Financial regulationRegulatory bodies
Which bodies regulate the provision of fintech products and services?
The Central Bank is the only financial services regulator in Ireland and is responsible for authorising and supervising all providers of regulated financial services. The Central Bank is responsible for both prudential supervision and conduct of business supervision of regulated entities that it has authorised. Where a regulated firm has been authorised by a supervisory authority in another EU or EEA jurisdiction, the home state regulator will be responsible for prudential supervision but the Central Bank will be responsible for conduct of business supervision in Ireland. The Single Supervisory Mechanism at the European Central Bank also directly supervises significant credit institutions and has exclusive competence for the authorisation of credit institutions (other than branches of third-country credit institutions).Regulated activities
Which activities trigger a licensing requirement in your jurisdiction?
Whether or not a fintech business is required to hold a financial services authorisation will depend on the nature of the activities that the firm engages in. As far as investment-related activities are concerned, Directive 2014/65/EU (MiFID II) was transposed into Irish law by the European Union (Markets in Financial Instruments) Regulations 2017 (the Irish MiFID II Regulations). Engaging in any of the investment services and activities listed in MiFID II (eg, providing investment advice or executing client orders) is a regulated activity requiring authorisation. Other parts of the MiFID II package also have direct effect in Ireland.
Engaging in ‘banking business’ requires authorisation under the Central Bank Act 1971. The European Union (Capital Requirements) Regulations 2014 transposed the Capital Requirements Directive 2013/36/EU (CRD IV) into Irish law and the requirements for obtaining an Irish banking licence are based on the transposition of the CRD IV package. Other parts of the CRD IV package also have direct effect in Ireland. ‘Banking business’ means taking deposits or other repayable funds from members of the public and granting credit for own account. There is a restriction in the 1971 Act, in the absence of an exemption from the Central Bank, which prohibits anyone from using the term ‘bank’ in their name or holding themselves out as a bank without holding the necessary authorisation. Ireland also has a regime for authorising branches of credit institutions established in third countries (third-country branches) under section 9A of the Central Bank Act 1971.Consumer lending
Is consumer lending regulated in your jurisdiction?
Subject to very limited exceptions, providing deferred payments, cash loans or other similar financial accommodation to individuals (not just consumers) in Ireland is a regulated activity requiring authorisation as a retail credit firm under the Central Bank Act 1997, unless the lender is otherwise authorised to provide such credit, for example, a bank. This is an Irish domestic licensing regime and does not derive from an EU law obligation.
The legislation was further amended in early 2022 by the introduction of the Consumer Protection (Regulation of Retail Credit and Credit Servicing Firms) Act 2022. This legislation, once commenced, will bring providers of indirect credit to consumers, for example, providers of 'buy now, pay later' agreements into the regulatory perimeter for the first time. Previously, indirect providers of consumer credit products were technically outside the scope of Irish financial services law from a licensing perspective. Commencement of the new legislation is likely to occur during the summer of 2022.
Multiple aspects of consumer lending are also regulated (at a conduct of business level) under the Consumer Credit Act 1995 (the 1995 Act) and the European Communities (Consumer Credit Agreement) Regulations 2010 (the 2010 Regulations), which regulate the form and content of credit agreements. The 1995 Act and the 2010 Regulations implement the provisions of Directive 87/102/EEC as amended, and Directive 2008/48/EC.
The Central Bank’s Consumer Protection Code 2012 and associated addenda (the CPC) are also relevant. The CPC applies to all financial services providers who are authorised, registered or licensed by the Central Bank, as well as financial services providers authorised, registered or licensed in another EU or EEA member state when providing services in Ireland, on a branch or cross-border basis. The CPC essentially requires regulated entities to adhere to a set of general requirements, such as to provide terms of business to consumers, conduct KYC, to establish the suitability of the product, and adhere to lending and advertisement requirements.
