1. Central Bank concludes public consultation on enhanced Administrative Sanctions Procedure
On 13 December 2023, the Central Bank of Ireland ("Central Bank") published its Feedback Statement and finalised consolidated Guidelines relating to the enhanced Administrative Sanctions Procedure ("ASP"). The Guidelines update and consolidate the Central Bank's existing ASP publications, including ASP Outline 2018, Inquiry Guidelines 2014 and ASP Sanctions Guidance 2019.
The Central Bank states in the Feedback Statement that the Guidelines aim to provide transparency, clarity and consistency on the ASP process while emphasising the Central Bank's principles of proportionality and fairness when dealing with individuals and firms. The Central Bank further explained that as the Guidelines are procedural in nature much of the feedback received related mainly to requests for additional clarifications rather than suggested changes. The majority of the submissions received by the Central Bank related to queries regarding the investigations stage of the ASP, however there were also queries raised across the inquiry stage, the settlement process and the sanctions process.
This update provides a high-level overview of the amendments made to the Guidelines following the submissions received by the Central Bank, categorised by area of focus. For a more in-depth analysis of the implications of these amendments and observations on the Feedback Statement, please monitor Matheson's Insights page over the coming days.
Key Amendments
ASP Investigations
- Role of the Responsible Authorised Officer: the Central Bank has provided additional clarity regarding the role and responsibilities of the Responsible Authorised Officer ("Officer") and amended the Guidelines to reflect this;
- Confidential Information: while the Central Bank Individual Accountability Framework Act ("IAF Act") acknowledges that recipients of confidential information may disclose it where required by law to do so, the responses received by the Central Bank identified other circumstances where individuals may have a legitimate need to disclose confidential information, and the Central Bank has considered these and amended the Guidelines to reflect this situation;
- Timeframe for Responses: the Central Bank expects that investigations will be carried out in a timely manner, but acknowledges that additional complexities may require an extension and has set out procedures for extension requests. There is a 7 day time period for submissions on the draft investigation report set out in the draft Guidelines will be insufficient in many cases, and therefore the period will be set by the Officer following a consideration of the complexities of the issues, contents of the draft investigation report and the necessary period to ensure the subject has a fair opportunity to respond. The Guidelines have been updated accordingly;
- Use of Information by the Central Bank: information can be used by the Central Bank to perform any of its statutory duties, but will only be used where it is fair and reasonable to do so. The Guidelines have been amended to provide further clarification on the type of uses;
- Legal Professional Privilege: the IAF Act does not require the subject of an investigation to disclose legally privileged information, and the Guidelines have been clarified to state that entry into a disclosure agreement is done on a voluntary basis. It should be noted that guidance on how to provide information to the Central Bank is not set out in the Guidelines as the practice is subject to change. Additionally, the Central Bank has explained that in practice, a disclosure agreement will include a provision confirming that the Central Bank can utilise the disclosed material for the performance of any of its statutory functions and any other purpose specified in the agreement. The Guidelines have been amended to clarify this; and
- Publication of the Details of the Notice of Inquiry: in line with the principle of proportionality, the Guidelines have been amended to state that where inquiry members make a finding that no prescribed contravention has been committed, it is expected that they will issue a public notice to this effect. By doing so, the Central Bank maintains that equal public visibility of an inquiry finding of no contravention will be achieved.
ASP Inquiries
- Appointment of Inquiry Members: the Central Bank's Regulatory Decisions Unit will write to inquiry participants to confirm their appointment and the Guidelines have been amended to clarify that inquiry members will also be included in that communication and a notice will appear on the Central Bank's website confirming that an inquiry has commenced and who has been appointed;
- Management of Conflicts of Interest: the Central Bank will select members based on experience and expertise and the Guidelines have been amended to provide additional detail on how conflicts are managed at the appointment stage and throughout the inquiry process; and
- A Finding of No Prescribed Contravention: the Guidelines have been amended to state that where inquiry members have concluded an inquiry and found that no prescribed contravention has been committed, the inquiry members will issue a public notice in all instances.
ASP Settlement
- The Process in Undisputed Facts Settlements and Investigation Report Settlements: the Guidelines have been amended to clarify how the new settlement processes will operate; and
- Public Statements: the Central Bank explains that communication is an important tool in supervisory and enforcement messaging, and the Central Bank must be in a position to signal to the public, consumers and wider markets, their views in terms of trends, systemic issues and behaviours. Consequently, the Guidelines have been amended to state that such commentary is relevant to the wider public.
