number of risk areas are set out, including: consumer and investor detriment risks / operational risks and resilience / risk management practices and risk transfer / data, AI and modelling risks.
    Speaking on the publication of the Report, Governor of the Central Bank, Gabriel Makhlouf, stated that while the headline risk areas facing the financial sector and consumers of financial services have largely remained the same as last year, operational risks are growing, reflecting increasing digitalisation in financial services and particularly the growing reliance on third party ICT providers.
  3. Longer term structural forces at play - this category identifies a further three risk areas as follows: climate and environmental – related risks / financial crime risks / business model and strategic risks.

Cross Sectoral Supervisory Priorities

The Report sets out the Central Bank's supervisory priorities, stating that they continue to be as set out in last year's report, together with the outcomes sought, as follows:

  • supervisory priority 1 – proactive and consumer centric leadership of firms in managing the risks and uncertainties facing their organisations and their customers.
  • supervisory priority 2 – resilience of firms. The Report sets out that firms should have sufficient operational and financial resources, adaptability and recoverability in order to be resilient as regards risks stemming from the macro environment, economic and financial market uncertainty and fragile sentiment, particularly citing the breakdown in previously stable international relations, protectionism, and other political, technological and environmental developments.
  • supervisory priority 3 – that firms address operating framework deficiencies and, once addressed, to ensure that they are effective not only in the current environment, but into the future.
  • supervisory priority 4 - that firms manage change effectively, keeping pace with changes in the financial system and in consumer needs and expectations through the well-managed evolution of business strategies.
  • supervisory priority 5 – that climate change and net zero transition are addressed by continuously improving responsiveness to climate change, managing its impact and enhancing firms' roles in the transition to a net zero economy.

The sixth supervisory priority relates to the Central Bank's own approach to how it regulates and supervises. In this regard, the Report sets out that the Central Bank will continue its improvement and transformation of its approach to regulation and supervision to ensure the fulfilment of its mandate. The Report specifically addresses the new supervisory framework, introduced in January this year, noting it as being delivered through a more integrated approach, while remaining outcomes focused and risk based. The Central Bank expects 2025 to be a year of dialogue about its new approach as part of supervisory engagements with firms and sectors, as both firms and the wider system become more familiar with its implementation.

Dear CEO Letter – Key Regulation and Supervision Priorities 20205

On 5 March 2025, the Central Bank issued a "Dear CEO" letter ("Letter"), dated 28 February 2025. The purpose of the Letter is to bring the Report to the attention of regulated firms and to outline the Central Bank's regulatory and supervisory priorities for 2025. The Letter also sets out a high level overview of the Central Bank's recent changes to supervision, detailed in the update,Central Bank publishes "Our Approach to Supervision", below.

2. Central Bank publishes its Regulatory and Supervisory Outlook Report – Sectoral Supervisory Priorities

Further to the above update on the Central Bank of Ireland's ("Central Bank") Regulatory and Supervisory Outlook Report ("Report"), the following sectoral specific priorities should also be noted:

Banking and Payments: Key Supervisory activities 2025 – 2026

  • assessment of the adequacy and effectiveness of AML / CFT risk management frameworks;
  • assessment of the level of customer service provided by firms, including the complaints handling process across relevant channels;
  • financial resilience assessments, including the 2025 EU stress test, capital and liquidity management, and recovery planning;
  • assessments of banks' ability to identify and manage new and emerging risks to the sustainability of their business models, incorporating consideration of consumers' interests, and where material, the inclusion in their risk management frameworks;
  • credit risk management and loan origination reviews, with an emphasis on vulnerable portfolios and long term mortgage arrears; and
  • implementation and development of incoming regulations and initiatives focused on improving operational resilience as well as customer functionality and safety in the payments space. These include DORA, the third proposed Payment Services Directive ("PSD3") and Payment Services Regulation and Instant Payments.

Additional Payments and E-Money Supervisory activities 2025 – 2026

  • continuing supervisory focus on safeguarding, with the completion of a sectoral thematic inspection on safeguarding arrangements, review of board attestations on safeguarded funds and completion of 2023 audit remediation actions and industry communications on sectoral findings;
  • supervisory intervention where elevated risks or breaches of regulatory requirements are identified, including financial crime risk, using the Central Bank's full suite of supervisory powers where required; and
  • continue to proactively engage with firms in the sector to assess the adequacy and effectiveness of their AML/CFT risk management frameworks, through supervisory engagements.

