Snapshot: the regulatory framework for financial services compliance in Ireland

Regulatory framework

What national authorities regulate the provision of financial products and services?

The Central Bank of Ireland (CBI) is the primary authority responsible for the regulation of financial services firms in Ireland. The statutory objectives of the CBI include the maintenance of price and financial stability, the resolution of financial difficulties and the oversight of the regulation of financial services firms and markets while ensuring the interests of consumers of financial products are protected. In addition to being responsible for the authorisation and supervision of financial services firms in Ireland, the CBI also has powers of investigation and enforcement of breaches of financial services law by firms and individuals.

The European Central Bank (ECB) is the competent authority responsible for the authorisation and prudential supervision of banks in Ireland, following the introduction of the Single Supervisory Mechanism on 4 November 2014. Banks designated as ‘significant’ are supervised directly by a ‘joint supervisory team’ led by the ECB, comprising staff from the ECB and the CBI. Banks designated as ‘less significant’ are supervised directly by the CBI with oversight from the ECB.

What activities does each national financial services authority regulate?

As the sole financial services regulator in Ireland, the CBI regulates a wide range of financial service activities, including accepting deposits, granting credit to consumers, payment services, issuing and distributing electronic money, reception and transmission of orders in financial instruments, execution of orders in financial instruments, dealing on own account, portfolio management, investment advice, underwriting of financial instruments or placing of financial instruments on a firm commitment basis (or both), placing of financial instruments without a firm commitment basis, operation of certain trading facilities, acting as a deposit agent or deposit broker, the administration of collective investment schemes, and custodial operations involving the safekeeping and administration of investment instruments.

It should be noted that lending to companies or other incorporated bodies is an activity that does not require regulatory authorisation in Ireland. It is, therefore, permitted to advance credit to Irish companies without authorisation and such lending is not subject to the main body of legal and regulatory requirements that apply to banks and other authorised lenders. There is however a statutory prohibition on carrying out banking business, holding oneself out as a banker or using the terms ‘bank’, ‘banker’ or ‘banking’ in one’s name or marketing materials.  

What products does each national financial services authority regulate?

The CBI is the competent authority in respect of the regulation of all regulated products in Ireland, including:

• deposits (including structured deposits)
• loans (including mortgage loans)
• electronic money;
• shares, bonds and other securities;
• money-market instruments;
• units in collective investment undertakings;
• options;
• futures;
• swaps;
• forward rate agreements
• derivative instruments;
• contracts for differences; and
• emission allowances.

What is the registration or authorisation regime applicable to financial services firms and authorised individuals associated with those firms? When is registration or authorisation necessary, and how is it effected?

Financial services firms must be authorised to carry on regulated activities in Ireland. Banks, broker-dealers, asset managers, payments services firms, e-money institutions, retail intermediaries, credit servicing firms and fund service providers each have dedicated authorisation processes. In each case, applications are submitted to the CBI.

The ECB is the competent authority responsible for the authorisation and supervision of banks in Ireland. Applications are submitted to the CBI but the ultimate decision whether to grant a banking licence is made by the ECB. An authorisation will only be granted where the applicant complies with all of the authorisation requirements.

A bank headquartered in a non-EEA country may seek authorisation to carry out banking activities in Ireland through a ‘Third Country Branch.’ The CBI is the competent authority for the authorisation of Third Country Branches. The authorisation application is submitted to the CBI, which will determine whether to grant authorisation.

An investment firm may seek authorisation pursuant to the European Union (Markets in Financial Instruments) Regulations 2017 (as amended) (MiFID II Regulations). Where the applicant’s proposed activities fall outside the scope of the MiFID II Regulations, the applicant may seek authorisation under the Investment Intermediaries Act 1995 (as amended). The authorisation application in both cases is submitted to the CBI.

The CBI has put in place a Fitness and Probity Regime to ensure that individuals in key and customer-facing positions within regulated firms are competent and capable, act honestly, ethically and with integrity, and are financially sound. These are known as ‘controlled functions.’ CBI approval must be obtained prior to the appointment of certain key controlled functions, known as ‘pre-approval control functions (PCFs)’, which may involve an in-person interview.

The principal areas assessed by the CBI in considering an application for authorisation include:

• organisation of the applicant;
• business plan;
• financial Information, initial capital and own funds;
• nature of the services proposed;
• operational procedures and processes;
• outsourcing arrangements and oversight;
• internal governance, controls and risk management;
• directors and managers;
• shareholders; and
• regulatory background.

The CBI will expect effective control of the entity to lie within Ireland. There are no definitive guidelines as to what this entails but it is generally understood as requiring decision-making at board and committee level to take place within Ireland together with significant senior management presence with responsibility for financial control, compliance and risk management.

What statute or other legal basis is the source of each regulatory authority’s jurisdiction?

The Central Bank Acts 1942–2018 (as amended) provide the legislative basis for the CBI’s jurisdiction.  