ASP Sanctions
- Determination of Monetary Penalties for Individuals: the Guidelines have been amended to clarify that firms and individuals will be provided with information on how a monetary penalty has been calculated and provide an opportunity to engage with the Central Bank regarding sanctions as part of the settlement or inquiry process;
- Submissions on Sanction: the Guidelines have been amended to clarify that the subject of an inquiry or investigation will be entitled to make submissions on sanctions as part of the settlement process; and
- Directions Imposing Conditions or Disqualification as a Sanction: the Guidelines have been amended to provide further information on the imposition of directions imposing conditions or disqualification as a sanction, which will generally be decided on a case by case basis.
ASP Court Confirmation and Appeals
- Appealable Decisions: the Guidelines have been amended to state that the inquiry decision is the only decision that can be appealed to IFSAT under the ASP.
Other Notable Matters
- Subjects being accompanied at any stage of the ASP: the Guidelines have been amended to clarify that the subject may elect to be represented by a legal practitioner or with permission from the inquiry members, any other person.
Implementation
The Guidelines came into force immediately on publication, on 13 December 2023. In the Feedback Statement the Central Bank explain that the ASP will continue to evolve as the IAF is implemented and commences fully, and that it will remain engaged and keep the ASP under review.
2. Irish Insurance Updates
Central Bank of Ireland issues final "Intermediary Times" of 2023
On 17 November 2023, the Central Bank of Ireland ("Central Bank") published the latest edition of its "Intermediary Times" newsletter, a publication produced by the Retail Intermediaries supervision team of the Central Bank's Consumer Protection Directorate. The newsletter covers topics of interest, new items on the Central Bank's website and regulatory issues that retail intermediary firms need to be aware of. Topics of note in this edition include:
- Corporate Governance
The Central Bank noted that it has observed an increase in the number of firms whose governance, risk management and internal control frameworks are not aligned to the firm's business growth. The Central Bank explained that it expects regulated firms to maintain an appropriately balanced governance structure to operate effectively and ensure that all legislative and regulatory requirements are met. At a minimum, firms should include corporate governance as a standing agenda item for board meetings, and address any issues identified without undue delay. The Central Bank reminded firms that failure to maintain proper governance structures may be grounds to revoke a firm's authorisation or registration.
- Ongoing Suitability of Long Term Life Assurance Products
In August 2023, the Central Bank emailed impacted firms regarding the results of its thematic review on the Ongoing Suitability of Long-Term Life Assurance Products. The Review identified a number of weaknesses in how some consumers are being protected in the changing economic environment. The risk that long-term products may become less suitable for the policy holder over time can occur for a number of reasons:
- changes to the policyholder's needs, attitude to risk or other personal circumstances;
- the introduction of alternative products which better suit the consumer's needs, have a lower price or better fund options becoming available; and
- changes in the wider investment and economic environment.
The Central Bank highlighted, a number of aspects which are of particular importance:
- insurance intermediaries are obliged to advise consumers as part of their suitability statement, whether a recommended insurance-based investment product is likely to require them to seek a periodic review of their arrangements. Insurers are expected to ensure that they advise Insurance Intermediaries of which IBIPs are likely to require a periodic review and assist Insurance Intermediaries in putting appropriate plans in place;
- agency agreements entered into between insurers and insurance intermediaries do not set out obligations in respect of ongoing service/suitability. Insurers have been advised that they are expected to regularly review the contents of these agreements to ensure that they remain fit for purpose; and
- where a consumer has switched into funds that are not suitable for long term investments, this decision should be revisited on a frequent basis to ensure that funds are not left there without valid justification for a prolonged period.
- Disclosure Requirements of the Consumer Protection Code 2012
The Central Bank highlights that there must be continued compliance with the disclosure requirements of the CPC, and disclosures must be up to date, clear and written in plain English.
- Thematic Inspection Update
In July 2023, the Central Bank commenced a thematic inspection of firms to review compliance with key legislative requirements including minimum competency code and KYC and suitability provisions. Supervisors are currently undertaking onsite inspections of firms across all provinces. Where necessary, the Central Bank will write to relevant firms where follow up action is needed and will communicate their key findings in early 2024.
- EIOPA Statement on Governance Arrangements in Third Country Branches ("TCB")
On 3 February 2023, EIOPA published a Supervisory Statement regarding governance arrangements in third countries. The Central Bank expects all firms, not just those with TCB to:
- have a substantive presence in Ireland;
- be controlled by their boards and local management and not run from elsewhere;
- be sufficiently resourced in terms of seniority and expertise commensurate to the nature, scale and complexity of the business with decision making taking place in Ireland; and
- be capable of managing material risks locally.