Insurers and Reinsurers: Key Supervisory activities 2025 – 2026

  • supporting EIOPA's 2025 EU wide strategic supervisory priorities, with the Central Bank stating that it will be completing work in relation to risk transfers and value for money, and reviews of pricing discipline, adequacy of reserves and capital;
  • sectoral supervision focusing on the monitoring of the potential impacts of changes in financial markets and macroeconomic environment on the insurance sector and its consumers. Additional specific engagement will vary by insurance sector, as follows:
    • for firms with business models and strategies with significant growth or high degrees of complexity there will be a focus on the governance and practices in place to undertake this business;
    • for life firms' capital optimisation strategies, there will be a focus on future needs, risks and recovery options; and
    • broader work will examine manual processes in life reserving and pricing in the domestic non - life sector, and disclosure of commission arrangements with intermediaries.
  • assessing firms' reliance on parent groups for services and capital support;
  • assessing the embedding of DORA requirements and adherence to the Central Bank's Cross Industry Guidance on Operational Resilience;
  • reviewing the use of AI in pricing and underwriting processes; and
  • as regards the Solvency II review, industry participants will be asked to engage in an assessment of the expected impacts in terms of quantitative elements as well as qualitative elements.

MiFID Investment Firms Sector: Key Supervisory activities 2025 – 2026

  • The Report sets out the key supervisory activities in this sector as follows:
  • continuing the supervisory review and evaluation process assessments, including reviewing firms' oversight of cross border service provision and complaints management;
  • assessing the effectiveness of safeguarding of client asset against the enhanced rules;
  • supporting ESMA's supervisory convergence work including:
    • the MiFID ESMA Common Supervisory Action ("CSA") thematic work commenced in 2024 in the area of sustainability requirements; and
    • the 2025 ESMA CSA thematic work on investor protection.
  • further enhancing regulatory returns and embedding the enhanced social media monitoring capabilities; and
  • supporting the implementation and development of incoming regulations and initiatives related to the sector, including the EU Commission's Retail Investment Strategy, the EU Artificial Intelligence Act and the EU Accessibility Act.

Retail Intermediary Sector: Key Supervisory activities 2025 – 2026

  • supporting the implementation and development of new and revised regulatory requirements relevant to the sector, including the EU Commission's Retail Investment Strategy and the revised Consumer Protection Code;
  • sectoral supervision including focusing on the reviews of larger retail intermediaries owned by insurance firms and concluding the thematic inspection of fair versus limited analysis of the market; and
  • continued engagement at industry level on authorisations, supervisory priorities and expectations.

3. Central Bank publishes "Our Approach to Supervision"

In the first week of March 2025, the Central Bank of Ireland ("Central Bank") published a document ("Document") entitled "Our Approach to Supervision", dated February 2025. The Document provides an overview of the Central Bank's supervisory framework, including details as to its supervisory principles and practices and follows on from the Central Bank's initiative as regards the transformation of regulation and supervision. For more detail on the latter, please see FIG Top 5 at 5 dated 8 August 2024.

As of January 2025, the Central Bank has moved to an integrated supervisory model, stating that this approach sets the Central Bank up for the future, ensuring that the financial system operates in the best interests of consumers and the wider economy.

In the Document, the Central Bank takes the opportunity to restate its four safeguarding outcomes of:

  • the protection of consumer and investor interests;
  • the integrity of the financial system;
  • the safety and soundness of firms; and
  • financial stability.

In this regard, the Central Bank emphasises the importance of supervision that is comprised of engagement, analysis and oversight of financial services firms, together with the implementation, monitoring and enforcement of regulations, reiterating its risk-based, outcomes focused approach to supervision. Importantly, the Central Bank highlights firms' responsibilities as regards risk identification, management and mitigation, stating that such responsibility rests, first and foremost, with boards and management teams within regulated firms.