There are also separate requirements for mortgage lending to consumers, including the ‘housing loan’ requirements under the Consumer Credit Act 1995, European Union (Consumer Mortgage Credit Agreements) Regulations 2016, implementing the provisions of Directive 2014/17/EU and the Central Bank’s Code of Conduct on Mortgage Arrears.Secondary market loan trading
Are there restrictions on trading loans in the secondary market in your jurisdiction?
Part V of the Central Bank Act 1997 regulates credit servicing, which includes holding the legal title to loans made by regulated financial services providers to individuals and SMEs. Credit servicing is a regulated activity requiring authorisation by the Central Bank. Acquiring the beneficial interest in such loans is not a regulated activity however, although there are associated licensing requirements applicable to entities that provide administration or servicing in respect of such loans. Trading non-SME corporate loans is not, generally speaking, a regulated activity in Ireland.
There may also be data protection issues and general contractual issues that need to be addressed, irrespective of the nature of the loans being traded.Collective investment schemes
Describe the regulatory regime for collective investment schemes and whether fintech companies providing alternative finance products or services would fall within its scope.
Investment funds are authorised and regulated by the Central Bank, and may be regulated as:
- undertakings for collective investment in transferable securities (UCITS) in accordance with the European Communities (Undertakings for Collective Investment in Transferable Securities) Regulations 2011, which implement the UCITS Directives into Irish law, and the Central Bank (Supervision and Enforcement) Act 2013 (Section 48(1)) (Undertakings for Collective Investment in Transferable Securities) Regulations 2019 (collectively the UCITS Regulations); or
- retail investor alternative investment funds (RIAIFs) or qualifying investor alternative investment funds (QIAIFs) in accordance with the requirements of the Central Bank and of the European Union (Alternative Investment Fund Managers) Regulations 2013 (as amended) (the AIFM Regulations), which implement the Alternative Investment Fund Managers Directive 2011/61/EU (AIFMD) into Irish law.
UCITS, RIAIFs and QIAIFs may be organised through a number of legal structures, the most popular of which are the Irish collective asset-management vehicle (ICAV), the investment public limited company (the investment company) and authorised unit trusts. It is an offence to carry on business as an ICAV, investment company or authorised unit trust unless authorised by the Central Bank.
Fintech companies, whether providing alternative finance products or otherwise, would not typically fall to be regulated as investment funds. However, fintech firms that fall within the definition of alternative investment funds would require authorisation. Fintech companies that provide services to investment funds may require authorisation if they are providing regulated depositary or administration services. Depositaries and administrators to investment funds may also engage fintech firms, in which case applicable Central Bank outsourcing requirements may apply, although in general, the fintech service providers would not themselves require authorisation.Alternative investment funds
Are managers of alternative investment funds regulated?
The Central Bank authorises and regulates Irish alternative investment fund managers (AIFMs) under the AIFM Regulations, as well as regulating UCITS management companies in accordance with the UCITS Regulations, and non-UCITS management companies (a residual category post-AIFMD). Most fintech companies would be expected to fall outside the scope of the AIFM Regulations and the UCITS Regulations.Peer-to-peer and marketplace lending
Describe any specific regulation of peer-to-peer or marketplace lending in your jurisdiction.
There is currently no distinct regulatory regime for peer-to-peer or marketplace lending in Ireland. Some of the regimes described in this chapter (eg, retail credit, the new Crowdfunding Regulation) may, however, be relevant depending on the nature of the specific activities engaged in and a regulatory analysis of the proposed process flow is therefore always advisable.Crowdfunding
Describe any specific regulation of crowdfunding in your jurisdiction.
Regulation (EU) 2020/1503 (the Crowdfunding Regulation) and Directive (EU) 2020/1504 (the MiFID II Amending Directive) were recently published to provide a common EU legislative framework in respect of crowdfunding.
The Crowdfunding Regulation became directly effective in Ireland in November 2021, and Ireland has implemented the MiFID II Amending Directive into national law. European crowdfunding service providers (ECSPs) are excluded from MiFID II by the MiFID II Amending Directive, and ECSPs are instead covered by the Crowdfunding Regulation.