The EIOPA statement further supports and elaborates on the Central Bank's expectations, particularly in relation to the use of TCBs. There is a clear supervisory expectation that a TCB should primarily serve the market in which it is established, not to simply support the EU-based Intermediary. TCB may assist their respective EU head offices but such support should only be ancillary, and not undermine substance or lead to disproportionate dependence. The Central Bank expects all regulated firms with a TCB to review their current business model in light of the supervisory statement and set out steps and a timeline to ensure alignment with the Central Bank expectations.
- Client Premium Accounts
The CPC prescribes a number of requirements in respect of premium handling by insurance intermediaries, who must have robust procedures and oversight arrangements in place. Payments in respect of levies, membership fees, or other transactions not specified in Provision 3.50 are not permitted to be made from a Client Premium Account. Firms are required to carry out, and retain monthly reconciliations of amounts due to regulated entities. Failure to comply may lead to regulatory action being taken against the firm.
New Code of Practice for Underwriting Mortgage Protection Insurance for Cancer Survivors enters into force
On 6 December 2023, the Code of Practice for Underwriting Mortgage Protection Insurance for Cancer Survivors ("Code") came into effect. The Minister for Finance, Michael McGrath, and the Minister for Financial Services, Credit Unions and Insurance, Jennifer Carroll MacNeill welcomed the implementation of the Code.
The Code requires insurers to disregard a disclosed cancer diagnoses where treatment ceased over 7 years before the application, or over 5 years if the applicant was under 18 at the time of the diagnosis. Minister McGrath acknowledged the Code as an important first step in ensuring mortgage protection for cancer survivors, and that the "ensuring that the Code delivers the intended outcomes for consumers in terms of improved access to cover and a better customer experience". Minister Carroll MacNeill noted that the Code would give a sense of normality to cancer survivors in accessing mortgage protection insurance cover.
For more details on the Code, please see the FIG Top 5 at 5 dated 15 June 2023.
3. Payments Updates
EPC publishes the annual update on payment threats and fraud trends report 2023
On 7 December 2023, the European Payments Council ("EPC") published its 2023 Report on payments threats and fraud trends ("Report"). The Report provides an overview of the most important threats and other "fraud enablers". These were identified as social engineering; malware; advanced persistent threats; distributed denial of service; botnets; third-party compromise; monetisation channels; and liability for social engineering fraud.
Observations
The EPC found that the main attack focus over the past year was the trend of moving from malware to social engineering attacks, and made a number of conclusions which are outlined below:
- social engineering attacks and phishing attempts are continuing to increase, with a shift towards company executives and employees, payment service providers and payment infrastructures and more frequently leading to fraud in authorised push payments fraud;
- awareness campaigns remain crucial against social engineering, and should be coordinated;
- malware remains a significant threat, in particular ransomware is increasing, and all stakeholders should ensure that they are taking appropriate mitigation measures;
- Advanced Persistent Threat is potentially a high risk and is one of the most lucrative and sophisticated forms of payment fraud;
- the number of distributed denial of service attacks has increased and remain a target within the financial sector;
- due to the continuation of botnets and the high volume of infected consumer devices, severe threats remain, although financial gain will mostly be achieved through extortion;
- supply chain attacks are an issue for payment service providers ("PSPs") relying on third party vendors, therefore PSPs should carefully assess their dependencies on third party vendors;
- given the increased use of smart mobile devices, payment apps are becoming a more attractive target for fraudsters;
- businesses have adopted cloud and big data analytics technologies following the rapid growth in the amount of data, which brings both new opportunities and new risks;
- the demand for user-friendliness and simplicity has put pressure on firms to find the right balance between security and user-friendliness;
- card payment fraud will remain an issue in countries using mag-stripe;
- unauthorised customer not present fraud remains a huge problem and is the main fraud cost driver;
- more push payment fraud was noted in the last year;
- the sharing of fraud intelligence and information is an essential method to mitigate risks, but this is limited by data protection rules and regulations, particularly in cross border sharing;
- a SEPA-wide platform for fraud has been established for sharing information between SEPA payment scheme participants; and
- PSPs must understand emerging threats and their impact and continue to invest in appropriate security and customer awareness campaigns.