Sectoral Level Supervision

The Document goes on to address supervision at a sectoral level, stating that each sector (Banking & Payments / Insurance / Capital Markets & Funds) is supervised in an integrated, holistic way with a multi-year supervisory strategy. Supervision is delivered via a broad range of supervisory actions and interventions, used to prevent or mitigate risks. The Document also sets out examples of programmatic supervision, some of which are as follows:

  • direct engagement with sectors, firms and individuals;
  • thematic reviews, onsite inspections, deep dives / investigations, risk analysis and assessment;
  • ensuring firms take appropriate risk mitigation actions to address issues identified; and
  • firm specific risk assessments, for example, business model and strategy risk.

Risk Mitigation and Supervision

The Document explains that in cases where issues or concerns are identified, these are communicated to individual firm(s) or sector(s) by methods such as, a "Dear CEO" letter, a risk mitigation programme or through the use of direction-making powers. As regards the Central Bank's enforcement powers, the Document sets out that the Central Bank takes a targetedand proportionate approach to their use of enforcement cases where significant action is merited being prioritised.

Additional Supervision for the Most Significant Firms

The Document details the recognition, by the Central Bank, that certain firms have the potential to have a significant impact on the Central Bank's safeguarding outcomes. Accordingly, such firms are subject to close supervision by integrated supervision teams, at an individual firm level, on a continuous basis. Whether or not a firm falls into this category is decided upon taking a number of matters into consideration, such as:

  • their systemic nature, including the risk that a disorderly financial or operational failure would negatively impact financial stability;
  • the materiality of the risk that their ongoing operations present to consumers and investors in Ireland and throughout Europe;
  • the extent to which they are exposed to heightened financial crime risks that can significantly undermine the integrity of the system; and
  • the Central Bank's experience with a firm and its judgment as to a firm's capacity to manage the forgoing risks.

Firms that do fall within this category will be assessed on a number of risk categories, such as, culture / governance and risk management / operational resilience risk / financial crime risk.

Dear CEO Letter – Key Regulation and Supervision Priorities 2025

On 5 March 2025, the Central Bank issued a "Dear CEO" letter ("Letter"), dated 28 February 2025. The purpose of the Letter is to bring the Central Bank's Regulatory and Supervisory Outlook Report to the attention of regulated firms and to outline the Central Bank's regulatory and supervisory priorities for 2025. The Letter also sets out a high level overview of the Central Bank's recent changes to supervision, detailed above.

4. Central Bank publishes industry communication following its conduct risk assessment of pre -trade controls

On 3 March 2025, the Central Bank of Ireland ("Central Bank") published an industry communication ("Communication") on foot of a conduct risk assessment ("Assessment"), carried out by the Central Bank, of pre-trade controls in selected investment firms and credit institutions engaged in wholesale market activity.

The aim of the Communication is two-fold, firstly to set out the key findings of the Assessment and secondly, to outline the Central Bank's expectations in this area. It should be noted that, while the Assessment was focused on pre-trade control frameworks in investment firms and credit institutions, the Central Bank has advised that the findings of the Assessment should be considered by all market participants due to the fact that they relate to deficiencies in overall risk control frameworks.

Findings and expectations

The findings set out are not exhaustive and the Central Bank advises that firms should continuously evaluate the effectiveness of their control frameworks and related governance.

The Assessment considered five core areas. Some of the findings, good practices identified and expectations relating to these core areas include :

1. Control design and calibration – although all firms assessed had some form of pre-trade controls on order entry in place, a number of risk issues were identified, some of which are as follows:

  • as regards manually input orders, some pre-trade control parameters were found to be static, not differentiated by instrument or market conditions and without any documented rationale or quantitative basis;
  • "off-the-shelf" control parameters in the third-party order entry systems being utilised were heavily relied on by a number of assessed firms; and
  • there were a number of manual processes identified which increases the risk of errors.

As regards good practices identified, the Assessment found evidence of the tailoring of pre-trade controls by instrument type and a documented rationale and quantitative basis to support the parameters that were set.

Expectation – the Central bank expectsfirms to have system-based pre-trade controls on order entry in place, including hard and soft blocks that are suitably calibrated to ensure they are reflective of the individual firm's market activities and business model.