The Crowdfunding Regulation applies to peer-to-peer crowdfunding platforms facilitating ‘business funding’ (lending to consumers is excluded) and investment-based crowdfunding platforms in relation to transferable securities up to a threshold of €5 million, whereas MiFID II will continue to apply to larger crowdfunding platforms.
Prospective ECSPs must apply for authorisation under the Crowdfunding Regulation and may avail of the ability to passport its licence into each of the EEA member states once approved. The Crowdfunding Regulation also places tailored operational and conduct of business requirements on ECSPs in their interactions with investors.Invoice trading
Describe any specific regulation of invoice trading in your jurisdiction.
Holding title to loans advanced to consumers and SMEs can constitute ‘credit servicing’ requiring licensing under the Central Bank Act 1997 in certain circumstances. At a conduct of business level, the Central Bank (Supervision and Enforcement) Act 2013 (Section 48) (Lending to Small and Medium-Sized Enterprises) Regulations 2015 apply to regulated financial services providers and regulate the provision of credit by a regulated entity to micro, small and medium-sized enterprises in Ireland. ‘Credit’ is broadly defined as a deferred payment, cash loan or other similar financial accommodation, including hire purchase, invoice discounting and the letting of goods. There are no regulations specific to invoice trading, described as such, in Ireland.Payment services
Are payment services regulated in your jurisdiction?
Yes. The provision of payment services is a regulated activity requiring authorisation under the European Union (Payment Services) Regulations 2018 (the PSD Regulations), which transpose Directive 2015/2366/EU (PSD2) into Irish law. Ireland’s implementation of the PSD2 through the PSD Regulations was consistent with the principle of maximum harmonisation, and as such the PSD Regulations reflect the requirements of the PSD2 itself.
Where PSD2 does not apply, there is a domestic regime under Part V of the Central Bank Act 1997, which regulates ‘money transmission business’. Money transmission business is defined as a business that comprises or includes providing a money transmission service to members of the public.Open banking
Are there any laws or regulations introduced to promote competition that require financial institutions to make customer or product data available to third parties?
Yes. One of the main aims of PSD2 was to increase competition in the payment sector, introduce open banking and facilitate access by third-party providers to a user’s account held with their account servicing payment service provider (usually a bank). The Strong Customer Authentication requirements came into effect in September 2019, and this has required account servicing payment service providers to develop and test APIs to facilitate open access by third-party providers.Insurance products
Do fintech companies that sell or market insurance products in your jurisdiction need to be regulated?
Any entity that carries on insurance or reinsurance business in Ireland (ie, an insurance or reinsurance underwriter) requires an authorisation in accordance with the requirements of Directive 2009/138/EC (Solvency II) as implemented in Ireland by the European Union (Insurance and Reinsurance) Regulations 2015.
The European Union (Insurance Distribution) Regulations 2018 (the IDD Regulations) came into force on 1 October 2018, and transpose the Insurance Distribution Directive (EU) 2016/97 into Irish law. The IDD Regulations set out authorisation and ongoing regulatory requirements for any person engaged in ‘insurance distribution’ in Ireland. This is broadly defined to include advising on, proposing, or carrying out other work preparatory to the conclusion of contracts of insurance, of concluding such contracts, or of assisting in the administration and performance of such contracts. Any fintech firm that sells or markets insurance products in Ireland (as a broker or agent) is likely to require authorisation in accordance with the IDD Regulations.Credit references
Are there any restrictions on providing credit references or credit information services in your jurisdiction?
The provision of third-party credit referencing or credit information services is not specifically regulated in Ireland, but historically this activity has not been widespread – credit checking was conducted directly by lenders themselves. Reflecting the fragmented credit information formerly available in Ireland, the Credit Reporting Act 2013 and associated regulations provide for the establishment and operation of a statutory central credit register (CCR) system, established and operated by the Central Bank. Credit providers in Ireland are required to provide information to the Central Bank for entry to the CCR and are also obliged to make an enquiry in respect of relevant credit applications.