Department of Finance launches public consultation on National Payments Strategy
On 12 December 2023, the Department of Finance launched a public consultation seeking stakeholder views on the National Payments Strategy for Ireland ("Strategy"). The last national policy in this area was set out in the National Payments Plan in 2013 and the Strategy aims to respond to the significant changes that have occurred in this area since then.
The Strategy will:
- create a roadmap for the evolution of the financial services sector, including legislative changes relating to Access to Cash;
- analyse fraud and whether further domestic measures are needed alongside the EU legislation;
- examine crypto-assets, instant payments and open banking and what new data ought to be collected; and
- consider cash access and cash acceptance.
The Minister for Finance, Michael McGrath, launched the consultation and noted that ensuring an innovative and accessible payments system is vital for Ireland's economy and society. He commented that technological developments should not exclude vulnerable groups or result in financial exclusion and it is important to "ensure that choice is at the centre of our future payments strategy". He acknowledged the important role that cash plays in society and that the Strategy would protect it.
Next Steps
The consultation will close to feedback on 14 February 2023.
4. Consultation Papers from various European Supervisory Authorities
EBA consults on RTS under MiCA
On 7 December 2023, the European Banking Authority ("EBA") published a consultation paper on draft regulatory technical standards ("RTS") setting out specific requirements for policies and procedures on conflicts of interest for issuers of asset-referenced tokens ("ARTs") under MiCA.
Under Article 32(1) of MiCA, ARTs issuers must implement and maintain effective policies and procedures to identify, prevent, manage and disclose conflicts of interest. Article 32(5) requires the EBA to create RTS for those principles and policies, alongside the elements for the disclosure content.
The EBA stated that under the draft RTS:
- particular attention must be given by issuers to the conflict of interest that may arise when they manage and invest the reserve of assets;
- include specific provisions, such as documentation requirements regarding public transactions that must be carried out objectively in the interest of each party;
- specify that the remuneration procedures, policies and arrangements of the issuer should not create a conflict of interest;
- emphasise the key role of the issuer's management body, responsible for defining and adopting conflict of interest policies and procedures; and
- require a person responsible for the management of conflicts of interests to be provided with adequate resources;
- outline the content of the conflict of interest disclosure which should be publically accessible.
Next Steps
The consultation will close on 7 March 2024, and the EBA expects that the final RTS will be available when MiCA enters into force.
ESAs publish consultation on guidelines on information system for assessing fitness and propriety
On 5 December 2023, the European Supervisory Authorities ("ESAs") published a joint consultation paper on guidelines on the system established by the ESAs for the exchange of information relevant to the assessment of the fitness and propriety holders of qualifying holders, directors and key function holders of financial institutions, and financial market participants by competent authorities ("Guidelines").
The Guidelines aim to clarify how the system should be used and how the data should be exchanged.
Next Steps
The deadline for submissions is 15 January 2024, and the ESAs aim to finalise the guidelines in early 2024. They foresee that the guidelines will mostly apply from 2 July 2024, with certain provisions applying from October 2024, July 2025 or October 2025.
Joint Committee of ESAs consults on second set of RTS, ITS and guidelines under DORA
On 8 December 2023, the Joint Committee of the European Supervisory Authorities ("ESAs") published a number of consultation papers on draft regulatory standards ("RTS"), implementing technical standards ("ITS") and guidelines under DORA. The first set of policy products under DORA were published in June 2023, and these consultations relate to the second set of policy products.
RTS and ICT
- Consultation Paper on draft RTS on the elements which a financial entity needs to determine and assess when subcontracting ICT services supporting critical or important functions as mandated under Article 30(5) of DORA;
- Consultation Paper on draft RTS on the harmonisation of conditions enabling the conduct of the oversight activities as mandated under Article 41(2) of DORA;
- Consultation Paper on draft RTS on the content of the notification and reports for major incidents and significant cyber threats and determining the time limits for reporting major incidents and draft ITS on the standard forms, templates and procedures for financial entities to report a major incident and to notify a significant cyber threat as mandated under Article 21(a) and (b) of DORA; and
- Consultation Paper on draft RTS specifying elements related to threat-led penetration tests as mandated under Article 26(11) of DORA.
Guidelines
- Consultation Paper on guidelines on the estimation of aggregated annual costs and losses caused by major ICT-related incidents as mandated under Article 11(11) of DORA; and
- Consultation Paper on guidelines on the oversight co-operation and information exchange between the ESAs and the competent authorities as mandated under Article 32(7) of DORA.
Next Steps
The consultation papers are open to responses until 4 March 2024. The ESAs expect to submit the RTS, ITS and guidelines to the Commission by 17 July 2024.