2. Testing, monitoring and investigation - some of the matters identified by the Central Bank include:

  • alack of formalised control testing across the assessed firms;
  • in firms where control testing was in place, it was carried out by group functions on an outsourced basis without adequate oversight;
  • as regards monitoring of pre-trade controls, the Assessment found that this was mostly carried out by market - facing staff with limited independent monitoring or oversight from risk and compliance functions;

Expectation - the Central bank expectspre-trade controls to be supported by an effective testing process to make sure they remain fit for purpose. Monitoring of pre-trade controls should be undertaken on a real-time basis. The risk and compliance function in a firm should have awareness of the triggering of pre-trade controls and oversight of the investigation of such triggers.

3. Governance and oversight – most firms were unable to demonstrate adequate awareness or oversight of the firm's pre-trade control framework. Some further findings are as follows:

  • local entities not adequately exercising responsibility or oversight for outsourced elements of the pre-trade control framework; and
  • in some firms, traders were permitted to set their own pre-trade control parameters, without adequate governance or second line oversight.

Expectation - senior management and the risk and compliance function should be aware of, and provide effective oversight of, the firm's pre-trade control framework, in addition to challenging it. Additionally, the Central Bank expects that relevant management and governance functions are receiving consolidated management information and reporting in relation to a firm's pre-trade control environment and real-time monitoring of its trading activities.

4. Staff awareness and training – under this heading,it was found that there wasan over relianceon traders' experience as an actual control to prevent disorderly trading. In some firms, specific training as regards the mitigation of risks associated with disorderly trading, the handling and overriding of alerts, and the appropriate use of kill switches for firms engaged in algorithmic trading, could not be demonstrated.

One of the good practices identified was one whereby staff training addressed the handling and overriding of alerts, and set out the role and expectations for market-facing staff within the pre-trade control framework.

Expectation – firms are expected to havedocumented procedures in place for the mitigation of risks associated with disorderly trading, including the effective use of kill switches. Training, policies, and procedures should provide market facing staff with the requisite knowledge and protocols for identifying and mitigating against potential incidents of disorderly trading.

5. Policies and procedures – in most firms assessed, the Central Bankfound thatdocumentation provided in relation to pre-trade controls was insufficient, in that it failed, amongst other things, to:

  • clearly record the controls in place;
  • set out an inventory of pre-trade controls;
  • set out the calibrated parameters of the controls; and
  • set out the process for the timely escalation of pre-trade controls breaches or issues.

A good practice highlighted by the Central Bank involved a firm that evidenced a centrally documented inventory of pre-trade controls with ownership and oversight by the risk and compliance function.

Expectation - governance and documentation supporting the pre-trade control environment must be robust and aligned to the nature of a firm's market activities. Firms should have a documented inventory of pre-trade controls, thresholds and parameters, as well as the rationale or quantitative basis for the limits used, in place. Additionally, documentation should be reviewed and updated regularly, at least on an annual basis.

Next Steps

The Central Bank has stated that while the focus of the Assessment was on pre-trade controls, firms should also ensure that appropriate post-trade controls are in place so that the entire lifecycle of a trade is considered under applicable control frameworks.

The Central Bank expects all firms engaged in the provision of relevant MiFID investment services to fully consider the findings and expectations set out in the Communication and evaluate their frameworks for pre-trade controls.

5. European Updates: Omnibus Sustainability Package and MiCA

1. Commission proposes Omnibus sustainability package

On 26 February 2025, the European Commission ("Commission") announced significant changes to certain EU ESG laws, including the Corporate Sustainability Reporting Directive ("CSRD"), as part of the first 'omnibus simplification package'.

While the proposals have been described by the Commission as 'simplification' rather than 'deregulation' efforts, the effect of the proposals, if adopted, would be to significantly scale-back CSRD reporting obligations, with 80% of companies taken out of scope and a two-year delay to reporting for those that would continue to be subject to the CSRD.

For a detailed consideration of the proposals and the implications for companies, please see the recent update from Matheson's Corporate team here.

