On 26 February 2026, the Central Bank of Ireland (Central Bank) published its 2026 Regulatory and Supervisory Outlook (RSO) report, outlining its perspectives on the key trends and risks shaping the financial sector and its supervisory priorities for the year ahead.

For further information on the Financial Regulation Priorities 2026, the global and domestic risk environment, risk themes and related drivers and supervisory priorities, please see our related cross sectoral article here and for other sector specific information in the RSO (including a Funds related RSO article here and a Markets (including Crypto and MiFID firms) related RSO article here), please refer to our knowledge page on the William Fry website.

Sectoral Focus - MiFID Investment Firms

In our sector specific articles, trends, risks and vulnerabilities are considered from a sectoral perspective in line with the Central Bank’s supervisory approach. In this article we look at the MiFID Investment Firm sector.

In this sector, there will be a continuing focus on assessing the effectiveness of governance and risk management arrangements and culture and “tone from the top” in firms. There is continued variance in the maturity of governance and risk management frameworks and culture across the sector. A particular focus will be placed on board accountability and how firms have embedded their responsibilities under the IAF/SEAR and how they are putting investors’ interests at the heart of their business.

A focused will remain on supervisory review and evaluation process (SREP) assessments including a targeted review of the business models of a cohort of SREP category 2 firms will commence in Q2 2026.

In addition to the five supervisory focus areas outlined below, the Central Bank will continue to address the topics highlighted in the 2025 RSO, such as financial resilience and the safeguarding of client assets.

Focus Area 1: Operational and cyber resilience

Enhancing operational resilience is again a significant priority. A recent thematic assessment found a maturing of operational resilience frameworks across the sector, however there were varying degrees of maturity seen in the sample of firms covered.

The main planned activities relating to this supervisory focus area in 2026/2027 are:

  • Engagement and risk assessments across certain SREP category 1 & 2 firms. This will include continued engagement in response to findings from thematic work conducted in 2025 and targeted engagement with certain firms in relation to the establishment and maturity of operational resilience frameworks in accordance with the Central Bank’s cross industry guidance.
  • Engagement with certain SREP category 1 & 2 firms in relation to IT risk management frameworks, DORA implementation and cyber resilience. This will include the issuance and assessment of firms’ self-assessment by way of the Central Bank’s IT risk questionnaire.
  • Supervisory assessment of DORA incident reporting and registers of information annual submission.

Focus Area 2: Conflicts of interest

The Central Bank continues to see a lack of understanding of how conflicts of interest can hamper delivery of positive investor outcomes. It expects firms to place sufficient focus on the identification and management of conflicts of interest within their business activities.

Risks continue to exist for investors where firms providing investment services have an incentivised remuneration model. Inducements, commission and remuneration structures can lead to an inherent conflict of interest between revenue generation and acting in the best interests of clients. Firms must continually evaluate their inducement and remuneration policies. This is also a key focus area for ESMA who recently announced a Common Supervisory Action (CSA) on conflicts of interest in the distribution of financial instruments.

The main planned activities relating to this supervisory focus area in 2026/2027 include:

  • Participation in the ESMA CSA on conflicts of interest in the distribution of financial instruments. In line with the prescribed ESMA methodology, a sample of firms providing investment advice and firms offering non-advisory services will be selected for inclusion in the scope of this CSA.
  • Firm specific feedback and an industry communication on the findings of the CSA work and the Central Bank’s supervisory expectations.

Focus Area 3: Treatment of investors

While the revised Consumer Protection Code does not apply in its entirety to this sector, firms will need to embed the guidance on securing customer interests and the protection of consumers in vulnerable circumstances aspects into their operations. This will be an area of focus for the Central Bank.

The sector provides an important gateway for retail investors to access financial products and services and has a key part to play in building trust and confidence, including through providing understandable information and good quality financial products and advice to (potential) investors.

Digitalisation brings many benefits including ease of access for investors, with the increasing use of online and digital platforms and social media being evident. There is a risk to investors from inappropriate marketing and advertising practices, however, which is amplified by the move away from traditional means of marketing and advertising. All marketing and advertising content should be fair, clear and not misleading and presented in a manner that seeks to effectively inform investors.

There is a heightened risk that unsuitable products are held or chosen by investors, particularly retail investors, where ineffective product governance frameworks are in place. Firms may fail to identify the target market for products at a sufficiently granular level and there may be insufficient oversight and challenge of product offerings by senior management. Firms are expected to offer products clearly aligned to investors’ changing goals, risk capacity and preferences, delivering fair value and ongoing suitability.