The Central Bank Reform Act 2010 created a new structure for financial regulation in Ireland and introduced new standards of fitness and probity applicable to key individuals in financial services firms.  The CBI’s enforcement powers were enhanced through the Central Bank (Supervision and Enforcement) Act 2013. 

Under the Single Supervisory Mechanism Regulation (Regulation (EU) No. 1024/2013), the ECB is the competent authority for the authorisation and supervision of credit institutions (banks) in Ireland. Banks designated as ‘significant’ are supervised directly by a ‘joint supervisory team’ led by the ECB, comprising staff from the ECB and the CBI. Banks designated as ‘less significant’ are supervised directly by the CBI with oversight from the ECB.

The CBI is the competent authority for the authorisation and supervision of MiFID II authorised investment firms, pursuant to the European Union (Markets in Financial Instruments) Regulations 2017 (as amended). The CBI is also the competent authority for the authorisation and supervision of certain ‘non-retail’ investment firms, pursuant to the Investment Intermediaries Act 1995.

The CBI is the competent authority in Ireland for the regulation of payments services, pursuant to the European Union (Payment Services) Regulations 2018 (as amended). The CBI is also the competent authority in Ireland for the regulation of e-money institutions (ie, a firm that has been authorised to issue e-money) pursuant to the European Communities (Electronic Money) Regulations 2011 (as amended).

The CBI is the competent authority for monitoring compliance with anti-money laundering and countering the financing of terrorism legislation by financial services firms, and derives its authority in this respect from the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended).

What principal laws and financial service authority rules apply to the activities of financial services firms and their associated persons?

Financial services firms are obliged to comply with the Central Bank Acts 1942–2018 (as amended), domestic Irish legislation, EU legislation, the various pieces of secondary legislation and codes issued under the Central Bank Acts 1942–2018 (as amended), and guidance issued by EU bodies such as the European Supervisory Authorities. The CBI also issues guidelines to assist financial services firms comply with their obligations. Regulatory expectations are set out in letters to industry, speeches and thematic review reports.

The Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended) is the primary legislation governing anti-money laundering in Ireland and implements the EU Money Laundering Directives. 

Both banks and investment firms are obliged to comply with Directive 2013/36/EU (Capital Requirements Directive) and Regulation (EU) 575/2013 (Capital Requirements Regulation or CRR) (collectively CRD IV). The European Union (Capital Requirements) Regulations 2014 and the European Union (Capital Requirements) (No. 2) Regulations 2014 (collectively the Irish Capital Regulations) transposed CRD IV into Irish law.

Investment firms carrying out certain investment activities must comply with MiFID II Regulations. The CBI also regulates services provided by investment firms that fall outside of the scope of the MiFID II Regulations under the Investment Intermediaries Act 1995. Investment firms are also required to comply with the Central Bank (Supervision and Enforcement) Act 2013 (Section 48(1)) (Investment Firms) Regulations 2017.

Firms providing payment services must comply with the European Union (Payment Services) Regulations 2018 (as amended) and firms that issue e-money must comply with the European Communities (Electronic Money) Regulations 2011 (as amended).

What are the main areas of regulation for each type of regulated financial services provider and product?

Financial services firms must be authorised in order to carry on regulated activities in Ireland. Depending on the type of authorisation granted, the regulatory requirements and conditions of authorisation will vary.

The CBI’s Fitness and Probity Regime ensures that individuals appointed to key positions within a regulated financial services firm are competent and capable. The CBI assesses applications for approval of individuals under this regime.

The CBI is responsible for the conduct of business supervision for financial services firms. There are numerous pieces of secondary legislation and statutory codes of conduct setting out conduct of business rules addressing topics such as consumer protection, client assets, investor money, business lending to SMEs, mortgage arrears and minimum competencies of consumer-facing staff.

The vast majority of regulated firms are obliged to hold a minimum level of capital as specified in the relevant EU and domestic legislation. They are also required to submit capital returns to the CBI on a periodic basis.

The CBI monitors compliance of prudential standards by the imposition of reporting requirements, regular review meetings and on-site inspections, the form and frequency of which varies depending on the type of authorisation held by the firm and the risk categorisation assigned to it by the CBI.

The CBI is the competent authority for monitoring compliance with anti-money laundering and countering the finance of terrorism legislation by financial services firms.

What additional requirements apply to financial services firms and authorised persons, such as those imposed by self-regulatory bodies, designated professional bodies or other financial services organisations?

Regulated financial services firms and their directors and employees, in addition to being subject to the oversight of the CBI, are also subject to the oversight of a number of Irish regulatory bodies including the Data Protection Commission, the Financial Services and Pensions Ombudsman, the Competition and Consumer Protection Commission, the Advertising Standards Authority for Ireland and professional regulatory bodies such as the Law Society, the Irish Auditing and Accounting Supervisory Authority, the Institute of Banking and the Association of Compliance Officers in Ireland.

Law stated date

Give the date on which the information above is accurate.

26 January 2021.