2. Commission adopts three delegated regulations on RTS under MiCA

On 27 February 2025, the European Commission ("Commission") adopted three delegated regulations under the regulation on markets in crypto – assets ("MiCA"), as follows:

1. Commission Delegated Regulation with regard to regulatory technical standards ("RTS") specifying records to be kept of all crypto – asset services , activities, orders and transactions undertaken.

2. Commission Delegated Regulation with regard to RTS specifying the requirements for policies and procedures on conflicts of interest for CASPs and the details and methodology for the content of disclosures on conflicts of interest.

3. Commission Delegated Regulation with regard to RTS specifying the requirements for policies and procedures on conflicts of interest for issuers of asset-referenced tokens.

3. Official translations of Guidelines on maintenance of systems and security access protocols under MiCA published

On 26 February 2025, the European Securities and Markets Authority ("ESMA") published the official translations of its guidelines ("Guidelines") on the specification of Union standards for the maintenance of systems and security access protocols for offerors and persons seeking admission to trading of crypto-assets other than asset referenced tokens and e- money tokens under the regulation on markets in crypto-assets ("MiCA").

The Guidelines aim to provide more clarity as regards the systems and security access protocols that apply to offerors and persons seeking admission to trading who are not subject to the same operational resilience standards under MiCA and under DORA as their crypto-asset service provider counterparts.

Additionally, the Guidelines also aim to promote greater convergence in the interpretation and application of the MiCA provisions applicable to offerors and persons seeking admission to trading.

ESMA published its final report on the Guidelines on 17 December 2024. For more detail, please see FIG Top 5 at 5 dated 19 December 2024.

Next Steps

The Guidelines are applicable from 27 April 2025, being 60 calendar days following the publication of the official translations of the Guidelines on ESMA's website.

4. EBA publishes opinion on Commission's partial rejection of its RTS on authorisation for issuers of ARTs under MiCA

On 27 February 2025, the European Banking Authority ("EBA") issued an opinion ("Opinion") in response to the European Commission's ("Commission") intended changes to the draft regulatory technical standards ("RTS") on information for authorisation to offer to the public or seek admission to trading of asset-referenced tokens ("ARTs") under the regulation on markets in crypto-assets ("MiCA").

The RTS were submitted to the Commission by the EBA on 6 May 2024 and specified the list of information to be submitted to the competent authority to allow a supervisory scrutiny of the application. For more detail, please see FIG Top 5 at 5 dated 9 May 2024.

By letter dated 13 January 2025, the Commission informed the EBA that it intended to endorse the RTS with amendments and also sent the modified version of the RTS to the EBA.

In the Opinion, the EBA accepts, in substance, the Commission's proposed changes, particularly those considered as substantive. However, the Opinion also invites the Commission to consider amending the level 1 text to include the following elements, that were in the RTS, that the EBA considers to be important from a supervisory perspective:

  • a policy to prevent market abuse and a policy for whistleblowers. The EBA has stated that, given the potential risk of market abuse and the relevance of preventing such behaviours, an internal policy on market abuse has merits;
  • an independent third party audit about the issuer's proprietary distributed ledger technology ("DLT") that is operated by the issuer or by a third-party operator. In the Opinion, the EBA emphasises the importance of requesting a technical and security audit performed by an independent third party on the consistency of the DLT functioning, given its relevance to mitigate DLT related risks. The Opinion further states that the impartiality of the assessment would mitigate potential conflicts of interests, providing increased reassurance to the market and to supervisors; and
  • proof of good repute of the members of the management body, with the EBA emphasising that the assessment of good repute is of paramount importance in assessing the suitability of members of the management body in the financial sector and in allowing individuals to undertake such roles in entities active in the crypto-asset sphere. The EBA highlights that recent experiences in the crypto-asset sector have confirmed the importance of a rigorous assessment of these requirements by supervisors.

Next Steps

We now await details of the Commission's position.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Darren Maher
Darren Maher
Photo of Joe Beashel
Joe Beashel
Photo of Gráinne Callanan
Gráinne Callanan
Photo of Elaine Long
Elaine Long
Photo of Louise Dobbyn
Louise Dobbyn
Photo of Caroline Kearns
Caroline Kearns
Photo of Niamh Mulholland
Niamh Mulholland
Photo of Ian O'Mara
Ian O'Mara
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More