The increase in the number of complaints from investors is a continuing trend. Firms are expected to be able to demonstrate robust complaint handling processes.

The main planned activities relating to this supervisory focus area in 2026/2027 include:

  • Cross-sectoral thematic review on the identification and treatment of customers in vulnerable circumstances.
  • A thematic review of complaints handling began in Q4 2025. The review will consider how firms deal with individual customer complaints and use MI to identify trends and mitigate against recurring issues.
  • The ESMA CSA on conflicts of interest in the distribution of financial instruments will include a focus on digital/online platforms.
  • The revised Consumer Protection Code and related guidance will be embedded into supervisory practices and firm engagements.
  • The Central Bank will deploy an enhanced Conduct of Business return to support a data driven approach to supervision.

Focus Area 4: Artificial intelligence

The use of AI in investment services can bring efficiencies and new capabilities, but it also raises material risks to investors and to market integrity if not deployed in a manner that has regard to investors’ interests. Poorly governed AI - including models that are mis-specified, inadequately tested, or deployed without attention to explainability, data quality and privacy - can harm investors, erode trust and threaten the stability and integrity of markets.

Firms are expected to treat AI like any other material technology risk by adopting robust governance, risk management and compliance frameworks. Ensuring model validation, ongoing monitoring, testing and incident readiness is essential. AI adoption should be aligned with a firm’s strategy and risk appetite, with ethical data practices and privacy safeguards adopted.

MiFID II requirements are technology-neutral and firms remain responsible for discharging all their obligations when relying on AI technologies in the provision of investment services. To gain further insights into use cases, over the course of 2026 the Central Bank will assess firms’ use and application of AI in the provision of services, with a focus on digital interfaces.

The main planned activities relating to this supervisory focus area in 2026/2027 include:

  • Engagement with firms to continue to develop the Central Bank’s understanding and assessment of AI use cases in the sector to inform the supervisory approach and expectations of firms. The Central Bank will bring an AI focus to all its thematic reviews.
  • Support any future work and surveys undertaken by ESMA on AI, including further analysis of the 2025 survey results.

Focus Area 5: Financial crime

MiFID firms provide access to the financial system for a broad range of clients and counterparties on a domestic and pan-European basis, making them an attractive target for criminals.

Firms must fully understand and continuously assess the ML/TF risks specific to their business models, adapting swiftly to emerging threats and evolving typologies. Boards and senior management are reminded that they must be able to demonstrate an understanding of their firms’ key ML/TF risks and the adequacy of their AML/CFT risk management and control frameworks in line with national and European requirements (including AMLA). Firms are expected to implement a proactive, outcome-driven approach that goes beyond compliance, protecting the integrity of Ireland’s financial system and fostering investor trust and confidence.

The nature of frauds and scams is evolving rapidly leading to the risk that firms have inadequate systems and controls in place to protect their investors from such criminal activity. The Central Bank expects firms to be vigilant and to have robust controls in place to reduce the likelihood of frauds and scams occurring and to demonstrate fair outcomes for investors who fall victim.

STOR submissions from the sector have increased in volume and there has been an improvement in their quality, however, concerns remain. Failures by firms to implement effective, proportionate market surveillance systems and procedures to detect and assess possible market manipulation or insider trading risk allowing abusive behaviour by market participants to go undetected and unreported. In addition, ineffective control frameworks may fail to identify or prevent unauthorised or disorderly trading. Potential failures in pre or post trade controls risk erroneous trades causing financial loss and increased market volatility.

The main planned activities relating to this supervisory focus area in 2026/2027 include:

  • Firms with higher impact ML/TF ratings are subject to cyclical reviews, such firms may be subject to inspection and/or review meetings during the year.
  • Firms will be required to complete an enhanced Risk Evaluation Questionnaire (REQ) which will capture detailed quantitative and qualitative risk information on ML/TF risk and the quality of AML/CFT controls. This data will be used to: (a) identify firm and sector-specific issues and emerging trends; (b) guide supervisory strategy; and (c) satisfy incoming data requirements for the EU’s Anti-Money Laundering Authority (AMLA).
  • Reviews of venue and firm trade surveillance implementations and frameworks, working with industry to improve STOR submission and quality, enhance the Central Bank’s existing surveillance program.
  • Thematic review of a sample of MiFID investment firms to be included in a market abuse frameworks and surveillance thematic review alongside other sectors.