EIOPA Consultation Paper on the Opinion on sustainability claims and greenwashing in the insurance and pensions sectors
On 12 December 2023, the European Insurance and Occupational Pensions Authority ("EIOPA") published a consultation paper on its proposed approach to tackling greenwashing in the insurance and pensions sectors. The draft Opinion outlines 4 principles which should be observed when providers make sustainability claims, and includes examples of good and bad practices to demonstrate how greenwashing can occur in practice.
The principles will help to establish harmonised supervision of sustainability claims across the EU, limiting the risk of greenwashing in the insurance and pensions sectors. The principles are:
- Principle 1: Sustainability claims made by a provider should be accurate, precise, and consistent with the provider’s overall profile and business model, or the profile of its product(s);
- Principle 2: Sustainability claims should be kept up to date, and any changes should be disclosed in a timely manner and with a clear rationale;
- Principle 3: Sustainability claims should be substantiated with clear reasoning and facts; and
- Principle 4: Sustainability claims and their substantiation should be accessible by the targeted stakeholders.
Next Steps
The consultation will close to comments on 12 March 2024.
5. European Banking Updates
European Parliament and Council reach agreement on the Daisy Chain proposal
On 6 December 2023, the European Parliament ("Parliament") and the Council of the European Union of the European Union ("Council") reached a provisional political agreement on the proposed Directive making targeted amendments to the Bank Recovery and Resolution Directive and the Single Resolution Mechanism Regulation concerning the minimum requirement for own funds and eligible liabilities ("MREL"), referred to as the Daisy Chains proposal ("Proposal"). It is a targeted amendment to 'include targeted proportionality requirements to the treatment of internal MREL in bank resolution groups'.
The proposal aims to:
- give the resolution authorities the power of setting internal MREL subject to certain conditions on a consolidated basis. Where such consolidated treatment is allowed to be applied, the intermediate subsidiaries will not be obliged to deduct their individual holdings of internal MREL; and
- introduce a specific MREL treatment for liquidation entities which are defined as entities in a banking group assigned for winding up according to insolvency laws and are not subject to resolution action.
The provisional text which has been agreed by the Council and the Parliament provides clarity on the scope of liquidation entities and further detail on the conditions for the application of the consolidated treatment of internal MREL.
Next Steps
The provisional agreement must now be confirmed by the Committee of permanent representatives and the Parliament. Once endorsed, the text must be formally voted on in the Parliament and Council and will be published in the Official Journal. It will come into force 20 days later, and the rules will apply 6 months later.
Final compromise texts of the provisional agreements on the implementation of Basel III reforms published
On 6 December 2023, the Council of the EU ("Council") published the final compromise texts of the provisional agreement reached on the implementation of Basel III reforms :
- final compromise text for the Capital Requirements Directive VI; and
- final compromise text for the Capital Requirements Regulation III.
The texts reflect the outcome of the provisional political agreement reached in June 2023 by the European Parliament and the Council, as well as the outcome of a technical review by the EU co-legislators.
For more details on the agreement, please see FIG Top 5 at 5 dated 29 June 2023.
EBA publishes peer review on supervision of creditors' treatment of mortgage borrowers in arrears under the Mortgage Credit Directive
On 11 December 2023, the European Banking Authority ("EBA") published a peer review on the supervision of creditors' treatment of mortgage borrowers in arrears under the Mortgage Credit Directive ("MCD") ("Review"). The Review was undertaken in response to the current economic conditions and high interest rate environment, and is the first review which concentrated on conduct and consumer protection issues.
The Report found that overall the competent authorities' ("CAs") supervision was effective and has been adapted to reflect the high interest rate environment and risks to mortgage borrowers. Those CAs which allocated significant resources to conduct supervision were particularly effective and prepared for challenges facing mortgage borrowers in the current risk rate climate. Those CAs which focused on prudential supervision, had a more limited focus on consumer objectives under the MCD, and did not have sufficient resources to engage with the particular issues facing borrowers.
In response, the EBA has adopted follow measures, applicable to all CAs:
- adoption of policies clearly indicating internal unit responsibilities to facilitate cooperation and information sharing among different teams involved in the supervision of creditor's treatment of mortgage borrowers in arrears;
- establishment of formal written procedures regarding the supervision of this area; and
- enhancing supervision of MCD creditors' preparedness for dealing with potential arrears related to market conditions through further engagement and guidance on supervisory expectations.
These follow up measures will be reviewed again in 2 years.